Hey guys I am trying to write and DLL injector that injects a stub and changes EIP in a thread to execute it. For some reason WoW crashes each time I run it.
Code:
void __declspec(naked) LoadDLL() {
_asm{
push 0x000000
pushfd
pushad
popad
popfd
ret
}
}
void __declspec(naked) LoadDLLEnd() {}
int main() {
// Variable declaration.
char dllpath[MAX_PATH];
u_long uLoadLib;
u_int uFuncLen = ((u_int)LoadDLLEnd - (u_int)LoadDLL);
// Set debug privileges.
AddDebugPrivileges();
// Intro...
printf("[+] Syringe World of Warcraft DLL Injector\n[+] Author: Cenron\n\n");
printf("[+] Waiting for World of Warcraft to start...\n");
// Wait for World of Warcraft to start.
while(!FindWindowA("GxWindowClassD3d",NULL)) { Sleep(500); }
// Get the current path to the exe
GetModuleFileName(NULL,dllpath,sizeof(dllpath));
// Run through the string backwards and replace .exe with .dll
for(int i = strlen(dllpath); i > 0; i--) {
if(dllpath[i] == '.') {
memcpy(&dllpath[i+1],"dll",3);
break;
}
}
// Get The address for our LoadLibraryA
uLoadLib = (u_long)GetProcAddress(GetModuleHandle("kernel32.dll"),"LoadLibraryA");
// Get the program PID.
DWORD dwPID = dwGetPid(PROC_NAME);
// Open a handle to world of warcraft.
HANDLE hWoW = OpenProcess(PROCESS_ALL_ACCESS,false,dwPID);
// Allocate memory for the dll string and stub.
LPVOID lpDllString = VirtualAllocEx(hWoW,NULL,strlen(dllpath)+1, MEM_COMMIT, PAGE_READWRITE);
LPVOID lpStub = VirtualAllocEx(hWoW,NULL,uFuncLen, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hWoW, lpDllString, dllpath, strlen(dllpath), NULL);
DWORD dwThreadID = GetTargetThreadId(dwPID);
HANDLE hThread = OpenThread(THREAD_ALL_ACCESS,false,dwThreadID);
SuspendThread(hThread);
CONTEXT ctx;
ctx.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hThread,&ctx);
// Get the old EIP and change it to the stub address.
u_long oldEIP = ctx.Eip;
ctx.Eip = (DWORD)lpStub;
ctx.ContextFlags = CONTEXT_CONTROL;
DWORD oldProt = 0;
VirtualProtect(LoadDLL, uFuncLen, PAGE_EXECUTE_READWRITE, &oldProt);
memcpy((void *)((u_long)LoadDLL+1),&oldEIP,4);
// Write to the stub space.
WriteProcessMemory(hWoW, lpStub, LoadDLL, uFuncLen, NULL);
SetThreadContext(hThread,&ctx);
ResumeThread(hThread);
getchar();
VirtualFreeEx(hWoW, lpDllString, strlen(dllpath), MEM_DECOMMIT);
VirtualFreeEx(hWoW, lpStub, uFuncLen, MEM_DECOMMIT);
CloseHandle(hWoW);
CloseHandle(hThread);
return 0;
}
Code:
ERROR #132 (0x85100084) Fatal Exception
Program: C:\wow\WoW.exe
Exception: 0xC0000005 (ACCESS_VIOLATION) at 001B:7E50E4F9
The instruction at "0x7E50E4F9" referenced memory at "0x7E50E4F9".
The memory could not be "read".
----------------------------------------
x86 Registers
----------------------------------------
EAX=00000000 EBX=00004021 ECX=0019AA70 EDX=01C00000 ESI=7C90D580
EDI=00100001 EBP=0019AD68 ESP=0019AA70 EIP=7E50E4F9 FLG=00010202
CS =001B DS =0023 ES =0023 SS =0023 FS =003B GS =0000