 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
iCucco
Advanced Cheater
![]() Reputation: 0
Joined: 11 May 2007
Posts: 51
Location: 0x0600
|
 Posted: Fri Jan 25, 2008 11:50 am Post subject: C++ Dll injector WINAPI snapshot problem |
 |
|
Sup,
I have been training my C++ and I decided to get something done with the Windows API:s. I have been interested in DLL injecting for a while now and as I'm not capable to write one myself yet, I found DoomsDay's DLL injector made with MASM. As I thought, understanding MASM would help me so I decided to convert it to C++.
Now I'm stuck with the process waiting procedure. I think I have converted it properly but, well, it won't regonize the process.
If my code is messy, please let me know :X Thanks a lot.
Here's the process waiting part:
| Code: |
int PID = 0;
int GetProcessID(char pname[BUFSIZ]){
//Original code by DoomsDay. The real one is working xD
PROCESSENTRY32 pe32; //System process snapshot structure.
pe32.dwSize = sizeof( PROCESSENTRY32 ); //Needs to be done? lol idk.
while(PID == 0){ //Does while Process ID isn't received yet.
HANDLE hSNAP = CreateToolhelp32Snapshot(TH32CS_SNAPALL,NULL); //Creates snapshot of system processes
Process32First(hSNAP,&pe32); //Process the first object in hSNAP
if(pe32.szExeFile == pname){ //IF the first process is right,
PID = pe32.th32ProcessID; //assign PID,
CloseHandle(hSNAP); //close snapshot handle,
return; //and return.
}
do{ // does while bool Process32Next doesnt return false
if(pe32.szExeFile == pname){ //Compare current process in snapshot to user input
PID = pe32.th32ProcessID; //If it is, assign PID,
CloseHandle(hSNAP); //Close handle,
printf("FOUND");
return; //And return.
}
}while(Process32Next(hSNAP,&pe32)); //At the end of round, get the next process to compare.
}
} |
As again, all credits for the original DLL injector goes to DoomsDay.
I'm afraid to post the original code without permission :X maybe I'll ask him.
All the help is VERY needed and I will be very thankful for advice.
_________________
printf("You just ate a %X!!\n",3735928559); |
|
| Back to top |
|
 |
appalsap
Moderator
 Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Fri Jan 25, 2008 11:53 am Post subject: |
|
|
0 is a valid process ID, and is, coincidentally, the first in a process32 snapshot (on NT systems).
Not that it's the only thing wrong with your code. There are many handle retrieval functions on this forum, do a search.
|
|
| Back to top |
|
|
iCucco
Advanced Cheater
![]() Reputation: 0
Joined: 11 May 2007
Posts: 51
Location: 0x0600
|
| Posted: Fri Jan 25, 2008 11:55 am Post subject: |
|
|
I assume that you meaned the loop ending in the first place?
When I did a debug test, | Code: | | printf("%s",pe32.szExeFile); |
for each loop,
it looped forever and hogged CPU.
|
|
| Back to top |
|
|
DoomsDay
Grandmaster Cheater
 Reputation: 0
Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
|
| Posted: Fri Jan 25, 2008 1:19 pm Post subject: |
|
|
@iCucco: The code is public, no need to ask for permission =P
| Code: | int ObtainProcessId(char pname[BUFSIZ])
{
HANDLE hSNAP;
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
printf("Waiting for process: %s \n",pname);
while (0 == 0)
{
hSNAP = CreateToolhelp32Snapshot(TH32CS_SNAPALL,NULL);
Process32First(hSNAP,&pe32);
do
{
if (! strcmp(pe32.szExeFile,pname))
{
CloseHandle(hSNAP);
printf("Process %s found!\nProcessID: 0x%X \n",pname,pe32.th32ProcessID);
return pe32.th32ProcessID;
}
} while(Process32Next(hSNAP,&pe32));
CloseHandle(hSNAP);
}
} |
@appalsp: When GetProcessId fails it returns 0, that's what I'm counting on.
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sun Jan 27, 2008 8:58 am Post subject: |
|
|
Why are you using: while (0 == 0)? Thats poor practice, Process32First does what you need and can be used as the loop starter and Process32Next can be used to keep the loop active. Process32Next will stop returning true once the list is done so the loop will die at that point.
And like Appal said, 0 is a valid process id. You can return a boolean and copy the found process to a PROCESSENTRY32 struct, something like:
| Code: | BOOL GetProcessInfo(PROCESSENTRY32* pe)
{
PROCESSENTRY32 proc32;
HANDLE hSnapshot = NULL;
hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
proc32.dwSize = sizeof( PROCESSENTRY32 );
if( Process32First( hSnapshot, &proc32 ) )
{
do{
if( _tcscmp( _tcslwr( proc32.szExeFile ), TEXT("winmine.exe") ) == 0 )
{
CloseHandle( hSnapshot );
memcpy( pe, &proc32, sizeof(PROCESSENTRY32) );
return TRUE;
}
}while( Process32Next( hSnapshot, &proc32 ) );
}
CloseHandle( hSnapshot );
return FALSE;
} |
_________________
- Retired. |
|
| Back to top |
|
|
iCucco
Advanced Cheater
![]() Reputation: 0
Joined: 11 May 2007
Posts: 51
Location: 0x0600
|
| Posted: Sun Jan 27, 2008 10:04 am Post subject: |
|
|
Ok Wiccaan... Your example function doesn't include process watching.
It needs to be pending for the process and inject when the process is found. I managed to get my code working though.
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sun Jan 27, 2008 11:37 am Post subject: |
|
|
| iCucco wrote: | Ok Wiccaan... Your example function doesn't include process watching.
It needs to be pending for the process and inject when the process is found. I managed to get my code working though. |
You can use it to watch for a process, just modify it as needed for the process you want to look for.
TEXT("winmine.exe")
Change this to what ever proc you are looking for, then call the function with a pointer to a PROCESSENTRY32 struct var, just have the thread call the function until the return is true from the function.
_________________
- Retired. |
|
| Back to top |
|
|
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
|
| Back to top |
|
|
iCucco
Advanced Cheater
![]() Reputation: 0
Joined: 11 May 2007
Posts: 51
Location: 0x0600
|
| Posted: Mon Jan 28, 2008 9:06 am Post subject: |
|
|
Ok Flyte, Eidolon's code looks very neat 
1 more question. What is the big deal with TCHARs and TEXT and stuff compared to CHARs and strings?
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
|
| Back to top |
|
|
appalsap
Moderator
Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Mon Jan 28, 2008 2:43 pm Post subject: |
|
|
| And the only reason to use TCHARs instead of Unicode is if you want to be able to compile your program for windows 9x (if you're using a modern compiler you can't do that anyway, plus all you have to do otherwise is distribute unicows.dll with your program)
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Mon Jan 28, 2008 3:24 pm Post subject: |
|
|
| appalsap wrote: | | And the only reason to use TCHARs instead of Unicode is if you want to be able to compile your program for windows 9x (if you're using a modern compiler you can't do that anyway, plus all you have to do otherwise is distribute unicows.dll with your program) |
Uhh? Use TCHAR instead of unicode?
TCHAR is a macro as I said above, I'm sure you know this. It is defined at compiling based on the compilers character set option. When set to unicode:
| Code: | #ifdef UNICODE // r_winnt
#ifndef _TCHAR_DEFINED
typedef WCHAR TCHAR, *PTCHAR;
typedef WCHAR TBYTE , *PTBYTE ;
#define _TCHAR_DEFINED
#endif /* !_TCHAR_DEFINED */
typedef LPWSTR LPTCH, PTCH;
typedef LPWSTR PTSTR, LPTSTR;
typedef LPCWSTR PCTSTR, LPCTSTR;
typedef LPUWSTR PUTSTR, LPUTSTR;
typedef LPCUWSTR PCUTSTR, LPCUTSTR;
typedef LPWSTR LP;
#define __TEXT(quote) L##quote // r_winnt |
And when multibyte, or any other setting (defaults to multibyte):
| Code: | #else /* UNICODE */ // r_winnt
#ifndef _TCHAR_DEFINED
typedef char TCHAR, *PTCHAR;
typedef unsigned char TBYTE , *PTBYTE ;
#define _TCHAR_DEFINED
#endif /* !_TCHAR_DEFINED */
typedef LPSTR LPTCH, PTCH;
typedef LPSTR PTSTR, LPTSTR, PUTSTR, LPUTSTR;
typedef LPCSTR PCTSTR, LPCTSTR, PCUTSTR, LPCUTSTR;
#define __TEXT(quote) quote // r_winnt
#endif /* UNICODE */ // r_winnt
|
As for new compilers not supporting 9x? When did this happen? 2005 supports it fine. There is even a setting to ensure you support it: (Mostly for optimization of memory and such but it is used to help ensure 9x compatibilities)
Linker -> Optimization -> Optimize for Windows98
MSLU layer information (unicows.dll loading and such):
http://msdn.microsoft.com/msdnmag/issues/01/10/MSLU/
As for fighting for the sake of a Win9x system, Microsoft dropped support for them. If people are still using them, giving support is not really something you should be worried about. They need to update, not you needing to meet their systems abilities.
_________________
- Retired. |
|
| Back to top |
|
|
appalsap
Moderator
Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Mon Jan 28, 2008 4:13 pm Post subject: |
|
|
| Wiccaan wrote: | | Uhh? Use TCHAR instead of unicode? |
Yes, why does that not make sense to you? Using the Unicode API instead of TCHAR API (FindWindowW vs FindWindow(I KNOW FindWindow is a macro, I don't know if you actually believe I don't know these things or if you're just being patronizing)) gives you the flexibility of Unicode, TCHAR restricts you to Multibyte because it has to compile both ways, plus you have to add more logic for things like byte order marks. Why do you think the newer Vista APIs are unicode only?
| Wiccaan wrote: | | TCHAR is a macro as I said above, I'm sure you know this. It is defined at compiling based on the compilers character set option. When set to unicode: |
I know what TCHAR is.
| Wiccaan wrote: | | As for new compilers not supporting 9x? When did this happen? 2005 supports it fine. |
VS 2008, developed after Microsoft officially dropped support for 9x.
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Mon Jan 28, 2008 10:11 pm Post subject: |
|
|
| appalsap wrote: | | Wiccaan wrote: | | Uhh? Use TCHAR instead of unicode? |
Yes, why does that not make sense to you? Using the Unicode API instead of TCHAR API (FindWindowW vs FindWindow(I KNOW FindWindow is a macro, I don't know if you actually believe I don't know these things or if you're just being patronizing)) gives you the flexibility of Unicode, TCHAR restricts you to Multibyte because it has to compile both ways, plus you have to add more logic for things like byte order marks. Why do you think the newer Vista APIs are unicode only?
| Wiccaan wrote: | | TCHAR is a macro as I said above, I'm sure you know this. It is defined at compiling based on the compilers character set option. When set to unicode: |
I know what TCHAR is.
| Wiccaan wrote: | | As for new compilers not supporting 9x? When did this happen? 2005 supports it fine. |
VS 2008, developed after Microsoft officially dropped support for 9x. |
Lol.... ok working with your example:
#ifdef UNICODE
#define FindWindow FindWindowW
#else
#define FindWindow FindWindowA
#endif // !UNICODE
FindWindow = FindWindowW while in Unicode
FindWindow = FindWindowA while in Multibyte
FindWindowW:
| Code: | WINUSERAPI
HWND
WINAPI
FindWindowW(
IN LPCWSTR lpClassName,
IN LPCWSTR lpWindowName); |
LPCWSTR = typedef CONST WCHAR *LPCWSTR, *PCWSTR;
WCHAR = wchar_t
FindWindowA:
| Code: | WINUSERAPI
HWND
WINAPI
FindWindowA(
IN LPCSTR lpClassName,
IN LPCSTR lpWindowName); |
LPCSTR = typedef CONST CHAR *LPCSTR, *PCSTR;
CHAR = char
TCHAR, as I said above is wchar_t or char, which is the params used for either macro. And yes, I do understand as you can see in this reply.
_________________
- Retired. |
|
| Back to top |
|
|
SunBeam
I post too much
 Reputation: 65
Joined: 25 Feb 2005
Posts: 4023
Location: Romania
|
| Posted: Tue Jan 29, 2008 2:20 pm Post subject: |
|
|
| Meh, don't bother. I never reply to M$ blog-readers..
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
