dll injection.

[syndrah]

Yes this is for a game, yes im hacking and yes this is for educational purposes to better secure my own programs in my own developement.

so here it goes.

i play Cabal Online. cabalmain.exe is the main process that i want to attach. the injector i use says its injecting just fine.

the code is as follows in my dll. debugged and compiled with no errors or warnings.

Code:

#include "stdafx.h"
#include "windows.h"
#define	ADDR_GM		0xE82198
#define	ADDR_AOE	0xEC549C
#define	ADDR_RANGE	0x10C62F8
#define	ADDR_BASE	0x0B8BBF0
#define A_PERCOMBO	0x7384
#define A_BARCOMBO	0x7384
#define A_WALKRUN	0x0204
#define A_NOPNLTY	0x4764
#define A_NODELAY	0x72D4
void Start();
int aoecheck = 1;
void Start(){
    while (1){
        if(GetKeyState(VK_F12) < 0){
			//enable
			if(aoecheck == 0){
				*(DWORD*)ADDR_GM = 2;
				*(DWORD*)ADDR_AOE = 100;
				*(DWORD*)ADDR_RANGE = 7;
				aoecheck = 1;
			//disable
			}else if(aoecheck == 1){
				*(DWORD*)ADDR_GM = 0;
				*(DWORD*)ADDR_AOE = 0;
				*(DWORD*)ADDR_RANGE = 0;
				aoecheck = 0;
			}
        }
		if(GetKeyState(VK_F11) < 0){
			int dlycheck = 1;
			if(dlycheck == 0){
				DWORD NODELAY = *(DWORD*)ADDR_BASE;*(DWORD*)(NODELAY+A_NODELAY) = 1629793;
				dlycheck = 1;
			}else if(dlycheck == 1){
				DWORD NODELAY = *(DWORD*)ADDR_BASE;*(DWORD*)(NODELAY+A_NODELAY) = 1629793;
				dlycheck = 0;
			}
		}
        DWORD BAR_COMBO = *(DWORD*)ADDR_BASE;*(DWORD*)(BAR_COMBO+A_BARCOMBO) = 0;
		DWORD VALUE_COMBO = *(DWORD*)ADDR_BASE;*(DWORD*)(VALUE_COMBO+A_PERCOMBO) = 0;
		DWORD WALKRUN = *(DWORD*)ADDR_BASE;*(DWORD*)(WALKRUN+A_WALKRUN) = 600;
		DWORD NOPNLTY = *(DWORD*)ADDR_BASE;*(DWORD*)(NOPNLTY+A_NOPNLTY) = 0;
        Sleep(1);
    }
}

now when the dll is injected and i strike f12 it SHOULD enable the 3 static addresses, to essentially enable the gm(certain flag) and thus enables aoe(area of effect) and range(use skills further).

But nothing happens. nothing at all. the injector says its injected and when i try to delete the dll it says its being used. What am i doing wrong here? ive been stuck at this for 2 months.

[Igor Vartanov]

What am i doing wrong here?

You ask here instead of using your debugger, this is what you do wrong. First thing you are to find out is if your Start really gets called.

[OReubens]

looks like a really bad way to do any sort of "messing around". There are better ways to get things done.

Additionally, the dll needs to get injected into the address space of that cabalmain.exe, not into your own exe.

my bet is on start not gettign called as well.

But additionally even if it does get called, GetKeyState() likely won't do anything since there is no guarantee you are in the UI thread, nor is there any guarantee that it gets called in the context of handling a message involving an actual keypress. Even if you COULD get that done, this is a game, so it probably uses directX to handle the keyboard, some of the games use DirectX functionality that will effectively make testing for keypresses like this not work because the directX drivers already "eat" all the keystrokes.

[syndrah]

thanks for the criticism.

cabal does use directx to map out the keyboard.

i used the f12 keystroke in hopes i can use only 1 key to enable/disable. could there be an alternativfe to toggle addresses?

Also to address the previous comment about making an address for it. please review the updated code, i simplified it just so i can get a basic change to work.

PHP Code:

#include "stdafx.h" 
#include "windows.h" 
#define    ADDR_GM     0xE82198 
#define    ADDR_AOE    0xEC549C  
int aoecheck = 1; 
void Start();
void Start(){ 
    while (1){ 
        if(GetKeyState(VK_F12) < 0){ 
            //enable 
            if(aoecheck == 0){ 
                *(DWORD*)ADDR_GM = 2; 
                *(DWORD*)ADDR_AOE = 100; 
                aoecheck = 1; 
            //disable 
            }else if(aoecheck == 1){ 
                *(DWORD*)ADDR_GM = 0; 
                *(DWORD*)ADDR_AOE = 0; 
                aoecheck = 0; 
            } 
        }
        Sleep(1); 
    } 
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ulReason, LPVOID lpReserved){ 
    if (ulReason == DLL_PROCESS_ATTACH){ 
        CreateThread(0, 0, (LPTHREAD_START_ROUTINE)Start, 0, 0, 0); 
    } 
    return TRUE; 
} 


[OReubens]

You still are using a bad principle to execute code in context of a third party host application.

DllMain is a very 'iffy' memberfunction to play around with. Read the MSDN help on this function and you'll see that what you can do in DllMain is very restricted.

You're even making the problem worse, or rather causing the problem. You are creating a new thread for running your Start(). as a result the GetKeyState() won't do anything because your newly created thread doesn't have a messageloop, and hence doesn't process any messages -> GetKeyState will never trigger.


DLL injection and doing stuff like this is "advanced stuff". It's definately not the first type project you should be tackling when developing in C++.

If you are experienced at C++/Windows and since you want to respond to keys, you should be taking a look at either Windows Hooks (See MSDN for SetWindowsHookEx() API function). But that may not be functional because of DirectX, it depends if cabalmain.exe uses the DirectInput component for handling the key or uses regular keyboard handling.

If it uses DirectInput, then what you'll need is hook directly into the DirectX API, which can be done among others with the Detours library (available for free from microsoft research).

Note that DLL injection is VERY easy to detect, and changing memory locations is equally easy to detect, if the game you're after has any reasonably advanced type of cheat detection, the above will be a surefire way to get your account banned.

[syndrah]

again, thanks for the input and criticism.

the accounts i have are throw aways. i still have my testing account for over a year using the cheat engine method. people get banned when they get stupid such as no delay and spam all their skills at once, or massive area of effect.

i am a bit new to c++ but i do have experience with web applications such as jquery, ajax, php and pearl. so i can pick up things quick.

is there a way to verify that cabal uses directinput? the f12 method for example was only merely to set a convienient way to toggle. for some addresses such as movement speed does not need to be toggled. look at example below.

PHP Code:

void Start(){
    if (*(DWORD*)ADDR_SPD >= 450){
        *(DWORD*)ADDR_SPD = 600;
    }
} 


the above will check if the speed is 450 and set it to 600, not too noticeable unless your running beside someone still at 450. but when you hop on a bike it will bring it up to 850 and thus 600 will be overridden until you get off which will restore back to 450 then 600. this address doesnt need to be toggled but rather just checked for a value then set it to something specific.

for now we can work away from keystrokes and just put in if statements.

if dllmain is not the best method to proceed which or how would you proceed? any suggestions or advice is greatly appreciated.