Cheat Engine :: View topic - [?] Bruteforcing processes crashing my program

Cheat Engine
The Official Site of Cheat Engine

FAQ

Memberlist

Usergroups

Profile

[?] Bruteforcing processes crashing my program

Cheat Engine Forum Index -> General programming

View previous topic :: View next topic

Author

Message

talkerzero
Grandmaster Cheater

Reputation: 1

Joined: 24 Jul 2008
Posts: 560
Location: California

Posted: Fri Mar 20, 2009 6:09 pm Post subject: [?] Bruteforcing processes crashing my program

Code:

#define _CRT_SECURE_NO_WARNINGS
#include <windows.h>
#include "resource.h"
#include <tlhelp32.h>

CHAR szFile[512];

typedef struct _LSA_UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} LSA_UNICODE_STRING,
*PLSA_UNICODE_STRING,
UNICODE_STRING,
*PUNICODE_STRING;

typedef enum _PROCESSINFOCLASS {
ProcessBasicInformation,
ProcessQuotaLimits,
ProcessIoCounters,
ProcessVmCounters,
ProcessTimes,
ProcessBasePriority,
ProcessRaisePriority,
ProcessDebugPort,
ProcessExceptionPort,
ProcessAccessToken,
ProcessLdtInformation,
ProcessLdtSize,
ProcessDefaultHardErrorMode,
ProcessIoPortHandlers,
ProcessPooledUsageAndLimits,
ProcessWorkingSetWatch,
ProcessUserModeIOPL,
ProcessEnableAlignmentFaultFixup,
ProcessPriorityClass,
ProcessWx86Information,
ProcessHandleCount,
ProcessAffinityMask,
ProcessPriorityBoost,
ProcessDeviceMap,
ProcessSessionInformation,
ProcessForegroundInformation,
ProcessWow64Information,
ProcessImageFileName,
ProcessLUIDDeviceMapsEnabled,
ProcessBreakOnTermination,
ProcessDebugObjectHandle,
ProcessDebugFlags,
ProcessHandleTracing,
MaxProcessInfoClass
} PROCESSINFOCLASS;

typedef NTSTATUS (__stdcall *dwZwQueryInformationProcess)(
__in HANDLE ProcessHandle,
__in PROCESSINFOCLASS ProcessInformationClass,
__out PVOID ProcessInformation,
__in ULONG ProcessInformationLength,
__out_opt PULONG ReturnLength);
dwZwQueryInformationProcess MyZwQIP = (dwZwQueryInformationProcess) GetProcAddress(GetModuleHandle("ntdll.dll"), "ZwQueryInformationProcess");

DWORD GetPID(char* szProcessName)
{
PROCESSENTRY32 pe32;
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

if (hSnapshot != INVALID_HANDLE_VALUE)
{
   pe32.dwSize = sizeof(PROCESSENTRY32);
   while(Process32Next(hSnapshot, &pe32))
      if(strcmp(szProcessName, pe32.szExeFile) == NULL)
      {
         CloseHandle(hSnapshot);
         return pe32.th32ProcessID;
      }
}

CloseHandle(hSnapshot);
return 0;
}

BOOL InjectDLL(DWORD dwPID, CONST CHAR* szDLL)
{
HANDLE hProc;
DWORD dwMemSize, dwWritten, dwThreadId;
FARPROC hLoadLibrary;
LPVOID hRemoteMem;

hProc = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD, FALSE, dwPID);
if(hProc != NULL){
   dwMemSize = strlen(szDLL);
   hLoadLibrary = GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
   if(hLoadLibrary != NULL){
      hRemoteMem = VirtualAllocEx(hProc, NULL, dwMemSize, MEM_COMMIT, PAGE_READWRITE);
      if(hRemoteMem != NULL){
         if(WriteProcessMemory(hProc, hRemoteMem, (LPVOID)szDLL, dwMemSize, &dwWritten)){
            if(CreateRemoteThread(hProc, NULL, 0, (LPTHREAD_START_ROUTINE)hLoadLibrary, hRemoteMem, 0, &dwThreadId) != NULL){
               CloseHandle (hProc);
               return TRUE;
            }
         }
      }
   }
}
CloseHandle (hProc);
return FALSE;
}

void LoopProcesses(CHAR* szProcess, CHAR* szDLL)
{
UNICODE_STRING uTemp = {0};
DWORD pid = 0x0;
HANDLE hProcess = NULL;
while(pid <= 0x41DC)
{
   hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
   if(hProcess != INVALID_HANDLE_VALUE)
   {
      MyZwQIP(hProcess, (PROCESSINFOCLASS)27, &uTemp, sizeof(UNICODE_STRING), 0);
      if(wcscmp(uTemp.Buffer, (const wchar_t *)szProcess) == NULL)
         InjectDLL(GetPID(szProcess), szDLL);
      if(hProcess != INVALID_HANDLE_VALUE)
         CloseHandle(hProcess);
   }
   pid += 0x4;
}
}

LRESULT CALLBACK DlgProc(HWND hWnd,
               UINT uMsg,
               WPARAM wParam,
               LPARAM lParam)
{
switch(uMsg)
{
   case WM_COMMAND:
      if(wParam == IDC_BROWSE)
      {
         OPENFILENAME ofn;


         ZeroMemory(&ofn, sizeof(ofn));
         ofn.lStructSize = sizeof(ofn);
         ofn.hwndOwner = hWnd;
         ofn.lpstrFile = szFile;
         ofn.lpstrFile[0] = '\0';
         ofn.nMaxFile = sizeof(szFile);
         ofn.lpstrFilter = "DLL libraries\0*.dll\0";
         ofn.nFilterIndex = 1;
         ofn.lpstrFileTitle = NULL;
         ofn.nMaxFileTitle = 0;
         ofn.lpstrInitialDir = NULL;
         ofn.Flags = OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST;
         if (GetOpenFileName(&ofn))
            SetDlgItemText(hWnd, IDC_PATH, ofn.lpstrFile);
      }

      if(wParam == IDC_INJECT)
      {
         GetDlgItemText(hWnd, IDC_PATH, szFile, 512);
         LoopProcesses("MapleStory.exe", szFile);
      }
      break;

   case WM_DESTROY:
      DestroyWindow(hWnd);
      break;

   case WM_CLOSE:
      PostQuitMessage(NULL);
      break;
}

return NULL;
}

INT WINAPI WinMain(HINSTANCE hInstance,
            HINSTANCE hPrevInstance,
            LPSTR lpCmdLine,
            INT nShowCmd)
{
return DialogBox(hInstance, MAKEINTRESOURCE(IDD_DIALOG1), 0, (DLGPROC)DlgProc);
}

Crashes my program when I try to inject a DLL (gives me the "encountered a problem, needs to close, would you like to send error message" message). Help?

smartz993
I post too much

Reputation: 2

Joined: 20 Jun 2006
Posts: 2013
Location: USA

Posted: Fri Mar 20, 2009 6:17 pm Post subject:

Did you try commenting ? comment some of the structures, and headers.

Zand
Master Cheater

Reputation: 0

Joined: 21 Jul 2006
Posts: 424

Posted: Fri Mar 20, 2009 6:54 pm Post subject:

Code:

InjectDLL(GetPID(szProcess), szDLL);

Code:

InjectDLL(pid, szDLL);

talkerzero
Grandmaster Cheater

Reputation: 1

Joined: 24 Jul 2008
Posts: 560
Location: California

Posted: Fri Mar 20, 2009 10:03 pm Post subject:

Zand wrote:

Code:

InjectDLL(GetPID(szProcess), szDLL);

Code:

InjectDLL(pid, szDLL);

Wow, I feel like such an imbecilic dumbass. Thanks. Smile

Edit: Still fails.. I've narrowed it down to this line:

Code:

if(wcscmp(uTemp.Buffer, szProcess) == NULL)

uTemp.Buffer and szProcess are both type PWSTR (WCHAR*), after I changed the code around a bit. Now, when I try to call LoopProcesses like this:

Code:

LoopProcesses("MapleStory.exe", szFile);

I get this error:

Code:

error C2664: 'LoopProcesses' : cannot convert parameter 1 from 'const char [15]' to 'PWSTR'

So I tried changing it to these:

Code:

LoopProcesses(L"MapleStory.exe", szFile);

Code:

LoopProcesses((PWSTR)"MapleStory.exe", szFile);

Then it compiles but then crashes, help?

BanMe
Master Cheater

Reputation: 0

Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA

Posted: Sat Mar 21, 2009 1:20 am Post subject:

...

Code:

NTSYSAPI
size_t
NTAPI
mbstowcs(
wchar_t *wcstr,
const char *mbstr,
size_t count
);
void LoopProcesses(CHAR* szProcess, CHAR* szDLL)
{
UNICODE_STRING uTemp = {0},cTemp;
DWORD pid = 0x0;
HANDLE hProcess = NULL;
while(pid <= 0x41DC)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
if(hProcess != INVALID_HANDLE_VALUE)
{
MyZwQIP(hProcess, (PROCESSINFOCLASS)27, &uTemp, sizeof(UNICODE_STRING), 0);
mbstowcs(cTemp.Buffer,szProcess,strlen(szProcess);
if(wcscmp(uTemp.Buffer, cTemp.Buffer) == NULL)
InjectDLL(pid, szDLL);
if(hProcess != INVALID_HANDLE_VALUE)
CloseHandle(hProcess);
}
pid += 0x4;
}
}

or..

Code:

void LoopProcesses(WCHAR* szProcess, CHAR* szDLL);

btw which process is it crashing the "game or the app"...if game then the dll fails at working properly, if it's the app ..well you know Wink

_________________

don't +rep me..i do not wish to have "status" or "recognition" from you or anyone.. thank you.

talkerzero
Grandmaster Cheater

Reputation: 1

Joined: 24 Jul 2008
Posts: 560
Location: California

Posted: Sat Mar 21, 2009 9:23 am Post subject:

@BanMe:

Code:

error C2373: 'mbstowcs' : redefinition; different type modifiers
c:\program files\microsoft visual studio 9.0\vc\include\stdlib.h(499) : see declaration of 'mbstowcs'
error C3861: 'mbstowcs': identifier not found

Edit: removed this block of code right here..

Code:

NTSYSAPI
size_t
NTAPI
mbstowcs(
wchar_t *wcstr,
const char *mbstr,
size_t count
);

And now it compiles fine. Problem is, it's still crashing because of this line..

Code:

if(wcscmp(uTemp.Buffer, cTemp.Buffer) == NULL)

And, sorry I didn't make it clear before, it's my program that's crashing, not the game I'm trying to inject the DLL into..

BanMe
Master Cheater

Reputation: 0

Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA

Posted: Sun Mar 22, 2009 5:16 pm Post subject:

Code:

if(wcscmp((wchar_t*)uTemp.Buffer, (wchar_t*)cTemp.Buffer) == NULL)

_________________

don't +rep me..i do not wish to have "status" or "recognition" from you or anyone.. thank you.

Display posts from previous:

	Cheat Engine Forum Index -> General programming	All times are GMT - 6 Hours
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum