Re: Auto DLL Injection for July 21 2008 Files (Client,Server,Agent,Locator) + Multi D
thanks man.
Quote:
Originally Posted by Edit by Phoenix
Military appears to be the OP of this thread because a forum error messed things up. The original poster of this tutorial is steven1234 (Post #2). Steven requested me to delete this post but deleting the first post would delete the thread. Just letting you all know.
Auto DLL Injection for July 21 2008 Files (Client,Server,Agent,Locator) + Multi Dlls
Auto inject a dll into the client.
1: ctrl + G (0057A595)
Code:
0057A595 /. /E9 91790A00 JMP 00621F2B
0057A59A | |90 NOP
0057A59B | |90 NOP
2: ctrl + G (00621F1D)
Right click that line edit -> binary edit...
uncheck keep size, Type in ASCII Dll Name (BackGunz.dll) then after that in the hex part add 00 on the end example mine is
Code:
42 61 63 6B 47 75 6E 7A 2E 64 6C 6C
now its
Code:
42 61 63 6B 47 75 6E 7A 2E 64 6C 6C 00
press ok
3: ctrl + G (00621F2B)
Code:
00621F2B /> \6A 60 PUSH 60
00621F2D |. 68 88F36300 PUSH OFFSET 0063F388
00621F32 |. 68 1D1F6200 PUSH 00621F1D
00621F37 |. FF15 6C216200 CALL DWORD PTR DS:[62216C]
00621F3D |. 85C0 TEST EAX,EAX
00621F3F \.^ E9 5886F5FF JMP 0057A59C
4: save and exit
walla should be done
Auto inject dll into matchserver
1: ctrl + G (004CAF0D)
Code:
004CAF0D /. /E9 78700800 JMP 00551F8A
004CAF12 | |90 NOP
004CAF13 | |90 NOP
2: ctrl + G (00551F7B)
Right click that line edit -> binary edit...
uncheck keep size, Type in ASCII Dll Name (BackGunz.dll) then after that in the hex part add 00 on the end example mine is
Code:
42 61 63 6B 47 75 6E 7A 2E 64 6C 6C
now its
Code:
42 61 63 6B 47 75 6E 7A 2E 64 6C 6C 00
press ok
3: ctrl + G (00551F8A)
Code:
00551F8A /> \6A 60 PUSH 60
00551F8C |. 68 28F15600 PUSH OFFSET 0056F128
00551F91 |. 68 7B1F5500 PUSH 00551F7B
00551F96 |. FF15 E0225500 CALL DWORD PTR DS:[5522e0]
00551F9C |. 85C0 TEST EAX,EAX
00551F9E \.^ E9 718FF7FF JMP 004CAF14
4: save and done
walla should be done
Auto inject dll into locator
1: ctrl + G (00438B0D)
Code:
00438B0D /E9 71240300 JMP 0046AF83
00438B12 |. |90 NOP
00438B13 |. |90 NOP
2: ctrl + G (0046AF75)
Right click that line edit -> binary edit...
uncheck keep size, Type in ASCII Dll Name (BackGunz.dll) then after that in the hex part add 00 on the end example mine is
Code:
42 61 63 6B 47 75 6E 7A 2E 64 6C 6C
now its
Code:
42 61 63 6B 47 75 6E 7A 2E 64 6C 6C 00
press ok
3: ctrl + G (0046AF83)
Code:
0046AF83 /. 6A 60 PUSH 60
0046AF85 |. 68 F0BD4700 PUSH OFFSET 0047BDF0
0046AF8A |. 68 75AF4600 PUSH 0046AF75
0046AF8F |. FF15 B0B24600 CALL DWORD PTR DS:[46B2B0]
0046AF95 |. 85C0 TEST EAX,EAX
0046AF97 \.^ E9 78DBFCFF JMP 00438B14
4: save and done
walla should be done
Auto inject dll into match agent
1: ctrl + G (00438B0D)
Code:
00437FD5 /E9 AF4F0400 JMP 0047CF89
00437FDA . |90 NOP
00437FDB . |90 NOP
2: ctrl + G (0047CF7B)
Right click that line edit -> binary edit...
uncheck keep size, Type in ASCII Dll Name (BackGunz.dll) then after that in the hex part add 00 on the end example mine is
Code:
42 61 63 6B 47 75 6E 7A 2E 64 6C 6C
now its
Code:
42 61 63 6B 47 75 6E 7A 2E 64 6C 6C 00
press ok
3: ctrl + G (0047CF89)
Code:
0047CF89 6A 60 PUSH 60
0047CF8B 68 E8364900 PUSH OFFSET 004936E8
0047CF90 68 7BCF4700 PUSH 0047CF7B
0047CF95 FF15 20D34700 CALL DWORD PTR DS:[47d320]
0047CF9B 85C0 TEST EAX,EAX
0047CF9D ^ E9 3AB0FBFF JMP 00437FDC
4: save and done
walla should be done
Advanced (Based on client just do the same with the others):
MessageBoxA Addresses
Client: 6224d0
Locator: 46b69c
Match Server: 5527e0
Match Agent: 47d668
Dll Injection with error messages
Code:
00621EE4 . 46 61 74 61 6 ASCII "Fatal Error",0
00621EF0 00 DB 00
00621EF1 00 DB 00
00621EF2 00 DB 00
00621EF3 00 DB 00
00621EF4 00 DB 00
00621EF5 00 DB 00
00621EF6 00 DB 00
00621EF7 00 DB 00
00621EF8 00 DB 00
00621EF9 . 45 72 72 6F 7 ASCII "Error Loading Ba"
00621F09 . 63 6B 47 75 6 ASCII "ckGunz.dll",0
00621F14 00 DB 00
00621F15 00 DB 00
00621F16 00 DB 00
00621F17 00 DB 00
00621F18 00 DB 00
00621F19 00 DB 00
00621F1A 00 DB 00
00621F1B 00 DB 00
00621F1C 00 DB 00
00621F1D . 42 61 63 6B 4 ASCII "BackGunz.dll",0
00621F2A 00 DB 00
00621F2B /> \6A 60 PUSH 60
00621F2D |. 68 88F36300 PUSH OFFSET 0063F388
00621F32 |. 68 1D1F6200 PUSH 00621F1D ; ASCII "BackGunz.dll"
00621F37 |. FF15 6C216200 CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar
00621F3D |. 85C0 TEST EAX,EAX
00621F3F |. 74 05 JE SHORT 00621F46
00621F41 |.^ E9 5686F5FF JMP 0057A59C
00621F46 |> 6A 10 PUSH 10
00621F48 |. 68 E41E6200 PUSH 00621EE4 ; ASCII "Fatal Error"
00621F4D |. 68 F91E6200 PUSH 00621EF9 ; ASCII "Error Loading BackGunz.dll"
00621F52 |. 6A 00 PUSH 0
00621F54 |. FF15 D0246200 CALL DWORD PTR DS:[<&USER32.MessageBoxA>
00621F5A \. C3 RETN
Multiple Dll Injection with error messages
Code:
CPU Disasm
Address Hex dump Command Comments
00621EDC . 46 61 74 61 6 ASCII "Fatal Error",0
00621EE8 00 DB 00
00621EE9 . 45 72 72 6F 7 ASCII "Error Loading Dl"
00621EF9 . 6C 20 46 69 6 ASCII "l Files",0
00621F01 00 DB 00
00621F02 00 DB 00
00621F03 00 DB 00
00621F04 00 DB 00
00621F05 00 DB 00
00621F06 00 DB 00
00621F07 00 DB 00
00621F08 00 DB 00
00621F09 00 DB 00
00621F0A 00 DB 00
00621F0B 00 DB 00
00621F0C 00 DB 00
00621F0D 00 DB 00
00621F0E 00 DB 00
00621F0F . 42 61 63 6B 4 ASCII "BackGunz2.dll",0
00621F1D . 42 61 63 6B 4 ASCII "BackGunz.dll",0
00621F2A 00 DB 00
00621F2B /> 6A 60 PUSH 60
00621F2D |. 68 88F36300 PUSH OFFSET 0063F388
00621F32 |. 56 PUSH ESI
00621F33 |. 8B35 6C216200 MOV ESI,DWORD PTR DS:[<&KERNEL32.LoadLib ; Entry point of procedure
00621F39 |. 68 1D1F6200 PUSH 00621F1D ; ASCII "BackGunz.dll"
00621F3E |. FFD6 CALL ESI
00621F40 |. 85C0 TEST EAX,EAX
00621F42 |. 74 11 JE SHORT 00621F55
00621F44 |. 68 0F1F6200 PUSH 00621F0F ; ASCII "BackGunz2.dll"
00621F49 |. FFD6 CALL ESI
00621F4B |. 85C0 TEST EAX,EAX
00621F4D |. 74 06 JE SHORT 00621F55
00621F4F |. 5E POP ESI
00621F50 |.^ E9 4786F5FF JMP 0057A59C
00621F55 |> 6A 10 PUSH 10
00621F57 |. 68 DC1E6200 PUSH 00621EDC ; ASCII "Fatal Error"
00621F5C |. 68 E91E6200 PUSH 00621EE9 ; ASCII "Error Loading Dll Files"
00621F61 |. 6A 00 PUSH 0
00621F63 |. FF15 D0246200 CALL DWORD PTR DS:[<&USER32.MessageBoxA>
00621F69 |. 5E POP ESI
00621F6A \. C3 RETN
100% tested all errors are down to you :p
Credits:
90% Steven aka own_prox aka Godofthestaf
10% Vitor for telling a program to find loadlibarya addresses
Re: Auto Dll Injection 2008
Re: Auto Dll Injection 2008
np ill try do matchserver in a min
Re: Auto Dll Injection 2008
Thank months I would make a topic for someone to make a tut about it today actually thank Stevens ;D
Re: Auto Dll Injection 2008
np added injects for all lol
Re: Auto Dll Injection 2008
Re: Auto Dll Injection 2008
your welcome
everyone kept asking me for this because i did 2007
Re: Auto Dll Injection 2008
thanks man really need this!
Re: Auto Dll Injection 2008
Re: Auto DLL Injection for July 21 2008 Files (Client,Server,Agent,Locator)
Thread title changed so that it makes more sense to others. I hope you don't mind, Steven.
Secondly, can you also post the codes to inject more than 1 DLL? Maybe 2 or 3?
Re: Auto DLL Injection for July 21 2008 Files (Client,Server,Agent,Locator)
done babe lol and added error message
Re: Auto DLL Injection for July 21 2008 Files (Client,Server,Agent,Locator) + Multi D
Re: Auto Dll Injection 2008
Thank you very much, sir.
Re: Auto DLL Injection for July 21 2008 Files (Client,Server,Agent,Locator) + Multi D
Hi,
I followed steven's tut for auto inject dll into 2008 client, but I got this error: "Extra input after operand".
Here:
Code:
00621F2B /> \6A 60 PUSH 60
00621F2D |. 68 88F36300 PUSH OFFSET 0063F388
00621F32 |. 68 1D1F6200 PUSH 00621F1D
00621F37 |. FF15 6C216200 CALL DWORD PTR DS:[62216C]
00621F3D |. 85C0 TEST EAX,EAX
00621F3F \.^ E9 5886F5FF JMP 0057A59C
If I skip this line when I run GunZ, my runnable crash.
How can I fix?
Re: Auto DLL Injection for July 21 2008 Files (Client,Server,Agent,Locator) + Multi D
check help section i replyed if not add me on msn: steven@euro-scape.co.uk
