Jump to content
MaxCheaters Official Group on Discord
iPerfeсt development of all interfaces

[GUIDE]Injecting an x86 DLL

zlati

By zlati
in Client Development Discussion

 Share

Recommended Posts

zlati Newbie

zlati

Posted
Posted

1st Way of injecting is to use a PE editor such as Stud_PE: ( http://www.cgsoftlabs.ro/zip/Stud_PE.zip3 )

 

Open the exe in STUD_PE Exe Injector. Go to functions.

Click “Add new import”

Select “Open DLL”

Select the DLL you are going to use

Click “Select import function”

Select “DllMain@12″

Click “Add to List”

Click OK.

 

 

2nd way of injecting is to use a patcher app. Thanks to tontor for the source code. Assemble the source in MASM:

 

;Static DLL Injection for MASM by Aphex

;http://www.iamaphex.cjb.net

;unremote@knology.net

;This uses code by Yodah and Freddy K

;What this does: It forces a PE to load a DLL everytime it is ran by

;patching the actual file. No other loaders or memory injectors are needed.

 

;How it does this: It opens the PE file, adds a section to the end of the file,

;alters the entry point to execute this section first. Then the new code loads

;a dll and jumps back to the original entry point where it runs as normal. 

 

;NOTE: you must add this linker option “/SECTION:.text,RWX”

;ml.exe /coff patch.asm /link /SECTION:.text,RWX /SUBSYSTEM:WINDOWS /OPT:NOREF

.386

.model flat, stdcall

option casemap:none

include \masm32\include\windows.inc

include \masm32\include\kernel32.inc

include \masm32\include\user32.inc

includelib \masm32\lib\kernel32.lib

includelib \masm32\lib\user32.lib

 

SEH_STRUCT struct

OrgEsp dword 0

OrgEbp dword 0

SaveEip dword 0

SEH_STRUCT ends

 

.data

;——-> Path to EXE to be patched with DLL <——-

szTarget byte ‘L2Server.exe’, 0

 

.data?

dwFile dword ?

dwSize dword ?

dwBytes dword ?

dwImage dword ?

dwBuffer dword ?

dwHeader dword ?

dwLength dword ?

dwSections dword ?

 

.data

errmsg  db  ’failed to open l2server.exe’,0

sucmsg  db  ’patching l2server.exe succeeded’,0

titlemsg db  ’beepbeepboop’,0

 

.code

EntryPoint:

jmp PatchEnd

PatchBegin:

jmp SkipData

szName byte ‘.PATCH’, 2 dup (0)

szLoadLibrary byte ‘LoadLibraryA’, 0

;——-> Path to DLL to be patched into EXE <——-

szDll byte ‘patch.dll’, 0

SEH SEH_STRUCT <>

_LoadLibrary dword 0

dwKernelBase dword 0

dwEntryPoint dword 0

_DllOff dword 0

SkipData:

assume fs:NOTHING

pushad

call Root

Root:

pop ebp

sub ebp, offset Root

push dword ptr [esp + 20h]

call Base

or eax, eax

jz Return

mov [ebp + dwKernelBase], eax

lea eax, [ebp + offset szLoadLibrary]

push eax

push [ebp + dwKernelBase]

call Address

or eax, eax

jz Return

mov [ebp + _LoadLibrary], eax

lea eax, [ebp + offset szDll]

push eax

call [ebp + _LoadLibrary]

mov [ebp + offset _DllOff], eax

Return:

mov eax, [ebp + dwEntryPoint]

mov [esp + 1ch], eax

popad

jmp eax

Base:

mov edi, [esp + 4]

lea eax, [ebp + offset SehHandler]

push eax

push dword ptr fs:[0]

lea eax, [ebp + offset SEH]

assume eax:ptr SEH_STRUCT

mov [eax].OrgEsp, esp

mov [eax].OrgEbp, ebp

lea ebx, [ebp + offset Continue]

mov [eax].SaveEip, ebx

mov fs:[0], esp

assume eax:NOTHING

and edi, 0FFFF0000h

.while TRUE

.if word ptr [edi] == IMAGE_DOS_SIGNATURE

mov esi, edi

add esi, [esi + 03Ch]

.if dword ptr [esi] == IMAGE_NT_SIGNATURE

.break

.endif

.endif

Continue:

sub edi, 010000h

.if edi < 070000000h

mov edi, 0BFF70000h

.break

.endif

.endw

xchg eax, edi

pop dword ptr fs:[0]

add esp, 4

ret 4

Address:

lea eax, [ebp + offset SehHandler]

push eax

push dword ptr fs:[0]

lea eax, [ebp + offset SEH]

assume eax:ptr SEH_STRUCT

mov [eax].OrgEsp, esp

mov [eax].OrgEbp, ebp

lea ebx, [ebp + offset Continue]

mov [eax].SaveEip, ebx

mov fs:[0], esp

assume eax:NOTHING

mov esi, [esp + 0ch]

.if word ptr [esi] != IMAGE_DOS_SIGNATURE

jmp Halt

.endif

add esi, [esi + 03Ch]

.if dword ptr [esi] != IMAGE_NT_SIGNATURE

jmp Halt

.endif

mov edi, [esp + 10h]

mov ecx, 150

xor al, al

repnz scasb

mov ecx, edi

sub ecx, [esp + 10h]

mov edx, [esi + 078h]

add edx, [esp + 0ch]

assume edx:ptr IMAGE_EXPORT_DIRECTORY

mov ebx, [edx].AddressOfNames

add ebx, [esp + 0ch]

xor eax, eax

.repeat

mov edi, [ebx]

add edi, [esp + 0ch]

mov esi, [esp + 10h]

push ecx

repz cmpsb

.if zero?

add esp, 4

.break

.endif

pop ecx

add ebx, 4

inc eax

.until eax == [edx].NumberOfNames

.if eax == [edx].NumberOfNames

jmp Halt

.endif

mov esi, [edx].AddressOfNameOrdinals

add esi, [esp + 0ch]

push edx

mov ebx, 2

xor edx, edx

mul ebx

pop edx

add eax, esi

xor ecx, ecx

mov word ptr cx, [eax]

mov edi, [edx].AddressOfFunctions

xor edx, edx

mov ebx, 4

mov eax, ecx

mul ebx

add eax, [esp + 0ch]

add eax, edi

mov eax, [eax]

add eax, [esp + 0ch]

jmp Exit

assume edx:nothing

Halt:

xor eax, eax

Exit:

pop dword ptr fs:[0]

add esp, 4

ret 8

SehHandler proc c pExcept:dword, pFrame:dword, pContext:dword, pDispatch:dword

mov eax, pContext

assume eax:ptr CONTEXT

push SEH.SaveEip

pop [eax].regEip

push SEH.OrgEsp

pop [eax].regEsp

push SEH.OrgEbp

pop [eax].regEbp

mov eax, ExceptionContinueExecution

ret

SehHandler endp

PatchEnd:

mov eax, offset PatchEnd

sub eax, offset PatchBegin

mov dwLength, eax

invoke CreateFile, offset szTarget, GENERIC_READ or GENERIC_WRITE, 0, 0, OPEN_EXISTING, 0, 0

.if eax == INVALID_HANDLE_VALUE

invoke MessageBox, NULL,addr errmsg,addr titlemsg,MB_OK

invoke ExitProcess, 0

.endif

mov dwFile, eax

invoke GetFileSize, dwFile, 0

mov dwSize, eax

add eax, 2000h

invoke GlobalAlloc, GMEM_FIXED or GMEM_ZEROINIT, eax

mov dwBuffer, eax

invoke ReadFile, dwFile, dwBuffer, dwSize, offset dwBytes, 0

mov esi, dwBuffer

add esi, 03ch

mov eax, dword ptr [esi]

mov dwHeader, eax

sub eax, 03ch

add esi, eax

assume esi:ptr IMAGE_NT_HEADERS

mov ax, [esi].FileHeader.NumberOfSections

mov dwSections, eax

inc [esi].FileHeader.NumberOfSections

mov eax, [esi].OptionalHeader.AddressOfEntryPoint

add eax, [esi].OptionalHeader.ImageBase

mov dwEntryPoint, eax

mov eax, [esi].OptionalHeader.SizeOfImage

mov dwImage, eax

add [esi].OptionalHeader.SizeOfImage, 1000h

mov [esi].OptionalHeader.AddressOfEntryPoint, eax

assume esi:NOTHING

mov esi, dwBuffer

add esi, dwHeader

add esi, 0f8h

assume esi:ptr IMAGE_SECTION_HEADER

mov eax, 0E0000060h

mov [esi].Characteristics, eax

mov eax, 28h

mov ecx, dwSections

imul ecx

add esi, eax

mov eax, dword ptr [szName]

mov dword ptr [esi].Name1, eax

mov eax, dword ptr[szName+4]

mov dword ptr [esi].Name1+4, eax

mov eax, 1000h

mov [esi].Misc.VirtualSize, eax

mov eax, dwImage

mov [esi].VirtualAddress, eax

mov eax, dwLength

mov [esi].SizeOfRawData, eax

mov eax, dwSize

mov [esi].PointerToRawData, eax

mov eax, 0E0000020h

mov [esi].Characteristics, eax

assume esi:NOTHING

mov edi, dwBuffer

add edi, dwSize

lea eax, PatchBegin

xchg esi, eax

mov ecx, dwLength

rep movsb

invoke SetFilePointer, dwFile, 0, 0, FILE_BEGIN

mov eax, dwSize

add eax, dwLength

invoke  WriteFile, dwFile, dwBuffer, eax, offset dwBytes, 0

invoke CloseHandle, dwFile

invoke GlobalFree, dwBuffer

invoke MessageBox, NULL,addr sucmsg,addr titlemsg,MB_OK

invoke ExitProcess, 0

end EntryPoint

 

That's all folks ;)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • Posts

    • VPSLab
      — VPSLAB — Fast & Private RDP/VPS | 100% Instant Setup

      By VPSLab · Posted

      Active & Taking Orders!
    • lazzytr
      Aegis full set (Weapon without animation, armor and cloak

      By lazzytr · Posted

      Link is dead. plz share me 🙂
    • Lineage2cz
      [L2OFF] INFINITE ELMORE

      By Lineage2cz · Posted

    • NeoPacket0041
      HQ Photoshop | Verify Accs KYC, AML | Antiban 100% | PSD Tem

      By NeoPacket0041 · Posted

      Back to Full Operating Mode ▪ As of January 16, Mustang Service is back to its regular workflow. › What this means: → we accept both standard and complex cases → turnaround times are back to normal → no holiday-related limitations ▪ If you postponed a task “until after the holidays” — now is the right time to get back to it. Message us — we’ll review your case and suggest the optimal way forward. › TG: @mustang_service ( https:// t.me/ mustang_service ) › Channel: Mustang Service ( https:// t.me/ +6RAKokIn5ItmYjEx ) #drawing #verification #documents #KYC #backtowork
    • Morrison2102
      Morison Store Cheap Torrent Trackers/NZB Indexers

      By Morrison2102 · Posted

      General Trackers :   IPTorrents invite IPTorrents account 1 tb TorrentLeech invite Torrentleech account 1 tb buffer  InTheShaDow ( ITS ) account Acid-lounge invite Torrentday invite Crnaberza account Abn.Lol account Limit-of-eden account Norbits account Xspeeds account Xspeeds invite Bemaniso invite Wigornot account Bithumen invite Filelist account Funfile invite AvistaZ invite Potuk.net invite ResurrectThe.Net invite GrabThe.Info invite Greek-Team invite LinkoManija invite Fano.in account tracker.czech-server.com Speed.cd invite Arab-torrents.net account Arabscene.me account Scenetime account 4thd.xyz invite Btarg.com.ar account Dedbit invite Estone.cc account Speedapp invite Finvip invite Fluxzone account GigaTorrents account Gimmepeers account Haidan.video invite Mojblink account Mycarpathians invite Newinsane.info account Oscarworld.xyz account Peers.FM invite Pt.msg.vg account Ransackedcrew account Redemption invite Scene-rush account Seedfile.io invite Teracod invite Torrent.ai account Torrentmasters invite Ttsweb invite X-files invite X-ite invite Ncore account TorrentHR account Rptorrents account BwTorrents account Superbits invite Krazyzone account Immortalseed account Tntracker invite Pt.eastgame.org account Bitturk account Rstorrent account Tracker.btnext invite Torrent-turk.de account BeiTai.PT account Pt.keepfrds account 52pt.site account Pthome account Torrentseeds account Aystorrent account Blues-brothers.biz invite Divteam account Thesceneplace invite CinemaMovies.pl account Brasiltracker account Patiodebutacas account Newheaven.nl account  Swarmazon.club invite Bc-reloaded account Crazyspirits account Silentground invite Omg.wtftrackr invite Milkie.cc invite Breathetheword invite Madsrevolution account Chilebt account Yubraca account Uniongang.tv account Frboard account Exvagos account Diablotorrent account Microbit account Carp-hunter.hu account Majomparade.eu account Theshinning.me account Youiv.info account Dragonworld-reloaded account Sharewood.tv account Partis.si account Digitalcore.club invite Fuzer.me account R3vuk.wtf invite Ztracker account 1 tb buffer 3changtrai account Best-core.info account Bitsite.us account Eliteunitedcrew invite Exitorrent.org account Tophos invite Torrent.lt account Sktorrent.eu account Oshen account Blackhattorrent account Pirata.digital account Esharenet account Ohmenarikgi.la Pirate-share account Immortuos account Kiesbits account Cliente.amigos-share.club account Broadcity invite Ilovetorzz account Torrentbytes account Polishsource account Portugas invite Shareisland account ArabaFenice account Hudbt.hust.edu.cn account Audiences account Nanyangpt account Pt.sjtu.edu.cn account Pt.zhixing.bjtu.edu.cn account Byr.pt invite Ptfiles invite Red-bits account Pt.hdpost.top account Irrenhaus.dyndns.dk (NewPropaganda) account Mnvv2.info (MaxNewVision V2) account 1ptba.com account Spidertk.top account Film-paleis account Generation-free account Aftershock-tracker account Twilightsdreams account Back-ups.me invite Sor-next.tk ( Spirit Of Revolution ) account Tfa.tf ( The Falling Angels ) account Hdmayi account S-f-p.dyndns.dk ( Share Friends Projekt ) account Unlimitz.biz account Pttime account St-tracker.eu account New-retro.eu account Zbbit account Tigers-dl.net account Jptvts.us account Lat-team account Club.hares.top account Falkonvision-team account Concen account Drugari account T.ceskeforum account Peeratiko.org account Zamunda.se account Central-torrent.eu account h-o-d.org account Torrentleech.pl account Demonoid invite Lst.gg account Fakedoor.store account LaidBackManor account Vrbsharezone.co.uk invite Torrenteros account Arenaelite account Datascene account Tracker.0day.community Tapochek.net invite Ptchina invite Lesaloon account Exyusubs account Therebels.tv account Ubits.club invite Zmpt.cc account Turktorrent.us account Dasunerwarte account Hawke.uno account Monikadesign account Fearnopeer account Alpharatio account Wukongwendao.top account Chinapyg account Azusa.wiki account Yggtorrent.top account Torrentdd account Cyanbug.net invite Hhanclub.top account Wintersakura.net account Xthor account Tctg.pm account Finelite invite Agsvpt.com account Pt.0ff.cc invite Qingwapt.com account Xingtan.one account Ptcafe.club invite Theoldschool.cc account W-o-t.pro account Coastal-crew.bounceme.net account Darkpeers.org account Pianyuan.org account Seedpool.org  account Tempelbox account Pt.itzmx.com account Capybarabr.com account Itatorrents.xyz  account Letseed.org account The-new-fun.com  account Malayabits.cc account Trellas.me account Yu-scene.net account Futuretorrent.org account Bitpt.cn account Tocashare.biz  account Videoteka.org  account White-angel.hu account   Movies Trackers :   Anthelion account Pixelhd account Cinemageddon account DVDSeed account Cinemageddon account Cinemaz account Retroflix account Classix-unlimited - invite Movie-Torrentz (m2g.link) invite Punck-tracker.net account Tmghub account Tb-asian account Cathode-ray.tube account Greatposterwall account Telly account Arabicsource.net account Upload.cx account Crabpt.vip invite Onlyencodes.cc account Exyusubs account Hellashut.net invite Nordichd.sytes.net invite Locadora.cc account   HD Trackers :   Blutopia buffered account Hd-olimpo buffered account Hdf.world account Torrentland.li account HdSky account Hdchina account Chdbits account Totheglory account Hdroute account Hdhome account TorrentCCF aka et8.org account 3DTorrents invite HD-Torrents account Bit-HDTV account HDME.eu invite Hdarea.co account Asiancinema.me account JoyHD invite HDSpace invite CrazyHD invite Bluebird-hd invite Htpt.cc account Hdtime invite Ourbits.club account Hd4fans account Siambit account Privatehd account Springsunday account Tjupt account Hdcity.leniter invite Ccfbits account Discfan account Pt.btschool.club account Ptsbao.club invite Hdzone.me invite Danishbytes account Zonaq.pw account Tracker.tekno3d account Arabp2p account Hd-united account Reelflix.xyz account Hdatmos.club account Anasch.cc invite Tigris-t account Nethd.org account Hd.ai invite Hitpt.com account Hdmonkey account Dragonhd.xyz account Hdclub.eu account Forum.bluraycd.com account Carpt account Hdfun.me invite Pt.hdupt invite Puntotorrent account Ultrahd account Rousi.zip account Bearbit account Hdturk.club account Asiandvdclub account Star-space.net account Nordicq.org account Hdkyl.in account Utp.to account   Music Trackers :   Dicmusic account Music-Vid account Open.cd account LzTr account ProAudioTorrents invite Jpopsuki invite TranceTraffic invite Audionews invite Kraytracker invite Libble.me invite Losslessclub invite Indietorrents.com invite Dimeadozen account Funkytorrents invite Karaokedl account zombtracker.the-zomb account Concertos account Sugoimusic account Satclubbing.club invite Metal.iplay invite Psyreactor invite Panda.cd account Adamsfile account Freehardmusic account Tracker.hqmusic.vn accouunt Twilightzoom account 3 tb buffer Hiresmusic account Metalguru account Musictorrents.org account Musebootlegs.com invite Zappateers.com account Jungleland.dnsalias.com account Naftamusic account   E-Learning Trackers :   Thevault account BitSpyder invite Brsociety account Learnbits invite Myanonamouse account Libranet account 420Project account Learnflakes account Pt.soulvoice.club account P2pelite account Aaaaarg.fail invite Ebooks-shares.org account Abtorrents account Pt.tu88.men invite Docspedia.world invite   TV-Trackers : Skipthecommericals Cryptichaven account TV-Vault invite Shazbat.TV account Myspleen account Tasmanit.es invite Tvstore.me account Tvchaosuk account Jptv.club account Tvroad.info   XXX - Porn Trackers :   FemdomCult account Pornbay account Pussytorrents account Adult-cinema-network account Bootytape account 1 Tb buffer Exoticaz account Bitporn account Kufirc account Gaytorrent.ru invite Nicept account Gay-torrents.org invite Ourgtn account Pt.hdbd.us account BitSexy account Happyfappy.org account Kamept.com account Lesbians4u.org account   Gaming Trackers :   Mteam.fr account BitGamer invite Retrowithin invite Gamegamept account   Cartoon/Anime/Comic Trackers :   Animeworld account Oldtoons.world account U2.dmhy account CartoonChaos invite Animetorrents account Mononoke account Totallykids.tv account Bakabt.me invite Revanime account Ansktracker account Tracker.shakaw.com.br invite Bt.mdan.org account Skyey2.com account Animetracker.cc Adbt.it.cx invite Tracker.uniotaku.com account Mousebits.com account   Sports Trackers :   MMA-Tracker invite T3nnis.tv invite AcrossTheTasman account RacingForMe invite Sportscult invite Ultimatewrestlingtorrents account Worldboxingvideoarchive invite CyclingTorrents account Xtremewrestlingtorrents account Tc-boxing invite Mma-torrents account Aussierul invite Xwt-classics account Racing4everyone account Talk.tenyardtracker account Stalker.societyglitch invite Extremebits invite Rgfootball.net account F1carreras.xyz account   Software/Apps Trackers :   Brokenstones account Appzuniverse invite Teamos.xyz account Macbb.org account   Graphics Trackers:   Forum.Cgpersia account Gfxpeers account Forum.gfxdomain account   Documentary Trackers:   Forums.mvgroup account   Others   Fora.snahp.eu account Board4all.biz account Filewarez.tv account Makingoff.org/forum account Xrel.to account Undergunz.su account Corebay account Endoftheinter.net ( EOTI ) account Thismight.be invite Skull.facefromouter.space account Avxhm.se (AvaxHome) account Ssdforum account Notfake.vip account Intotheinter.net account Tildes.net invite Thetoonz account Usinavirtual account Hdclasico invite HispaShare account Valentine.wtf account Adit-hd account Forum-andr.net account Warezforums account Justanothermusic.site account Forbiddenlibrary.moe account Senturion.to account Movieparadise account Militaryzone account Dcdnet.ru account Sftdevils.net account Heavy-r.com account New-team.org account Ddl.tv account Filewarez.club account Hispamula.org account Hubwarez.tv account   NZB :   Ninjacentral.co.za account Tabula-rasa.pw account Drunkenslug account Drunkenslug invite Usenet-4all account Brothers-of-Usenet account Dognzb.cr invite Kleverig account Nzb.cat account Nzbplanet.net invite Ng4you.com account Nzbsa.co.za account Bd25.eu account NZB.to account Samuraiplace account Abhdtv.net account Abook.link account Comix.pw account House-of-usenet Secretbinaries.net account Vnext.to account Stockboxx.top account Prices start from 3 $ to 100 $ Payment methods: Crypto, Neteller, Webmoney, Revolut If you want to buy something send me a pm or contact me on:   Email: morrison2102@gmail.com   Discord: LFC4LIFE#4173   Telegram: https://t.me/LFC4LIFE4173   Skype: morrison2102@hotmail.com

  • Topics

×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock