SH5 DLL Injection - Page 4

TheDarkWraith · 01-05-12, 10:42 PM

Quote:

Originally Posted by vanjast

oooo... naughty boy

I thought you were doing this when I saw you on the Asm websites sometime ago. I wouldn't call it DLL injection, but DLL hijack/detour.

Maybe UBI's copyright infringement never went so far into these 'dynamics', then that's their problem....and I don't think they have the expertise to cover all windows's 'gaps'.

Windows itself is flawed. Any DLL that comes with a piece of software can be hijacked quite easily. There are mutliple ways to do it but the most common ones are:
- having the software create a memory space for you. You then dump your code you want to run into that memory pool. You suspend the app, redirect it's EIP to the start of your code, ensure your code 'calls back' to where the app originally was when it's done, delete the memory pool it created for you, and you leave no footprints behind of what happened/who was there

- This is Window's biggest flaw: just because an app needs to use 'system' DLLs doesn't mean you can't intercept them. You can do it quite easily too. Windows first looks for any DLLs the file calls for in the local folder the app was started from. So if you make a DLL that has the same name as the DLL it's looking for it will load your DLL. You in turn have to ensure your DLL maps all the functions that the app needs. Then when the app calls out for a function in the DLL control is handed over to your DLL, you decide what you want to do with it, then call the original DLL passing the same parameters it passed you. The system and the app have no idea that you hijacked a DLL of it or that you may of intercepted some data that wasn't meant to be 'seen'.

I don't care how secure you think any piece of software is, it's not if it's running on Windows. Even if you inline every function call the app is still susceptible to 'detouring'. If you try and be sneaky and create another thread that tried to monitor something like this (by using a watchdog timer or the likes) I can suspend that thread too. You can't win in Windows. If there's some data that someone wants and they have the knowledge they will get it.

There are many other ways you can exploit software. Windows just makes it very easy to do

You can call it DLL injection, code injection, whatever. As one does not physically modify a binary image there's no law being broken. There is also no evidence left behind saying how the code got into the app in memory. Besides the app did it for you and it did it without any complaints. What a bargain

There are those that use these methods for malicious intents (worms, trojans, etc.). I am just naturally curious and do it just to see if I can. I especially like dumping PE headers just to see if the app in question is using any of the crypto classes. If it is well it's game on. I just gotta know what they are trying to hide. It's like a game. A game where it's hard not to always win.

vanjast · 01-06-12, 06:30 AM

Ja, I know....

kethon · 01-28-13, 05:17 AM

no need DLL inject, just rename your dll file to *.act

Viktor_Prien · 03-27-14, 09:57 PM

Sorry TDW this post is just to let you know that links in post #1 aren't working anymore...could you provide new ones?
Thanks in advance!

TheDarkWraith · 03-28-14, 06:49 AM

Quote:

Originally Posted by Viktor_Prien

Sorry TDW this post is just to let you know that links in post #1 aren't working anymore...could you provide new ones?
Thanks in advance!

I don't use DLL injection in the game. I instead physically alter the game's files with the Generic Patcher that I made. Any particular reason you're interested in these

Viktor_Prien · 03-28-14, 07:41 AM

Quote:

I don't use DLL injection in the game. I instead physically alter the game's files with the Generic Patcher that I made. Any particular reason you're interested in these

No not particulary...it was just to let you know that the link was dead in the case someone need it.

thufirhawa · 11-29-14, 03:33 AM

Sorry for this necro-quote/post but i was wondering ...

Quote:

Originally Posted by TheDarkWraith

I can make it work with any application. I have a version I made that allows one to inject DLLs into ANY process (plus it does a lot more than that

). So yes I can make it work for SH3/4

Quote:

Thus all the .py files have to be compiled at game start and this takes time to do.
The Python language supports pre-compiled files but SH5 doesn't

I just saw an article about shedskin
This tool translate pure, but implicitly statically typed Python (2.4-2.6) programs into optimized C++ ( and dll if i'm correct )

Can we use this to improve the horrendous loading time and cpu usage of SHV ?
Is such a feat possible, if so where do I begin ?

01-28-13, 05:17 AM	#48
kethon Nub Join Date: Jan 2013 Posts: 2 Downloads: 9 Uploads: 0	*no need DLL inject, just rename your dll file to .act** no need DLL inject, just rename your dll file to *.act

01-06-12, 06:30 AM	#47
vanjast Sea Lord Join Date: Jun 2006 Location: Somewhere else now Posts: 1,740 Downloads: 825 Uploads: 4	Ja, I know....

03-27-14, 09:57 PM	#49
Viktor_Prien Planesman Join Date: Jan 2010 Location: Italy Posts: 196 Downloads: 333 Uploads: 0	Sorry TDW this post is just to let you know that links in post #1 aren't working anymore...could you provide new ones? Thanks in advance!