Home › Forum › MultiPlayer Game Hacks & Cheats › Combat Arms Hacks & Cheats › Combat Arms Hack Coding / Programming / Source Code › N00b hax: OpenProcess access denied
N00b hax: OpenProcess access denied
N00b hax: OpenProcess access denied
So basically I've written a Combat Arms hack DLL. I'm having trouble injecting it. If I use the injector I wrote, I get "error 5" which is Access Denied after calling OpenProcess. Yes, I have enabled the SeDebug privilege for my process. If I use FInject, CA closes right after I start it (hackshield detected it maybe)?
Anyway here is my code although it probably doesn't matter since the problem is in injection:
Any ideas?
Tekk
Offtopic: This community really needs to reinstate its IRC channel.
Anyway here is my code although it probably doesn't matter since the problem is in injection:
Code:
#include <windows.h>
void PushToConsole(const char* szCommand)
{
MessageBox(NULL, "PTC", "", MB_ICONINFORMATION);
HMODULE hMod = GetModuleHandleA("CShell.dll");
if(hMod != NULL) {
DWORD *LTClient = (DWORD *)(0x377E7810);
void* CONoff = (void *) *(DWORD *)(*LTClient + 0x208);
asm("pushl %0" :: "r"(szCommand));
asm("call *%0" :: "r"(CONoff));
asm("addl $4, %esp");
}
}
DWORD WINAPI HaxThreadProc(LPVOID lpParam)
{
while(1) {
if(GetAsyncKeyState(VK_F12) & 1)
PushToConsole("ShowFps 1");
Sleep(100);
}
return 0;
}
BOOL WINAPI DllMain(HANDLE hDll, DWORD dwReason, LPVOID lpReserved)
{
if(dwReason == DLL_PROCESS_ATTACH) {
MessageBox(NULL, "DLL injected and running", "Success", MB_ICONINFORMATION);
CreateThread(NULL, 0, HaxThreadProc, NULL, 0, NULL);
}
return TRUE;
}
Tekk
Offtopic: This community really needs to reinstate its IRC channel.
Your hack isn't even being started. This is a problem with your injector. IS the program being run administrator permissions? (WinXP = Right click context menu > Run As; WinVista/Win7 = Right click context menu > Run As Administrator)
Originally Posted by freedompeace
Your hack isn't even being started. This is a problem with your injector. IS the program being run administrator permissions? (WinXP = Right click context menu > Run As; WinVista/Win7 = Right click context menu > Run As Administrator)
Edit: Code from my injector to enable SeDebug
Code:
void SetSeDebug()
{
HANDLE hToken;
LUID seDebugValue;
TOKEN_PRIVILEGES tPriv;
ZeroMemory(&tPriv, sizeof(tPriv));
if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
MessageBox(NULL, "OpenProcessToken failed.\nDLL injection may not work.\n", "Error", MB_ICONEXCLAMATION);
return;
}
if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &seDebugValue)) {
MessageBox(NULL, "LookupPrivilegeValue failed.\nDLL injection may not work.\n", "Error", MB_ICONEXCLAMATION);
CloseHandle(hToken);
return;
}
tPriv.PrivilegeCount = 1;
tPriv.Privileges[0].Luid = seDebugValue;
tPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(!AdjustTokenPrivileges(hToken, FALSE, &tPriv, sizeof(tPriv), NULL, NULL) || GetLastError() != 0)
MessageBox(NULL, "AdjustTokenPrivileges failed.\nDLL injection may not work.\n\nTry running this program as an administrator.", "Error", MB_ICONEXCLAMATION);
CloseHandle(hToken);
}
Code:
int DllInject(HWND hDialog, DWORD procID, LPCSTR dllName)
{
int response;
char msg[1024];
HANDLE proc;
LPVOID remoteStr, loadLibrary;
sprintf(msg, "You have chosen to inject %s into process %d. Do you want to continue?", dllName, procID);
response = MessageBox(hDialog, msg, "Message", MB_YESNO | MB_ICONQUESTION);
if(response != IDYES)
return 1;
if(procID == 0)
return 2;
proc = OpenProcess(CREATE_THREAD_ACCESS, FALSE, procID);
if(proc == 0) {
sprintf(msg, "Failed to open the process: %d", GetLastError());
MessageBox(hDialog, msg, "Error", MB_ICONEXCLAMATION);
return 3;
}
loadLibrary = (LPVOID) GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
remoteStr = (LPVOID) VirtualAllocEx(proc, NULL, strlen(dllName), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(proc, (LPVOID) remoteStr, dllName, strlen(dllName), NULL);
CreateRemoteThread(proc, NULL, 0, (LPTHREAD_START_ROUTINE) loadLibrary, (LPVOID) remoteStr, 0, NULL);
CloseHandle(proc);
MessageBox(hDialog, "DLL successfully injected into process.", "Message", MB_ICONINFORMATION);
return 0;
}
[php]enjekt.dat.dll() = troof;[/php]
Originally Posted by Kallisti
[php]enjekt.dat.dll() = troof;[/php]
Hackshield hooks NtOpenProcess so that you can't inject into it after a certain point in its initialization. The message box is probably creating enough of a delay to prevent you from opening CA's process. Try opening the process before the message box, then close the handle if you choose no.
Originally Posted by mmbob
Hackshield hooks NtOpenProcess so that you can't inject into it after a certain point in its initialization. The message box is probably creating enough of a delay to prevent you from opening CA's process. Try opening the process before the message box, then close the handle if you choose no.
Thanks, and I'll keep this thread updated.
you set the access rights so that you can create a thread remotly, wpm requires writing access.
Problem solved. I just had to wait for the process to start and then inject before hackshield did its stuff.
Originally Posted by Tekkn0logik
Problem solved. I just had to wait for the process to start and then inject before hackshield did its stuff.
Originally Posted by Tekkn0logik
Problem solved. I just had to wait for the process to start and then inject before hackshield did its stuff.
Originally Posted by whit
Thats Common Sense Dude...
Originally Posted by whit
Thats Common Sense Dude...
Anyway here's the finished thing, heh
Thanks again everyone. Everything's now working fine. My intent with this is to make a bunch of well-written code snippets to eventually share.
Similar Threads
- 23Last post
- 7Last post
- 2Last post
- 5Last post
- 11Last post