 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
 Posted: Wed Jun 25, 2008 7:56 am Post subject: [Delphi]Dll Injector, Issue... |
 |
|
This is the code
| Code: | var
Form1: TForm1;
//Handles
hDll:THandle;
hProcess:Cardinal;
hHandle:Cardinal;
hSnapShot:THandle;
//Handles
lppe:TProcessEntry32;
lpThreadId:Cardinal;
implementation
{ This step-by-step API is by Renkokuken
LoadLibrary/GetModuleHandle,
OpenProcess,
VirtualAllocEx,
CreateRemoteThread,
WaitForSingleObject,
VirtualFree(Ex?),
CloseHandle,
FreeLibrary.
}
{$R *.dfm}
procedure ContinueInjection;
begin
hSnapShot:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
lppe.dwSize:=sizeof(lppe);
Process32First(hSnapShot, lppe);
while(Process32Next(hSnapShot, lppe)) do //Compare wizard
if (lppe.szExeFile) = (Form1.Edit1.Text) then
begin
hProcess:=OpenProcess(PROCESS_ALL_ACCESS{I used all access because each API request a specific access flag so i said "Fuck it"}, False, lppe.th32ProcessID);
VirtualAllocEx(hProcess, nil, 4, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
hHandle:=CreateRemoteThread(hProcess, nil, 0, @ContinueInjection, nil, 0 , lpThreadId);
WaitForSingleObject(hHandle, 1000);
VirtualFreeEx(hProcess, nil, 4, MEM_DECOMMIT);
CloseHandle(hProcess);
FreeLibrary(hDll);
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
hDll:=LoadLibrary(PAnsiChar(Edit1.Text));
if hDll = INVALID_HANDLE_VALUE then
begin
ShowMessage(IntToStr(GetLastError));
Exit;
end else
asm JMP ContinueInjection end;
end; |
Don't mind me using inline asm XD, anyways the problem occurs from CRT i think, i get error "Invalid window handle" and it kills explorer.exe :S, any ideas what i'm doing wrong here ?
|
|
| Back to top |
|
 |
HolyBlah
Master Cheater
![]() Reputation: 2
Joined: 24 Aug 2007
Posts: 446
|
| Posted: Wed Jun 25, 2008 8:36 am Post subject: |
|
|
| Rot1 wrote: | | CreateRemoteThread(hProcess, nil, 0, @ContinueInjection, nil, 0 , lpThreadId); |
1. ContinueInjection is in your process so CreateRemoteThread won't find the address and get error.
2. You don't inject anything (no WriteProcessMemory, or anything similar).
here is an example  :
http://forum.cheatengine.org/viewtopic.php?p=1492861#1492861
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Wed Jun 25, 2008 1:51 pm Post subject: |
|
|
| HolyBlah wrote: | | Rot1 wrote: | | CreateRemoteThread(hProcess, nil, 0, @ContinueInjection, nil, 0 , lpThreadId); |
1. ContinueInjection is in your process so CreateRemoteThread won't find the address and get error.
2. You don't inject anything (no WriteProcessMemory, or anything similar).
here is an example :
http://forum.cheatengine.org/viewtopic.php?p=1492861#1492861 |
Well that's the problem, i wanna research, trace and bug myself, otherwise it'll consider as a cheat looking at "example" =/, i wanna learn myself, just tell me from which line the problem starts and i'll research and try fixing.
|
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Wed Jun 25, 2008 2:49 pm Post subject: |
|
|
Well this method does the following:
It calls LoadLibrary in the remote process, by creating a thread at it's address.
CRT allows you to pass a pointer to LoadLibrary. So what do you want to pass to loadlibrary? That's a pointer to the path of the dll. So first you have to write that path to the process (allocate space and write) and then call the loadlibrary function, with as argument, the address you allocated for the dll-path.
I hope this helps,
Tombana
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Wed Jun 25, 2008 3:02 pm Post subject: |
|
|
| tombana wrote: | Well this method does the following:
It calls LoadLibrary in the remote process, by creating a thread at it's address.
CRT allows you to pass a pointer to LoadLibrary. So what do you want to pass to loadlibrary? That's a pointer to the path of the dll. So first you have to write that path to the process (allocate space and write) and then call the loadlibrary function, with as argument, the address you allocated for the dll-path.
I hope this helps,
Tombana |
thanks, i'll try this method.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
