| View previous topic :: View next topic |
| Author |
Message |
assaf84
Expert Cheater
![]() Reputation: 0
Joined: 03 Oct 2006
Posts: 238
|
 Posted: Thu Aug 23, 2007 6:04 am Post subject: [DLL Injection] |
 |
|
Hey
I want to inject a dll into gamemon.des, but I have no idea how to do it without being detected. I know I can inject it with injecTOR for example, but I want to do it in my own code.
The thing that I mainly don't know is how to make a process watcher to catch GG. Another thing that I'm not quite sure about is how to write the code of loading a dll into GG's process without being detected.
Is it possible to do this without writing a kernel mode driver? Because I don't know sh!t about it...
Thanks anyone..
|
|
| Back to top |
|
 |
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Thu Aug 23, 2007 7:25 am Post subject: |
|
|
| LOL, kernel mode drivers have nothing to do with DLL injection..
|
|
| Back to top |
|
|
assaf84
Expert Cheater
![]() Reputation: 0
Joined: 03 Oct 2006
Posts: 238
|
| Posted: Thu Aug 23, 2007 7:27 am Post subject: |
|
|
| So what can I do?
|
|
| Back to top |
|
|
UnLmtD
Grandmaster Cheater
 Reputation: 0
Joined: 13 Mar 2007
Posts: 894
Location: Canada
|
| Posted: Thu Aug 23, 2007 7:57 am Post subject: |
|
|
For the DLL injection question, there's many ways of injecting a DLL into a process address space. But you probably want to easiest/working method. So yeah this is a function I found in a old source code. | Code: |
HANDLE (*LoadLib)(LPCSTR);
HANDLE inject(DWORD pid, char* dllname)
{
HANDLE process, pointless;
char* dllnamet;
if(!pid)
return false;
process = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
LoadLib = (HANDLE (*)(LPCSTR))GetProcAddress(LoadLibrary("kernel32.dll"), "LoadLibraryA");
dllnamet = (char*)VirtualAllocEx(process, NULL, strlen(dllname) + 1, MEM_COMMIT, PAGE_READWRITE);
c = GetLastError();
WriteProcessMemory(process, dllnamet, dllname, strlen(dllname) + 1, NULL);
HANDLE thread = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLib, dllnamet, 0, NULL);
WaitForSingleObject(thread, INFINITE);
GetExitCodeThread(thread, (DWORD*)&pointless );
if(!pointless)
printf(" [X] Cannot inject\n");
else
printf(" [!] Injected Succesfully\n");
VirtualFreeEx(process, NULL, strlen(dllname) + 1, MEM_DECOMMIT);
printf(" [!] Dll Name: %s\n", dllname);
CloseHandle(process);
CloseHandle(thread);
return pointless;
} |
Basically it creates a thread in the targeted process, and uses LoadLibraryA to load the DLL.
For the GameGuard watcher, use the function I pointed out in your last thread, and put it a loop. If it succeeds, means that gameguard is running and not yet hidden.
To use the "inject" function, you do: (If the DLL is in your folder) | Code: | TCHAR CURRENTDIR[MAX_PATH];
GetCurrentDirectory(BUFSIZE,CURRENTDIR);
strcat(CURRENTDIR, "\\YourDLL.dll");
inject(pID, CURRENTDIR); |
Sorry if I forgot something, I just woke up 
_________________
|
|
| Back to top |
|
|
assaf84
Expert Cheater
![]() Reputation: 0
Joined: 03 Oct 2006
Posts: 238
|
| Posted: Thu Aug 23, 2007 9:26 am Post subject: |
|
|
Thanks a lot... I've just seen something like this somewhere..
And wouldn't GG detect this? I mean, wouldn't it detect OpenProcess or WriteProcessMemory?
Well, maybe I should just terminate the injector after the DLL is injected or something..?
|
|
| Back to top |
|
|
UnLmtD
Grandmaster Cheater
Reputation: 0
Joined: 13 Mar 2007
Posts: 894
Location: Canada
|
| Posted: Thu Aug 23, 2007 9:30 am Post subject: |
|
|
Thats why you inject while GameGuard is initializing. I think x0r injector was using this method.
_________________
|
|
| Back to top |
|
|
assaf84
Expert Cheater
![]() Reputation: 0
Joined: 03 Oct 2006
Posts: 238
|
| Posted: Thu Aug 23, 2007 9:45 am Post subject: |
|
|
| And will GG detect it after it's initialization?
|
|
| Back to top |
|
|
UnLmtD
Grandmaster Cheater
Reputation: 0
Joined: 13 Mar 2007
Posts: 894
Location: Canada
|
| Posted: Thu Aug 23, 2007 9:47 am Post subject: |
|
|
The dll? Doesn't look like it does.
_________________
|
|
| Back to top |
|
|
assaf84
Expert Cheater
![]() Reputation: 0
Joined: 03 Oct 2006
Posts: 238
|
| Posted: Thu Aug 23, 2007 9:50 am Post subject: |
|
|
| I meant, will it detect the injector?
|
|
| Back to top |
|
|
UnLmtD
Grandmaster Cheater
Reputation: 0
Joined: 13 Mar 2007
Posts: 894
Location: Canada
|
| Posted: Thu Aug 23, 2007 9:52 am Post subject: |
|
|
No, but it won't work after GG is done loading.
_________________
|
|
| Back to top |
|
|
assaf84
Expert Cheater
![]() Reputation: 0
Joined: 03 Oct 2006
Posts: 238
|
| Posted: Thu Aug 23, 2007 9:56 am Post subject: |
|
|
Oh.. cool, good enough for me 
Tnx a lot!
+rep
edit: I need to +rep someone else before you, it just won't let me XD
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
