Microsoft Detours 2.1

There's a way to remove the detoured.dll from getting injected into the process. Erm, let me Google it for you, there's a certain include and a function or something you need to remove from the source.

Link:
[Only registered and activated users can see links. Click Here To Register...]

Quote:

Originally Posted by tanelipe You could do the injection manually so you wouldn't have to worry about the detoured.dll, however you might want to look into the code that detours use for DetourCreateProcessWithDll so you can have it do exactly same thing but without the use of detoured.dll Here's a sample code on how to do it manually, oh and by the way, it doesn't work with Windows XP for some reason. PHP Code: #include "StdAfx.h" #include "ConquerInjector.h" ConquerInjector::ConquerInjector(char *Directory) {     int Size = strlen(Directory) + 1;     ConquerDirectory = new char[Size];     MoveMemory(ConquerDirectory, Directory, Size);     Startup = new STARTUPINFOA();     Process = new PROCESS_INFORMATION(); } ConquerInjector::~ConquerInjector(void) {     delete[] ConquerDirectory;     delete Startup;     delete Process; } BOOL ConquerInjector::EnablePrivileges() {     HANDLE hToken;     if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))     {         TOKEN_PRIVILEGES priv;         priv.PrivilegeCount = 1;         priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;         if(LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &priv.Privileges[0].Luid))         {             if(AdjustTokenPrivileges(hToken, FALSE, &priv, NULL, NULL, NULL))             {                 CloseHandle(hToken);                 return TRUE;             }         }         CloseHandle(hToken);     }     return FALSE; } BOOL ConquerInjector::Start(char *Application) {     char CommandLine[256];     sprintf_s(CommandLine, "%s%s blacknull", ConquerDirectory, Application);     return CreateProcessA(NULL, CommandLine, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS | CREATE_SUSPENDED, NULL, ConquerDirectory, Startup, Process); } BOOL ConquerInjector::Attach(char *Application, char *Dll) {     if(Start(Application))     {         EnablePrivileges();         HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Process->dwProcessId);         if(hProcess != NULL)         {             char Library[MAX_PATH];             ZeroMemory(Library, 256);             GetCurrentDirectoryA(MAX_PATH, Library);             sprintf(Library, "%s\\%s", Library, Dll);             int Length = strlen(Library) + 1;             LPVOID RemoteMemory = VirtualAllocEx(hProcess, NULL, Length, MEM_COMMIT, PAGE_READWRITE);             if(RemoteMemory != NULL)             {                 if(WriteProcessMemory(hProcess, RemoteMemory, Library, Length, NULL))                 {                     FARPROC hLoadLibrary = GetProcAddress(GetModuleHandleA("Kernel32"), "LoadLibraryA");                     HANDLE hThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)hLoadLibrary, RemoteMemory, NULL, NULL);                     if(hThread != NULL)                     {                         WaitForSingleObject(hThread, 5000);                         VirtualFreeEx(hProcess, RemoteMemory, 0, MEM_RELEASE);                         CloseHandle(hProcess);                         ResumeThread(Process->hThread);                         return TRUE;                     }                 }                 VirtualFreeEx(hProcess, RemoteMemory, 0, MEM_RELEASE);             }             CloseHandle(hProcess);         }         ResumeThread(Process->hThread);         return FALSE;     }     else     {         printf("CreateProcessA failed with the following error: %d\n", GetLastError());         return FALSE;     }     return FALSE; }

If you change the code
Into this (resume main thread before executing the LoadLibrary thread):
It works on XP. Not that I recommend it though, it would probably be better to hook the import table and manually force the process to load your DLL :p

Yes, I have gotten the issue solved. That's what I meant by do something about it, lol.

Quote:

Originally Posted by fm_sparkart Yes, I have gotten the issue solved. That's what I meant by do something about it, lol.

Right, I thought you just created your own "CreateProcessWithDLL" function, like the example tanelipe posted, my bad :p.

After I finally got it working & help from Sparkie.

I'm trying to do:
But upon login the client dc's.

#edit
Tried
Which is almost the same but it still didn't work. Not a server-side issue not working on other servers either.

This is how I'm doing my connect-function. It's a bit long because I was saving the IP/Port the client is connecting to.

Biggest difference seems to be with this
VS.

#edit
Got it. Thanks.

*sighs in relief*

I know this is kinda an old bump, but better than making a new thread and since it's related to the thread, could anyone possibly upload Detours 2.1? As I can't seems to get Detours 3 working.

Thank you.

Quote:

Originally Posted by I don't have a username I know this is kinda an old bump, but better than making a new thread and since it's related to the thread, could anyone possibly upload Detours 2.1? As I can't seems to get Detours 3 working. Thank you.

This one >> [Only registered and activated users can see links. Click Here To Register...] ?

Quote:

Originally Posted by m7mdxlife This one >> [Only registered and activated users can see links. Click Here To Register...] ?

Thanks a lot it was perfect.

Quote:

Originally Posted by m7mdxlife This one >> [Only registered and activated users can see links. Click Here To Register...] ?

Thanks :). This seems like a fun api to play around with.

Nice, but couldn't you just configure %systemroot%Drivers\etc\Hosts.txt? I assume that conquer uses somesort of DNS to lookup the server address.

Quote:

Originally Posted by SpaceUrkel Nice, but couldn't you just configure %systemroot%Drivers\etc\Hosts.txt? I assume that conquer uses somesort of DNS to lookup the server address.

Do you even know what this is for?

:facepalm: