Loading CShell.dll and editing memory without injection

[_corn_]

I just had a very good idea, which I will not release here due to copying issues.

I just needed to clarify one thing.

Is it possible to use this code

Code:

GetModuleHandleA("CShell.dll")

to edit the memory, just like the hacks do, BUT not with injecting a dll, from a separate process, a standalone .exe file.

Thanks in advance.

[Brimir]

You need:
OpenProcess function

[giniyat101]

Good luck with that

[Brimir]

A dll is mutch beather

[giniyat101]

A dll is mutch beather

yes ofc it is easier
and just noticed
@_corn_
you cant use GetModuleHandle
you have to use EnumProcessModules

[_corn_]

yes ofc it is easier
and just noticed
@_corn_
you cant use GetModuleHandle
you have to use EnumProcessModules

would i use EnumProcessModules("CShell.dll") ?

---------- Post added at 06:39 AM ---------- Previous post was at 06:33 AM ----------

I have researched GetModuleHandle, and it says that the module must have been loaded by the calling process, so it is not possible with GetModuleHandle. Can someone give me a piece of code that would get the handle to CShell.dll, from a separate process?

[Brimir]

I think you also need WriteProcessMemory.

But how do you want to do this? We can give you 100s of function that you can use to get information or editing memmory xD

[_corn_]

ok lets explain.

i want to do the same as a hack, so basically, get the handle for CShell, add on the addresss and addy, and write to that memory, just like in a hack dll. except from a separate exe file.

also, what the hell is a wstring and what is it for?

[Fly3r]

Maybe i got it right..
What you want to do is .. make an .exe that will handle Cshell so that you use the pointers / offsets to add the features you want like in a hack?
Not sure if im correct

[topblast]

arrow in the knee

[giniyat101]

would i use EnumProcessModules("CShell.dll") ?

---------- Post added at 06:39 AM ---------- Previous post was at 06:33 AM ----------

I have researched GetModuleHandle, and it says that the module must have been loaded by the calling process, so it is not possible with GetModuleHandle. Can someone give me a piece of code that would get the handle to CShell.dll, from a separate process?

sorry for not explaining before...

here:

Code:

DWORD Crossfire = NULL;
DWORD dwPID[100] = {NULL};
DWORD CShell = NULL;
HMODULE hModule[100] = {NULL};
DWORD cbNeeded = NULL;
char FileName[100] = {NULL};

//lets find the crossfire.exe pid first
//we will loop untill we can find it
do
{
	//i will use EnumProcesses to retrive all opened processes pids
	EnumProcesses(dwPID, 100, &cbNeeded);

	//now lets check which one is Crossfire.exe
	for (int i=0; i<100; i++)
	{
		//Open the process
		HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwPID[i]);

		//Get the executable name
		GetProcessImageFileNameA(hProc, FileName, 100);

		//no need for the handle now :P
		ProcessClose(hProc);

		//lets check the name we just got
		if (!(stricmp(FileName, "crossfire.exe")))
		{
			//we got the pid
			Crossfire = dwPID[i]
		}
	}

	//just to lower the lag
	Sleep(100);
} while (Crossfire == NULL);

//lets open the process again
//this time i will use PROCESS_ALL_ACCESS access right because you are going to edit memory later ; )
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Crossfire);

//now lets find the CShell handle
//again i will loop until i have this handle
do
{
	//i will use EnumOricessModules to retrive all modules in the process
	EnumProcessModules(hProc, hModule, 100, &cbNeeded);

	//now lets check which one is CShell.dll
	for (int i=0; i<100; i++)
	{
		//Get the module name
		GetModuleBaseNameA(hProc, hModule[i], FileName, 100);

		//lets check the name we just got
		if (!(stricmp(FileName, "CShell.dll")))
		{
			//we got the handle
			CShell = (DWORD)hModule[i];
		}
	}

	//just to lower the lag
	Sleep(100);
} while (CShell == NULL);

//you have just got the handle
//you still want to use this method?
//i hope you dont.. it seems very hard.. even for me..

hope you like it

~EDIT~
you can alse use the method you suggested (Finding window handle, finding process id)

[Code[VB]]

sorry for not explaining before...

here:

Code:

DWORD Crossfire = NULL;
DWORD dwPID[100] = {NULL};
DWORD CShell = NULL;
HMODULE hModule[100] = {NULL};
DWORD cbNeeded = NULL;
char FileName[100] = {NULL};

//lets find the crossfire.exe pid first
//we will loop untill we can find it
do
{
	//i will use EnumProcesses to retrive all opened processes pids
	EnumProcesses(dwPID, 100, &cbNeeded);

	//now lets check which one is Crossfire.exe
	for (int i=0; i<100; i++)
	{
		//Open the process
		HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwPID[i]);

		//Get the executable name
		GetProcessImageFileNameA(hProc, FileName, 100);

		//no need for the handle now :P
		ProcessClose(hProc);

		//lets check the name we just got
		if (!(stricmp(FileName, "crossfire.exe")))
		{
			//we got the pid
			Crossfire = dwPID[i]
		}
	}

	//just to lower the lag
	Sleep(100);
} while (Crossfire == NULL);

//lets open the process again
//this time i will use PROCESS_ALL_ACCESS access right because you are going to edit memory later ; )
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Crossfire);

//now lets find the CShell handle
//again i will loop until i have this handle
do
{
	//i will use EnumOricessModules to retrive all modules in the process
	EnumProcessModules(hProc, hModule, 100, &cbNeeded);

	//now lets check which one is CShell.dll
	for (int i=0; i<100; i++)
	{
		//Get the module name
		GetModuleBaseNameA(hProc, hModule[i], FileName, 100);

		//lets check the name we just got
		if (!(stricmp(FileName, "CShell.dll")))
		{
			//we got the handle
			CShell = (DWORD)hModule[i];
		}
	}

	//just to lower the lag
	Sleep(100);
} while (CShell == NULL);

//you have just got the handle
//you still want to use this method?
//i hope you dont.. it seems very hard.. even for me..

hope you like it

~EDIT~
you can alse use the method you suggested (Finding window handle, finding process id)

nice but easy ... with vb you can make the same and can still use resice window with gdi methods

[_corn_]

sorry for not explaining before...

here:

Code:

DWORD Crossfire = NULL;
DWORD dwPID[100] = {NULL};
DWORD CShell = NULL;
HMODULE hModule[100] = {NULL};
DWORD cbNeeded = NULL;
char FileName[100] = {NULL};

//lets find the crossfire.exe pid first
//we will loop untill we can find it
do
{
    //i will use EnumProcesses to retrive all opened processes pids
    EnumProcesses(dwPID, 100, &cbNeeded);

    //now lets check which one is Crossfire.exe
    for (int i=0; i<100; i++)
    {
        //Open the process
        HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwPID[i]);

        //Get the executable name
        GetProcessImageFileNameA(hProc, FileName, 100);

        //no need for the handle now :P
        ProcessClose(hProc);

        //lets check the name we just got
        if (!(stricmp(FileName, "crossfire.exe")))
        {
            //we got the pid
            Crossfire = dwPID[i]
        }
    }

    //just to lower the lag
    Sleep(100);
} while (Crossfire == NULL);

//lets open the process again
//this time i will use PROCESS_ALL_ACCESS access right because you are going to edit memory later ; )
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Crossfire);

//now lets find the CShell handle
//again i will loop until i have this handle
do
{
    //i will use EnumOricessModules to retrive all modules in the process
    EnumProcessModules(hProc, hModule, 100, &cbNeeded);

    //now lets check which one is CShell.dll
    for (int i=0; i<100; i++)
    {
        //Get the module name
        GetModuleBaseNameA(hProc, hModule[i], FileName, 100);

        //lets check the name we just got
        if (!(stricmp(FileName, "CShell.dll")))
        {
            //we got the handle
            CShell = (DWORD)hModule[i];
        }
    }

    //just to lower the lag
    Sleep(100);
} while (CShell == NULL);

//you have just got the handle
//you still want to use this method?
//i hope you dont.. it seems very hard.. even for me..

hope you like it

~EDIT~
you can alse use the method you suggested (Finding window handle, finding process id)

Thanks.

---------- Post added at 09:14 AM ---------- Previous post was at 09:13 AM ----------

Maybe i got it right..
What you want to do is .. make an .exe that will handle Cshell so that you use the pointers / offsets to add the features you want like in a hack?
Not sure if im correct

yes thats right

---------- Post added at 09:19 AM ---------- Previous post was at 09:14 AM ----------

thanks everyone.

just to clarify, is an address the thing you add to CShell, and offset the thing you add in the loop ( usually 4)?? and does addy = address?

@giniyat101 what do i include for GetProcessImageFileNameA ?

[giniyat101]

@_corn_
#include <psapi.h>

sorry for forgetting

[_corn_]

@_corn_
#include <psapi.h>

sorry for forgetting

lol tried that but it says

GetProcessImageFileNameA was not declared in this scope.