1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Looking for DLL injector code example

Discussion in 'Programming' started by DarkSpace, Sep 10, 2010.

  1. DarkSpace

    DarkSpace Well-Known Member Coder

    I am working on something new and for that to work i need my own DLL injector.

    I have checked Google and it was of no help.

    What i need is something that will
    A) Target MapleStory (PID)
    B) Able to select a DLL.
    C) Inject it into MapleStory

    anyway. it sounds simple but its not. so are there any working Public Source codes or examples on how those things actually work.

    Thanks ^^
     
  2. Danny1994

    Danny1994 Likes to contribute Coder

  3. fag

    fag Banned Banned

    It's not very complicated. Just call LoadLibrary in whichever process you need to inject. If you are calling LoadLibrary in another process, then create a remote thread or attach to the process.
     
  4. Nebbis

    Nebbis Banned Banned

    Bump, I should also want one.
     
  5. Elite Crew

    Elite Crew Active Member

    Hey, I think I saw one in Rod's source.
     
  6. Cuckoo

    Cuckoo Fuckeh Yuuu Donor

    ye but tezjin this1 auto inject when maple pup up right??
     
  7. coroks

    coroks New Member

    just use Plain Winject still works fine for GMS or find a multi injector if ur REAL Lazy
     
  8. DarkSpace

    DarkSpace Well-Known Member Coder

    Already tried that, its a copy + paste from a youtube video

    yeah.

    i dont need it to "inject" a dll. i need to make a dll injector to inject other stuff to maplestory from within my trainer.

    thanks anyway guys
     
  9. DarkSpace

    DarkSpace Well-Known Member Coder

    http://img198.ImageShack is toxicus/img198/5219/sdsqt.png

    it works fine all the way untill where i have to open maplestory process using its Pid
    thats where it fails. dont know why, dont who whats causing it dont know where the problem is =D

    i did my research before posting this thread, and looked at many different codes, but never one that had to do with maplestory it self. so maybe maple story is a bit different or something. =S
     
  10. Matt

    Matt Banned Banned

    Here's an old source dump..

    rzInject.h: Just a simple include file including other include files (I don't like precompiled headers)
    PHP:
    1.  
    2. #pragma once
    3.  
    4. #ifndef _RZINJECT_H_
    5. #define _RZINJECT_H_
    6.  
    7. #include <windows.h>
    8. #include "rzstr.h"
    9. #include <tlhelp32.h>
    10.  
    11. #endif
    12.  
    rzstr.h: My simple string wrappers for easy Unicode support
    PHP:
    1.  
    2. #pragma once
    3.  
    4. #ifndef _RZSTR_H_
    5. #define _RZSTR_H_
    6.  
    7. #include <iostream>
    8. #include <fstream>
    9. #include <string>
    10. #include <algorithm>
    11.  
    12. // Character-width independent std::string wrappers
    13. #ifdef _UNICODE
    14. #define tstring wstring
    15. #define tfstream wfstream
    16. #define tifstream wifstream
    17. #define tofstream wofstream
    18. #define tstringstream wstringstream
    19. #define tcout wcout
    20. #define tcin wcin
    21. #define tistream wistream
    22. #define tostream wostream
    23. #else
    24. #define tstring string
    25. #define tfstream fstream
    26. #define tifstream ifstream
    27. #define tofstream ofstream
    28. #define tstringstream stringstream
    29. #define tcout cout
    30. #define tcin cin
    31. #define tistream istream
    32. #define tostream ostream
    33. #endif
    34.  
    35. #endif
    36.  
    rzInject.cpp: The meat and potatoes of the code.
    PHP:
    1.  
    2. #include "rzInject.h"
    3.  
    4. DWORD WINAPI rzInjectThread(LPVOID)
    5. {
    6.     // First we get SeDebug privileges for our injector process.
    7.  
    8.     HANDLE hToken = INVALID_HANDLE_VALUE;
    9.  
    10.     if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
    11.     {
    12.         LUID hLuid = { NULL };
    13.         if (LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &hLuid))
    14.         {
    15.             if (hLuid.LowPart == NULL && hLuid.HighPart == NULL)
    16.             {
    17.                 MessageBox(GetForegroundWindow(), L"Invalid LUID value for SE_DEBUG_NAME.", L"rzInject", MB_OK | MB_ICONEXCLAMATION);
    18.                 return 0;
    19.             }
    20.             else
    21.             {
    22.                 TOKEN_PRIVILEGES hPrivs = { NULL };
    23.                 hPrivs.PrivilegeCount = 1;
    24.                 hPrivs.Privileges[0].Luid = hLuid;
    25.                 hPrivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    26.  
    27.                 if (!AdjustTokenPrivileges(hToken, FALSE, &hPrivs, sizeof(hPrivs), NULL, NULL))
    28.                 {
    29.                     MessageBox(GetForegroundWindow(), L"Unable to adjust privilege value.\nPlease make sure this program has Administrator privileges.", L"rzInject", MB_OK | MB_ICONINFORMATION);
    30.                     return 0;
    31.                 }
    32.             }
    33.         }
    34.         else
    35.         {
    36.             MessageBox(GetForegroundWindow(), L"Unable to query SE_DEBUG_NAME LUID.", L"rzInject", MB_OK | MB_ICONEXCLAMATION);
    37.             return 0;
    38.         }
    39.     }
    40.     else
    41.     {
    42.         MessageBox(GetForegroundWindow(), L"Open to open process token.\nThis program requires Administrator rights.", L"rzInject", MB_OK | MB_ICONEXCLAMATION);
    43.         return 0;
    44.     }
    45.  
    46.     TCHAR szInjectorPath[MAX_PATH];
    47.     if (!GetModuleFileName(NULL, szInjectorPath, MAX_PATH))
    48.     {
    49.         MessageBox(GetForegroundWindow(), L"Unable to get current path.", L"rzInject", MB_OK | MB_ICONEXCLAMATION);
    50.         return 0;
    51.     }
    52.  
    53.     std::tstring szTemp(szInjectorPath);
    54.     szTemp = szTemp.substr(0, szTemp.rfind(L"."));
    55.     std::tstring szTargetLib(szTemp), szConfigFile(szTemp);
    56.     szTargetLib.append(L".dll");
    57.     szConfigFile.append(L".cfg");
    58.  
    59.     if (GetFileAttributes(szTargetLib.c_str()) == INVALID_FILE_ATTRIBUTES)
    60.     {
    61.         MessageBox(GetForegroundWindow(), szTargetLib.c_str(), L"File does not exist:", MB_OK | MB_ICONEXCLAMATION);
    62.         return 0;
    63.     }
    64.  
    65.     if (GetFileAttributes(szConfigFile.c_str()) == INVALID_FILE_ATTRIBUTES)
    66.     {
    67.        
    68.         std::tstring szBuffer(L"Config file does not exist:\n");
    69.         szBuffer.append(szConfigFile.c_str()).append(L"\nPlease create this file and enter the target exe name into it and run this program again.");
    70.         MessageBox(GetForegroundWindow(), szBuffer.c_str(), L"rzInject", MB_OK | MB_ICONEXCLAMATION);
    71.        
    72.         return 0;
    73.  
    74.     }
    75.  
    76.     std::tifstream sConfigFile(szConfigFile.c_str(), std::ios::in);
    77.     std::tstring szTargetProcess;
    78.     sConfigFile >> szTargetProcess;
    79.  
    80.     if (szTargetProcess.size() <= 0)
    81.     {
    82.         MessageBox(GetForegroundWindow(), L"Unable to read from the configuration file.", L"rzInject", MB_OK | MB_ICONEXCLAMATION);
    83.         return 0;
    84.     }
    85.  
    86.     DWORD dwPID = 0;
    87.     while (!dwPID)
    88.     {
    89.         HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    90.  
    91.         if (hSnap == INVALID_HANDLE_VALUE)
    92.         {
    93.             MessageBox(GetForegroundWindow(), L"Unable to create a process snapshot.\nPlease make sure you are running the program with Administrator privileges.", L"rzInject", MB_OK | MB_ICONEXCLAMATION);
    94.             return 0;
    95.         }
    96.  
    97.         PROCESSENTRY32 peEntry32 = { sizeof(peEntry32) };
    98.         BOOL bMore = Process32First(hSnap, &peEntry32);
    99.         for (; bMore; bMore = Process32Next(hSnap, &peEntry32))
    100.         {
    101.             std::tstring szCurrentProcess(peEntry32.szExeFile);
    102.             std::transform(szCurrentProcess.begin(), szCurrentProcess.end(), szCurrentProcess.begin(), tolower);
    103.             if (szCurrentProcess == szTargetProcess)
    104.             {
    105.                 dwPID = peEntry32.th32ProcessID;
    106.                 break;
    107.             }
    108.         }
    109.         Sleep(200);
    110.     }
    111.  
    112.     HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
    113.                                     PROCESS_CREATE_THREAD   |
    114.                                     PROCESS_VM_OPERATION    |
    115.                                     PROCESS_VM_WRITE, FALSE, dwPID);
    116. #ifdef _UNICODE
    117.     size_t iSize = (szTargetLib.length() + 1) * sizeof(wchar_t);
    118. #else
    119.     size_t iSize = (szTargetLib.length() + 1);
    120. #endif
    121.  
    122.     if (!hProcess)
    123.     {
    124.         MessageBox(GetForegroundWindow(), L"Unable to open target process.\nPlease make sure you are running the program with Administrator privileges.", L"rzInject", MB_OK | MB_ICONEXCLAMATION);
    125.         return 0;
    126.     }
    127.  
    128.     HANDLE hLibRemote = VirtualAllocEx(hProcess, NULL, iSize, MEM_COMMIT, PAGE_READWRITE);
    129.  
    130.     if (!hLibRemote)
    131.     {
    132.         MessageBox(GetForegroundWindow(), L"Unable to allocate memory in the target process.\nPlease make sure you are running the program with Administrator privileges.", L"rzInject", MB_OK | MB_ICONEXCLAMATION);
    133.         return 0;
    134.     }
    135.  
    136.     if (!WriteProcessMemory(hProcess, hLibRemote, szTargetLib.c_str(), iSize, NULL))
    137.     {
    138.         MessageBox(GetForegroundWindow(), L"Unable to write to target process memory.\nPlease make sure you are running the program with Administrator privileges.", L"rzInject", MB_OK | MB_ICONEXCLAMATION);
    139.         return 0;
    140.     }
    141.  
    142.     HMODULE hKernel32 = GetModuleHandle(L"Kernel32");
    143.     if (!hKernel32)
    144.     {
    145.         MessageBox(GetForegroundWindow(), L"Unable to resolve kernel32.dll.", L"rzInject", MB_OK | MB_ICONEXCLAMATION);
    146.         return 0;
    147.     }
    148. #ifdef _UNICODE
    149.     PTHREAD_START_ROUTINE pfnLoadLibrary = reinterpret_cast<PTHREAD_START_ROUTINE>(GetProcAddress(hKernel32, "LoadLibraryW"));
    150. #else
    151.     PTHREAD_START_ROUTINE pfnLoadLibrary = reinterpret_cast<PTHREAD_START_ROUTINE>(GetProcAddress(hKernel32, "LoadLibraryA"));
    152. #endif
    153.  
    154.     if (!pfnLoadLibrary)
    155.     {
    156.         MessageBox(GetForegroundWindow(), L"Unable to resolve LoadLibrary().", L"rzInject", MB_OK | MB_ICONEXCLAMATION);
    157.         return 0;
    158.     }
    159.  
    160.     HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, pfnLoadLibrary, hLibRemote, 0, NULL);
    161.  
    162.     if (!hThread)
    163.     {
    164.         MessageBox(GetForegroundWindow(), L"Unable to create thread in the target process.\nPlease make sure you are running the program with Administrator privileges.", L"rzInject", MB_OK | MB_ICONEXCLAMATION);
    165.         return 0;
    166.     }
    167.  
    168.     WaitForSingleObject(hThread, INFINITE);
    169.  
    170.     return 0;
    171. }
    172.  
    173. int WINAPI WinMain(HINSTANCE, HINSTANCE, LPSTR, int)
    174. {
    175.     HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)rzInjectThread, NULL, NULL, NULL);
    176.     WaitForSingleObject(hThread, INFINITE);
    177.     return 0;
    178. }
    179.  
    Usage: Put these files in a Win32 Project and build. Whatever the executable is named (example: rzInject.exe) it will attempt to read rzInject.cfg (which has the target process name, ex: notepad.exe) to find the target process, and then load rzInject.dll (or whatever your exe is named.dll) into the target process.

    Not the best code I've ever written, but it works.
     
  11. DarkSpace

    DarkSpace Well-Known Member Coder

    Thanks Matt. i'll see what i can do with that code =D
    looks good thouugh =P
     

Share This Page