Bot: DLL-Injection fails (but works with other programs)

01/08/2009 20:48 nc10#1
Hi!

I'm not familiar with programming bots so I try to accomplish subgoals.

Currently I attempt to inject a DLL into Silkroad Online.
My program works fine with applications like Paint, Editor and Mozilla Firefox.

Unfortunately Silkroad is the only program it does not work with so far.

Programming language: C++
Game: Silkroad Online

Can you tell me why it doesn't work?

Thanks in advance!

My DLL:
Code:
#include <windows.h>

BOOL APIENTRY DllMain(HINSTANCE hInst, DWORD reason, LPVOID reserved)
{
	switch (reason)
	{
		case DLL_PROCESS_ATTACH:
			MessageBox(NULL, "Hi!", NULL, MB_OK);
			break;
		case DLL_PROCESS_DETACH:
			MessageBox(NULL, "See ya!", NULL, MB_OK);
			break;
	}

	return TRUE;
}
My program:
Code:
#include <windows.h>
#include <iostream>
#include <string>
using namespace std;

int main()
{
	string DLL = "..." + '\0';

	HWND SRO_Client;

	for (;;)
	{
		SRO_Client = FindWindow(NULL, "SRO_Client");

		if (SRO_Client != NULL)
		{
			break;
		}

		Sleep(5000);
	}

	DWORD PID;
	GetWindowThreadProcessId(SRO_Client, &PID);

	HANDLE hToken;
	TOKEN_PRIVILEGES tkp;

	if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
	{
		LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tkp.Privileges[0].Luid);
		tkp.PrivilegeCount = 1;
		tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
		AdjustTokenPrivileges(hToken, 0, &tkp, sizeof(tkp), NULL, NULL);
	}

	HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
	LPVOID hRemoteMem = VirtualAllocEx(hProc, NULL, DLL.size(), MEM_COMMIT, PAGE_READWRITE);

	DWORD numBytesWritten;
	WriteProcessMemory(hProc, hRemoteMem, DLL.c_str(), DLL.size(), &numBytesWritten);

	HMODULE hLocKernel32 = GetModuleHandle("Kernel32");
	FARPROC hLocLoadLibrary = GetProcAddress(hLocKernel32, "LoadLibraryA");
	HANDLE hRemoteThread = CreateRemoteThread(hProc, NULL, 0, (LPTHREAD_START_ROUTINE)hLocLoadLibrary, hRemoteMem, 0, NULL);

	WaitForSingleObject(hRemoteThread, 10000);

	VirtualFreeEx(hProc, hRemoteMem, DLL.size(), MEM_RELEASE);

	CloseHandle(hProc);

	Sleep(5000);
 
	return 1;
}
Improvement suggestions are welcome although I know this code is far from perfect.
01/09/2009 09:21 BlackFog#2
Try to get the last Error with GetLastError() and look it up at [Only registered and activated users can see links. Click Here To Register...]

- Blackfog
01/09/2009 14:48 schlurmann#3
I suggest some logging and error checking to localize the problem. Once you did that use GetLastError() to find out what's wrong (if by this time you haven't figured it out yourself).

One thing I noticed: Is the Silkroad Wnd Title really "SRO_Client"? Sounds more like the class name to me, but I've never player Silkroad so...
01/09/2009 17:15 nc10#4
Thanks for your replies

Quote:
Try to get the last Error with GetLastError() and look it up at System Error Codes (Windows)
I'll do that this evening :)

Quote:
One thing I noticed: Is the Silkroad Wnd Title really "SRO_Client"? Sounds more like the class name to me, but I've never player Silkroad so...
Yes it's titled "SRO_Client".

Quote:
I suggest some logging and error checking to localize the problem. Once you did that use GetLastError() to find out what's wrong (if by this time you haven't figured it out yourself).
I haven't figured it out yet.

To describe the "error": When I try to inject the DLL while Silkroad is already open nothing happens. No error but my DLL doesn't display a message box.
When I try to inject the DLL right after executing Silkroad the game doesn't respond for a short while and then it responds again but my DLL doesn't display anything too.


>> EDIT >>

GetLastError in combination with FormatMessage helped me.
I'll do some research first and then post what was wrong.

>> EDIT >>

The OpenProcess function fails.
Error: Access denied

>> EDIT >>

Brainstorm!
Vista is to blame for my problem :D
You need to build the project and then check "run as administrator".
DLL-Injection works now.

Thanks!