h4sh3m Posted June 2, 2018 Posted June 2, 2018 Hi In this method we're using dlls as loader, Some system files(I'm just tested dll files) can load from outside of system directory so we can use them to patch files !! Most "Delphi" and "Dotnet applications" loads "version.dll" by default so we can use this file as loader for them ! Best Regards, h4sh3m version.rar 5 2
atom0s Posted June 2, 2018 Posted June 2, 2018 This method is known as proxying. Some other commonly used dll's that are proxied: - d3d8.dll / d3d9.dll (Commonly used in games.) - dinput8.dll (Commonly used in games.) - opengl32.dll (Commonly used in games.) - mscoree.dll (Commonly loaded in .NET applications.) - dxgi.dll (Commonly loaded on Windows 10 in nearly all applications.) - wsock32.dll (Commonly loaded in applications that make internet connections.) 4
h4sh3m Posted June 2, 2018 Author Posted June 2, 2018 (edited) Hi @atom0s, Thank you for information. I released it because I didn't saw any sample before, In addition I'm using following files too:winmm, bcrypt, MSIMG32, ... Best Regards, h4sh3m Edited June 4, 2018 by h4sh3m 1
evlncrn8 Posted June 2, 2018 Posted June 2, 2018 (edited) you'd have found some if you used the right terms, there's quite a few on github, and what do you mean by using additional files like winmm ? https://www.google.com/search?q=dll+proxy+github 384,000 results.. might also be an idea to look up what loader means too Edited June 2, 2018 by evlncrn8
JohnWho Posted June 2, 2018 Posted June 2, 2018 Those windows .dll files differs between versions and languages
h4sh3m Posted June 2, 2018 Author Posted June 2, 2018 13 minutes ago, evlncrn8 said: you'd have found some if you used the right terms, there's quite a few on github, and what do you mean by using additional files like winmm ? https://www.google.com/search?q=dll+proxy+github 384,000 results.. might also be an idea to look up what loader means too I'm using this method for 4+ years, maybe I was too lazy to find ready codes !
h4sh3m Posted June 2, 2018 Author Posted June 2, 2018 1 minute ago, JohnWho said: Those windows .dll files differs between versions and languages even in exported functions ?!
evlncrn8 Posted June 2, 2018 Posted June 2, 2018 (edited) in the amount of exports.. and you've been using this method for 4 years and only now release src as if you invented the wheel ? come on please, cut the crap Edited June 2, 2018 by evlncrn8
evlncrn8 Posted June 2, 2018 Posted June 2, 2018 (edited) i had a brief look at the code, you should be aware that doing a LoadLibrary inside DllMain is a really bad idea https://msdn.microsoft.com/en-us/library/windows/desktop/ms682583(v=vs.85).aspx https://stackoverflow.com/questions/4370812/calling-loadlibrary-from-dllmain Edited June 2, 2018 by evlncrn8
h4sh3m Posted June 2, 2018 Author Posted June 2, 2018 wow, I forgot again that all users are professional and no need simple sources ! I apologize for that and never release anything Have a nice day
evlncrn8 Posted June 2, 2018 Posted June 2, 2018 (edited) lets not throw a tantrum shall we ?.. i pointed out things you should have been aware of.. you're releasing code others will probably use (hopefully not though), so would it be professional to release it in the state its in ? as for not releasing anything anymore.. thats up to you, but it wasnt the point of my post, so maybe take a little breather, pick up your toys from the floor, put them back in the pram and read what i posted.. especially the part about dllmain and loadlibrary, and i still dont see the part about winmm in your code either.. just version.dll.. then take the points made by me and others, maybe do some research too (or are you too lazy for that as well?) and make your code better, for the benefits of others, also its a good idea to put some comments in your code so others can follow the concept oh, and one more thing - its still not a loader Edited June 2, 2018 by evlncrn8 1
despy Posted June 3, 2018 Posted June 3, 2018 8 hours ago, atom0s said: This method is known as proxying. Some other commonly used dll's that are proxied: - d3d8.dll / d3d9.dll (Commonly used in games.) - dinput8.dll (Commonly used in games.) - opengl32.dll (Commonly used in games.) - mscoree.dll (Commonly loaded in .NET applications.) - dxgi.dll (Commonly loaded on Windows 10 in nearly all applications.) - wsock32.dll (Commonly loaded in applications that make internet connections.) themida embed the mscoree.dll ,how to proxy?
evlncrn8 Posted June 3, 2018 Posted June 3, 2018 check import table of executable, pick one to proxy.. it aint rocket science
collins Posted June 4, 2018 Posted June 4, 2018 Sorry, there is a problem We could not locate the item you are trying to view. Error code: 2S328/1 Cann't download it.
kao Posted June 4, 2018 Posted June 4, 2018 @collins: apparently h4sh3m deleted it. Copy attached. version.rar 2 1
taitor 1 Posted December 19, 2020 Posted December 19, 2020 @h4sh3m How can use it ! Any video tutorial of this DLL hook patcher 1
DaGoN Posted December 19, 2020 Posted December 19, 2020 Read this for now: https://guidedhacking.com/threads/dll-hijacking-vulkan-hook-tutorial-quake-2-hack.13518/ 1
TeRcO Posted November 16, 2024 Posted November 16, 2024 (edited) Doesn't work in Delphi 7 ....you need to change: function SystemDir: UnicodeString; var dir: array [0..MAX_PATH] of WideChar; function StrPas(const Str: PWideChar): UnicodeString; begin Result := Str; end; begin GetSystemDirectory(dir, MAX_PATH); Result := StrPas(dir); end; to: function SystemDir: string; begin SetLength(Result, MAX_PATH); { Allocate a string large enough to hold the path } GetSystemDirectory(PChar(Result), MAX_PATH); { Fill the string with the system directory } SetLength(Result, lstrlen(PChar(Result))); { Resize the string to the actual length of the result } end; & missing 03 Exports: GetFileVersionInfoExA GetFileVersionInfoSizeExA GetFileVersionInfoW Edited November 16, 2024 by TeRcO 2
idrcelab Posted December 19, 2024 Posted December 19, 2024 On 12/19/2020 at 9:50 PM, DaGoN said: Read this for now: https://guidedhacking.com/threads/dll-hijacking-vulkan-hook-tutorial-quake-2-hack.13518/ Anyone have a copy of this article? It need to sign up first. Thank you 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now