Hooking a .dll into the main.exe

[Hacke]

Hi all,

IMPORTANT FOR S4-5 MAINS the main doesnt stop loading at entry point of main. it will stop at ogg.dll so first open main with pe explorer and get the entry point from there then just strg + g and go to the entry point!!!

well because there are still a lot of people who are asking for help at hooking their .dll data into their mains i decided to post the guide which i already posted at a topic (i guess it was Solving textures problems from gembird) here so that the people who needs a guide how to hook will find it fast :)

Ok here we go:

Here is a little guide how to hook the dll:

1. Open the main.exe with ollydbg and look at which offset you are. Then write the offset down (maybe into a txt file or just at a sheet of paper ;) )


2. Search some free space


3. Choose 1 Free Offset follow it into the dumb (RB->Follow to Dumb->Selection) and write there the name of your dll


4. Next go to some other free offsets and write Push (and the offset of your dll)



5. Now we need to Load the Dll... to get the command on an easy way we just search it :)
Press CTRL+N (STRG +N) a new window will open and then type LoadLibraryA and when you see this just follow it (press enter when you are at the command) Another window will pop up where you will see something like this


follow 1 of the call dword.. commands (mark it and press enter)

6. now you are at the command just press space and copy that command then go back to your push command (the one you just added) and paste the command you just copied. And next write jmp (the offset you wrote down at step 1)



7. Now Press the RB->copy->copy All, RB->Copy To Executable->Selection
a new window will pop up go into it press RB and do save file and you are done :)

afterwards you can change the Entry Point to the Offset of your dll by useing PE EXPLORER (a very nice tool)

But dont forget if you are hooking more then 1 dll the jmp command of the first dll must be the offset of the push command of the second dll! and the jmp of the second dll should be the original entry point :)

Hopes this guide will help some people to learn how to hook the dll data to the main ;) if you guys got any questions feel free to ask here

Bye Hacke

UPDATE!!!! how to change the entry point after you hooked.

Well as i said above you need to change the entry point of your main after you are done with your hook i recommend the programme PE EXPLORER from heaven tools its really good. So i guess i have some work to do and continue with the guide troublesome but i cant change it -.-...

STEP 1

Ok lets start and open PE Explorer and you will see this window:


press at open file and search your main...

(i deleted some stuff out of there cuz i dont think you guys need to know some details over there ;)

Step 2

i dont have to say a lot to this step just check out the screen shot and read there:


okay now change the ep like i did it here:


Now PE Explorer will ask you if you really want to change the ep.. gosh how stupid if we wouldnt want to change it why should we have done the steps before -.- so press YES!

Step 3

Just save your work (the usually save button dont think you need a screen shot for this) and you are done with your hook wow great isent it...

Okay hope this helps you MAYBE when i got a good program a video guide will be added
bye Hacke

[MentaL]

[fictisio]

Thanks!

[Disconnect1]

Hmm:
Push "offset of dll"
Call LoadLibraryA
Jmp EP

??

[JureL]

Thx for the guide! =), but...
I'm been trying this,step by step so many times, but I got the same error "unable to locate data in executable file"

I just don't know what to do next T_T

[Hacke]

jurel upload your main please i guess its packed :/

Yup disconnect you need just push call jmp but you have to change the entry point if you want that it works all fine :)

[JureL]

jurel upload your main please i guess its packed :/

Ok, here is ^^.

Thx in advance Hacke =)

[penihop]

and where is the EP of the dll ? the function specification ?

[Gembrid]

A DLL can optionally specify an entry-point function. If present, the system calls the entry-point function whenever a process or thread loads or unloads the DLL. It can be used to perform simple initialization and cleanup tasks. For example, it can set up thread local storage when a new thread is created, and clean it up when the thread is terminated.


If you are linking your DLL with the C run-time library, it may provide an entry-point function for you, and allow you to provide a separate initialization function. Check the documentation for your run-time library for more information.

If you are providing your own entry-point, see the DllMain function. The name DllMain is a placeholder for a user-defined function. You must specify the actual name you use when you build your DLL. For more information, see the documentation included with your development tools.

Code:

BOOL WINAPI DllMain(
    HINSTANCE hinstDLL,  // handle to DLL module
    DWORD fdwReason,     // reason for calling function
    LPVOID lpReserved )  // reserved
{
    // Perform actions based on the reason for calling.
    switch( fdwReason ) 
    { 
        case DLL_PROCESS_ATTACH:
         // Initialize once for each new process.
         // Return FALSE to fail DLL load.
            break;

        case DLL_THREAD_ATTACH:
         // Do thread-specific initialization.
            break;

        case DLL_THREAD_DETACH:
         // Do thread-specific cleanup.
            break;

        case DLL_PROCESS_DETACH:
         // Perform any necessary cleanup.
            break;
    }
    return TRUE;  // Successful DLL_PROCESS_ATTACH.
}

[muillusion]

its correct?

[[hidden]]

this is a guide i've waited a long time for. thank you very much.

[Hacke]

no muillusion its not try to keep more space between your push command and the offset where you added the dll i always take something like 12 offsets between and it works pretty fine

[muillusion]

no muillusion its not try to keep more space between your push command and the offset where you added the dll i always take something like 12 offsets between and it works pretty fine

i just have tried it...but its all the same...the glown of items dont change to the new glow that i have changed....maybe the problem is in the part of "glowing" the itens...i will ask help to Gembrid

[muillusion]

when i save the file the "push" change to this...what im donig wrong??
http://louder12.badongo.com/picture/40618/3809320

[SOFTakaXimera]

when i save the file the "push" change to this...what im donig wrong??
http://louder12.badongo.com/picture/40618/3809320

Ctrl + A in Olly

[muillusion]

Ctrl + A in Olly

looks the same =/

----------------------------------

anyone can hook the "Glow.dll" im my main?? pls??
Main 1.04h + Fhx New Itens ADDs