Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

I will be honest...

Custom Title Activated
Loyal Member
Joined
Mar 26, 2012
Messages
1,465
Reaction score
130
I would like to create a dll using memorysharp and easyhook in Windows and have absolutely no clue as to how to start a project like such. Basically, I would like to hook to an exe in order to filter text in certain parts of the memory from the data packets sent to it. I have had tons of experience in creating EXEs with C# which is super simple to do but, need someone to point me in the right direction for the DLLs.

Thank you for any assistance in this matter.
 
Custom Title Activated
Loyal Member
Joined
Mar 26, 2012
Messages
1,465
Reaction score
130
These are exactly what I am looking for but, can you help me with the unresolved externals error? Thank you.



Please disregard. I fixed the issue. Was compiling using x64 instead of x86. Problem solved. Thank you.
 
Custom Title Activated
Loyal Member
Joined
Mar 26, 2012
Messages
1,465
Reaction score
130
OK I have given up on C# for this idea and moved onto C++. This is my dilemma. I have created a dll that hooks to my exe. I want it to call the function and loop it while NOT hanging the exe file as it is currently doing. Basically I want it to continue loading the exe as normal. This exe has no source so I am trying to rewrite functions within it using my DLL. I am quite confused on how to actually do this with a loop. Can someone please give me a bit of direction as to what I need to do? I am trying to capture the output of the exe to a log file and rewrite it.
 
Moderator
Staff member
Moderator
Joined
Feb 22, 2008
Messages
2,404
Reaction score
723
Basically, in almost every example of an injected dll, in the main function, inside the switch that handles the dll_attachment_reason, while in DLL_ATTACH you create a thread and start doing your stuff.
 
Custom Title Activated
Loyal Member
Joined
Mar 26, 2012
Messages
1,465
Reaction score
130
Ok. I have successfully created a new thread with a loop. SheenBR - Thank you.
How can I can figure out these offsets and how to rewrite the memory?
Thank you.
 
Last edited by a moderator:
Moderator
Staff member
Moderator
Joined
Feb 22, 2008
Messages
2,404
Reaction score
723
You can use pointers to change offsets directly.

*(int*)(offset) = value

I think that is it. This will replace 4 bytes in the offset, because it is an int.

value = *(int*)(offset); (use this to retrieve values)
 
Custom Title Activated
Loyal Member
Joined
Mar 26, 2012
Messages
1,465
Reaction score
130
Thanks for the help SheenBR. Let me be a bit more clear about my issue. The client sends a string >> ex. USERNAME. This is a non-encrypted string. The server gets that value represented as %d in the offset. I am unsure how to get that non-encrypted string and rewrite it or filter the possibility of it having the character "%" by using ReadProcessMemory or any other way. Perhaps this image might help you to understand what I mean.
jbeitz107 - I will be honest... - RaGEZONE Forums
 
Joined
Jun 10, 2009
Messages
658
Reaction score
140
Thanks for the help SheenBR. Let me be a bit more clear about my issue. The client sends a string >> ex. USERNAME. This is a non-encrypted string. The server gets that value represented as %d in the offset. I am unsure how to get that non-encrypted string and rewrite it or filter the possibility of it having the character "%" by using ReadProcessMemory or any other way. Perhaps this image might help you to understand what I mean.
jbeitz107 - I will be honest... - RaGEZONE Forums

%d is an integer placeholder in C/C++. If I am assuming correct this string is used to log each new connection and the output will be "New Connection on user: 1". If you want username to be logged then you will have to hot-patch this logger function using microsoft detour library and find the username of the given user ID to log it.
 
Custom Title Activated
Loyal Member
Joined
Mar 26, 2012
Messages
1,465
Reaction score
130
%d is an integer placeholder in C/C++. If I am assuming correct this string is used to log each new connection and the output will be "New Connection on user: 1". If you want username to be logged then you will have to hot-patch this logger function using microsoft detour library and find the username of the given user ID to log it.

Yeah that is what I thought. I was sure it had to be something to do with Detours. It is a string sent to the %d. I have had nothing but, issues with Detours in VS 2019. LOL Thanks cyberinferno.

Update - Figured out my issue with Detours. Now continuing to test and figure the rest out. "Turns out that reading instructions really does work. LOL"
 
Last edited:
Modeler / C++ Coder
Developer
Joined
Feb 6, 2008
Messages
561
Reaction score
483
Yeah that is what I thought. I was sure it had to be something to do with Detours. It is a string sent to the %d. I have had nothing but, issues with Detours in VS 2019. LOL Thanks cyberinferno.

Update - Figured out my issue with Detours. Now continuing to test and figure the rest out. "Turns out that reading instructions really does work. LOL"
for looking up what parameter was parsed to that string as a dword you should actually look where this string is used within the programs functions and you will also find the correct address to overwrite or intercept this way.. to find these kind of things IDA Pro is a useful tool if you do not have the sources of the exe in question.
 
Back
Top