Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[SOLVED] c++ dll injector problem

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
vlasceanu
How do I cheat?
Reputation: 0

Joined: 17 Aug 2011
Posts: 4
PostPosted: Wed Aug 17, 2011 1:34 pm    Post subject: [SOLVED] c++ dll injector problem Reply with quote
Hello i am new to this forum and i need help with some c++ code.
I have a problem with my dll injector i just created in c++. I am not sure if the problem is caused by the injector or by the game. I tryed to inject a dll in war3.exe and every time it fail. I injected the same dll with the same injector in other processes and works fine. Here is the code of my dll injector if someone could make me understand why i can't inject in war3.exe i would be happy.

Code:

#include <iostream>
#include <windows.h>
#include <Tlhelp32.h>
using namespace std;
//get process id
bool PidByName(char* name, PROCESSENTRY32 &s)
{
        HANDLE hSnapshot;
        PROCESSENTRY32  pStruct;
        hSnapshot = CreateToolhelp32Snapshot(0x2, 0);
        if( hSnapshot == INVALID_HANDLE_VALUE )
        {
        return false;
        }
        else {
        bool ch;
        pStruct.dwSize = sizeof(PROCESSENTRY32);
        ch = Process32First(hSnapshot, &pStruct);
        bool f=false;
        while(ch && !f)
        {
        if(!strcmp(pStruct.szExeFile,name))f=true;
        else ch = Process32Next(hSnapshot, &pStruct);
        }
        if(f) {s=pStruct;return true;}
        else return false ;
        }
}
int main()
{
        PROCESSENTRY32 prc;
        char *dst;
        dst = new char[1024];
        cout<<"Path dll: ";cin>>dst;
        char* nume;cout<<"Process name: ";
        nume = new char[256];
        cin>>nume;
        if(!PidByName(nume,prc))cout<<"No process with that name.\n";
        else
        {
        HANDLE hThread;
        HANDLE hProc;
        char dllPath[1024];
        strcpy(dllPath, dst);
        void *destAdr;  // the address (in the remote process) where
                        // dllPath will be copied to;
        DWORD   hLibModule; //Base address of loaded module (==HMODULE);
        HMODULE hKernel32 = GetModuleHandle("Kernel32");
        hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, prc.th32ProcessID);
// 1. Allocate memory in the remote process for dllPath
// 2. Write dllPath to the allocated memory
        destAdr = VirtualAllocEx(hProc,
                                NULL,1024,
                                MEM_COMMIT,
                                PAGE_EXECUTE_READWRITE);
        WriteProcessMemory(hProc,
                        destAdr,
                        (void*)dllPath,
                        sizeof(dllPath),
                        NULL);
        // Load "my.dll" into the remote process
        // (via CreateRemoteThread & LoadLibrary)
        hThread = CreateRemoteThread(hProc,
                                NULL,
                                0,
                                (LPTHREAD_START_ROUTINE)GetProcAddress(hKernel32, "LoadLibraryA"),
                                destAdr,
                                0,
                                NULL);
        WaitForSingleObject( hThread, INFINITE );
        // Get handle of the loaded module
        if(GetExitCodeThread( hThread, &hLibModule )!=0)cout<<"\nGetExitCodeThread done";
        else cout<<"\nGetExitCodeThread error";

        // Clean up
        CloseHandle( hThread );
        VirtualFreeEx(hProc, destAdr, sizeof(dllPath), MEM_RELEASE );
        // Unload "my.dll" from the target process
        // (via CreateRemoteThread & FreeLibrary)
        hThread = CreateRemoteThread(hProc,
                                NULL,
                                0,
                                (LPTHREAD_START_ROUTINE)GetProcAddress( hKernel32,"FreeLibrary" ),
                                (void*)hLibModule,
                                0,
                                NULL );
        WaitForSingleObject( hThread, INFINITE );
        // Clean up
        CloseHandle( hThread );
        }
        return 0;
}


it fails at "GetExitCodeThread()" function. I injected that dll with cheat engine into war3.exe process and it works so it seems like the problem is in this code.

Last edited by vlasceanu on Fri Aug 19, 2011 5:12 pm; edited 2 times in total
Back to top
View user's profile Send private message
NoMercy
Master Cheater
Reputation: 1

Joined: 09 Feb 2009
Posts: 289
PostPosted: Thu Aug 18, 2011 2:57 am    Post subject: Reply with quote
If it works for other processes, I think the game has some kind of protection.

Also I believe we're not allowed to talk about online games.
Back to top
View user's profile Send private message
vlasceanu
How do I cheat?
Reputation: 0

Joined: 17 Aug 2011
Posts: 4
PostPosted: Thu Aug 18, 2011 3:23 am    Post subject: Reply with quote
Warcraft III is not only an online game. and i want to inject only for the purpose of learning. if i want to inject a dll in this game for hacking i will use cheat engine to inject a specific dll. With cheat engine i can succesfully inject my dll. I can't figure out the problem.
Back to top
View user's profile Send private message
NoMercy
Master Cheater
Reputation: 1

Joined: 09 Feb 2009
Posts: 289
PostPosted: Thu Aug 18, 2011 6:16 am    Post subject: Reply with quote
vlasceanu wrote:
Warcraft III is not only an online game. and i want to inject only for the purpose of learning. if i want to inject a dll in this game for hacking i will use cheat engine to inject a specific dll. With cheat engine i can succesfully inject my dll. I can't figure out the problem.


Sorry, I thought war3 was referring to warrock.
Back to top
View user's profile Send private message
vlasceanu
How do I cheat?
Reputation: 0

Joined: 17 Aug 2011
Posts: 4
PostPosted: Thu Aug 18, 2011 6:30 am    Post subject: Reply with quote
Problem solved topic can be close. For this injector to work properly you need to set debug privilage.
Code:
BOOL SetDebugPrivileges()
{
   BOOL               bRET = FALSE;
   TOKEN_PRIVILEGES   tp;
   HANDLE             hToken;

   if (LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid))
   {
      if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
      {
         if (hToken != INVALID_HANDLE_VALUE)
         {
            tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
            tp.PrivilegeCount = 1;
            if (AdjustTokenPrivileges(hToken, FALSE, &tp, 0, 0, 0))
               bRET = TRUE;
            CloseHandle(hToken);
         }
      }
   }
   return bRET;
}
}


Call this function befor call OpenProcess() and will work
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 205

Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
PostPosted: Thu Aug 18, 2011 9:15 am    Post subject: Reply with quote
Or just don't use PROCESS_ALL_ACCESS and specify the flags you actually need.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
vlasceanu
How do I cheat?
Reputation: 0

Joined: 17 Aug 2011
Posts: 4
PostPosted: Fri Aug 19, 2011 5:17 am    Post subject: Reply with quote
i tried with all flags and doesn`t work without debug privilege
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites