DLL injection (C++)

I need a point in the right direction..

Page 1 of 1

13 Replies - 10352 Views - Last Post: 24 July 2007 - 06:55 AM Rate Topic: -----

#1 Musashin  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 09-May 07

DLL injection (C++)

Posted 16 July 2007 - 05:25 AM

Hello,

I've been learning C++ in my spare time for a while now, but it hasn't really been going anywhere because I haven't had a good project to work on. So I came up with this idea that I was going to make an "assistant" program for an online game I play, that monitors packets, filters them, sends, etcetera. I think this would be something I would benefit from, as I'd teach myself a lot about the language as I did this project.
I'm stumped though, as to how I'd actually hook into a program to monitor packets sent/received from it in the first place. I googled around for a while on this to try and find some answers, read some of my e-books, and checked this site, but found null. Now I'm not looking for a complete program that does this, because that would defeat the purpose of me wanting to code it myself, and I wouldn't learn anything.
What I want to know is the basic process that is involved in reading packets from another program (I hear a dll is needed, and I've heard the word hook used, but I'm really hazy on the details), and any commands in C++ that would be relevant to doing so. I'm not sure how simple this is going to be, but I'm hoping it'll be challenging, the more I learn from it, the better. I'd really appreciate it if someone could shed some light on this for me.


Cheers,
Musashin.

This post has been edited by Musashin: 16 July 2007 - 08:19 PM


Is This A Good Question/Topic? 0
  • +

Replies To: DLL injection (C++)

#2 Amadeus  Icon User is offline

  • g+ + -o drink whiskey.cpp
  • member icon

Reputation: 248
  • View blog
  • Posts: 13,506
  • Joined: 12-July 02

Re: DLL injection (C++)

Posted 16 July 2007 - 05:35 AM

First and foremost, you'll need access to be able to catch the outgoing data from the other program...does that game offer either an API or set of dll's to catch/hook it's output?
Was This Post Helpful? 0
  • +
  • -

#3 1lacca  Icon User is offline

  • code.rascal
  • member icon

Reputation: 44
  • View blog
  • Posts: 3,822
  • Joined: 11-August 05

Re: DLL injection (C++)

Posted 16 July 2007 - 07:48 AM

There is a program, that does something (or exactly?) like this, it's called Wireshark (formerly Ethereal). It uses a library/driver called WinPcap.
Have a look at what Wireshark can do (I might be able to help you if you are stuck, it has quite a steep learning curve, and you can easily mess up your windows networking settings even if you follow tutorials and don't know what you are doing - I did this :o ), and you could get a basic understanding of the packet capturing process.
After that you could have a look at WinPcap, and see if you can use it yourself (it would be a really hard task writing that functionality yourself, since you would have to dig deep into Windows driver programming, and things like that) and develop a software that can use it. I think this way this is not an impossible project, and if you are stuck you could still get ideas from the Wireshark source, because it is opensource (however probably too complex to start dissecting it right in the beginning).
None of these tools need to know anything about the game, these capture packets right on the network interface, but this makes things quite hard ( you must filter out the traffic taht is actually generated by the game - filtering for teh right port generally does the trick - and if the game uses soem encryption then you must decrypt the stream to get access to the data - although it is not very common, but some compression might be present )

Because you've mentioned dll's I've assumed you are using Windows, but Wireshark is available on Linux, too, and WinPcap has a Linux alternative, too (actually it is the alternative of the original Linux thing).
Was This Post Helpful? 0
  • +
  • -

#4 Musashin  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 09-May 07

Re: DLL injection (C++)

Posted 16 July 2007 - 03:24 PM

View PostAmadeus, on 16 Jul, 2007 - 05:35 AM, said:

First and foremost, you'll need access to be able to catch the outgoing data from the other program...does that game offer either an API or set of dll's to catch/hook it's output?


I'm not sure, there has been a program that has done it before that used a dll to connect to the client, so making the dll wouldn't be a problem, I could just use theirs, which cuts out a lot of the work, I'm just stumped on how to use it with my program. I don't think there's an API, not that I've seen anyway.

Quote

There is a program, that does something (or exactly?) like this, it's called Wireshark (formerly Ethereal). It uses a library/driver called WinPcap.
Have a look at what Wireshark can do (I might be able to help you if you are stuck, it has quite a steep learning curve, and you can easily mess up your windows networking settings even if you follow tutorials and don't know what you are doing - I did this ohmy.gif ), and you could get a basic understanding of the packet capturing process.
After that you could have a look at WinPcap, and see if you can use it yourself (it would be a really hard task writing that functionality yourself, since you would have to dig deep into Windows driver programming, and things like that) and develop a software that can use it. I think this way this is not an impossible project, and if you are stuck you could still get ideas from the Wireshark source, because it is opensource (however probably too complex to start dissecting it right in the beginning).
None of these tools need to know anything about the game, these capture packets right on the network interface, but this makes things quite hard ( you must filter out the traffic taht is actually generated by the game - filtering for teh right port generally does the trick - and if the game uses soem encryption then you must decrypt the stream to get access to the data - although it is not very common, but some compression might be present )

Because you've mentioned dll's I've assumed you are using Windows, but Wireshark is available on Linux, too, and WinPcap has a Linux alternative, too (actually it is the alternative of the original Linux thing).


I've used Wireshark before, and Ethereal, pretty blindly though, I wasn't aware of what was going on under the hood. I used them to get an understanding of how packets worked. That was a while ago, I'll happily have another look if it'll help me understand more. From what I understood though, Ethereal captured packets on a system-wide basis (I could be wrong), what I'm looking to do is be able to target a single program and monitor that.
I'm positive the game I'm trying to do this for doesn't encrypt it's packets, which is why I chose it for this project, if the packets were encrypted it would make things a lot harder.

Yeah, I'm using XP, so compatibility won't be an issue, :P
I'm using Dev-C++ compiler too, if it helps to know.


Thanks for the replies~
Musashin.
Was This Post Helpful? 0
  • +
  • -

#5 1lacca  Icon User is offline

  • code.rascal
  • member icon

Reputation: 44
  • View blog
  • Posts: 3,822
  • Joined: 11-August 05

Re: DLL injection (C++)

Posted 17 July 2007 - 05:55 AM

Quote

rom what I understood though, Ethereal captured packets on a system-wide basis (I could be wrong), what I'm looking to do is be able to target a single program and monitor that.

True, but you can define filters, so it will only capture your game's packets (filtering for the ports TCP or UDP that your game uses is just enough).
Note that if your server and client both run on your local comp, then Wireshark won't capture the packets. So either use 2 computers, or install the Windows loopback driver (it's configuration is available on a Wireshark wiki page, and that was exactly that ruined my network, so watch your steps when you are setting up the routing table, and check if you already use the IPs that are in the howto)

Quote

I'm positive the game I'm trying to do this for doesn't encrypt it's packets, which is why I chose it for this project, if the packets were encrypted it would make things a lot harder.


Wise choice!


Quote

Yeah, I'm using XP, so compatibility won't be an issue


Then WinPcap should do the trick. If you have WireShark installed, then it is installed as well, so you already has it :) - but you might have to get the SDK separately.
Was This Post Helpful? 0
  • +
  • -

#6 born2c0de  Icon User is offline

  • printf("I'm a %XR",195936478);
  • member icon

Reputation: 180
  • View blog
  • Posts: 4,667
  • Joined: 26-November 04

Re: DLL injection (C++)

Posted 17 July 2007 - 06:19 AM

This would totally be dependant on the program whose DLL you want to hook.
Maybe Ethereal doesn't use code stored in DLLs to monitor packets.
The only way to find out is to read the manual or disassemble the DLL File.

Use the dumpbin utility dumpbin /exports <path_of_dll_file> to get the list of all exported functions and you might have an idea.
Was This Post Helpful? 0
  • +
  • -

#7 1lacca  Icon User is offline

  • code.rascal
  • member icon

Reputation: 44
  • View blog
  • Posts: 3,822
  • Joined: 11-August 05

Re: DLL injection (C++)

Posted 17 July 2007 - 12:23 PM

Ethereal/WinPcap doesn't involve hooking to the game's dll, it monitors packets that go to the network interface, it is like hooking the interface's driver itself, os it's pretty much independent of the program you are stalking.

Hooking the program's dll might be esasier, if you can find some documentation on it, or you are into disassembling.
Was This Post Helpful? 0
  • +
  • -

#8 Musashin  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 09-May 07

Re: DLL injection (C++)

Posted 19 July 2007 - 01:48 AM

Thanks for the help, guys. I still haven't got it working, but I'm well on my way there. I'll try out the forementioned things and let you know how I go.


Cheers,
Musashin.
Was This Post Helpful? 0
  • +
  • -

#9 gogole  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 3
  • View blog
  • Posts: 131
  • Joined: 17-July 07

Re: DLL injection (C++)

Posted 20 July 2007 - 04:46 PM

this dll stuff is really cool,does any of you have e-books i can use .if not could you direct me to one.
Was This Post Helpful? 0
  • +
  • -

#10 1lacca  Icon User is offline

  • code.rascal
  • member icon

Reputation: 44
  • View blog
  • Posts: 3,822
  • Joined: 11-August 05

Re: DLL injection (C++)

Posted 21 July 2007 - 01:41 AM

MSDN has pretty good articles on dlls, should be easy to find with google in a minute.
Was This Post Helpful? 0
  • +
  • -

#11 Musashin  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 09-May 07

Re: DLL injection (C++)

Posted 24 July 2007 - 05:23 AM

Okay.. update.. I found a snippet for injecting a dynamic link-library into any process, and I think I'm pretty close to getting it to work. I'll paste it, in case anyone else is trying to do the same thing;

#include <string>
#include <windows.h>
 
#define MAXWAIT 10000
 
bool insertDll(DWORD procID, std::string dll)
{
	// Full snippet is here: http://www.dreamincode.net/code/snippet407.htm
}


The only thing I'm not getting, is

Quote

std::string dll


*edit, I got it.. it was a stupid syntax mistake on my part. :)

It seems to have worked, but is there a way to test it to make sure? When I pass a process to it, it does nothing (which I would expect.. as I haven't told it to do anything with it). Is there any kind of quick test I can run on it to make sure it actually injected?



Cheers,
Musashin

This post has been edited by Musashin: 24 July 2007 - 05:34 AM

Was This Post Helpful? 0
  • +
  • -

#12 1lacca  Icon User is offline

  • code.rascal
  • member icon

Reputation: 44
  • View blog
  • Posts: 3,822
  • Joined: 11-August 05

Re: DLL injection (C++)

Posted 24 July 2007 - 05:32 AM

Just a guess: simply the name of the dll?
Was This Post Helpful? 0
  • +
  • -

#13 Musashin  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 09-May 07

Re: DLL injection (C++)

Posted 24 July 2007 - 05:41 AM

Yeah, it was the name of the dll, I was using it, but I had it on the wrong side of the parentheses, I'm an idiot, but I fixed it. :P

Well, I think I did. I have no way to see if it worked. I don't think it did, because I have a process that's supposed to close when it detects a dll injection, and it didn't close when I targeted it. :(

This post has been edited by Musashin: 24 July 2007 - 05:47 AM

Was This Post Helpful? 0
  • +
  • -

#14 1lacca  Icon User is offline

  • code.rascal
  • member icon

Reputation: 44
  • View blog
  • Posts: 3,822
  • Joined: 11-August 05

Re: DLL injection (C++)

Posted 24 July 2007 - 06:55 AM

Well, try to inject something you can debug.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1