Hooking a .dll into the main.exe

Hi all,

IMPORTANT FOR S4-5 MAINS the main doesnt stop loading at entry point of main. it will stop at ogg.dll so first open main with pe explorer and get the entry point from there then just strg + g and go to the entry point!!!

well because there are still a lot of people who are asking for help at hooking their .dll data into their mains i decided to post the guide which i already posted at a topic (i guess it was Solving textures problems from gembird) here so that the people who needs a guide how to hook will find it fast :)

Ok here we go:

Here is a little guide how to hook the dll:

1. Open the main.exe with ollydbg and look at which offset you are. Then write the offset down (maybe into a txt file or just at a sheet of paper ;) )
http://img139.imageshack.us/img139/4884/step1so3.th.jpg

2. Search some free space
http://img382.imageshack.us/img382/7216/step2bf4.th.jpg

3. Choose 1 Free Offset follow it into the dumb (RB->Follow to Dumb->Selection) and write there the name of your dll
http://img140.imageshack.us/img140/3112/step3uz5.th.jpg

4. Next go to some other free offsets and write Push (and the offset of your dll)
http://img384.imageshack.us/img384/5880/step4vd0.th.jpg


5. Now we need to Load the Dll... to get the command on an easy way we just search it :)
Press CTRL+N (STRG +N) a new window will open and then type LoadLibraryA and when you see this just follow it (press enter when you are at the command) Another window will pop up where you will see something like this
http://img387.imageshack.us/img387/3396/step5qs4.th.jpg

follow 1 of the call dword.. commands (mark it and press enter)

6. now you are at the command just press space and copy that command then go back to your push command (the one you just added) and paste the command you just copied. And next write jmp (the offset you wrote down at step 1)
http://img393.imageshack.us/img393/8914/step6tv7.th.jpg


7. Now Press the RB->copy->copy All, RB->Copy To Executable->Selection
a new window will pop up go into it press RB and do save file and you are done :)

afterwards you can change the Entry Point to the Offset of your dll by useing PE EXPLORER (a very nice tool)

But dont forget if you are hooking more then 1 dll the jmp command of the first dll must be the offset of the push command of the second dll! and the jmp of the second dll should be the original entry point :)

Hopes this guide will help some people to learn how to hook the dll data to the main ;) if you guys got any questions feel free to ask here

Bye Hacke

UPDATE!!!! how to change the entry point after you hooked.

Well as i said above you need to change the entry point of your main after you are done with your hook i recommend the programme PE EXPLORER from heaven tools its really good. So i guess i have some work to do and continue with the guide troublesome but i cant change it -.-...

STEP 1

Ok lets start and open PE Explorer and you will see this window:
http://img507.imageshack.us/img507/4...tep1lv3.th.jpg

press at open file and search your main...
http://img82.imageshack.us/img82/834...tep2se7.th.jpg
(i deleted some stuff out of there cuz i dont think you guys need to know some details over there ;)

Step 2

i dont have to say a lot to this step just check out the screen shot and read there:
http://img440.imageshack.us/img440/8...tep3bl8.th.jpg

okay now change the ep like i did it here:
http://img516.imageshack.us/img516/6...tep4eh7.th.jpg

Now PE Explorer will ask you if you really want to change the ep.. gosh how stupid if we wouldnt want to change it why should we have done the steps before -.- so press YES!

Step 3

Just save your work (the usually save button dont think you need a screen shot for this) and you are done with your hook wow great isent it...

Okay hope this helps you MAYBE when i got a good program a video guide will be added
bye Hacke

Thanks!

Hmm:
Push "offset of dll"
Call LoadLibraryA
Jmp EP

??

Thx for the guide! =), but...
I'm been trying this,step by step so many times, but I got the same error "unable to locate data in executable file"

I just don't know what to do next T_T

jurel upload your main please i guess its packed :/

Yup disconnect you need just push call jmp but you have to change the entry point if you want that it works all fine :)

Quote:

---

Originally Posted by Hacke

jurel upload your main please i guess its packed :/

---

Ok, here is ^^.

Thx in advance Hacke =)

and where is the EP of the dll ? the function specification ?

A DLL can optionally specify an entry-point function. If present, the system calls the entry-point function whenever a process or thread loads or unloads the DLL. It can be used to perform simple initialization and cleanup tasks. For example, it can set up thread local storage when a new thread is created, and clean it up when the thread is terminated.


If you are linking your DLL with the C run-time library, it may provide an entry-point function for you, and allow you to provide a separate initialization function. Check the documentation for your run-time library for more information.

If you are providing your own entry-point, see the DllMain function. The name DllMain is a placeholder for a user-defined function. You must specify the actual name you use when you build your DLL. For more information, see the documentation included with your development tools.

Code:

---

BOOL WINAPI DllMain(
    HINSTANCE hinstDLL,  // handle to DLL module
    DWORD fdwReason,    // reason for calling function
    LPVOID lpReserved )  // reserved
{
    // Perform actions based on the reason for calling.
    switch( fdwReason )
    {
        case DLL_PROCESS_ATTACH:
        // Initialize once for each new process.
        // Return FALSE to fail DLL load.
            break;

        case DLL_THREAD_ATTACH:
        // Do thread-specific initialization.
            break;

        case DLL_THREAD_DETACH:
        // Do thread-specific cleanup.
            break;

        case DLL_PROCESS_DETACH:
        // Perform any necessary cleanup.
            break;
    }
    return TRUE;  // Successful DLL_PROCESS_ATTACH.
}

---

http://img293.imageshack.us/img293/3...agemrd2.th.png

its correct?

this is a guide i've waited a long time for. thank you very much.

no muillusion its not try to keep more space between your push command and the offset where you added the dll i always take something like 12 offsets between and it works pretty fine

Quote:

---

Originally Posted by Hacke

no muillusion its not try to keep more space between your push command and the offset where you added the dll i always take something like 12 offsets between and it works pretty fine

---

i just have tried it...but its all the same...the glown of items dont change to the new glow that i have changed....maybe the problem is in the part of "glowing" the itens...i will ask help to Gembrid

when i save the file the "push" change to this...what im donig wrong??
http://louder12.badongo.com/picture/40618/3809320

Quote:

---

Originally Posted by muillusion

when i save the file the "push" change to this...what im donig wrong??
http://louder12.badongo.com/picture/40618/3809320

---

Ctrl + A in Olly

Quote:

---

Originally Posted by SOFTakaXimera

Ctrl + A in Olly

---

looks the same =/

----------------------------------

anyone can hook the "Glow.dll" im my main?? pls??
Main 1.04h + Fhx New Itens ADDs

Try this
http://www.sendspace.com/file/moca97
And tell me if it works.

Hey,
can u hook AntiHack.dll to my main.exe pls
here is my main:
http://rapidshare.com/files/129475070/main.exe.html

later this day or tomorrow i will add to the guide how to change the EP with PE Explorer ;)

Hacke, I have done the hook but when I delete the "Antihack.dll" the main not have the normal error when not exist a dll


this is normal ?


(srry im newbie in this u.u)

HACKE.. thanks man all ok working
but theres bug...

when i load main it will only load the new .DLL the old one won't work anymore XD . how to fix?

example.
main + glow.dll ( working glow effects )
main + glow.dll + new.dll ( GLow effects don't work, but new.dll working. )

so when i add the new.dll in it passes the GLOW.dll

also. i set the Entry Point to the new.dll , it was on glow.dll before. and i copy all the steps from glow to add dll. and read you guide carefully. everything is working.. but i wanted to make both .DLL work.. not just the new one...

its pretty simple do the hook of the new dll below or the first one. lets say first.dll and second.dll

so your first hook looks lke this:

http://img393.imageshack.us/img393/8914/step6tv7.th.jpg

now you do another 1 just like you did before BUT if you hook it below your first hook then dont change the EP cuz if you do it will start loading from that point so your old dll (first.dll) wont load anymore! the only thing you have to do is change the jmp of the first.dll to the offset where the second.dll hook is starting. (just do jmp to the offset of second.dll push) if you have done this you need to change the jmp from the second dll to the oep like you did at first.dll hook.

Well now i try to explain it. If the main starts loading at your first.dll it will load it and then JMP to the oep and loads the rest. Thats why the second dll isent loading but when you change the jmp to the offset of the second hook the first dll is loading and then the main jumps to the second hook and after this is loaded it jumps to the oep. Now if you change the EP to the second dll the second will load and jmp to the oep and thats why the first wont load. I hope you understand it cuz i cant make screen shots now i m at work :P


maybe i will edit the guide in 2 days after my bday i just noticed that i forgot to mention that thing with more new dll's and i should add how to change the ep ^_^

very nice guide, ihave a question in order for load new glows i can use the glow editor , o i must made my own code also :S

the thing you have to do is to place the glow.gld into your data folder and hook the EDITED glow.dll into your main so that the main loads the dll which reads the informations about the glow out of the glow.gld to add glows you need to open the glow.gld with the glow editor and edit the items in the way you like to have them

Hacke u said u will hook the .dll to my main... and u didnt?
i'm waiting 1 week pls hook it :(

since i am very busy now days i dont have the time to hang in front of the pc try to follow the steps from the guide and it WILL work!

Quote:

---

Originally Posted by Hacke

since i am very busy now days i dont have the time to hang in front of the pc try to follow the steps from the guide and it WILL work!

---

ok,
can some1 give me a link to ollydbg coz in my ollydbg i cant see any DB 00 i think my is old.. or bugged

just google for it ? and if you dont see db 00 it could be that your main is packed

do i set the entry point to the Push command of the dll????

good job

Quote:

---

Originally Posted by Kurzed

do i set the entry point to the Push command of the dll????

---

yup set entry point to the offset where you start with the hook. Because when you take a look at the last offset of the original main you will see that its jmp ######### (to the original entry point) so you have to change the ep to your hook that it will load

Great Job !

fantastic guide " HACKE"

works like a charm.

don t have db00 but ADD BYTE PTR DS:[EAX],AL .... that means main is packed and can t use it ?

Quote:

---

Originally Posted by =Ady=

don t have db00 but ADD BYTE PTR DS:[EAX],AL .... that means main is packed and can t use it ?

---

It's the same 0x00 byte. :) You can use it.

and where i find offset for main ?

who can hook an antihack dll into main with some updates, pm me ... i'll pay for

Quote:

---

Originally Posted by =Ady=

don t have db00 but ADD BYTE PTR DS:[EAX],AL .... that means main is packed and can t use it ?

---

that means that it's not analysed

rigth click -> analysis -> analyse code

then you will see your DB 00

thanks for the guild, very useful

Why I cant write name of my Dll?
Only 1-st "a" o_O

may u show us a screen shot

mmm you dont understand this is not error I just cant write name on 3-rd ss of guide.Сan you explain more paragraph 3?
How to write there? I can write there onli 1 symbol %(
where I can find dll's offset? Oo

Quote:

---

Originally Posted by sanjaa

mmm you dont understand this is not error I just cant write name on 3-rd ss of guide.Сan you explain more paragraph 3?
How to write there? I can write there onli 1 symbol %(
where I can find dll's offset? Oo

---

Just select with mouse as many positions as you need to edit and than press Space.

ooo thx for space :D
where I can find dll's offset?
I wont antihack dll.

omg I find :D thx all

please help me,I try 50 times but not work :( 5 hours....
this is not so easy :(
can you hook my main,I need antihack.dll
my main work without dll and with cheats ...
http://miraclemu.sytes.net/main.exe

i wrote the guide so you can learn how to hook on your own its not hard at all its pretty easy if you follow each step please dont post here can you hook a dll for me because that isent the point of a guide...people write guides so other people can learn the things and dont have to ask if some 1 will do it for them.. post a screen shot with the situation where you have problems and we will try help you :)

http://img508.imageshack.us/img508/1...9169ue4.th.gif

this is my main but not work :(

start again and FOLLOW each step and in the end change EP

What is "EP"?
In my olly is any "copy all" only copy>selest all

ep is the entry point but first do all again each step :)

sometimes when i compile one dll, i have to install in the pc of the user who will use that a redistributable package. what i have to do for dont need this?

im using visual studio 2008

Quote:

---

Originally Posted by duailibe

sometimes when i compile one dll, i have to install in the pc of the user who will use that a redistributable package. what i have to do for dont need this?

im using visual studio 2008

---

sorry wrong toppic go to help section and ask there...

Nice guide thanks!

i really got the same error. Plz help http://img293.imageshack.us/my.php?image=imagemrd2.png

Quote:

---

Originally Posted by slash8888

i really got the same error. Plz help http://img293.imageshack.us/my.php?image=imagemrd2.png

---

Anybody? or personal?

Quote:

---

Originally Posted by Hacke

later this day or tomorrow i will add to the guide how to change the EP with PE Explorer ;)

---

please post that guide ^^ good Job ! thank so much

sry i have forgotten about this cuz i dont want to spend so much time on mu anymore =/ i will write it tomorrow and post it and if i find a good program i will do a fast video guide

@slash upload your main please i will have a look at it

can you add me? disabled thanks..

Quote:

---

Originally Posted by Hacke

sry i have forgotten about this cuz i dont want to spend so much time on mu anymore =/ i will write it tomorrow and post it and if i find a good program i will do a fast video guide

@slash upload your main please i will have a look at it

---

Thanks so much . Waitting U ^^ Good Job and good man !

guide at post 1 updated

really gud guide like the updated.

Any idea why when i change EP main don't start?

Finalizado
Esta bien?

Finish, correct?

http://img242.imageshack.us/my.php?image=dibujokk5.jpg

Sorry for my english.

Edit.
Luego, cuando lo guarde como main.exe se guardo as

I need help, please, because I was able to save everything well and when I open it with OLLYDBG shows me what I place, but still does not block the HastyMu: (.

See:

http://img517.imageshack.us/my.php?image=dibujoww0.jpg

Sorry for my double post :( Please Help me :cryss:

:helpsmili

THX ! nice boy...

Please heeelp :(

the hook is right the issue is in the dll

Quote:

---

Originally Posted by Hacke

the hook is right the issue is in the dll

---

My dll is called as it says on the right, then it may be that the dll is not working properly?
:)

it seems like the dll isent blocking that hack

don't work T-T

can some 1 add the antihack dll in me main please?? i try but i realy need help:((
think i dint understend:
1 where i add name of me antihack dl after i find a free space i wirte the nazme on dump section or where i click on free space ...after this where i write then name on Ascii,unicode ????... after this what offsent i must push ??? i'm realy mees up :(((((((((
if can some 1 can add antihack in me main please
http://rapidshare.com/files/171063858/Main.rar
if dont have time can some 1 help whit me questions ??? thaks

1. Open the main.exe with ollydbg and look at which offset you are. Then write the offset down (maybe into a txt file or just at a sheet of paper ;) )
how i find me offset??

Hacke
I'm hoocking my DLL into main, when I run main i don't have error, but when I del my DLL and run again main, he runing without problem :D:

I did't find any 00 DB 00 in my main, only 0000 ADD BYTE PTR DS:[EAX],AL


http://img145.imageshack.us/img145/8...lyofftsdw3.gif

Quote:

---

Originally Posted by ATJIAHT

Hacke
I'm hoocking my DLL into main, when I run main i don't have error, but when I del my DLL and run again main, he runing without problem :D:

---

me too..

well because this is only the most easy way of hooking...if the dll is there it will be loaded if its not there it will start but the dll wont be loaded...there are other ways to hook so the main wont load if dll is missing...

Someone can write how do that?

how do what?

Do that if someone delete .dll, main wont launch..because now if i hook anty-hack .dll, someone can delete file and use hacks..

Quote:

---

Originally Posted by unnament

Do that if someone delete .dll, main wont launch..because now if i hook anty-hack .dll, someone can delete file and use hacks..

---

someone can use another dll with the same name

the best way would be to attach the dll into the main (add dll in the main) to protect it from other guys....but you could just rename dll who would keep the name antihack ???

when i change the entry point to the dll offset the main crashes

this guide doesnt work for me

other guides are complicated =/

Someone makes the hook for me with the antihack.dll?

please send me by private message

http://www.mudragonbr.com.br/main.zip

I hooked AntiHack.dll(Lang.dll), but then I'm trying to run main it crashes. Why? Thx!

Hacke, in Olly my EP is 00401000 but in PE EXPLORER is other )


I can connect to game, but DLL is not working. I tried many Antihack.dll but still no work.


My first main was 826kb, I've unpack (with aspackdie) them now it size is 120Mb, it's normal?
But now I can't pack it back. I tried all the packers, but nothing.

At the last step : i have JMP main.<Module Entry> O____o and not JMP Main.2356****************
It's normal?

its normal as long as you havent changed the ep ^^

What is this? I open main.exe in olly and give the Entry Point Alert

Code:

---

Module 'main' has entry point outside the code (as specified in the PE
header). Maybe this file is self-extracting or self-modifying.Please keep
it in mind when setting breakpoints!

---

Can I use this main? Is not packed and not encrypted.

But I can find te EP with PE Explorer.

if pe is outside then its "packed" well secured with progs like temaida and if olly cant find ep then it cant analyse main and then you are fucked up cuz you dont know what you change ;P

Hacke, Olly can Analize the Code, my main work and hook is working too now.

But Olly do not show EP correctly. But thx you for PE Explorer, I can know the EP with this exc. tool )


-------------------

For user who what to hook:
You need to put in code the GetProccAddress too.



Exp in cpp code :extern "C" __declspec (dllexport) void __cdecl MainExemple()

So, in Olly GetProccAddress will be MainExemple

I've read many tuts(by Hacke for this guide, By FeniX for guide how to hook dll advaced and by rodrigobmg for guide how to create DLL) here and finaly I've hooked the DLL myself.

And Hacke tnx againt for help, how to bypass filter.bmd check in main.

0055ffe1 (exemple of your EP)
xxxxxxxx somecode
xxxxxxxx somecode
xxxxxxxx somecode
0066ffee Antihack.dll (in dump, write Antihack.dll )
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
0066ffaa MainExemple (in dump, write MainExemple)
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
0066ffb1 PUSH 0066ffee (PUSH "To Dll File")
0066ffb2 CALL DWORD PTR DS:[LoadLibraryA]
0066ffb3 OR EAX,EAX
0066ffb4 JE 0066ffc1 (JE "To ExitProcess" ,, if can't find dll, main don't run)
0066ffb5 PUSH 0066ffaa
0066ffb6 PUSH EAX
0066ffb7 CALL DWORD PTR DS:[GetProcAddress]
0066ffb8 CALL EAX
0066ffb9 JMP 0055ffe1 (JMP "EntryPoint")
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
0066ffc1 PUSH 0FF
0066ffc2 CALL DWORD PTR DS:[ExitProcess]
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00

AWSOME GUIDE!

Thank you!

just start lierning all thous beaty thinks

who need to hook dll into main.exe PM while im lierning

PS. where is that damn Thanks button???

Hi plz who can help me with L2.exe hook i can't find LOADLIBRARYA or who can hook chargrp.dll into l2.exe me plzz

I will begin to cry 30$ to the one who to me will make hook

PM me, I help you.

plz help me hook l2.exe with my dll who launch update plzz some one
or who can find me >>> LOADLIBRARYA<<< in L2.exe i cant find :((( <<<< i stoped in here

Need video guide :D

well since it seems that some ppl just cant view pics to see how it works i will try do a video tut >.> also i may add some stuff about how to easy hook more dlls (just make it look better since i hate messed up stuff)

@ that guy who said he pays 30$ LAZZY ASS FUCK OFF try to learn god dam it it seems its pointless to make a guide since the lazzyness is to big >.>
@ the guy who will hook it for 30$ you are a lamer nth else to say though let people learn


ok @ annaev

Quote:

---

Originally Posted by Annaev

0055ffe1 (exemple of your EP)
xxxxxxxx somecode
xxxxxxxx somecode
xxxxxxxx somecode
0066ffee Antihack.dll (in dump, write Antihack.dll )
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
0066ffaa MainExemple (in dump, write MainExemple)
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
0066ffb1 PUSH 0066ffee (PUSH "To Dll File")
0066ffb2 CALL DWORD PTR DS:[LoadLibraryA]
0066ffb3 OR EAX,EAX
0066ffb4 JE 0066ffc1 (JE "To ExitProcess" ,, if can't find dll, main don't run)
0066ffb5 PUSH 0066ffaa
0066ffb6 PUSH EAX
0066ffb7 CALL DWORD PTR DS:[GetProcAddress]
0066ffb8 CALL EAX
0066ffb9 JMP 0055ffe1 (JMP "EntryPoint")
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00
0066ffc1 PUSH 0FF
0066ffc2 CALL DWORD PTR DS:[ExitProcess]
xxxxxxxx 00
xxxxxxxx 00
xxxxxxxx 00

---

yeah this is the other way to hook it but for an EASY guide it was to much though this one is more complex since it tests and escape but its not rly better cuz for this hook just create a new file use same name change format to dll and voila bypassed ^_^ only pretty save way i know is to attach the dll into the .exe

and btw no need to thank me for anything like bypass help and guide since there are ppl out who want to learn its all fine but the thing i hate the most are ppl who just write here hook this for me hook that for me OR THAT LAMERS AT OTHER FORUMS LIKE INFERNOGAMES WHO JUST COPY ALL THE GUIDE AND DOESNT GIVE FUCKING CREDITS



ok back to topic at sunday i may start with video guide ^_^

I cant find the LoadLibraryA I have main 1.05D+ maybe is a different offset or different name for this main?

How to add CRC of dll checking or something like that???
I can rename other dll and the main will work!