c:\documents and settings\julianana\my documents\visual studio 2008\projects\test hackk\test hackk\source.cpp(1) : fatal error C1083: Cannot open include file: 'stdafx.h': No such file or directory
Calling another processes functions
By : [MPGH] Jetamay\ Jeremy
Requirements
A debugger(Ollydbg)
Target Application(Download in attachments)
A C++ Compiler
Requested knowledge
Some debugging knowledge
How to program in asm(Basics of the Basics)
C++ (Quite familiar with the language)
InjecTOR
familiar with how DLLs work, and what they are.
Locating the function
Well, since we have the source-code to this target application, where going to use a string search, just so you know for the future, avoid string searching as much as possible. As you do not want to begin to lean on the strings for the answers.
So first lets take a look at the source code of our target(C++) :
Quite simple. Now we have to locate the Write function in the debugger. How could we do this? Well its quite obvious as the function contains the string "You called a function \n". So there's out first clue. And probably the only one we need. So lets open it in a debugger. Lets perform a quick ASCII string search through the HEX dump for#include "stdafx.h"
#include <iostream.h>
#include "dos.h"
void Write()
{
cout<<"You called a function n";
}
int main(int argc, char* argv[])
{
while(true);
return 0;
}
"You called a function". You should find it at 00408040 Select the whole sentence, and press Find References to that address. Just as I thought, theres only one result at 00401000 . Now obviously thats the function. So what we need to do now is call 00401000.
Calling The Function
This is where your C++ knowledge comes in. What we need to do is program a DLL to go into our target and call the function at 00401000 . I will now explain to you what __asm is, and what its for.
Theres a really simple example of what it does, basically is executes any asm commands.__asm
{
mov eax,eax
}
Lets take a look at this DLL.
Then inject the DLL. I'll do one one calling functions with parameters later -_-#include "stdafx.h"
#include "dos.h"
void MainLoop()
{
void *addyres = (void*)0x00401000;
MessageBox(0,"About to call the function..","Calling",MB_OK);
__asm
{
call [addyres]
}
return;
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls(hModule);
CreateThread(NULL, 0, (unsigned long(__stdcall*)(void*))MainLoop, NULL, 0, NULL);
}
return TRUE;
}
By examining that, you should be able to understand how the whole process works, however I am writing this tutorial over remote assist, and its really inconvenient for me.
Last edited by radnomguywfq3; 03-07-2009 at 07:59 PM.
There are two types of tragedies in life. One is not getting what you want, the other is getting it.
If you wake up at a different time in a different place, could you wake up as a different person?
c:\documents and settings\julianana\my documents\visual studio 2008\projects\test hackk\test hackk\source.cpp(1) : fatal error C1083: Cannot open include file: 'stdafx.h': No such file or directory
Try removing that line =X Your probably don't have a precompiled header
There are two types of tragedies in life. One is not getting what you want, the other is getting it.
If you wake up at a different time in a different place, could you wake up as a different person?
=X It works in vs6 lol.
Nothing happens when I inject it to MapleStory.exe. Im using this addy 0x0046EC10.
Last edited by angerist; 07-03-2008 at 11:31 PM.
Why not.
[php]
typedef void(__cdecl* ChatOutputFunc)();
ChatOutputFunc ChatOutput = (ChatOutputFunc)0x00401000;[/php]
Then call it like this.
[php]ChatOutput();[/php]
so it would look like.
[php]#include "stdafx.h"
#include "dos.h"
typedef void(__cdecl* ChatOutputFunc)();
ChatOutputFunc ChatOutput = (ChatOutputFunc)0x00401000;
void MainLoop()
{
ChatOutput();
return;
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls(hModule);
CreateThread(NULL, 0, (unsigned long(__stdcall*)(void*))MainLoop, NULL, 0, NULL);
}
return TRUE;
} [/php]