DLL injection plugin

MicroMacro plugins and plugins only. You can request or share your plugin (either compiled or source code) here.
Post Reply
Message
Author
User avatar
Administrator
Site Admin
Posts: 5259
Joined: Sat Jan 05, 2008 4:21 pm

DLL injection plugin

#1 Post by Administrator » Sun Mar 23, 2008 10:24 am

This plugin lets you inject a DLL into a running process, or start a program and inject the code. Which injection method you use depends totally upon your preference or effectiveness (HINT: starting with dll injection will probably work better by injecting a DLL before GameGuard/XTrap can even load). To use the injector plugin, download the attachment, extract injector.dll, and put it into the micromacro/plugins/ folder.

There are two functions registered by this plugin: inject() and startWithDll(). Both functions return true on success, false on failure.

For our examples, we will assume that the DLL we wish to inject is named injectme.dll and is in the micromacro/data folder. The program we wish to launch will be game.exe inside of C:/Game/, and has a window title "Game v1.0".

bool,string inject(window, dll)
Injects into a running process. 'window' should be an HWND, found by using findWindow or similar functions. 'dll' should be the full path to the DLL (Dynamic Link Library) you wish to inject into that process. On error, this function also returns a second value that contains an error string.

Example:

Code: Select all

  local success,msg = inject(findWindow("Game v*"), getPath() .. "/data/injectme.dll");
  if( success == false ) then
    printf("Injecting injectme.dll into Game has failed: %s\n", msg);
  end

bool,string startWithDll(dll, target [, command])
Starts 'target' with command line 'command' and injects 'dll' into it at start. 'dll' and 'target' should be the full path (again, use getPath() if relative to MicroMacro's root directory). Specifying 'command' is optional, and should only be used if the application you are injecting into requires certain command line parameters (see below for more information). On error, this function also returns a second value that contains an error string.

Example (basic):

Code: Select all

  local success,msg = startWithDll(getPath() .. "/data/injectme.dll", "C:/Game/game.exe");
  if( success == false ) then
    printf("Injecting injectme.dll into Game has failed: %s\n", msg);
  end
If the program requires command line parameters, you should specify them in 'command'. You must, however, use the FULL command! This means including "game.exe" in the command as the first parameter. Shaiya, for example, requires you to pass "start game" in order to start it's main executable (game.exe) directly. See the example if this confuses you.

Example (command line):

Code: Select all

  local success = startWithDll(getPath() .. "/data/injectme.dll", "C:/Game/game.exe", "game.exe start game");
  if( success == false ) then
    printf("Injecting injectme.dll into Game has failed.\n");
  end
Attachments
injector.zip
Injector, April 16, 2013 (for MicroMacro 1.03)
(3.94 KiB) Downloaded 375 times
injector.zip
Injector, Oct. 17, 09 (for MicroMacro 1.0 beta 7+)
(3.79 KiB) Downloaded 617 times
injector.zip
Injector, May 02, 09 (for MicroMacro 1.0 beta 6 and lower)
(3.93 KiB) Downloaded 469 times

Isaac
Posts: 9
Joined: Sun Mar 16, 2008 11:08 pm

Re: DLL injection plugin

#2 Post by Isaac » Sun Mar 23, 2008 4:09 pm

So, we can use this to try to bypass the xtrap for FiestaOnline?

User avatar
Administrator
Site Admin
Posts: 5259
Joined: Sat Jan 05, 2008 4:21 pm

Re: DLL injection plugin

#3 Post by Administrator » Sun Mar 23, 2008 8:01 pm

Well, you can use this to inject a DLL before XTrap loads. I used this to inject a DLL which hooked LoadLibraryA, and prevented Fiesta from loading XTrapVa.dll. This resulted in Fiesta randomly closing whenever it felt like it.

User avatar
Administrator
Site Admin
Posts: 5259
Joined: Sat Jan 05, 2008 4:21 pm

Re: DLL injection plugin

#4 Post by Administrator » Sun Dec 14, 2008 10:10 pm

I've completely rewrote the plugin to make it smaller and simpler. It went from 82kb compressed to 4.5kb. It should even work better, too. Version 1 has been left available in case the new version doesn't work for you. Please let me know if you have problems.

User avatar
3cmSailorfuku
Posts: 354
Joined: Mon Jan 21, 2008 6:25 pm

Re: DLL injection plugin

#5 Post by 3cmSailorfuku » Mon Dec 15, 2008 9:08 am

Does anyone know of a msn dll & function to send messages to emails or change your PSM? :|

User avatar
Administrator
Site Admin
Posts: 5259
Joined: Sat Jan 05, 2008 4:21 pm

Re: DLL injection plugin

#6 Post by Administrator » Mon Dec 15, 2008 9:21 am

Have you looked at CEMAPI? I don't know which functions would be of interest to you (as I've never used it myself), but it sounds like it has the ability to send e-mail.

User avatar
3cmSailorfuku
Posts: 354
Joined: Mon Jan 21, 2008 6:25 pm

Re: DLL injection plugin

#7 Post by 3cmSailorfuku » Tue Dec 16, 2008 11:38 am

Administrator wrote:Have you looked at CEMAPI? I don't know which functions would be of interest to you (as I've never used it myself), but it sounds like it has the ability to send e-mail.
I was thinking more of instant messages to emails, using the msn messenger protocol.

User avatar
Administrator
Site Admin
Posts: 5259
Joined: Sat Jan 05, 2008 4:21 pm

Re: DLL injection plugin

#8 Post by Administrator » Tue Dec 16, 2008 6:34 pm

I have no idea. I'm not even sure how that works (since I do not use MSN messenger). If it's just like sending instant messages, then you can hook Winsock send() and send your own packets to reproduce the message. You'll have to start by logging what gets passed to send() so that you know how to format your message.

User avatar
3cmSailorfuku
Posts: 354
Joined: Mon Jan 21, 2008 6:25 pm

Re: DLL injection plugin

#9 Post by 3cmSailorfuku » Wed Dec 17, 2008 7:45 pm

Administrator wrote:I have no idea. I'm not even sure how that works (since I do not use MSN messenger). If it's just like sending instant messages, then you can hook Winsock send() and send your own packets to reproduce the message. You'll have to start by logging what gets passed to send() so that you know how to format your message.
I was wrong, I can change the struct at 0x4A for the name and have to send messages with the regular PostMessage function like you do.
I just looked into some plugins, and they were using basic functions like that... So I was wrong that it was managed normally via an dll.

What I do is basically getting the handle of a conversation window with the api class MsgrConversationWndPlugin, and send Messages with PostMessage to it.
Works good but somehow useless, except if you want to show everyone how badass fast you level even if they dont wanna see it :D

User avatar
Administrator
Site Admin
Posts: 5259
Joined: Sat Jan 05, 2008 4:21 pm

Re: DLL injection plugin

#10 Post by Administrator » Sat May 02, 2009 3:42 am

Fixed a critical error in startWithDll() that would sometimes prevent the process from starting. Both inject() and startWithDll() now also return a second value if an error occurs: a string containing the error message.

ime
Posts: 8
Joined: Mon May 11, 2009 11:51 am

Re: DLL injection plugin

#11 Post by ime » Thu Jan 07, 2010 7:34 pm

how would I access a exported/external function in a DLL after injecting it with micromacro? Would the function become accessable just like a .lua function?

User avatar
Administrator
Site Admin
Posts: 5259
Joined: Sat Jan 05, 2008 4:21 pm

Re: DLL injection plugin

#12 Post by Administrator » Thu Jan 07, 2010 9:49 pm

ime wrote:how would I access a exported/external function in a DLL after injecting it with micromacro? Would the function become accessable just like a .lua function?
No, you would need to create an additional plugin that would send a message that is caught by the injected DLL to trigger that function. There will be stuff added in the future to simplify this process.

ime
Posts: 8
Joined: Mon May 11, 2009 11:51 am

Re: DLL injection plugin

#13 Post by ime » Thu Jan 07, 2010 9:57 pm

ty admin, is it possible for the DLL to send data to micromacro through the network function, or would it just be easier for the DLL to stick the information in memory for micromacro to continuously read?

User avatar
Administrator
Site Admin
Posts: 5259
Joined: Sat Jan 05, 2008 4:21 pm

Re: DLL injection plugin

#14 Post by Administrator » Thu Jan 07, 2010 10:04 pm

If you use libnet for your plugin, you could use network functions to communicate between the two. When the IPC code is finished, this is pretty much what will happen (except it will not rely on libnet).

ime
Posts: 8
Joined: Mon May 11, 2009 11:51 am

Re: DLL injection plugin

#15 Post by ime » Thu Jan 07, 2010 10:29 pm

kk will look into it, thanks for the help admin :)

dx876234
Posts: 188
Joined: Sat Jul 24, 2010 6:13 am

Re: DLL injection plugin

#16 Post by dx876234 » Sat Nov 19, 2011 12:05 pm

Hey, I'm looking into the .dll insertion, trying to insert a Lua function into RoM, after some research I've made a valid Lua module (.dll) which loads and executes correctly in standalone lua.

Trying to insert it into RoM by using your examples works, both as injection and startup.

But, the module/function I've made (hello world) isn't available in the RoM Lua interface.

The module is as:

Code: Select all

#include <stdio.h>
#include "lua.h"
#include "lauxlib.h"
#define PROJECT_TABLENAME "myhello"

int LUA_API luaopen_myhello (lua_State *L);

static int helloworld (lua_State *L) {
	printf("hello world!\n");
	return 0;
}

int LUA_API luaopen_rwMemory (lua_State *L) {
	struct luaL_reg driver[] = {
		{"helloworld", helloworld},		
		{NULL, NULL},
	};
	luaL_openlib (L, "rwMemory", driver, 0);
	return 1;
}
Its built in MinGW as:

Code: Select all

gcc -I "\Program Files (x86)\Lua\5.1\include" -O2 -c -o rwMemory.o rwMemory.c
gcc -O -shared -o rwMemory.dll rwMemory.o -L "c:\Program Files (x86)\Lua\5.1\lib" -llua51
Testing it in Lua with the following works as planned:

Code: Select all

require("rwMemory")
rwMemory.helloworld() 
And injected by one of:
local success = startWithDll(getPath() .. "/data/rwMemory.dll", "C:\\Program Files (x86)\\Runes of Magic\\Client.exe", "Client.exe");
if( success == false ) then
printf("Injecting rwMemory.dll into Game has failed.\n");
end
local success,msg = inject(findWindow("Runes of Magic"), getPath() .. "/data/rwMemory.dll");
if( success == false ) then
printf("Injecting rwMemory.dll into Game has failed: %s\n", msg);
end
No error messages at all but I don't seem to be able to call the "rwMemory.helloworld()" function.

Am I think wrong and this isn't possible or am I just missing some step?

regards
DX

User avatar
Administrator
Site Admin
Posts: 5259
Joined: Sat Jan 05, 2008 4:21 pm

Re: DLL injection plugin

#17 Post by Administrator » Sat Nov 19, 2011 7:42 pm

It might have to do with the way the game registers the functions. I'm pretty sure you would have to locate the function to register Lua functions within the process (should just be able to GetProcAddress), and call them. See, when you use 'require', it will load the DLL and find those functions for you. When you inject a DLL, it loads it into the process's memory space and calls the DllMain, but cannot make any assumptions about how it will be used.

zwyklykowalski
Posts: 6
Joined: Tue Apr 16, 2013 1:05 pm

Re: DLL injection plugin

#18 Post by zwyklykowalski » Tue Apr 16, 2013 1:12 pm

hello can u add DLL injection plugin for MicroMacro 1.03?? :D

tx

User avatar
Administrator
Site Admin
Posts: 5259
Joined: Sat Jan 05, 2008 4:21 pm

Re: DLL injection plugin

#19 Post by Administrator » Tue Apr 16, 2013 1:49 pm

No problem. I've recompiled for Lua 5.2 and attached the compiled DLL. Just drop it into your plugins directory and overwrite the one you have.

zwyklykowalski
Posts: 6
Joined: Tue Apr 16, 2013 1:05 pm

Re: DLL injection plugin

#20 Post by zwyklykowalski » Tue Apr 16, 2013 3:06 pm

tx very much

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests