Sign in to follow this  
Followers 0
Info

.dll Injection

25 posts in this topic

I found this UDF:

#include-once

Func _InjectDll($hWnd, $dllpath)
    ;make sure the user passed valid parameters
    If $hWnd <= 0 Then
        SetError(-1)
        Return False
    ElseIf StringLen($dllpath) <= 4 Or StringRight($dllpath, 4) <> ".dll" Then
        SetError(-2)
        Return False
    EndIf
    
    Local $pid, $pHandle, $pLibRemote, $modHandle, $LoadLibraryA, $hThread
    
    ;open dll that we'll be using
    Local $kernel32 = DllOpen("kernel32.dll")
    
    ;get the pid from the window provided
    $pid = DllCall("user32.dll", "int", "GetWindowThreadProcessId", "hwnd", $hWnd, "int_ptr", 0)
    If IsArray($pid) Then
        $pid = $pid[2]
    Else
        SetError(-3)
        Return False
    EndIf
    
    ;open the process for writing
    $pHandle = DllCall($kernel32, "int", "OpenProcess", "int", 0x1F0FFF, "int", 0, "int", $pid)
    If IsArray($pHandle) And $pHandle[0] > 0 Then
        $pHandle = $pHandle[0]
    Else
        SetError(-4)
        Return False
    EndIf
    
    $pLibRemote = DllCall($kernel32, "int", "VirtualAllocEx", "int", $pHandle, "short", 0, "int", 0x1000, "int", 0x1000, "int", 4)
    If IsArray($pLibRemote) Then
        If $pLibRemote[0] > 0 Then
            ;debug
            ConsoleWrite("0x" & Hex($pLibRemote[0], 8) & @CR)
            $pLibRemote = $pLibRemote[0]
        Else
            SetError(-5)
            Return False
        EndIf
    Else
        SetError(-6)
        Return False
    EndIf
    
    For $i = 0 To StringLen($dllpath)
        $ret = DllCall("kernel32.dll", "int", "WriteProcessMemory", "int", $pHandle, "int", $pLibRemote + $i, "int_ptr", Asc(StringMid($dllpath, $i + 1, 1)), "int", 1, "int", 0)
        If IsArray($ret) Then
            If $ret[0] = 0 Then
                SetError(-7)
                Return False
            EndIf
        Else
            SetError(-8)
            Return False
        EndIf
    Next
    
    $modHandle = DllCall($kernel32, "long", "GetModuleHandle", "str", "kernel32.dll")
    If IsArray($modHandle) Then
        If $modHandle[0] > 0 Then
            $modHandle = $modHandle[0]
        Else
            SetError(-9)
            Return False
        EndIf
    Else
        SetError(-10)
        Return False
    EndIf
    
    $LoadLibraryA = DllCall($kernel32, "long", "GetProcAddress", "long", $modHandle, "str", "LoadLibraryA")
    If IsArray($LoadLibraryA) Then
        If $LoadLibraryA[0] > 0 Then
            $LoadLibraryA = $LoadLibraryA[0]
        Else
            SetError(-11)
            Return False
        EndIf
    Else
        SetError (-12)
        Return False
    EndIf
    
    $hThread = DllCall($kernel32, "int", "CreateRemoteThread", "int", $pHandle, "int", 0, "int", 0, "long", $LoadLibraryA, "long", $pLibRemote, "int", 0, "int", 0)
    If IsArray($hThread) Then
        ConsoleWrite($hThread[0] & @CR)
        If $hThread[0] > 0 Then
            $hThread = $hThread[0]
        Else
            SetError(-13)
            Return False
        EndIf
    Else
        SetError(-14)
        Return False
    EndIf
    
    DllCall($kernel32, "int", "VirtualFreeEx", "int", $pHandle, "int", $pLibRemote, "int", 0x1000, "int", 0x8000)
    DllCall($kernel32, "int", "CloseHandle", "int", $hThread)
    DllCall($kernel32, "int", "CloseHandle", "int", $pHandle)
    
    DllClose($kernel32)
    
    Return True
EndFunc

http://www.autoitscript.com/forum/index.php?showtopic=26831

And it doesn't seem to work. >_<

Could someone help me?

Share this post


Link to post
Share on other sites



In what way does it not work?

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

_InjectDll(WinGetHandle("Space Ace"), "C:\Darkbyte Speedhack.dll")

Does not work, but Softpedia's DLL Injector does work. >_<

Edited by Info

Share this post


Link to post
Share on other sites

What is the expected result? You haven't defined how it doesn't work.

Share this post


Link to post
Share on other sites

When the dll gets injected, a GUI supposes to open and the game supposes to run with 2x speed... And it just doesn't happen.

But when I use Softpedia's DLL Injector everything is working good.

Share this post


Link to post
Share on other sites

The code you posted appears to set @error when something goes wrong. What is the value of @error after you call the function?

Share this post


Link to post
Share on other sites

It's -1. >_

Share this post


Link to post
Share on other sites

The game handle is wrong!

It want the game handle not the title!

I know, that's why I wrote:

WinGetHandle("Space Ace")

What am I doing wrong? >_<

Share this post


Link to post
Share on other sites

bump

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

Change all these "int_ptr" to "int*" I guess that it might be the problem. Ordinarily, before you test a big function you should partitioned it into small working scripts or functions.. by doing this, you'll eventually find the problem.

Edit: typo..

Edited by Authenticity

Share this post


Link to post
Share on other sites

Still not working:

_InjectDll(WinGetHandle('Space Ace'),'C:\Darkbyte speedhack.dll')
If @error Then MsgBox(16,'error',@error)
Func _InjectDll($hWnd, $dllpath)
    ;make sure the user passed valid parameters
    If $hWnd <= 0 Then
        SetError(-1)
        Return False
    ElseIf StringLen($dllpath) <= 4 Or StringRight($dllpath, 4) <> ".dll" Then
        SetError(-2)
        Return False
    EndIf
    
    Local $pid, $pHandle, $pLibRemote, $modHandle, $LoadLibraryA, $hThread
    
    ;open dll that we'll be using
    Local $kernel32 = DllOpen("kernel32.dll")
    
    ;get the pid from the window provided
    $pid = DllCall("user32.dll", "int", "GetWindowThreadProcessId", "hwnd", $hWnd, "int*", 0)
    If IsArray($pid) Then
        $pid = $pid[2]
    Else
        SetError(-3)
        Return False
    EndIf
    
    ;open the process for writing
    $pHandle = DllCall($kernel32, "int", "OpenProcess", "int", 0x1F0FFF, "int", 0, "int", $pid)
    If IsArray($pHandle) And $pHandle[0] > 0 Then
        $pHandle = $pHandle[0]
    Else
        SetError(-4)
        Return False
    EndIf
    
    $pLibRemote = DllCall($kernel32, "int", "VirtualAllocEx", "int", $pHandle, "short", 0, "int", 0x1000, "int", 0x1000, "int", 4)
    If IsArray($pLibRemote) Then
        If $pLibRemote[0] > 0 Then
            ;debug
            ConsoleWrite("0x" & Hex($pLibRemote[0], 8) & @CR)
            $pLibRemote = $pLibRemote[0]
        Else
            SetError(-5)
            Return False
        EndIf
    Else
        SetError(-6)
        Return False
    EndIf
    
    For $i = 0 To StringLen($dllpath)
        $ret = DllCall("kernel32.dll", "int", "WriteProcessMemory", "int", $pHandle, "int", $pLibRemote + $i, "int*", Asc(StringMid($dllpath, $i + 1, 1)), "int", 1, "int", 0)
        If IsArray($ret) Then
            If $ret[0] = 0 Then
                SetError(-7)
                Return False
            EndIf
        Else
            SetError(-8)
            Return False
        EndIf
    Next
    
    $modHandle = DllCall($kernel32, "long", "GetModuleHandle", "str", "kernel32.dll")
    If IsArray($modHandle) Then
        If $modHandle[0] > 0 Then
            $modHandle = $modHandle[0]
        Else
            SetError(-9)
            Return False
        EndIf
    Else
        SetError(-10)
        Return False
    EndIf
    
    $LoadLibraryA = DllCall($kernel32, "long", "GetProcAddress", "long", $modHandle, "str", "LoadLibraryA")
    If IsArray($LoadLibraryA) Then
        If $LoadLibraryA[0] > 0 Then
            $LoadLibraryA = $LoadLibraryA[0]
        Else
            SetError(-11)
            Return False
        EndIf
    Else
        SetError (-12)
        Return False
    EndIf
    
    $hThread = DllCall($kernel32, "int", "CreateRemoteThread", "int", $pHandle, "int", 0, "int", 0, "long", $LoadLibraryA, "long", $pLibRemote, "int", 0, "int", 0)
    If IsArray($hThread) Then
        ConsoleWrite($hThread[0] & @CR)
        If $hThread[0] > 0 Then
            $hThread = $hThread[0]
        Else
            SetError(-13)
            Return False
        EndIf
    Else
        SetError(-14)
        Return False
    EndIf
    
    DllCall($kernel32, "int", "VirtualFreeEx", "int", $pHandle, "int", $pLibRemote, "int", 0x1000, "int", 0x8000)
    DllCall($kernel32, "int", "CloseHandle", "int", $hThread)
    DllCall($kernel32, "int", "CloseHandle", "int", $pHandle)
    
    DllClose($kernel32)
    
    Return True
EndFunc

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

Error -1, from that code, shows that you had an invalid window handle. Are you sure the handle is right?

Also, don't bump in only 4 hours.

Edited by Richard Robertson

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

Error -1, from that code, shows that you had an invalid window handle. Are you sure the handle is right?

Yes.

_InjectDll(WinGetHandle("Space Ace"),"C:\Documents and Settings\אלון\My Documents\Downloads\Darkbyte speedhack.dll")
If @error Then MsgBox(16,"Error",@error)
Func _InjectDll($hWnd, $dllpath)
    ;make sure the user passed valid parameters
    If $hWnd <= 0 Then
        SetError(-1)
        Return False
    ElseIf StringLen($dllpath) <= 4 Or StringRight($dllpath, 4) <> ".dll" Then
        SetError(-2)
        Return False
    EndIf
    
    Local $pid, $pHandle, $pLibRemote, $modHandle, $LoadLibraryA, $hThread
    
    ;open dll that we'll be using
    Local $kernel32 = DllOpen("kernel32.dll")
    
    ;get the pid from the window provided
    $pid = DllCall("user32.dll", "int", "GetWindowThreadProcessId", "hwnd", $hWnd, "int_ptr", 0)
    If IsArray($pid) Then
        $pid = $pid[2]
    Else
        SetError(-3)
        Return False
    EndIf
    
    ;open the process for writing
    $pHandle = DllCall($kernel32, "int", "OpenProcess", "int", 0x1F0FFF, "int", 0, "int", $pid)
    If IsArray($pHandle) And $pHandle[0] > 0 Then
        $pHandle = $pHandle[0]
    Else
        SetError(-4)
        Return False
    EndIf
    
    $pLibRemote = DllCall($kernel32, "int", "VirtualAllocEx", "int", $pHandle, "short", 0, "int", 0x1000, "int", 0x1000, "int", 4)
    If IsArray($pLibRemote) Then
        If $pLibRemote[0] > 0 Then
            ;debug
            ConsoleWrite("0x" & Hex($pLibRemote[0], 8) & @CR)
            $pLibRemote = $pLibRemote[0]
        Else
            SetError(-5)
            Return False
        EndIf
    Else
        SetError(-6)
        Return False
    EndIf
    
    For $i = 0 To StringLen($dllpath)
        $ret = DllCall("kernel32.dll", "int", "WriteProcessMemory", "int", $pHandle, "int", $pLibRemote + $i, "int_ptr", Asc(StringMid($dllpath, $i + 1, 1)), "int", 1, "int", 0)
        If IsArray($ret) Then
            If $ret[0] = 0 Then
                SetError(-7)
                Return False
            EndIf
        Else
            SetError(-8)
            Return False
        EndIf
    Next
    
    $modHandle = DllCall($kernel32, "long", "GetModuleHandle", "str", "kernel32.dll")
    If IsArray($modHandle) Then
        If $modHandle[0] > 0 Then
            $modHandle = $modHandle[0]
        Else
            SetError(-9)
            Return False
        EndIf
    Else
        SetError(-10)
        Return False
    EndIf
    
    $LoadLibraryA = DllCall($kernel32, "long", "GetProcAddress", "long", $modHandle, "str", "LoadLibraryA")
    If IsArray($LoadLibraryA) Then
        If $LoadLibraryA[0] > 0 Then
            $LoadLibraryA = $LoadLibraryA[0]
        Else
            SetError(-11)
            Return False
        EndIf
    Else
        SetError (-12)
        Return False
    EndIf
    
    $hThread = DllCall($kernel32, "int", "CreateRemoteThread", "int", $pHandle, "int", 0, "int", 0, "long", $LoadLibraryA, "long", $pLibRemote, "int", 0, "int", 0)
    If IsArray($hThread) Then
        ConsoleWrite($hThread[0] & @CR)
        If $hThread[0] > 0 Then
            $hThread = $hThread[0]
        Else
            SetError(-13)
            Return False
        EndIf
    Else
        SetError(-14)
        Return False
    EndIf
    
    DllCall($kernel32, "int", "VirtualFreeEx", "int", $pHandle, "int", $pLibRemote, "int", 0x1000, "int", 0x8000)
    DllCall($kernel32, "int", "CloseHandle", "int", $hThread)
    DllCall($kernel32, "int", "CloseHandle", "int", $pHandle)
    
    DllClose($kernel32)
    
    Return True
EndFunc

The game is called "Space Ace".

Edited by Info

Share this post


Link to post
Share on other sites

Try looking at the handle returned from WinGetHandle. See if perhaps it isn't working.

Share this post


Link to post
Share on other sites

Try looking at the handle returned from WinGetHandle. See if perhaps it isn't working.

It's 0x01AC01E6.

Try AutoItSetOption("WinTitleMatchMode", 2)

Still not working. >_<

Share this post


Link to post
Share on other sites

#18 ·  Posted (edited)

im keen in this dll injecter if any1 can get it working.

how would u add a check box once its ticked it will auto inject if its not ticked u will have to click inject

Edited by hot202

Share this post


Link to post
Share on other sites

If your error is really -1, that means that something is going wrong.

The code says "If $hWnd <= 0 Then SetError(-1)" so it should only give you a -1 error if your window handle is negative or zero.

Share this post


Link to post
Share on other sites

Drop the check, test if it's now a window handle using IsHWnd() instead. There are a few examples in the Example Scripts forum about the subject, try searching there.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0