Experimenting with Hack delivery
Experimenting with Hack delivery
This is a cleverly disguised executable that will secretly inject a dll into Engine.exe, I did it like this because it makes it look a lot sleeker if I only have to distribute one file, and that hack is self injecting. In order to do this I edited Azorbix's Tatnium injectory. Take a look:
CREDITS:
All credits to Azorbix, Y0Da, and the other guys Azorbix mentions or course. I only made the injector create a secret file on the computer, and then delete that .dll when it was over.
Also a certain mykle hoban for the SaveResourcetoFile method
CREDITS:
All credits to Azorbix, Y0Da, and the other guys Azorbix mentions or course. I only made the injector create a secret file on the computer, and then delete that .dll when it was over.
Also a certain mykle hoban for the SaveResourcetoFile method
Code:
/***********************************************\
* Program : Tatnium Injector *
* Author : Matthew L (Azorbix) *
* Date : December 22nd, 2003 *
* Credits: Y0DA, OGC guys, RetarT, Mstr *
* LanceVorgin, P47R!CK, VisPrfn *
\***********************************************/
//you will need VC++ .net or VC++6.0 w/ service packs
#include <windows.h>
#include <tlhelp32.h>
#include <stdio.h>
#include <winbase.h>
#include "forcelib\forcelib.h"
#define WIN32_LEAN_AND_MEAN
#define APP_EXE "Engine.exe" //change this!!!
bool GetProcessOf(char exename[], PROCESSENTRY32 *process)
{
HANDLE handle ;
process->dwSize = sizeof(PROCESSENTRY32);
handle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(Process32First(handle, process))
{
do
{
if(strcmpi(process->szExeFile, exename) == 0)
{
CloseHandle(handle);
return true;
}
}while(Process32Next(handle, process));
}
CloseHandle(handle);
return false;
}
bool GetThreadOf(DWORD ProcessID, THREADENTRY32 *thread)
{
HANDLE handle;
thread->dwSize = sizeof(THREADENTRY32);
handle = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if(Thread32First(handle, thread))
{
do
{
if(thread->th32OwnerProcessID == ProcessID)
{
CloseHandle(handle);
return true;
}
}while(Thread32Next(handle, thread));
}
CloseHandle(handle);
return false;
}
bool fileExists(const char filename[])
{
WIN32_FIND_DATA finddata;
HANDLE handle = FindFirstFile(filename,&finddata);
return (handle!=INVALID_HANDLE_VALUE);
}
bool resourceExists(const char filename[])
{
HGLOBAL handle;
handle = FindResource(NULL,filename, RT_RCDATA);
return (handle != INVALID_HANDLE_VALUE);
}
BOOL SaveResourceToFile(char *fn, char *res)
{ HRSRC hrsrc = FindResource(NULL,res,RT_RCDATA);
if (hrsrc == NULL) return FALSE;
DWORD size = SizeofResource(NULL,hrsrc);
HGLOBAL hglob = LoadResource(NULL,hrsrc);
LPVOID rdata = LockResource(hglob);
HANDLE hFile = CreateFile(fn,GENERIC_READ | GENERIC_WRITE,0,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_HIDDEN,NULL);
DWORD writ; WriteFile(hFile,rdata,size,&writ,NULL);
CloseHandle(hFile);
return TRUE;
}
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
{
PROCESSENTRY32 pe32;
THREADENTRY32 te32;
HANDLE handle = CreateMutex(NULL, true, "secretloader");
if(GetLastError() != ERROR_SUCCESS)
{
MessageBox(0, "Process is already running", "Tatnium Warning", MB_ICONWARNING);
return 0;
}
char dllname[MAX_PATH];
GetModuleFileName(0, dllname, MAX_PATH);
dllname[strlen(dllname)-3] = 0;
strcat(dllname, "dll");
if(!resourceExists(MAKEINTRESOURCE(1)))
{
MessageBox(0, "Could not find dll resource", "Tatnium Error", MB_ICONERROR);
return 0;
}
SaveResourceToFile(dllname, MAKEINTRESOURCE(1));
if(!fileExists(dllname))
{
MessageBox(0, "Could not find dll", "Tatnium Error", MB_ICONERROR);
return 0;
}
MessageBox(0, "\tTatnium Injector\n Press \'END\' to exit without injection ", "Tatnium Injector", 0);
while(!GetProcessOf(APP_EXE, &pe32))
{
if(GetAsyncKeyState(VK_END))
return 0;
Sleep(10);
}
while(!GetThreadOf(pe32.th32ProcessID, &te32))
{
Sleep(2);
}
PROCESS_INFORMATION PI;
PI.dwProcessId = pe32.th32ProcessID;
PI.dwThreadId = te32.th32ThreadID;
PI.hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pe32.th32ProcessID);
if(!ForceLibrary(dllname, &PI))
{
TerminateProcess(PI.hProcess, 0);
MessageBox(0, "Could not inject dll", "Tatnium Error", MB_ICONERROR);
}
while(!DeleteFile(dllname)){Sleep(200);}
CloseHandle(PI.hProcess);
return 0;
}
Is this like Gfag's hack with only a executable and no .dll? If so this could prove useful.
Originally Posted by treeham
Is this like Gfag's hack with only a executable and no .dll? If so this could prove useful.
Originally Posted by why06
His name's Gordon, and I believe he did something similar, but not the same. I wouldn't know for sure though.
Yes, but most of the people who spam the CA section don't actually know anything. Just saying.
Originally Posted by Davidm44
Yes, but most of the people who spam the CA section don't actually know anything. Just saying.
Lol.
On another not my DPrint Class seems to be working okay so far. So Im going to go ahead and try to convert my menu. We'll see how this works. Here's an example of how the DPrint can quickly print lines of text to the screen.
Not to bad if I could say so myself.
This is the last step before the base is complete. Everything after that will just be improving an already working base.
On another not my DPrint Class seems to be working okay so far. So Im going to go ahead and try to convert my menu. We'll see how this works. Here's an example of how the DPrint can quickly print lines of text to the screen.
Code:
print->Println(D3DCOLOR_ARGB(255,255,0,0),8,"PRINTING TEST 1"); print->Println(D3DCOLOR_ARGB(255,0,0,255),8,"PRINTING TEST 2"); print->Println(D3DCOLOR_ARGB(255,0,255,0),8,"PRINTING TEST 3"); print->Println(D3DCOLOR_ARGB(255,255,255,0),8,"PRINTING TEST 4"); print->Println(D3DCOLOR_ARGB(60,255,0,255),8,"PRINTING TEST 5"); print->Println(D3DCOLOR_ARGB(255,255,0,0),8,"PRINTING TEST 6"); print->Println(D3DCOLOR_ARGB(255,255,0,0),8,"PRINTING TEST 7"); print->Println(D3DCOLOR_ARGB(255,255,0,0),8,"PRINTING TEST 8"); print->Println(D3DCOLOR_ARGB(255,255,0,0),8,"PRINTING TEST 9"); print->Println(0xFFFFFFFF, 3, itoa(globali,buf,10)); print->Reset();
Not to bad if I could say so myself.
This is the last step before the base is complete. Everything after that will just be improving an already working base.
You should make it print a cross hair =P
~
~
Crosshairs are easy. Instead of doing that I worked on getting a translucent background for my menu. And it worked. =)
DPrint can now draw boxes and print text. Do you think I should add anything else to it?
I think that's all I need.
DPrint can now draw boxes and print text. Do you think I should add anything else to it?
I think that's all I need.
WHy drop the DLL at all? Just read it into from the Resource into unmanaged memory than put it in managed memory and run it? Then there would be no need to drop it.
Originally Posted by wtfiwantthatname
WHy drop the DLL at all? Just read it into from the Resource into unmanaged memory than put it in managed memory and run it? Then there would be no need to drop it.
This is just a quick fix. Also im not sure what you mean by managed and unmanaged memory. Please explain.
Similar Threads
- 34Last post
- 10Last post
- 6Last post
- 0Last post
- 11Last post