Valhalla Legends Forums Archive | Visual Basic Programming | DLL/Code Injection Questions

AuthorMessageTime
Anubis
Well here I am again with more questions...

I've been looking at some code and programs lately and was wondering how people are putting text inside games (StarCraft/Diablo 2). Especially when you load a maphack or something it pops up when the game starts and says "Whatever Hack by Someone loaded!". I assume this would be related to DLL or code injection.

So, my questions would be:

How would I go about finding the name of a function/API in a program (such as Diablo 2) and read what's being written in the chat (the in-game chat) and write to the screen?

How would I "inject" the code into the program? Is there a special code injector program I use to inject or make a program that does it?

Also, how would I find the names of and call certain functions within the program (like Diablo 2's character movement)?

I'm probably in way over my head since I haven't really done anything of this type, but if it's not too hard I'd like to give it a shot ;)

Any help is much appreciated, thanks.
July 14, 2004, 8:08 PM
K
To inject a dll, you need to do several things. Keep in mind that this approach (using CreateRemoteThread) will only work on windows systems that support CreateRemoteThread (NT/2000/XP or NT/2000/20003 Server)

1. obtain the handle of the process you wish to inject your DLL into. Open the process using OpenProcess with write access.
2. allocate enough memory using VirtualAllocEx to hold a string containing the path of the DLL you wish to inject.
3. use WriteProcessMemory to write the name to the newly allocated memory. (you may need to mark the memory as writable first with VirtualProtectEx)
4. call CreateRemoteThread, passing the address of LoadLibrary (which is guaranteed to be at the same address in every process space) as the function to execute, and the address where you wrote your DLL name as the argument.

hooray. you have injected your library. don't forget to delete the allocated memory with VirtualFree(ex?) when you're done.
July 14, 2004, 8:49 PM
Twix
The Best way how to find out how to inject text into a game is to load a debugger then say somthing in a game and look for it i know the offset to send text to your self for starcraft is 0x004699B0
July 14, 2004, 9:16 PM
CoorsLight
Nice detailed reply, K. Now, I'm interested in this as well; mainly for creating starcraft hacks and related programs. I have a question though. I've heard a lot about needing to inject dll's into program memory, but why? What does injecting a dll into another programs memory allow you to do? Call your own functions using the programs data as variables? I'd be using C++ to do this, but this just so happens to be in the visual basic thread.
July 15, 2004, 2:18 AM
hismajesty
You don't need to inject a DLL for a message spoofer to work.
July 15, 2004, 3:31 AM
St0rm.iD
Search for "python adder bugtraq" in Google.
July 15, 2004, 4:37 AM
UserLoser.
[quote author=K link=board=31;threadid=7704;start=0#msg70389 date=1089838182]
To inject a dll, you need to do several things. Keep in mind that this approach (using CreateRemoteThread) will only work on windows systems that support CreateRemoteThread (NT/2000/XP or NT/2000/20003 Server)

1. obtain the handle of the process you wish to inject your DLL into. Open the process using OpenProcess with write access.
2. allocate enough memory using VirtualAllocEx to hold a string containing the path of the DLL you wish to inject.
3. use WriteProcessMemory to write the name to the newly allocated memory. (you may need to mark the memory as writable first with VirtualProtectEx)
4. call CreateRemoteThread, passing the address of LoadLibrary (which is guaranteed to be at the same address in every process space) as the function to execute, and the address where you wrote your DLL name as the argument.

hooray. you have injected your library. don't forget to delete the allocated memory with VirtualFree(ex?) when you're done.
[/quote]

I couldn't get my hands on a copy of Windows 20003 Server, I just couldn't find it in the stores!
July 15, 2004, 6:27 AM
Maddox
[quote author=CoorsLight link=board=31;threadid=7704;start=0#msg70417 date=1089857899]
Nice detailed reply, K. Now, I'm interested in this as well; mainly for creating starcraft hacks and related programs. I have a question though. I've heard a lot about needing to inject dll's into program memory, but why? What does injecting a dll into another programs memory allow you to do? Call your own functions using the programs data as variables? I'd be using C++ to do this, but this just so happens to be in the visual basic thread.
[/quote]

Yes, it allows you to access the other program's functions and variables.
July 15, 2004, 8:09 AM
K
[quote author=UserLoser. link=board=31;threadid=7704;start=0#msg70461 date=1089872860]
I couldn't get my hands on a copy of Windows 20003 Server, I just couldn't find it in the stores!
[/quote]

According to inside sources, it will be available late 3rd quarter 20008.
July 15, 2004, 7:31 PM
Grok
[quote author=K link=board=31;threadid=7704;start=0#msg70554 date=1089919901]
[quote author=UserLoser. link=board=31;threadid=7704;start=0#msg70461 date=1089872860]
I couldn't get my hands on a copy of Windows 20003 Server, I just couldn't find it in the stores!
[/quote]

According to inside sources, it will be available late 3rd quarter 20008.
[/quote]

hehe
July 15, 2004, 8:50 PM

Search