Inject code to another process

This is a discussion on Inject code to another process within the Windows Programming forums, part of the Platform Specific Boards category; I use Borland C++ Builder 6.0 I got problem when try inject my code to process, the process will crash ...

  1. #1
    Registered User
    Join Date
    Mar 2008
    Posts
    9

    Inject code to another process

    I use Borland C++ Builder 6.0
    I got problem when try inject my code to process, the process will crash
    Here is my code:
    Code:
    static DWORD WINAPI Run(LPCVOID lpParam)
    {
    	DWORD *Param = (DWORD*) lpParam;
    	DWORD x		= *Param;
    	DWORD y		= *(Param+1);
    	DWORD z		= *(Param+2);
    	DWORD fly	= 0;
    	__try
    	{
    		_asm
    		{   pushad;
    		mov edx, 009271B4h;
    		mov ecx, dword ptr[edx];
    		mov edx, dword ptr[ecx+1Ch];
    		mov esi, dword ptr[edx+20h];
    		mov ecx, dword ptr[esi+0BC8h];
    		mov        eax,dword ptr [esi+0x5E8];
    		cmp        eax,2;
    		jnz        next;
    		mov        fly,1;
    next:
    		push 1;
    		mov edx,45DC10h;
    		call edx;
    		mov edi, eax;
    		push Param;
    		push fly;
    		mov ecx,edi;
    		mov edx, 461660h;
    		call edx;
    		push 0;
    		push 1;
    		push edi;
    		push 1;
    		mov ecx, dword ptr[esi+0BC8h];
    		mov edx, 45E010h;
    		call edx;
    		popad;
    		}
    	}
    	__except(1)
    	{
    	}
    	return 0;
    }
    And I call it like this:

    Code:
    			//Remote Thread Handle
    			HANDLE hProcess=NULL;
    			//Inject Thread handle
    			HANDLE hThread=NULL;
    			//Inject Fuction Address after allocate
    			LPVOID ThreadCodeAddr=NULL;
    			//Inject Function
    			LPVOID Func=Run;
    			//Inject Fuction Stack Address after allocate
    			LPVOID ThreadDataAddr=NULL;
    			//Inject Fuction Stack Data
    			LPCVOID lpParam;
    			DWORD Value = 0;
    			//lpParam = &Value;
    			float Param[3];
    			lpParam = &Param[0];
    			windowHandle = FindWindow(0,strBuff.c_str() );
                            DWORD PIDB;
    			::GetWindowThreadProcessId(windowHandle,&PIDB);
    			hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE,PIDB);
    			if (!hProcess)
    			{
    				//Error(_T("OpenProcess"));
    				return;
    			}
    			//------------------
    			Param[0] = 1;
    			Param[1] = 2;
    			Param[2] = 3;
    			//------------------
    
    
    			ThreadCodeAddr=VirtualAllocEx(hProcess, NULL, 4096, MEM_COMMIT, PAGE_READWRITE);
    			ThreadDataAddr=VirtualAllocEx(hProcess, NULL, 256, MEM_COMMIT, PAGE_READWRITE);
    			WriteProcessMemory (hProcess, ThreadCodeAddr, Func, 4096, NULL); 
    			WriteProcessMemory (hProcess, ThreadDataAddr, lpParam, 256, NULL);
    			hThread = CreateRemoteThread(hProcess, NULL, NULL,(LPTHREAD_START_ROUTINE)ThreadCodeAddr, ThreadDataAddr, NULL, NULL); 
    			if (!hThread)
    			{
    				//Error(_T("CreateRemoteThread"));
    				return;
    			}
    			else
    				WaitForSingleObject(hThread, INFINITE);
    			CloseHandle(hThread);
    			VirtualFreeEx(hProcess, ThreadCodeAddr, 4096, MEM_RELEASE);
    			VirtualFreeEx(hProcess, ThreadDataAddr, 256, MEM_RELEASE);
    			CloseHandle(hProcess);
    I have set SetPrivilege before:

    Code:
    BOOL TForm1::SetPrivilege(
    								   HANDLE hToken,          // access token handle
    								   LPCTSTR lpszPrivilege,  // name of privilege to enable/disable
    								   BOOL bEnablePrivilege   // to enable or disable privilege
    								   )
    {
    	TOKEN_PRIVILEGES tp;
    	LUID luid;
    
    	if ( !LookupPrivilegeValue(
    		NULL,            // lookup privilege on local system
    		lpszPrivilege,   // privilege to lookup
    		&luid ) )        // receives LUID of privilege
    	{
    #ifdef WLOG
    		Log(true,_T("LookupPrivilegeValue"));
    #endif
    		return FALSE;
    	}
    
    	tp.PrivilegeCount = 1;
    	tp.Privileges[0].Luid = luid;
    	if (bEnablePrivilege)
    		tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    	else
    		tp.Privileges[0].Attributes = 0;
    
    	// Enable the privilege or disable all privileges.
    
    	if ( !AdjustTokenPrivileges(
    		hToken, 
    		FALSE,
    		&tp, 
    		sizeof(TOKEN_PRIVILEGES), 
    		(PTOKEN_PRIVILEGES) NULL, 
    		(PDWORD) NULL) )
    	{ 
    #ifdef WLOG
    		Log(true,_T("AdjustTokenPrivileges\n"));
    #endif
    		return FALSE; 
    	} 
    
    	if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
    	{
    #ifdef WLOG
    		Log(true,_T("The token does not have the specified privilege."));
    #endif
    		return FALSE;
    	} 
    
    	return TRUE;
    }
    Finally i combine it by release mode

    Can someone help me?
    Thank you

  2. #2
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,667
    If you need help, then you will have to first explain why you want to do this. Forum rules.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  3. #3
    Super Moderator VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,596
    5. Messages relating to cracking, (erroneously called "hacking" by many), copyright violations, or other illegal activities will be deleted. Due to the overlapping boundaries of code with malicious intent, and other legitimate uses of it, the moderators will assess each potential infraction on a case by case basis.
    Closed until intentions can be verified. To the OP feel free to PM any one of the mods about why you want to learn how to do this and based on your reasons we may or may not re-open the thread.

  4. #4
    Registered User
    Join Date
    Mar 2008
    Posts
    9
    Iam sorry about ruler i dont know it
    Anh now if you want to know:

    This is the program I write to auto in my game
    At you see
    static DWORD WINAPI Run(LPCVOID lpParam)

    is the function i use to call the func game, effect is:
    make charactor fly to another coordinate

    Clear more is:
    When i put my main account auto train , i'll have another account fly follow me to heal HP
    So i must make my Buff acc follow main acc
    So I'll read Main's coordinate first and give it to mybuff account (use injtect code to call func game) it'll make my buff account move.

  5. #5
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,592
    Help me with PostMessage to send ALT+Key
    Given that they seem to be trying to write some bot which will both cheat on a game, and also hide the evidence from his boss, I'm going with "not a cat in hell's chance".

    It's looking highly dubious on 2 fronts.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  6. #6
    Registered User
    Join Date
    Mar 2008
    Posts
    9
    Yes, i continued write bot in that game.
    But i think, here is the forum about programing, i dont make virus or keylog to steel something,
    I just need help about programing at you see

    Well i dont know this forum not allow to ask about auto bot.
    Sorry if i please you.

  7. #7
    Super Moderator VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,596
    Ok I'll close it for sure now. Guess I forgot to close the thread after posting.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Help with understanding C code in my text
    By mothergoose729 in forum C Programming
    Replies: 1
    Last Post: 03-19-2009, 12:43 PM
  2. Binary Search Trees Part III
    By Prelude in forum A Brief History of Cprogramming.com
    Replies: 16
    Last Post: 10-02-2004, 03:00 PM
  3. how to write code about delete process?
    By cc246 in forum C++ Programming
    Replies: 2
    Last Post: 04-15-2003, 08:23 PM
  4. Interface Question
    By smog890 in forum C Programming
    Replies: 11
    Last Post: 06-03-2002, 05:06 PM
  5. Replies: 4
    Last Post: 01-15-2002, 11:04 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21