• Welcome to Valhalla Legends Archive.
 

DLL/Code Injection Questions

Started by Anubis, July 14, 2004, 03:08 PM

Previous topic - Next topic

Anubis

Well here I am again with more questions...

I've been looking at some code and programs lately and was wondering how people are putting text inside games (StarCraft/Diablo 2). Especially when you load a maphack or something it pops up when the game starts and says "Whatever Hack by Someone loaded!". I assume this would be related to DLL or code injection.

So, my questions would be:

How would I go about finding the name of a function/API in a program (such as Diablo 2) and read what's being written in the chat (the in-game chat) and write to the screen?

How would I "inject" the code into the program? Is there a special code injector program I use to inject or make a program that does it?

Also, how would I find the names of and call certain functions within the program (like Diablo 2's character movement)?

I'm probably in way over my head since I haven't really done anything of this type, but if it's not too hard I'd like to give it a shot  ;)

Any help is much appreciated, thanks.

K

To inject a dll, you need to do several things.  Keep in mind that this approach (using CreateRemoteThread) will only work on windows systems that support CreateRemoteThread (NT/2000/XP or NT/2000/20003 Server)

1.  obtain the handle of the process you wish to inject your DLL into.   Open the process using OpenProcess with write access.
2.  allocate enough memory using VirtualAllocEx to hold a string containing the path of the DLL you wish to inject.
3.   use WriteProcessMemory to write the name to the newly allocated memory. (you may need to mark the memory as writable first with VirtualProtectEx)
4.   call CreateRemoteThread, passing the address of LoadLibrary (which is guaranteed to be at the same address in every process space) as the function to execute, and the address where you wrote your DLL name as the argument.

hooray.  you have injected your library.  don't forget to delete the allocated memory with VirtualFree(ex?) when you're done.

DeTaiLs

#2
The Best way how to find out how to inject text into a game is to load a debugger then say somthing in a game and look for it i know the offset to send text to your self for starcraft is 0x004699B0



CoorsLight

Nice detailed reply, K. Now, I'm interested in this as well; mainly for creating starcraft hacks and related programs. I have a question though. I've heard a lot about needing to inject dll's into program memory, but why? What does injecting a dll into another programs memory allow you to do? Call your own functions using the programs data as variables? I'd be using C++ to do this, but this just so happens to be in the visual basic thread.

hismajesty

You don't need to inject a DLL for a message spoofer to work.

Banana fanna fo fanna

Search for "python adder bugtraq" in Google.

UserLoser.

Quote from: K on July 14, 2004, 03:49 PM
To inject a dll, you need to do several things.  Keep in mind that this approach (using CreateRemoteThread) will only work on windows systems that support CreateRemoteThread (NT/2000/XP or NT/2000/20003 Server)

1.  obtain the handle of the process you wish to inject your DLL into.   Open the process using OpenProcess with write access.
2.  allocate enough memory using VirtualAllocEx to hold a string containing the path of the DLL you wish to inject.
3.   use WriteProcessMemory to write the name to the newly allocated memory. (you may need to mark the memory as writable first with VirtualProtectEx)
4.   call CreateRemoteThread, passing the address of LoadLibrary (which is guaranteed to be at the same address in every process space) as the function to execute, and the address where you wrote your DLL name as the argument.

hooray.  you have injected your library.  don't forget to delete the allocated memory with VirtualFree(ex?) when you're done.

I couldn't get my hands on a copy of Windows 20003 Server, I just couldn't find it in the stores!

Maddox

Quote from: CoorsLight on July 14, 2004, 09:18 PM
Nice detailed reply, K. Now, I'm interested in this as well; mainly for creating starcraft hacks and related programs. I have a question though. I've heard a lot about needing to inject dll's into program memory, but why? What does injecting a dll into another programs memory allow you to do? Call your own functions using the programs data as variables? I'd be using C++ to do this, but this just so happens to be in the visual basic thread.

Yes, it allows you to access the other program's functions and variables.
asdf.

K

Quote from: UserLoser. on July 15, 2004, 01:27 AM
I couldn't get my hands on a copy of Windows 20003 Server, I just couldn't find it in the stores!

According to inside sources, it will be available late 3rd quarter 20008.

Grok

Quote from: K on July 15, 2004, 02:31 PM
Quote from: UserLoser. on July 15, 2004, 01:27 AM
I couldn't get my hands on a copy of Windows 20003 Server, I just couldn't find it in the stores!

According to inside sources, it will be available late 3rd quarter 20008.

hehe