I will be honest...

Results 1 to 11 of 11
  1. #1
    Tantra/Web Development jbeitz107 is offline
    True MemberRank
    Mar 2012 Join Date
    USALocation
    1,471Posts

    ! I will be honest...

    I will be honest...
    I would like to create a dll using memorysharp and easyhook in Windows and have absolutely no clue as to how to start a project like such. Basically, I would like to hook to an exe in order to filter text in certain parts of the memory from the data packets sent to it. I have had tons of experience in creating EXEs with C# which is super simple to do but, need someone to point me in the right direction for the DLLs.

    Thank you for any assistance in this matter.
    ~To Each Their Own~
    https://infinixwebs.tk/info


  2. #2
    Programmer cyberinferno is offline
    True MemberRank
    Jun 2009 Join Date
    127.0.0.1Location
    693Posts
    ** Web developer **

  3. #3
    Tantra/Web Development jbeitz107 is offline
    True MemberRank
    Mar 2012 Join Date
    USALocation
    1,471Posts

    Re: I will be honest...

    These are exactly what I am looking for but, can you help me with the unresolved externals error? Thank you.

    - - - Updated - - -

    Please disregard. I fixed the issue. Was compiling using x64 instead of x86. Problem solved. Thank you.
    ~To Each Their Own~
    https://infinixwebs.tk/info

  4. #4
    Tantra/Web Development jbeitz107 is offline
    True MemberRank
    Mar 2012 Join Date
    USALocation
    1,471Posts

    Re: I will be honest...

    OK I have given up on C# for this idea and moved onto C++. This is my dilemma. I have created a dll that hooks to my exe. I want it to call the function and loop it while NOT hanging the exe file as it is currently doing. Basically I want it to continue loading the exe as normal. This exe has no source so I am trying to rewrite functions within it using my DLL. I am quite confused on how to actually do this with a loop. Can someone please give me a bit of direction as to what I need to do? I am trying to capture the output of the exe to a log file and rewrite it.
    ~To Each Their Own~
    https://infinixwebs.tk/info

  5. #5
    Fuck. SheenBR is offline
    ModeratorRank
    Feb 2008 Join Date
    Jaú, BrazilLocation
    2,390Posts

    Re: I will be honest...

    Basically, in almost every example of an injected dll, in the main function, inside the switch that handles the dll_attachment_reason, while in DLL_ATTACH you create a thread and start doing your stuff.

  6. #6
    Tantra/Web Development jbeitz107 is offline
    True MemberRank
    Mar 2012 Join Date
    USALocation
    1,471Posts

    Re: I will be honest...

    Ok. I have successfully created a new thread with a loop. @SheenBR - Thank you.
    How can I can figure out these offsets and how to rewrite the memory?
    Thank you.
    Last edited by TimeBomb; 25-01-20 at 06:59 PM. Reason: Slightly altered message to keep the question but remove snippet about bringing discussion off RZ (which is against rule 27)
    ~To Each Their Own~
    https://infinixwebs.tk/info

  7. #7
    Fuck. SheenBR is offline
    ModeratorRank
    Feb 2008 Join Date
    Jaú, BrazilLocation
    2,390Posts

    Re: I will be honest...

    You can use pointers to change offsets directly.

    *(int*)(offset) = value

    I think that is it. This will replace 4 bytes in the offset, because it is an int.

    value = *(int*)(offset); (use this to retrieve values)

  8. #8
    Tantra/Web Development jbeitz107 is offline
    True MemberRank
    Mar 2012 Join Date
    USALocation
    1,471Posts

    Re: I will be honest...

    Thanks for the help SheenBR. Let me be a bit more clear about my issue. The client sends a string >> ex. USERNAME. This is a non-encrypted string. The server gets that value represented as %d in the offset. I am unsure how to get that non-encrypted string and rewrite it or filter the possibility of it having the character "%" by using ReadProcessMemory or any other way. Perhaps this image might help you to understand what I mean.
    ~To Each Their Own~
    https://infinixwebs.tk/info

  9. #9
    Programmer cyberinferno is offline
    True MemberRank
    Jun 2009 Join Date
    127.0.0.1Location
    693Posts

    Re: I will be honest...

    Quote Originally Posted by jbeitz107 View Post
    Thanks for the help SheenBR. Let me be a bit more clear about my issue. The client sends a string >> ex. USERNAME. This is a non-encrypted string. The server gets that value represented as %d in the offset. I am unsure how to get that non-encrypted string and rewrite it or filter the possibility of it having the character "%" by using ReadProcessMemory or any other way. Perhaps this image might help you to understand what I mean.
    %d is an integer placeholder in C/C++. If I am assuming correct this string is used to log each new connection and the output will be "New Connection on user: 1". If you want username to be logged then you will have to hot-patch this logger function using microsoft detour library and find the username of the given user ID to log it.
    ** Web developer **

  10. #10
    Tantra/Web Development jbeitz107 is offline
    True MemberRank
    Mar 2012 Join Date
    USALocation
    1,471Posts

    Re: I will be honest...

    Quote Originally Posted by cyberinferno View Post
    %d is an integer placeholder in C/C++. If I am assuming correct this string is used to log each new connection and the output will be "New Connection on user: 1". If you want username to be logged then you will have to hot-patch this logger function using microsoft detour library and find the username of the given user ID to log it.
    Yeah that is what I thought. I was sure it had to be something to do with Detours. It is a string sent to the %d. I have had nothing but, issues with Detours in VS 2019. LOL Thanks cyberinferno.

    Update - Figured out my issue with Detours. Now continuing to test and figure the rest out. "Turns out that reading instructions really does work. LOL"
    Last edited by jbeitz107; 27-01-20 at 04:41 PM.
    ~To Each Their Own~
    https://infinixwebs.tk/info

  11. #11
    Modeler / C++ Coder Matynator is offline
    DeveloperRank
    Feb 2008 Join Date
    NetherlandsLocation
    576Posts

    Re: I will be honest...

    Quote Originally Posted by jbeitz107 View Post
    Yeah that is what I thought. I was sure it had to be something to do with Detours. It is a string sent to the %d. I have had nothing but, issues with Detours in VS 2019. LOL Thanks cyberinferno.

    Update - Figured out my issue with Detours. Now continuing to test and figure the rest out. "Turns out that reading instructions really does work. LOL"
    for looking up what parameter was parsed to that string as a dword you should actually look where this string is used within the programs functions and you will also find the correct address to overwrite or intercept this way.. to find these kind of things IDA Pro is a useful tool if you do not have the sources of the exe in question.
    010010010100110001101111011101100110010101001000011000010110
    110001100101011110010011010001000101011101100110010101110010




Advertisement