Welcome to the UnKnoWnCheaTs - Multiplayer Game Hacks and Cheats.
You have to register before you can post and see and access any of the advanced forum features, please click the register link to proceed to the registration form. To start viewing threads or posts, select a forum that you want to visit from the selection below.
C and C++ hacking programming reversing
You are Unregistered, please register to gain Full access.
This is an injector i coded entirely myself, customizable for ease of use when debugging games (no need to make a new injector )
README (Hello section)
Quote:
Hello members, thanks for picking up a copy of this software.
I would first like to make it clear that you must read "LICENSE" to continue,
and to please not use this software maliciously.
Now that, that is over i can explain what this source code and binary does,
it is a configurable injector with parameters set in the XML files to control its actions.
You can attach your module to any process name you wish, with two very different methods.
Method "FILE":
Classic remote-code allocation stub to call LoadLibraryW. . .simple and effective,
works confirmed on Windows XP+ (Vista, 7 compatible)
Method "MEMORY:"
"Manual mapping" they call it, but this is a cleaned up version of any previous code,
this manually maps your file by reading it, then mapping the buffer into the executable's memory space,
after which it manually fixes relocations, imports, etc, and nearly nothing can stop you,
a special warning however, this module has a chance of being injected multiple times if not controlled.
This is like DLL injection with PEB/LDR and NtQueryVirtualMemory hiding all in one.
I would also like to mention this new* code was based off of "Darwak"'s previous works.
( * = Version 1 of "CNTLoader" )
Included are 3 main folders,
"bin", "src" and "archive",
"src" contains three source codes:
Configurable_Injector
(coded in .NET, this loads the XML file, displays the window on the screen), the actual injection routine is not in this file.
util
This contains all of the actual technical code, it is coded in C++ (native)
test_module
This is a simple test-module source code, pops up a message box.
Configurable_Injector.exe
This is the executable to run (injector)
utility_public.dll
This is your compiled utility DLL, this module holds the actual injection code (and is loaded by Configurable_Injector.exe)
config.xml
This is the injectors configuration file, this file controls the main functionality of the injector. In this you can set window names, window class names, process names to inject into, message(s) of the day, and whatever else you add.
<mod>
this setting is the module name you wish to inject, this module MUST be in the same folder as the injector.
<exe>
This is the executable to inject into, if you wish to exclude the executable from the process enumeration then just leave this blank, like this:
Code:
<exe></exe>
<win>
This is window name to inject into, if you wish to exclude the window name from the process enumeration then just leave this blank, like this:
Code:
<win></win>
<cls>
This is the window class name to inject into, if you wish to exclude the class name from the process enumeration then just leave this blank, like this:
Code:
<cls></cls>
<inj>
This is the injection method you want, "MEMORY" or "FILE", otherwise defaulted to "FILE".
<motd>
These are sets of random quotes and things to display in the executable, they serve no real purpose other than reppin yo shit son
"Those who seek revenge must dig two graves, one for his enemy and another for himself."
On the internet I will - in no shape or form - take personal offence to peoples comments, idea's or views, I assume the people who I reply to won't either.
Its good but requires fixes, i use D3DXCreateFontA in one of my programs and it can not locate an import for it, i could try loading it as well though (just add in a LoadLibraryA call)
edit, fix is here:
replace,
PHP Code:
FARPROC CNTLoader::GetRemoteProcAddress( const char *szModule, const char *szFunction ) { unsigned long LocalModule = ( unsigned long )GetModuleHandleA( szModule );
with
PHP Code:
FARPROC CNTLoader::GetRemoteProcAddress( const char *szModule, const char *szFunction ) { unsigned long LocalModule = ( unsigned long )LoadLibraryA( szModule );
Pretty awesome Injector. I don't mean to hijack your thread but i've been reading through Darwak's ManualMap class and trying to port it to C# (using fully managed code) but, after I have the first ImageImportDescriptor I try to get the name of the first module and it ends up being a random list of characters (the same every time). Here is my code, I know that i'm not looping through all of them but i just want to see if I can get the first one:
My source should help you with that, especially imports...if you look in the "util" directory,
and there is a folder called "BETA_CODE" or something, i walk the imports list remotely in there.
edit: SPECIAL NOTE!!!!
Compile your modules with /MT (Multi-threaded, NOT Multi-threaded DLL) and compile your modules with C++ Exceptions DISABLED.
There is still some other stuff im finding out as i go along..
You name the file "WALK_IMPORTS" However, I fail to see even the word "import" in that text document.
EDIT: I just realised how harsh that sounds, don't take it that way!
EDIT #2: After getting the address of the ImageImportDescriptor, can I marhsal the IMAGE_IMPORT_DESCRIPTOR structure right at that address or do I have to do something like offset it by 1 byte? (I'm pretty sure I don't but it could be one of those things that you have to double check)
EDIT #3: I keep thinking of things that happened when I used Darwak's code, sometimes programatically(manually) injecting the dll into a process will screw it up and cause the module to call the wrong functions. For Example: In Counter-Strike Source since it comes with a SDK you can link two functions named "RandomSeed" and "RandomFloat" but because of the way manually mapping the dll works you will need to get the addresses of these functions on runtime by using GetProcAddress. (Just a tip if people's hacks start crashing randomly after injecting with the manual method)
Yes there is quite a few problems, although, this fixes "odd" imports quite well i think.
I am SURE you can't build hacks as 'normally' as you would otherwise, i am using it to rebuild my MW2 hack atm, and i am crashing at every twist and turn (but there is usually a "hotfix" for it)
a) read/write memory
b) allocate/deallocate memory
c) read files
it should be entirely possible.
Another special note:
Quote:
Normally, __security_init_cookie is called by the CRT when it starts up. If you bypass CRT initialization (for example, by writing a DLL and specifying an entry-point with /ENTRY), then you must call __security_init_cookie yourself.
call this in your manual mapped module, because the TLS callback for "DllEntryPoint"
there is also the matter of:
PHP Code:
int __fastcall __DllMainCRTStartup(void *a1, DWORD a2, HINSTANCE hinstDLL)
which is also called in DllEntryPoint, so, i am making a new function to resolve and call these thanks to learn_more's advice.
)
17 AM) uNrEaL: One man's slap in the face is another man's slit throat
