Hello, I think this question may be stupid, but I need to know why I can't attach a driver into Trove's process to see some things in its behaviour, was the same w/ CE driver, do they use some sort of protection concerning this ? Like the need to get a signed driver or idk what, or is my method to load it which isn't viable ? Or maybe just an imcompatiblity problem ?
I give you guys the code I used, both for the driver and the injector/listener
TroveHook.dll
Code:
#include <windows.h>
#include <iostream>
#include <TlHelp32.h>
DWORD FindPattern(DWORD dwAddress, DWORD dwLen, BYTE* bMask, char* szMask) {
for (DWORD i = 0; i < dwLen; i++) {
bool bFound = true;
for (DWORD j = 0; j < strlen(szMask); j++) {
bFound &= szMask[j] == '?' || bMask[j] == *(BYTE*)(dwAddress + i + j);
}
if (bFound) {
return dwAddress + i;
}
}
return NULL;
}
DWORD WINAPI MonitorMemory(LPVOID lpParam) {
while (true) {
// Scan memory for the desired value
uintptr_t baseAddress = 0x01082CA8; // Example base address
// Calculate the final address using the provided AHK offsets
uintptr_t finalAddress = baseAddress + 0x0 + 0x28 + 0xC4 + 0x2D4 + 0x1E4;
// Read the value from memory
float value;
ReadProcessMemory(GetCurrentProcess(), (LPVOID)finalAddress, &value, sizeof(value), NULL);
// Perform actions based on the value
std::cout << "Value found: " << value << std::endl;
// Add your logic here
Sleep(1000); // Adjust the delay as needed
}
return 0;
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) {
switch (ul_reason_for_call) {
case DLL_PROCESS_ATTACH:
CreateThread(NULL, 0, MonitorMemory, NULL, 0, NULL);
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
CppTrove.exe (injector)
Code:
#include <windows.h>
#include <iostream>
#include <TlHelp32.h>
int main() {
const char* dllPath = "C:\\Hooks\\TroveHook.dll"; // Replace with the path to your DLL
DWORD processId = 0;
const wchar_t* processName = L"Trove.exe"; // Replace with the name of the target process
// Find the process ID
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnap != INVALID_HANDLE_VALUE) {
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hSnap, &pe32)) {
do {
if (_wcsicmp(pe32.szExeFile, processName) == 0) {
processId = pe32.th32ProcessID;
break;
}
} while (Process32Next(hSnap, &pe32));
}
CloseHandle(hSnap);
}
if (processId != 0) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processId);
if (hProcess != NULL) {
// Allocate memory in the target process for the DLL path
LPVOID dllPathAddress = VirtualAllocEx(hProcess, NULL, strlen(dllPath) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (dllPathAddress != NULL) {
// Write the DLL path to the target process
WriteProcessMemory(hProcess, dllPathAddress, dllPath, strlen(dllPath) + 1, NULL);
// Get the address of the LoadLibraryA function
LPVOID loadLibraryAddress = GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
if (loadLibraryAddress != NULL) {
// Create a remote thread in the target process to load the DLL
HANDLE hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)loadLibraryAddress, dllPathAddress, 0, NULL);
if (hRemoteThread != NULL) {
// Wait for the remote thread to finish
WaitForSingleObject(hRemoteThread, INFINITE);
CloseHandle(hRemoteThread);
}
else {
std::cerr << "Failed to create remote thread. Error: " << GetLastError() << std::endl;
}
}
else {
std::cerr << "Failed to get address of LoadLibraryA. Error: " << GetLastError() << std::endl;
}
// Free the allocated memory in the target process
VirtualFreeEx(hProcess, dllPathAddress, strlen(dllPath) + 1, MEM_RELEASE);
}
else {
std::cerr << "Failed to allocate memory in target process. Error: " << GetLastError() << std::endl;
}
CloseHandle(hProcess);
}
else {
std::cerr << "Failed to open process. Error: " << GetLastError() << std::endl;
}
}
else {
std::cerr << "Process not found." << std::endl;
}
std::cin.get();
std::cin.get();
return 0;
}
Thanks to anyone who'll help me to solve it <3