Thread: Inject code to another process

I use Borland C++ Builder 6.0
I got problem when try inject my code to process, the process will crash
Here is my code:

Code:

static DWORD WINAPI Run(LPCVOID lpParam)
{
	DWORD *Param = (DWORD*) lpParam;
	DWORD x		= *Param;
	DWORD y		= *(Param+1);
	DWORD z		= *(Param+2);
	DWORD fly	= 0;
	__try
	{
		_asm
		{   pushad;
		mov edx, 009271B4h;
		mov ecx, dword ptr[edx];
		mov edx, dword ptr[ecx+1Ch];
		mov esi, dword ptr[edx+20h];
		mov ecx, dword ptr[esi+0BC8h];
		mov        eax,dword ptr [esi+0x5E8];
		cmp        eax,2;
		jnz        next;
		mov        fly,1;
next:
		push 1;
		mov edx,45DC10h;
		call edx;
		mov edi, eax;
		push Param;
		push fly;
		mov ecx,edi;
		mov edx, 461660h;
		call edx;
		push 0;
		push 1;
		push edi;
		push 1;
		mov ecx, dword ptr[esi+0BC8h];
		mov edx, 45E010h;
		call edx;
		popad;
		}
	}
	__except(1)
	{
	}
	return 0;
}

And I call it like this:

Code:

			//Remote Thread Handle
			HANDLE hProcess=NULL;
			//Inject Thread handle
			HANDLE hThread=NULL;
			//Inject Fuction Address after allocate
			LPVOID ThreadCodeAddr=NULL;
			//Inject Function
			LPVOID Func=Run;
			//Inject Fuction Stack Address after allocate
			LPVOID ThreadDataAddr=NULL;
			//Inject Fuction Stack Data
			LPCVOID lpParam;
			DWORD Value = 0;
			//lpParam = &Value;
			float Param[3];
			lpParam = &Param[0];
			windowHandle = FindWindow(0,strBuff.c_str() );
                        DWORD PIDB;
			::GetWindowThreadProcessId(windowHandle,&PIDB);
			hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE,PIDB);
			if (!hProcess)
			{
				//Error(_T("OpenProcess"));
				return;
			}
			//------------------
			Param[0] = 1;
			Param[1] = 2;
			Param[2] = 3;
			//------------------


			ThreadCodeAddr=VirtualAllocEx(hProcess, NULL, 4096, MEM_COMMIT, PAGE_READWRITE);
			ThreadDataAddr=VirtualAllocEx(hProcess, NULL, 256, MEM_COMMIT, PAGE_READWRITE);
			WriteProcessMemory (hProcess, ThreadCodeAddr, Func, 4096, NULL); 
			WriteProcessMemory (hProcess, ThreadDataAddr, lpParam, 256, NULL);
			hThread = CreateRemoteThread(hProcess, NULL, NULL,(LPTHREAD_START_ROUTINE)ThreadCodeAddr, ThreadDataAddr, NULL, NULL); 
			if (!hThread)
			{
				//Error(_T("CreateRemoteThread"));
				return;
			}
			else
				WaitForSingleObject(hThread, INFINITE);
			CloseHandle(hThread);
			VirtualFreeEx(hProcess, ThreadCodeAddr, 4096, MEM_RELEASE);
			VirtualFreeEx(hProcess, ThreadDataAddr, 256, MEM_RELEASE);
			CloseHandle(hProcess);

I have set SetPrivilege before:

Code:

BOOL TForm1::SetPrivilege(
								   HANDLE hToken,          // access token handle
								   LPCTSTR lpszPrivilege,  // name of privilege to enable/disable
								   BOOL bEnablePrivilege   // to enable or disable privilege
								   )
{
	TOKEN_PRIVILEGES tp;
	LUID luid;

	if ( !LookupPrivilegeValue(
		NULL,            // lookup privilege on local system
		lpszPrivilege,   // privilege to lookup
		&luid ) )        // receives LUID of privilege
	{
#ifdef WLOG
		Log(true,_T("LookupPrivilegeValue"));
#endif
		return FALSE;
	}

	tp.PrivilegeCount = 1;
	tp.Privileges[0].Luid = luid;
	if (bEnablePrivilege)
		tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
	else
		tp.Privileges[0].Attributes = 0;

	// Enable the privilege or disable all privileges.

	if ( !AdjustTokenPrivileges(
		hToken, 
		FALSE,
		&tp, 
		sizeof(TOKEN_PRIVILEGES), 
		(PTOKEN_PRIVILEGES) NULL, 
		(PDWORD) NULL) )
	{ 
#ifdef WLOG
		Log(true,_T("AdjustTokenPrivileges\n"));
#endif
		return FALSE; 
	} 

	if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
	{
#ifdef WLOG
		Log(true,_T("The token does not have the specified privilege."));
#endif
		return FALSE;
	} 

	return TRUE;
}

Finally i combine it by release mode

Can someone help me?
Thank you

5. Messages relating to cracking, (erroneously called "hacking" by many), copyright violations, or other illegal activities will be deleted. Due to the overlapping boundaries of code with malicious intent, and other legitimate uses of it, the moderators will assess each potential infraction on a case by case basis.

Closed until intentions can be verified. To the OP feel free to PM any one of the mods about why you want to learn how to do this and based on your reasons we may or may not re-open the thread.

Iam sorry about ruler i dont know it
Anh now if you want to know:

This is the program I write to auto in my game
At you see
static DWORD WINAPI Run(LPCVOID lpParam)

is the function i use to call the func game, effect is:
make charactor fly to another coordinate

Clear more is:
When i put my main account auto train , i'll have another account fly follow me to heal HP
So i must make my Buff acc follow main acc
So I'll read Main's coordinate first and give it to mybuff account (use injtect code to call func game) it'll make my buff account move.

Yes, i continued write bot in that game.
But i think, here is the forum about programing, i dont make virus or keylog to steel something,
I just need help about programing at you see

Well i dont know this forum not allow to ask about auto bot.
Sorry if i please you.

Ok I'll close it for sure now. Guess I forgot to close the thread after posting.