[Help] How to RemoteThread?

[elmarcia]

Hi all i'm learning c++ and have some troubles when i inject my dll...

The dll is a Test to change a random memory value that i take from somewhere, the main problem the game blocks the api getasynckeystate(inside the process, checked with autoit _IsPressed from outside no problem) which allows me to activate/deactivate the hack, also memory reading and writing is a problem ,if you aren't inside the process, thats the reason which make me choose to make a dll hack.

I search in the internet and i get that a possible solution would be a RemoteThread, correct me if i am wrong...

I think that making an injector that inject the dll, loads the main function inside it and register hotkeys for it would work. Problem with this i'm not an expert and don't know how to make this work.

Here is the Test Script:

 Spoiler

Code:

#include <windows.h>
#include <fcntl.h>
#include <stdio.h>
#include <io.h>



 //tells compiler that function Main is located somewhere else.

VOID CreateConsole()
{
	int hConHandle = 0;
	HANDLE lStdHandle = 0;
	FILE *fp = 0;

	// Allocate a console
	AllocConsole();

	// redirect unbuffered STDOUT to the console
	lStdHandle = GetStdHandle(STD_OUTPUT_HANDLE);
	hConHandle = _open_osfhandle(PtrToUlong(lStdHandle), _O_TEXT);
	fp = _fdopen(hConHandle, "w");
	*stdout = *fp;
	setvbuf(stdout, NULL, _IONBF, 0);

	// redirect unbuffered STDIN to the console
	lStdHandle = GetStdHandle(STD_INPUT_HANDLE);
	hConHandle = _open_osfhandle(PtrToUlong(lStdHandle), _O_TEXT);
	fp = _fdopen(hConHandle, "r");
	*stdin = *fp;
	setvbuf(stdin, NULL, _IONBF, 0);

	// redirect unbuffered STDERR to the console
	lStdHandle = GetStdHandle(STD_ERROR_HANDLE);
	hConHandle = _open_osfhandle(PtrToUlong(lStdHandle), _O_TEXT);
	fp = _fdopen(hConHandle, "w");
	*stderr = *fp;
	setvbuf(stderr, NULL, _IONBF, 0);
}




	
	

	
int Read()
{
	int* OldVal = reinterpret_cast<int*>(0x55FA84);
	return *OldVal;
}
 

void Hack(int OldVal)
{
	int* HackVal = reinterpret_cast<int*>(0x55FA84); //random adress
		*HackVal = OldVal + 200; // we freeze the adress with some value
	Sleep(10); 
}

void RestoreOriginal(int OriginalVal)
{
	int* Val = reinterpret_cast<int*>(0x55FA84);
	*Val = OriginalVal;
}
void Set()
{
	CreateConsole();
	int OldVal;
	SetConsoleTextAttribute(GetStdHandle (STD_OUTPUT_HANDLE),12);
	printf("*_*_*_*_*_* Test *_*_*_*_*_*\n\n");
bool status = false;
	
OldVal = 0;
int originalVal = OldVal + 200;
while (1)
{
	if(GetAsyncKeyState(VK_SHIFT)&1)
	{
	    OldVal=Read();
		status = !status;
	}
			
		   if (status == true)
		   {
			SetConsoleTextAttribute(GetStdHandle (STD_OUTPUT_HANDLE),15);
			printf("\rStatus: ");
			SetConsoleTextAttribute(GetStdHandle (STD_OUTPUT_HANDLE),10);
			printf("Enabled ");
			Hack(OldVal); 
		   }else{
		
			SetConsoleTextAttribute(GetStdHandle (STD_OUTPUT_HANDLE),15);
			printf("\rStatus: ");
SetConsoleTextAttribute(GetStdHandle (STD_OUTPUT_HANDLE),12);
printf("Disabled");

RestoreOriginal(originalVal);
	}


}
}


void WINAPI MainThread( )
{
   
    Set();
   

}

BOOL WINAPI DllMain ( HMODULE hModule, DWORD dwReason, LPVOID lpvReserved )
{
    switch ( dwReason ) {
        case DLL_PROCESS_ATTACH:

            DisableThreadLibraryCalls(hModule);

            if ( CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MainThread, NULL, 0, NULL) == NULL ) {
                return FALSE;
            }
            break;
            
        case DLL_PROCESS_DETACH:
            break;

        case DLL_THREAD_ATTACH:
            break;

        case DLL_THREAD_DETACH:
            break;
    }
    return TRUE;
}

Sorry for my bad English