h4sh3m Posted June 2, 2018 Share Posted June 2, 2018 Hi In this method we're using dlls as loader, Some system files(I'm just tested dll files) can load from outside of system directory so we can use them to patch files !! Most "Delphi" and "Dotnet applications" loads "version.dll" by default so we can use this file as loader for them ! Best Regards, h4sh3m version.rar 4 2 Link to comment
atom0s Posted June 2, 2018 Share Posted June 2, 2018 This method is known as proxying. Some other commonly used dll's that are proxied: - d3d8.dll / d3d9.dll (Commonly used in games.) - dinput8.dll (Commonly used in games.) - opengl32.dll (Commonly used in games.) - mscoree.dll (Commonly loaded in .NET applications.) - dxgi.dll (Commonly loaded on Windows 10 in nearly all applications.) - wsock32.dll (Commonly loaded in applications that make internet connections.) 3 Link to comment
h4sh3m Posted June 2, 2018 Author Share Posted June 2, 2018 (edited) Hi @atom0s, Thank you for information. I released it because I didn't saw any sample before, In addition I'm using following files too:winmm, bcrypt, MSIMG32, ... Best Regards, h4sh3m Edited June 4, 2018 by h4sh3m 1 Link to comment
evlncrn8 Posted June 2, 2018 Share Posted June 2, 2018 (edited) you'd have found some if you used the right terms, there's quite a few on github, and what do you mean by using additional files like winmm ? https://www.google.com/search?q=dll+proxy+github 384,000 results.. might also be an idea to look up what loader means too Edited June 2, 2018 by evlncrn8 Link to comment
JohnWho Posted June 2, 2018 Share Posted June 2, 2018 Those windows .dll files differs between versions and languages Link to comment
h4sh3m Posted June 2, 2018 Author Share Posted June 2, 2018 13 minutes ago, evlncrn8 said: you'd have found some if you used the right terms, there's quite a few on github, and what do you mean by using additional files like winmm ? https://www.google.com/search?q=dll+proxy+github 384,000 results.. might also be an idea to look up what loader means too I'm using this method for 4+ years, maybe I was too lazy to find ready codes ! Link to comment
h4sh3m Posted June 2, 2018 Author Share Posted June 2, 2018 1 minute ago, JohnWho said: Those windows .dll files differs between versions and languages even in exported functions ?! Link to comment
evlncrn8 Posted June 2, 2018 Share Posted June 2, 2018 (edited) in the amount of exports.. and you've been using this method for 4 years and only now release src as if you invented the wheel ? come on please, cut the crap Edited June 2, 2018 by evlncrn8 Link to comment
evlncrn8 Posted June 2, 2018 Share Posted June 2, 2018 (edited) i had a brief look at the code, you should be aware that doing a LoadLibrary inside DllMain is a really bad idea https://msdn.microsoft.com/en-us/library/windows/desktop/ms682583(v=vs.85).aspx https://stackoverflow.com/questions/4370812/calling-loadlibrary-from-dllmain Edited June 2, 2018 by evlncrn8 Link to comment
h4sh3m Posted June 2, 2018 Author Share Posted June 2, 2018 wow, I forgot again that all users are professional and no need simple sources ! I apologize for that and never release anything Have a nice day Link to comment
evlncrn8 Posted June 2, 2018 Share Posted June 2, 2018 (edited) lets not throw a tantrum shall we ?.. i pointed out things you should have been aware of.. you're releasing code others will probably use (hopefully not though), so would it be professional to release it in the state its in ? as for not releasing anything anymore.. thats up to you, but it wasnt the point of my post, so maybe take a little breather, pick up your toys from the floor, put them back in the pram and read what i posted.. especially the part about dllmain and loadlibrary, and i still dont see the part about winmm in your code either.. just version.dll.. then take the points made by me and others, maybe do some research too (or are you too lazy for that as well?) and make your code better, for the benefits of others, also its a good idea to put some comments in your code so others can follow the concept oh, and one more thing - its still not a loader Edited June 2, 2018 by evlncrn8 1 Link to comment
despy Posted June 3, 2018 Share Posted June 3, 2018 8 hours ago, atom0s said: This method is known as proxying. Some other commonly used dll's that are proxied: - d3d8.dll / d3d9.dll (Commonly used in games.) - dinput8.dll (Commonly used in games.) - opengl32.dll (Commonly used in games.) - mscoree.dll (Commonly loaded in .NET applications.) - dxgi.dll (Commonly loaded on Windows 10 in nearly all applications.) - wsock32.dll (Commonly loaded in applications that make internet connections.) themida embed the mscoree.dll ,how to proxy? Link to comment
evlncrn8 Posted June 3, 2018 Share Posted June 3, 2018 check import table of executable, pick one to proxy.. it aint rocket science Link to comment
collins Posted June 4, 2018 Share Posted June 4, 2018 Sorry, there is a problem We could not locate the item you are trying to view. Error code: 2S328/1 Cann't download it. Link to comment
kao Posted June 4, 2018 Share Posted June 4, 2018 @collins: apparently h4sh3m deleted it. Copy attached. version.rar 1 1 Link to comment
taitor 1 Posted December 19, 2020 Share Posted December 19, 2020 @h4sh3m How can use it ! Any video tutorial of this DLL hook patcher Link to comment
DaGoN Posted December 19, 2020 Share Posted December 19, 2020 Read this for now: https://guidedhacking.com/threads/dll-hijacking-vulkan-hook-tutorial-quake-2-hack.13518/ Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now