LCKB ** OLD LCKB DATABASE ** Programmers Gateway Coders Talk v
GameServer DLL

Linear Mode
GameServer DLL
someone Offline
Senior Member
****
Posts: 313
Threads: 20
Thanks Received: 0 in 0 posts
Thanks Given: 0
Joined: Jul 2011
Reputation: 0
#6
10-10-2012, 08:25 PM

Read this tutorial first 2

Simple hook without patching the DLL file.

1)First thing you will need to create a DLL.

2)You will need to read on these functions

- OpenProcess

- CloseHandle

- WriteProcessMemory

- ReadProcessMemory

- VirtualAllocEx

- CreateRemoteThread

- WaitForSingleObject

- GetExitCodeThread

- VirtualFreeEx

 

3)You would need to know some ASM + Debugging

 

Basic Hooking:

int iPid = FindProcess("GameServer.exe");
//open the process for read and write
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, true, iPid);
if(!hProcess){
//error could not open the process
return -1;
}

//allocate space for the code section(here will be your code)
DWORD dwMemCode =(DWORD) VirtualAllocEx(hProcess, NULL, 0x100, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READ);
if(!dwMemCode){
//error could not allocate memory
return -1;
}

//allocate space for the Data section(here will be your variables and strings)
DWORD dwMemData =(DWORD) VirtualAllocEx(hProcess, NULL, 0x100, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if(!dwMemData){
//error could not allocate memory
return -1;
}

//writing the dll path to the process memory for your functon to find it
char sDllPath[] = "C:\\MyHook.dll";
if(!WriteProcessMemory(hProcess,(LPVOID)dwMemData, sDllPath ,strlen(sDllPath), NULL)){
printf("errot could not write to memory");
return -1;
}

//create a remote Thread that will run on the process
//the remote thread is the function LoadLibraryA and as parameter is the sDllPath in theprocess memory
HANDLE hRemoteThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibraryA,(LPVOID)dwMemData,NULL, NULL);

//wait till the thread finishes
DWORD dwRet = WaitForSingleObject(hRemoteThread, INFINITE);
if(dwRet){
// if anything other then WAIT_OBJECT_0 close app
return -1;
}

//get the return code of the function loaded in CreateRemoteThread(LoadLibraryA)
DWORD hLibModule;
if(!GetExitCodeThread(hRemoteThread, &hLibModule)){
return -1;
}

//check if it returned correct
if(!hLibModule){
//could not attach the dll hook to the process
//either you didn't give a good path to the Dll, etc
return 1;
}
//close the thread
CloseHandle(hRemoteThread);

//do other operations

//At app Closing
//free the memory
VirtualFreeEx(hProcess,(LPVOID) dwMemCode, 0, MEM_RELEASE);
VirtualFreeEx(hProcess,(LPVOID) dwMemData, 0, MEM_RELEASE);

//close the process
CloseHandle(hProcess); //Close Handle

Find


Messages In This Thread
[No subject] - by CyberClaus - 10-09-2012, 08:04 AM
[No subject] - by filix_93 - 10-09-2012, 06:02 PM
[No subject] - by Nikolee - 10-09-2012, 09:48 PM
[No subject] - by hunsolo - 10-09-2012, 10:56 PM
[No subject] - by CyberClaus - 10-10-2012, 04:51 AM
[No subject] - by someone - 10-10-2012, 08:25 PM
[No subject] - by CyberClaus - 10-12-2012, 02:40 PM
[No subject] - by CyberClaus - 10-12-2012, 02:45 PM
[No subject] - by someone - 10-12-2012, 04:06 PM
[No subject] - by CyberClaus - 10-12-2012, 06:29 PM
[No subject] - by someone - 10-12-2012, 06:39 PM
[No subject] - by CyberClaus - 10-12-2012, 06:53 PM
[No subject] - by Nikolee - 10-13-2012, 11:44 AM
[No subject] - by HateMe - 10-13-2012, 12:04 PM
[No subject] - by CyberClaus - 10-13-2012, 12:28 PM
[No subject] - by Nikolee - 10-13-2012, 12:32 PM
[No subject] - by HateMe - 10-13-2012, 12:40 PM
[No subject] - by CyberClaus - 10-14-2012, 09:52 AM
[No subject] - by Nikolee - 10-14-2012, 12:31 PM
[No subject] - by HateMe - 10-14-2012, 12:40 PM
[No subject] - by CyberClaus - 10-14-2012, 01:00 PM
[No subject] - by CyberClaus - 10-14-2012, 03:36 PM
[No subject] - by CyberClaus - 10-15-2012, 08:01 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)