If you use a public Injector when hacking csgo, you can get untrusted or even VAC banned, but making your own Injector is very easy.
These are the basic steps:
1. Get the address of LoadLibraryA
2. Open the process
3. Alloc 260 bytes in process
4. Write dll path to allocated bytes
5. CreateRemoteThread at address of LoadLibraryA, with the address of those 260 bytes
6. Check if injection was successful
1. Get the address of LoadLibraryA
Code:
// Get a handle to kernel32 dll
HMODULE kernel = GetModuleHandle("Kernel32");
// Get address of LoadLibraryA
FARPROC loadLibary = GetProcAddress(kernel, "LoadLibraryA");
Because kernel32.dll gets loaded at the same place in every process, the address of LoadLibrary in the target process is the same.
2. Open the process
Code:
// Open process with all access
HANDLE processH = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processId);
This just opens a handle to the process.
3. Alloc 260 bytes in process
Code:
// Alloc 260 bytes
LPVOID dllNameAddress = VirtualAllocEx(processH, NULL, 260, MEM_COMMIT, PAGE_READWRITE);
This allocates 260 bytes (MAX_PATH) in the target process.
4. Write dll path to allocated bytes
Code:
// Temp Buffer
DWORD numOfBytes;
// Write dll path to allocated memory
WriteProcessMemory(processH, dllNameAddress, pathToDll, 260, &numOfBytes);
Here we write our dll path to the allocated memory so we can pass it to LoadLibrary later.
5. CreateRemoteThread at address of LoadLibraryA, with the address of those 260 bytes
Code:
// Creating Remote Thread -> LoadLibary
HANDLE remoteThread = CreateRemoteThread(processH, NULL, 0, (LPTHREAD_START_ROUTINE)loadLibary, dllNameAddress, 0, NULL);
We create a thread in the process, call the address of LoadLibraryA (Step 1) and pass the address to our dllPath. The target process should call LoadLibrary and load our dll.
6. Check if injection was successful
Code:
// Check if thread created
if (remoteThread)
{
// Wait for exit
DWORD result = WaitForSingleObject(remoteThread, 10000);
if (result == WAIT_OBJECT_0)
{
cout << "Successfully Injected!\n";
}
else if (result == WAIT_TIMEOUT)
{
cout << "Timeout reached! (Use CreateThread in dllMain)\n";
}
else
{
cout << "Thread failed!\n";
}
}
Here we check if we created the thread, then we wait for it to exit. If the result is WAIT_OBJECT_0, the thread returned and the Injection was successful. If the result is WAIT_TIMEOUT, the thread is blocking the execution of the program but it injected successfully . If the result is something else, the thread has failed.
I hope this tutorial has helped you understand how to make an dll Injector, if it did, please leave a thanks.
If I can improve anything, please let me know.