Injection Issues menu

User Tag List

Results 1 to 6 of 6
  1. #1
    Thongs's Avatar Member
    Reputation
    10
    Join Date
    Oct 2006
    Posts
    51
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Injection Issues

    I've been learning about injection over the last few days and thought that I was ready to give it a try for myself. Perhaps it's because I'm clueless about C++ (I generally use C#), or maybe my entire understanding of injection is wrong. Either way, I've searched these forums extensively, and used google, but haven't been able to figure it out. Most of my code is just copypasted right now as I'm learning the concepts before writing my own. I inject my C++ Bootstrapper, and it's successfully injected (shown in process explorer), but doesn't do anything.

    From what I understand, I need to:
    1. Inject a C++ DLL Bootstrapper into the WoW process using a DLL injector (I'm using _Mike's for now while testing http://www.mmowned.com/forums/world-...-injector.html)
    2. Have the C++ DLL start the CLR, and then start the C# DLL DomainManager (Thanks to Apoc for his code on that).
    3. The C# DomainManager will load up my target executable file, beginning at the entry point. For for testing purposes, all my executable file does when opened is display a "success" messagebox.

    cppBootstrap.h
    Code:
    class MycppBootstrap
    {
        public:
            static __declspec(dllexport) void StartTheDotNetRuntime();
    }
    cppBootstrap.cpp
    Code:
    void MycppBootstrap::StartTheDotNetRuntime()
    	{
    	ICLRMetaHost * lpMetaHost = NULL;
        HRESULT hr;
        hr = CLRCreateInstance(
            CLSID_CLRMetaHost,
            IID_ICLRMetaHost,
            (LPVOID *)&lpMetaHost);
    
    	ICLRRuntimeInfo * lpRuntimeInfo = NULL;
        // Get a reference for the ICLRRuntimeInfo
        hr = lpMetaHost->GetRuntime(
            L"v4.0.21006", // 4.0 Beta2
            IID_ICLRRuntimeInfo,
            (LPVOID *)&lpRuntimeInfo);
    
    	ICLRRuntimeHost * lpRuntimeHost = NULL;
        // Load the CLR.
        hr = lpRuntimeInfo->GetInterface(
            CLSID_CLRRuntimeHost,
            IID_ICLRRuntimeHost,
            (LPVOID *)&lpRuntimeHost);
    
    	// Push the big START button shown above
    	hr = lpRuntimeHost->Start();
    
    	// Okay, the CLR is up and running in this (previously native) process.
    	// Now call a method on our managed C# class library.
    	DWORD dwRet = 0;
    	hr = lpRuntimeHost->ExecuteInDefaultAppDomain(
    		L"c:\\Flawtest\\DomainManager.dll",
    		L"DomainManager.EntryPoint", L"Main", L"Flaw.exe", &dwRet);
    
    	// Optionally stop the CLR runtime (we could also leave it running)
    	hr = lpRuntimeHost->Stop();
    
    	// Don't forget to clean up.
    	lpRuntimeHost->Release();
    	}
    These two files comprise my C++ dll. Using _Mike's injector, I've tried to inject the C++ Bootstrapper into the WoW process. It gives a failure message when I try to inject the DLL with an external function specified, but a success message when I leave the external function field blank. I've tried using cppBootstrap(Namespace).MycppBootstrap.StartTheDotNetRuntime, and a number of different combinations to no avail. After this, I tried removing cppBootstrap.h, instead adding a DllMain entry point to the DLL which calls StartTheDotNetRuntime() on DLL_PROCESS_ATTACH. I then injected with no external function specified, but still nothing happened.

    My domain manager which is called is just copypaste (changing namespace/classes etc) of Apoc's DomainManager on p8 here: http://www.mmowned.com/forums/world-...y-removal.html

    I'm not here for somebody to simply spoonfeed me code, but I thought I understood what was going on and may be completely wrong.

    Thanks.

    Injection Issues
  2. #2
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's pretty simple to write your own C# injector that can call a function from a dll in another process.

    1) No code in DLLMain.
    2) Load module into injector and get offset of function using Win32/System.Diagnostics
    3) Load module into desired process and get address of that module.
    4) Add module address to the offset of your function.
    5) CreateRemoteThread away.

    The .NET loading code I use is stripped straight out of the all-in-one microsoft stuff from codeplex.
    Last edited by lanman92; 06-04-2011 at 01:51 AM.

  3. #3
    Bananenbrot's Avatar Contributor
    Reputation
    153
    Join Date
    Nov 2009
    Posts
    384
    Thanks G/R
    1/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I inject my dll via a windows hook (SetWindowsHookEx Function (Windows)). Little tedious because of thread synchronization, but you don't have to mess around with "No LoadLibrary in DllMain" stuff. Just place your hook and wait for wow's message queue to dispatch and load your dll.

  4. #4
    _Mike's Avatar Contributor
    Reputation
    310
    Join Date
    Apr 2008
    Posts
    531
    Thanks G/R
    0/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What error code are you getting?
    I'm just guessing here but it might have something to do with c++ name mangling and that you're exporting a class method.
    Verify that the export name matches the function you're trying to call (for example using dumpbin /exports).
    You might need a Module-Definition (.def) Files

    Oh btw, my injector expects an int return value. It still works with void, but you will probably get some unexpected return values from it. Though it should still say the injection was successful..
    Last edited by _Mike; 06-04-2011 at 06:45 AM.

  5. #5
    caytchen's Avatar Contributor
    Reputation
    138
    Join Date
    Apr 2007
    Posts
    162
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Theres nothing "C++" about your bootstrap so obviously just throw that pointless stuff out. You'll still need an extern "C" { ... } to avoid name mangling.
    Starting the CLR from DllMain directly will just silently or not so silently (its unspecified behavior really) fail.

  6. #6
    Thongs's Avatar Member
    Reputation
    10
    Join Date
    Oct 2006
    Posts
    51
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the replies everyone. I did what _Mike said and checked out how my DLL was exported using dumpbin, and he was correct that there was some name mangling going on. I removed my header file, added a .def file, and then just injector could successfully call my exported function. I ran into a number of other issues, which I was able to sort out myself (among other things, it took me over an hour to realize that I wasn't adding WoW's base address to the Endscene address, despite having written other bots and completely understanding the concept... fail). I now have Endscene pulsing to a function in my main C# function

    Now I just have to get Endscene calling WoW's functions... I think I understand how that works though, and if not I have caytchen's cleanCore for reference. Thanks.

Similar Threads

  1. [solved] C# more x64 dll injection issues
    By adaephon in forum WoW Memory Editing
    Replies: 11
    Last Post: 10-06-2009, 03:00 AM
  2. DBC More issues.
    By dela in forum WoW ME Questions and Requests
    Replies: 3
    Last Post: 09-29-2006, 07:46 PM
  3. [Bot] Anti-AFK Bot (No Injection & Focus not Needed)
    By Cypher in forum World of Warcraft Bots and Programs
    Replies: 12
    Last Post: 09-10-2006, 11:14 AM
  4. patching issue
    By Marlo in forum World of Warcraft General
    Replies: 0
    Last Post: 07-22-2006, 07:35 PM
  5. [Patch 1.11] - Known Issues (6-20-06)
    By Cypher in forum World of Warcraft General
    Replies: 1
    Last Post: 06-24-2006, 12:42 AM
All times are GMT -5. The time now is 11:25 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search