Ways of Preventing Injected DLL Crashes

[Fleepster99]

Hey guys so im currently writing a DLL to inject into AssaultCube and im getting a few crashes, i chose that due to its simplicity and because it is my first dll hack.

So i use the common code to write to the programs memory, this works in most cases but i have to shoot the gun at least once before injecting the DLL otherwise it will crash, if i minimize it will often crash and also when next map is loading.

Code:

			 
             VirtualProtect((LPVOID)(AddressToWrite), 3, PAGE_EXECUTE_READWRITE, &dwOldProtection);
                        
             memcpy( (LPVOID)AddressToWrite, &AmmoValue, 3);

             VirtualProtect((LPVOID)(AddressToWrite), 3, dwOldProtection, NULL);

What im asking is if there is any way i can get around this maybe by doing some sort of check to ensure the address is available and if so dont write to memory.
Ive also noticed crashes happening when injecting other peoples hacks in processes e.g. mw2 therefore i was wondering if there were any useful ways of preventing this, ive searched quite thoroughly in the forum with no luck :/.

Thanks for reading

EDIT:
Found a fix for this, for anyone with the same problem you can fix this by having a simple if statement where your address is found.
E.g.

Code:

DWORD Ptr = *(DWORD*)(0x00123A1F3); //Base Address
if(Ptr == 0) return NULL; //<-- fix here

Ptr = *(DWORD*)(Ptr+0xFA);  //Add 1st offset to pointer
if(Ptr == 0) return NULL;//<-- fix here

[Jason]

Windows has some available pointer functions you can use:

IsBadWritePtr IsBadWritePtr function
IsBadReadPtr IsBadReadPtr function

which you can condense with your own macro:

Code:

#define IsBadPtr(ptr,sz) (IsBadReadPtr((LPVOID)(ptr),(sz)) || IsBadWritePtr((LPVOID)(ptr),(sz)))

[258456]

As Jason said, you should always do a pointer check before writing anything to an address. If you don't want to use api's you can do it manually like this:

Code:

if(*(DWORD*)(youraddie) != 0) // assuming it's one level down.
{
}

[Jason]

As Jason said, you should always do a pointer check before writing anything to an address. If you don't want to use api's you can do it manually like this:

Code:

if(*(DWORD*)(youraddie) != 0) // assuming it's one level down.
{
}

Dereferencing the address still performs a read operation, which can lead to an exception if the memory isn't available for reading, also that just checks if the 4 bytes starting at "youraddie" are 0, which isn't really the most robust check, as quite often a pointer can be completely valid and point to a value of 0. In truth you should really just have a conditional wait period at the start of your code while you wait for the modules to load.

Code:

while (GetModuleHandleA("requiredmodule") == NULL)
    Sleep(50);

[Fleepster99]

Ah i see il be trying both those methods, thanks to both.

[258456]

Dereferencing the address still performs a read operation, which can lead to an exception if the memory isn't available for reading, also that just checks if the 4 bytes starting at "youraddie" are 0, which isn't really the most robust check, as quite often a pointer can be completely valid and point to a value of 0. In truth you should really just have a conditional wait period at the start of your code while you wait for the modules to load.

Code:

while (GetModuleHandleA("requiredmodule") == NULL)
    Sleep(50);

Well i inject it after login so all the modules are already loaded. Plus you save the return address of GetModuleHandle to get the base address of that module.

---------- Post added at 07:19 PM ---------- Previous post was at 07:14 PM ----------

Dereferencing the address still performs a read operation, which can lead to an exception if the memory isn't available for reading, also that just checks if the 4 bytes starting at "youraddie" are 0, which isn't really the most robust check, as quite often a pointer can be completely valid and point to a value of 0. In truth you should really just have a conditional wait period at the start of your code while you wait for the modules to load.

Code:

while (GetModuleHandleA("requiredmodule") == NULL)
    Sleep(50);

Even if you do that module check it will fail in some games, because like in crossfire, the playerclass pointer isn't always valid, it's only valid in the game. So if i was just doing a module check and then if the module is valid and I write info to the memory location the game will crash because it isn't valid. But nevertheless you are totally correct, but I guess it all comes down to your situation and what you need to do.

[Jason]

Even if you do that module check it will fail in some games, because like in crossfire, the playerclass pointer isn't always valid, it's only valid in the game. So if i was just doing a module check and then if the module is valid and I write info to the memory location the game will crash because it isn't valid. But nevertheless you are totally correct, but I guess it all comes down to your situation and what you need to do.

Yeah, I still agree you need to check for the validity of a pointer, just saying that dereferencing it as a DWORD and comparing it to 0 probably isn't the best solution. In games like CF you should really be reversing the location of the gamestate variable anyway. Anyways, this is probs getting into a bit much detail. In the end, wait for the modules to load, use the IsBadRead/WritePtr functions to check the validity of pointers and you should be fine