Im new to the world of hooking

I've seen a couple of tutorials and I'm still having trouble getting things to work(i guess).

What I am trying to do is inject a dll, what I mainly wanted was to inject assembly code into a game that I have, so I simply want to modify the game while its running,
I was thinking not to use a dll injection if that was possible, which for me this far have seem almost impossible.

I got the process and the right module of the process I want to inject into, this is my following code for the injection:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
bool Testobj::injectDLL(string moduleName)
{
	if(!this->gotHandle())
		return false;

	HANDLE hThread;
	void* pLibRemote;
	HMODULE hKernel32 = GetModuleHandle("Kernel32");
	DWORD hLibModule;

	if(!hKernel32)
		return false;

	pLibRemote = VirtualAllocEx(this->hProcess, NULL, moduleName.size(), MEM_COMMIT, PAGE_READWRITE);
	WriteProcessMemory( this->hProcess, pLibRemote, (void*)moduleName.c_str(), moduleName.size(), NULL );

	hThread = CreateRemoteThread(this->hProcess, NULL, 0, (LPTHREAD_START_ROUTINE) GetProcAddress(hKernel32, "LoadLibraryA"), pLibRemote, 0, NULL);
	if(!hThread)
		return false;

	WaitForSingleObject( hThread, INFINITE );
	GetExitCodeThread( hThread, &hLibModule );

	CloseHandle( hThread );
	VirtualFreeEx( this->hProcess, pLibRemote, moduleName.size(), MEM_RELEASE );

	return true;
}


However the problem may be in my dll, since I havn't done much with dlls before.
Anyhow this is my dllcode:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
bool APIENTRY DllMain ( HANDLE hModule, DWORD reason, LPVOID lpReserved)
{
	switch(reason)
	{
		case DLL_PROCESS_ATTACH:
			dllAttach(hModule);
			break;
		case DLL_PROCESS_DETACH:
			dllDetach(hModule);
			break;
		default:
			return false;
	}

	return true;
}

bool dllAttach(HANDLE hModule)
{
	return true;
}

bool dllDetach(HANDLE hModule)
{
	
	return true;
}


Everything compiles perfectly fine, and the injectDLL returns true.
I also want to point out that this is not for evil, only for a singleplayer game, and to get to know how to call functions and to learn a little further how things work.
I didn't test your code, and I might be wrong, but it looks like the problem is on line 17 of the injector code. You're using the address of LoadLibraryA from your injector's process, but trying to call it in the game's process. Kernel32.dll could be loaded at a different place in the game's process, so CreateRemoteThread isn't calling LoadLibraryA in the game's process; it's calling a random location in the game's memory.
Last edited on
You need to allocate an extra byte for the NULL char because C-strings are NULL-terminated.
Just from personal experiance, I learned a ton about code injection just from injecting into Notepad. There's really no reason to startup an entire game if all you're trying to learn are the basics.

Now, on to your issues:

- Line 14 in your "injectDLL(...)" member function, for the third argument you are passing the length of the string that indicates the name of the DLL. This will NOT be the same size of the DLL you are trying to write into the target process. This argument needs to be at least the size of the data you are writing into the target process in bytes rounded up to the nearest page size (the rounding is done automatically for you). I'm surprized that you would create an object but not use "sizeof(MyObject)" for this argument. I'm going to guess that the target application crashes? This is why.

- Line 15 you are making the same mistake here that you made on Line 14. This should be the size of the memory block you need in order to write your code.

- Line 25 needs to be adjusted for size as well. If your application didn't crash you would have seen the "memory leak" this produces.

I'm not too experianced at DLL injection but I have made a working custom class for Thread injection, it's too buggy for my pride to allow me to give it away but I can answer a lot of questions about the concept.
Last edited on
Topic archived. No new replies allowed.