Auto DLL Injection for July 21 2008 Files (Client,Server,Agent,Locator) + Multi Dlls

[Military]

thanks man.

Military appears to be the OP of this thread because a forum error messed things up. The original poster of this tutorial is steven1234 (Post #2). Steven requested me to delete this post but deleting the first post would delete the thread. Just letting you all know.

 

[steven1234]

Auto inject a dll into the client.

1: ctrl + G (0057A595)

0057A595  /. /E9 91790A00   JMP 00621F2B
0057A59A  |  |90            NOP
0057A59B  |  |90            NOP

2: ctrl + G (00621F1D)
Right click that line edit -> binary edit...
uncheck keep size, Type in ASCII Dll Name (BackGunz.dll) then after that in the hex part add 00 on the end example mine is

42 61 63 6B 47 75 6E 7A 2E 64 6C 6C

now its

42 61 63 6B 47 75 6E 7A 2E 64 6C 6C 00

press ok

3: ctrl + G (00621F2B)

00621F2B  /> \6A 60         PUSH 60
00621F2D  |.  68 88F36300   PUSH OFFSET 0063F388
00621F32  |.  68 1D1F6200   PUSH 00621F1D
00621F37  |.  FF15 6C216200 CALL DWORD PTR DS:[62216C]
00621F3D  |.  85C0          TEST EAX,EAX
00621F3F  \.^ E9 5886F5FF   JMP 0057A59C

4: save and exit
walla should be done

Auto inject dll into matchserver

1: ctrl + G (004CAF0D)

004CAF0D  /. /E9 78700800   JMP 00551F8A
004CAF12  |  |90            NOP
004CAF13  |  |90            NOP

2: ctrl + G (00551F7B)
Right click that line edit -> binary edit...
uncheck keep size, Type in ASCII Dll Name (BackGunz.dll) then after that in the hex part add 00 on the end example mine is

42 61 63 6B 47 75 6E 7A 2E 64 6C 6C

now its

42 61 63 6B 47 75 6E 7A 2E 64 6C 6C 00

press ok

3: ctrl + G (00551F8A)

00551F8A  /> \6A 60         PUSH 60
00551F8C  |.  68 28F15600   PUSH OFFSET 0056F128
00551F91  |.  68 7B1F5500   PUSH 00551F7B
00551F96  |.  FF15 E0225500 CALL DWORD PTR DS:[5522e0]
00551F9C  |.  85C0          TEST EAX,EAX
00551F9E  \.^ E9 718FF7FF   JMP 004CAF14

4: save and done
walla should be done

Auto inject dll into locator

1: ctrl + G (00438B0D)

00438B0D     /E9 71240300   JMP 0046AF83
00438B12  |. |90            NOP
00438B13  |. |90            NOP

2: ctrl + G (0046AF75)
Right click that line edit -> binary edit...
uncheck keep size, Type in ASCII Dll Name (BackGunz.dll) then after that in the hex part add 00 on the end example mine is

42 61 63 6B 47 75 6E 7A 2E 64 6C 6C

now its

42 61 63 6B 47 75 6E 7A 2E 64 6C 6C 00

press ok

3: ctrl + G (0046AF83)

0046AF83  /.  6A 60         PUSH 60
0046AF85  |.  68 F0BD4700   PUSH OFFSET 0047BDF0
0046AF8A  |.  68 75AF4600   PUSH 0046AF75
0046AF8F  |.  FF15 B0B24600 CALL DWORD PTR DS:[46B2B0]
0046AF95  |.  85C0          TEST EAX,EAX
0046AF97  \.^ E9 78DBFCFF   JMP 00438B14

4: save and done
walla should be done

Auto inject dll into match agent

1: ctrl + G (00438B0D)

00437FD5     /E9 AF4F0400   JMP 0047CF89
00437FDA   . |90            NOP
00437FDB   . |90            NOP

2: ctrl + G (0047CF7B)
Right click that line edit -> binary edit...
uncheck keep size, Type in ASCII Dll Name (BackGunz.dll) then after that in the hex part add 00 on the end example mine is

42 61 63 6B 47 75 6E 7A 2E 64 6C 6C

now its

42 61 63 6B 47 75 6E 7A 2E 64 6C 6C 00

press ok

3: ctrl + G (0047CF89)

0047CF89      6A 60         PUSH 60
0047CF8B      68 E8364900   PUSH OFFSET 004936E8
0047CF90      68 7BCF4700   PUSH 0047CF7B
0047CF95      FF15 20D34700 CALL DWORD PTR DS:[47d320]
0047CF9B      85C0          TEST EAX,EAX
0047CF9D    ^ E9 3AB0FBFF   JMP 00437FDC

4: save and done
walla should be done


Advanced (Based on client just do the same with the others):

MessageBoxA Addresses
Client: 6224d0
Locator: 46b69c
Match Server: 5527e0
Match Agent: 47d668


Dll Injection with error messages

00621EE4   .  46 61 74 61 6 ASCII "Fatal Error",0
00621EF0      00            DB 00
00621EF1      00            DB 00
00621EF2      00            DB 00
00621EF3      00            DB 00
00621EF4      00            DB 00
00621EF5      00            DB 00
00621EF6      00            DB 00
00621EF7      00            DB 00
00621EF8      00            DB 00
00621EF9   .  45 72 72 6F 7 ASCII "Error Loading Ba"
00621F09   .  63 6B 47 75 6 ASCII "ckGunz.dll",0
00621F14      00            DB 00
00621F15      00            DB 00
00621F16      00            DB 00
00621F17      00            DB 00
00621F18      00            DB 00
00621F19      00            DB 00
00621F1A      00            DB 00
00621F1B      00            DB 00
00621F1C      00            DB 00
00621F1D   .  42 61 63 6B 4 ASCII "BackGunz.dll",0
00621F2A      00            DB 00
00621F2B  /> \6A 60         PUSH 60
00621F2D  |.  68 88F36300   PUSH OFFSET 0063F388
00621F32  |.  68 1D1F6200   PUSH 00621F1D                            ; ASCII "BackGunz.dll"
00621F37  |.  FF15 6C216200 CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar
00621F3D  |.  85C0          TEST EAX,EAX
00621F3F  |.  74 05         JE SHORT 00621F46
00621F41  |.^ E9 5686F5FF   JMP 0057A59C
00621F46  |>  6A 10         PUSH 10
00621F48  |.  68 E41E6200   PUSH 00621EE4                            ; ASCII "Fatal Error"
00621F4D  |.  68 F91E6200   PUSH 00621EF9                            ; ASCII "Error Loading BackGunz.dll"
00621F52  |.  6A 00         PUSH 0
00621F54  |.  FF15 D0246200 CALL DWORD PTR DS:[<&USER32.MessageBoxA>
00621F5A  \.  C3            RETN

Multiple Dll Injection with error messages

CPU Disasm
Address   Hex dump          Command                                  Comments
00621EDC   .  46 61 74 61 6 ASCII "Fatal Error",0
00621EE8      00            DB 00
00621EE9   .  45 72 72 6F 7 ASCII "Error Loading Dl"
00621EF9   .  6C 20 46 69 6 ASCII "l Files",0
00621F01      00            DB 00
00621F02      00            DB 00
00621F03      00            DB 00
00621F04      00            DB 00
00621F05      00            DB 00
00621F06      00            DB 00
00621F07      00            DB 00
00621F08      00            DB 00
00621F09      00            DB 00
00621F0A      00            DB 00
00621F0B      00            DB 00
00621F0C      00            DB 00
00621F0D      00            DB 00
00621F0E      00            DB 00
00621F0F   .  42 61 63 6B 4 ASCII "BackGunz2.dll",0
00621F1D   .  42 61 63 6B 4 ASCII "BackGunz.dll",0
00621F2A      00            DB 00
00621F2B  />  6A 60         PUSH 60
00621F2D  |.  68 88F36300   PUSH OFFSET 0063F388
00621F32  |.  56            PUSH ESI
00621F33  |.  8B35 6C216200 MOV ESI,DWORD PTR DS:[<&KERNEL32.LoadLib ; Entry point of procedure
00621F39  |.  68 1D1F6200   PUSH 00621F1D                            ; ASCII "BackGunz.dll"
00621F3E  |.  FFD6          CALL ESI
00621F40  |.  85C0          TEST EAX,EAX
00621F42  |.  74 11         JE SHORT 00621F55
00621F44  |.  68 0F1F6200   PUSH 00621F0F                            ; ASCII "BackGunz2.dll"
00621F49  |.  FFD6          CALL ESI
00621F4B  |.  85C0          TEST EAX,EAX
00621F4D  |.  74 06         JE SHORT 00621F55
00621F4F  |.  5E            POP ESI
00621F50  |.^ E9 4786F5FF   JMP 0057A59C
00621F55  |>  6A 10         PUSH 10
00621F57  |.  68 DC1E6200   PUSH 00621EDC                            ; ASCII "Fatal Error"
00621F5C  |.  68 E91E6200   PUSH 00621EE9                            ; ASCII "Error Loading Dll Files"
00621F61  |.  6A 00         PUSH 0
00621F63  |.  FF15 D0246200 CALL DWORD PTR DS:[<&USER32.MessageBoxA>
00621F69  |.  5E            POP ESI
00621F6A  \.  C3            RETN

100% tested all errors are down to you

Credits:
90% Steven aka own_prox aka Godofthestaf
10% Vitor for telling a program to find loadlibarya addresses

 

[Phoenix]

Re: Auto Dll Injection 2008

Thanks a lot man!

 

[steven1234]

Re: Auto Dll Injection 2008

np ill try do matchserver in a min

 

[Analise]

Re: Auto Dll Injection 2008

Thank months I would make a topic for someone to make a tut about it today actually thank Stevens ;D

 

[steven1234]

Re: Auto Dll Injection 2008

np added injects for all lol

 

[Lolled]

Re: Auto Dll Injection 2008

Thank you!

 

[steven1234]

Re: Auto Dll Injection 2008

your welcome
everyone kept asking me for this because i did 2007

 

[TheCodeOfGunz]

Re: Auto Dll Injection 2008

thanks man really need this!

 

[steven1234]

Re: Auto Dll Injection 2008

np any probs just post

 

[Phoenix]

Re: Auto DLL Injection for July 21 2008 Files (Client,Server,Agent,Locator)

Thread title changed so that it makes more sense to others. I hope you don't mind, Steven.

Secondly, can you also post the codes to inject more than 1 DLL? Maybe 2 or 3?

 

[steven1234]

Re: Auto DLL Injection for July 21 2008 Files (Client,Server,Agent,Locator)

done babe lol and added error message

 

[gatsu]

Good job, steven!

 

[LoveOfHacking]

Re: Auto Dll Injection 2008

Thank you very much, sir.

 

[gatsu]

Hi,

I followed steven's tut for auto inject dll into 2008 client, but I got this error: "Extra input after operand".

Here:

00621F2B  /> \6A 60         PUSH 60
[COLOR="Red"]00621F2D  |.  68 88F36300   PUSH OFFSET 0063F388[/COLOR]
00621F32  |.  68 1D1F6200   PUSH 00621F1D
00621F37  |.  FF15 6C216200 CALL DWORD PTR DS:[62216C]
00621F3D  |.  85C0          TEST EAX,EAX
00621F3F  \.^ E9 5886F5FF   JMP 0057A59C

If I skip this line when I run GunZ, my runnable crash.

How can I fix?

 

[steven1234]

check help section i replyed if not add me on msn: steven@euro-scape.co.uk