Thread: DLL Injection, Help please

  1. 05-04-2010 #1
    AlexWu
    AlexWu is offline
    Registered User
    Join Date
    May 2010
    Posts
    15

    DLL Injection, Help please

    This code made for DLL injection to a MineSweeper Game.
    What it does is: Set Timer from 20 seconds to 100 seconds.
    My problem is that it only executes once and it doesn’t work on the 2nd try, please help. I want this code to work every time you reset your game.


    Code:
    #include <windows.h>
 //Define variables
DWORD ThreadID;
int *time = (int*)0x0100579C; 
 DWORD WINAPI changeTime(LPVOID lParam) {
while(1)
if(*time >= 20) { 
*time = 100; 
return 0;
}
}
BOOL APIENTRY DllMain(HINSTANCE hDll, DWORD callReason, LPVOID lpReserved) {
 if(callReason == DLL_PROCESS_ATTACH) {
             CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&changeTime, 0, 0, &ThreadID);
 }    
 return 1;
}
  2. 05-04-2010 #2
    brewbuck
    brewbuck is offline
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    No way in hell would that ever work. Nothing ever calls changeTime(). Although the basic structure of your DLL injection is there. As this can be used for quite nefarious purposes, I'll leave it there. If you can figure it out based on what you can find online by yourself, you deserve it. Otherwise, not.

    Some moderator might take issue with this topic, but they can scold me later. Hacking Windows Minesweeper? Come on, that's like required reading for being a true geek.

    EDIT: okay, okay, my comments include some deliberate obscurity and inaccuracy. we have to keep the game interesting, right?
    Last edited by brewbuck; 05-04-2010 at 10:01 PM.
    Code:
    //try
//{
	if (a) do { f( b); } while(1);
	else   do { f(!b); } while(1);
//}
  3. 05-04-2010 #3
    AlexWu
    AlexWu is offline
    Registered User
    Join Date
    May 2010
    Posts
    15
    it already works(try it if you want), how to loop injected dll's tasks?
  4. 05-04-2010 #4
    brewbuck
    brewbuck is offline
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by AlexWu View Post
    it already works(try it if you want), how to loop injected dll's tasks?
    Okay, big hint. Bigger than is probably necessary. Do you think that the "int *time" variable maybe should be declared as volatile? Also, how do you expect the loop to continue when it included a return statement?

    BTW, hard-coding the vmaddr is simply bad form. Yuck.
    Code:
    //try
//{
	if (a) do { f( b); } while(1);
	else   do { f(!b); } while(1);
//}
  5. 05-04-2010 #5
    AlexWu
    AlexWu is offline
    Registered User
    Join Date
    May 2010
    Posts
    15
    Tried still works on the 1st try only :\
  6. 05-05-2010 #6
    AlexWu
    AlexWu is offline
    Registered User
    Join Date
    May 2010
    Posts
    15
    Guys, can someone help me how to loop my program without breaking it please?
  7. 05-05-2010 #7
    brewbuck
    brewbuck is offline
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by AlexWu View Post
    Guys, can someone help me how to loop my program without breaking it please?
    Dude, your loop HAS A RETURN STATEMENT IN IT.
    Code:
    //try
//{
	if (a) do { f( b); } while(1);
	else   do { f(!b); } while(1);
//}
  8. 05-05-2010 #8
    AlexWu
    AlexWu is offline
    Registered User
    Join Date
    May 2010
    Posts
    15
    I know, this is my problem.
    if i change it to "return FALSE;" dll will show error while injecting.
    How should i do it :\?
  9. 05-05-2010 #9
    brewbuck
    brewbuck is offline
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by AlexWu View Post
    I know, this is my problem.
    if i change it to "return FALSE;" dll will show error while injecting.
    How should i do it :\?
    How surprising that when you return an error code from DllMain() it results in an error. Hmm, I wonder what you should do...

    Remove the return statement, silly.
    Code:
    //try
//{
	if (a) do { f( b); } while(1);
	else   do { f(!b); } while(1);
//}
  10. 05-05-2010 #10
    AlexWu
    AlexWu is offline
    Registered User
    Join Date
    May 2010
    Posts
    15
    Love you! Is here way to give you reputation points?
  11. 05-05-2010 #11
    brewbuck
    brewbuck is offline
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by AlexWu View Post
    Love you! Is here way to give you reputation points?
    I don't think I would deserve a reputation point for pointing out that a return statement in a loop halts the loop.

    And no, there's no such system here.
    Code:
    //try
//{
	if (a) do { f( b); } while(1);
	else   do { f(!b); } while(1);
//}
  12. 05-05-2010 #12
    StainedBlue
    StainedBlue is offline
    ...and never returned. StainedBlue's Avatar
    Join Date
    Aug 2009
    Posts
    168
    Quote Originally Posted by brewbuck View Post
    BTW, hard-coding the vmaddr is simply bad form. Yuck.
    just out of curiosity, whats a better method for hooking the virtual memory (if thats whats in-fact going on here), i really dont know much about the win32 Api, but i found all this quite interesting.

    Also, from what i was reading off of msdn, it sounds like using dll-thread-attach is prerty much a dead-end for malicious dll injection. Is that true?
    goto( comeFrom() );
  13. 05-05-2010 #13
    brewbuck
    brewbuck is offline
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by StainedBlue View Post
    just out of curiosity, whats a better method for hooking the virtual memory (if thats whats in-fact going on here), i really dont know much about the win32 Api, but i found all this quite interesting.
    You have to find the address manually, but I'd at least make it a command line parameter instead of a constant in the code.

    Also, from what i was reading off of msdn, it sounds like using dll-thread-attach is prerty much a dead-end for malicious dll injection. Is that true?
    I don't know, I have no experience with the technique for malicious purposes. I've only used it for Forces Of Good.
    Code:
    //try
//{
	if (a) do { f( b); } while(1);
	else   do { f(!b); } while(1);
//}
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Dll Injection Question
    By zenox in forum C Programming
    Replies: 13
    Last Post: 03-15-2008, 10:54 AM
  2. problem- injection dll thru remotethread
    By Brij in forum Windows Programming
    Replies: 11
    Last Post: 10-30-2006, 01:45 AM
  3. dll communicating between each other
    By cloudy in forum C++ Programming
    Replies: 5
    Last Post: 06-17-2005, 02:20 AM
  4. DLL and std::string woes!
    By Magos in forum C++ Programming
    Replies: 7
    Last Post: 09-08-2004, 12:34 PM
  5. dll injection - 99% CPU Usage
    By Andrew_5342 in forum Windows Programming
    Replies: 2
    Last Post: 05-20-2003, 11:27 PM