Join Date: Apr 2013
Posts: 22
|
Ich habe mal eine dll erstellt, die als Schnittstelle zwischen dem Opferprogramm und meiner Anwedung dient.
Das hatte mal funktioniert aber nun gehts wieder nichtmehr -.-
Ich habe eigentlich nix daran verändert..
Und nebenbei vielleicht ein paar Tipps, was man sauberer machen kann
wäre nett von euch ^^
CPP Code: #define WIN32_LEAN_AND_MEAN #include <Windows.h> #include <tlhelp32.h> #include <wchar.h> #include <cstdarg> #include <cstdio> #define EXPORT extern "C" __declspec(dllexport) //STRUCTS struct sCreateDialog { int style; char titel[65]; char text[1000]; char button1[65]; char button2[65]; }; //GLOBALS HANDLE g_hMod = NULL; HANDLE g_hGTA = NULL; DWORD g_dwGTAPID = 0; //EXPORTS EXPORT BOOL CreateDialog(int,char*,char*,char*,char*); //style,titel,text,button1,button2 EXPORT void CreateDialogEx(LPVOID); //INTERNE FUNKTIONEN BOOL ReadProcessMemoryPointer(HANDLE, LPCVOID, LPVOID,SIZE_T,SIZE_T *, int, ...); BOOL WriteProcessMemoryPointer(HANDLE, LPVOID, LPCVOID,SIZE_T,SIZE_T *, int, ...); HANDLE getProcHandle(); BOOL checkInjected(); BOOL Inject(); HANDLE getSampBase(); DWORD getPID(); //FUNKTIONEN EXPORT BOOL CreateDialog(int style, char* titel, char* text, char* button1, char* button2) { if(!titel || !text || !button1 || !button2) return FALSE; if(style<0 || style>3 || strlen(titel)>64 || strlen(text)>999 || strlen(button1)>64 || strlen(button2)>64) return FALSE; sCreateDialog s; s.style = style; strcpy_s(s.titel,titel); strcpy_s(s.text,text); strcpy_s(s.button1,button1); strcpy_s(s.button2,button2); if(!checkInjected()) return FALSE; HANDLE hProc = getProcHandle(); if(!hProc) return FALSE; LPVOID lpAddr = VirtualAllocEx(hProc, 0, sizeof(sCreateDialog), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE); if(!lpAddr) { return FALSE; } BOOL bSuccess = WriteProcessMemory(hProc, lpAddr, (LPVOID)&s, sizeof(sCreateDialog), 0); if(!bSuccess) { return FALSE; } HANDLE hThread = CreateRemoteThread(hProc, 0, 0, (LPTHREAD_START_ROUTINE)GetProcAddress((HMODULE)g_hMod,"CreateDialogEx"), lpAddr, 0, 0); if(!hThread) { return FALSE; } WaitForSingleObject(hThread,INFINITE); CloseHandle(hThread); VirtualFreeEx(hProc,lpAddr,sizeof(sCreateDialog),MEM_RELEASE); return TRUE; } EXPORT void CreateDialogEx(LPVOID msg) { MessageBox(0,L"CreateDialogEx",0,MB_OK); if(!msg) return; sCreateDialog* sptr = (sCreateDialog*)msg; int style = sptr->style; char* titel = sptr->titel; char* text = sptr->text; char* button1 = sptr->button1; char* button2 = sptr->button2; DWORD addr = (DWORD)GetModuleHandle(L"samp.dll"); if(!addr) return; DWORD dialogptr = addr + 0x2129F8; DWORD func = addr + 0x806F0; __asm { mov eax, dword ptr[dialogptr] mov ecx, dword ptr[eax] push 0 push button2 push button1 push text push titel push style; push 0 call func } } ////////////////////////////////////////////////////////// BOOL ReadProcessMemoryPointer(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer,SIZE_T nSize,SIZE_T *lpNumberOfBytesRead, int nOffsets, ...) { if(nOffsets == 0) return ReadProcessMemory(hProcess,lpBaseAddress,lpBuffer,nSize,lpNumberOfBytesRead); va_list arguments; DWORD ptr = (DWORD)lpBaseAddress; va_start(arguments, nOffsets); for(int i=0;i<nOffsets;i++) { if( !ReadProcessMemory(hProcess,(LPVOID)ptr,&ptr,4,0) ) { va_end(arguments); return FALSE; } ptr += va_arg(arguments,DWORD); } va_end(arguments); return ReadProcessMemory(hProcess,(LPVOID)ptr,lpBuffer,nSize,lpNumberOfBytesRead); } BOOL WriteProcessMemoryPointer(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer,SIZE_T nSize,SIZE_T *lpNumberOfBytesWritten, int nOffsets, ...) { if(nOffsets == 0) return WriteProcessMemory(hProcess,lpBaseAddress,lpBuffer,nSize,lpNumberOfBytesWritten); va_list arguments; DWORD ptr = (DWORD)lpBaseAddress; va_start(arguments, nOffsets); for(int i=0;i<nOffsets;i++) { if( !ReadProcessMemory(hProcess,(LPVOID)ptr,&ptr,4,0) ) { va_end(arguments); return FALSE; } ptr += va_arg(arguments,DWORD); } va_end(arguments); return WriteProcessMemory(hProcess,(LPVOID)ptr,lpBuffer,nSize,lpNumberOfBytesWritten); } DWORD getPID() { DWORD pid; HWND hwnd = FindWindow(0,L"GTA:SA:MP"); if(!hwnd) return 0; GetWindowThreadProcessId(hwnd,&pid); if(!pid) return 0; return pid; } HANDLE getProcHandle() { DWORD pid = getPID(); if(!pid) { if(g_hGTA) //kein prozess handle aber offen { CloseHandle(g_hGTA); g_hGTA = NULL; return NULL; } return NULL; } if(pid != g_dwGTAPID) //neuer Prozess { if(g_hGTA) // Handle noch offen { CloseHandle(g_hGTA); HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid); g_hGTA = hProc; return hProc; } else //beim starten oder so { HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid); g_hGTA = hProc; return hProc; } } return g_hGTA; } HANDLE getSampBase() { DWORD dwPID = getPID(); if(!dwPID) return NULL; HANDLE hModuleSnap = INVALID_HANDLE_VALUE; MODULEENTRY32 me32; // Take a snapshot of all modules in the specified process. hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwPID ); if( hModuleSnap == INVALID_HANDLE_VALUE ) { return( 0 ); } // Set the size of the structure before using it. me32.dwSize = sizeof( MODULEENTRY32 ); // Retrieve information about the first module, // and exit if unsuccessful if( !Module32First( hModuleSnap, &me32 ) ) { CloseHandle( hModuleSnap ); // clean the snapshot object return( 0 ); } // Now walk the module list of the process, // and display information about each module do { if(wcsstr(me32.szModule,L"samp.dll")) { CloseHandle( hModuleSnap ); return me32.hModule; } } while( Module32Next( hModuleSnap, &me32 ) ); CloseHandle( hModuleSnap ); return( 0 ); } BOOL checkInjected() { DWORD dwPID = getPID(); if(!dwPID) return FALSE; WCHAR DllPath[MAX_PATH]; GetModuleFileName((HMODULE)g_hMod,DllPath,MAX_PATH); WCHAR DllName[100]; _wsplitpath_s(DllPath,0,0,0,0,DllName,100,0,0); HANDLE hModuleSnap = INVALID_HANDLE_VALUE; MODULEENTRY32 me32; // Take a snapshot of all modules in the specified process. hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwPID ); if( hModuleSnap == INVALID_HANDLE_VALUE ) { return( FALSE ); } // Set the size of the structure before using it. me32.dwSize = sizeof( MODULEENTRY32 ); // Retrieve information about the first module, // and exit if unsuccessful if( !Module32First( hModuleSnap, &me32 ) ) { CloseHandle( hModuleSnap ); // clean the snapshot object return( FALSE ); } // Now walk the module list of the process, // and display information about each module do { if(wcsstr(me32.szModule,DllName)) { CloseHandle( hModuleSnap ); return TRUE; } } while( Module32Next( hModuleSnap, &me32 ) ); CloseHandle( hModuleSnap ); return( Inject() ); } BOOL Inject() { WCHAR DllPath[MAX_PATH]; GetModuleFileName((HMODULE)g_hMod,DllPath,MAX_PATH); DWORD dwSize = (wcslen(DllPath)+1)*2; HANDLE hProc = getProcHandle(); if(!hProc) return FALSE; LPVOID lpAddr = VirtualAllocEx(hProc, 0, dwSize, MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE); if(!lpAddr) { return FALSE; } BOOL bSuccess = WriteProcessMemory(hProc, lpAddr, DllPath, dwSize, 0); if(!bSuccess) { return FALSE; } HANDLE hThread = CreateRemoteThread(hProc, 0, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(L"kernel32.dll"),"LoadLibraryW"), lpAddr, 0, 0); if(!hThread) { return FALSE; } WaitForSingleObject(hThread,INFINITE); CloseHandle(hThread); VirtualFreeEx(hProc,lpAddr,dwSize,MEM_RELEASE); return TRUE; } BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { if(ul_reason_for_call==DLL_PROCESS_ATTACH) { g_hMod = hModule; DisableThreadLibraryCalls((HMODULE)hModule); } return TRUE; }
|
Deutsch
