[Guide] How make working injected dll with XTrap (20/05/13)

[woodoo34tr]

method discovered by me.
published only in ePvP.
how make dll:
1 tutorial:
2 tutorial:

not use this method for read value from address:
*(DWORD*)ADDR_GM = 2;
*(DWORD*)ADDR_AOE = 100;
*(DWORD*)ADDR_RANGE = 7;

use this medhod:
ReadProcessMemory(phandle,(void*)address,&value,si zeof(value),0);

3: and the last statement:
not inject dll to cabalmain.exe (because detected)
inject dll to Xtrap.xt

I tested and working fine this method in win7 x64 system.

i dont want PS player buying any trainer

note:
dont forget add "SeDebugPrivilege" code. link:
Why dll, not exe?
because exe it establishes a connection with open handle, detected from XTrap!
bat Xtrap not check self

enable SeDebugPrivilage code c++:

// Call with EnableTokenPrivilege(SE_DEBUG_NAME);
BOOL EnableTokenPrivilege(LPTSTR lpszPrivilege) // by Napalm
{
TOKEN_PRIVILEGES tp;
BOOL bResult = FALSE;
HANDLE hToken = NULL;
DWORD dwSize;
ZeroMemory(&tp, sizeof(tp));
tp.PrivilegeCount = 1;
if(OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken) &&
LookupPrivilegeValue(NULL, lpszPrivilege, &tp.Privileges[0].Luid))
{
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
bResult = AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, &dwSize);
}
CloseHandle(hToken);
return bResult;
}


Delphi code examples:
DLL Wizard:

First code look like this:

PHP Code:

library Project1;

{ Important note about DLL memory management: ShareMem must be the
  first unit in your library's USES clause AND your project's (select
  Project-View Source) USES clause if your DLL exports any procedures or
  functions that pass strings as parameters or function results. This
  applies to all strings passed to and from your DLL--even those that
  are nested in records and classes. ShareMem is the interface unit to
  the BORLNDMM.DLL shared memory manager, which must be deployed along
  with your DLL. To avoid using BORLNDMM.DLL, pass string information
  using PChar or ShortString parameters. }

uses
  SysUtils,
  Classes;

{$R *.res}

begin
end. 


add form:

first unit1 code look like this:

PHP Code:

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs;

type
  TForm1 = class(TForm)
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

end. 


copy paste this code to Project1:

PHP Code:

library Project1;

{ Important note about DLL memory management: ShareMem must be the
  first unit in your library's USES clause AND your project's (select
  Project-View Source) USES clause if your DLL exports any procedures or
  functions that pass strings as parameters or function results. This
  applies to all strings passed to and from your DLL--even those that
  are nested in records and classes. ShareMem is the interface unit to
  the BORLNDMM.DLL shared memory manager, which must be deployed along
  with your DLL. To avoid using BORLNDMM.DLL, pass string information
  using PChar or ShortString parameters. }

uses
  SysUtils,
  Windows,
  Classes,
  Unit1 in 'Unit1.pas' {Form1};

{$R *.res}

var
woodoo : DWORD;


procedure woodoo34tr;
begin;
form1 := tForm1.Create(nil);
Form1.ShowModal;
end;
begin
CreateThread(nil,woodoo,@woodoo34tr,nil,woodoo,woodoo);
end. 


add form : 2 edit / 1 checkbox / 1 timer
this is unit1 code:

PHP Code:

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, ExtCtrls, StdCtrls;

type
  TForm1 = class(TForm)
    CheckBox1: TCheckBox;
    Timer1: TTimer;
    Edit1: TEdit;
    Edit2: TEdit;
    procedure CheckBox1Click(Sender: TObject);
    procedure Timer1Timer(Sender: TObject);
    procedure FormCreate(Sender: TObject);
  private
    { Private declarations }
    lp:integer;
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}
function EnumProcess(hHwnd: HWND; lParam : integer): boolean; stdcall;
var
  pPid : DWORD;
  title, ClassName : string;
  begin
  //if the returned value in null the
  //callback has failed, so set to false and exit.
  if (hHwnd=NULL) then
  begin
    result := false;
  end else begin
    //additional functions to get more 
    //information about a process.
    //get the Process Identification number.
    GetWindowThreadProcessId(hHwnd,pPid);
    //set a memory area to receive 
    //the process class name
    SetLength(ClassName, 255);
    //get the class name and reset the 
    //memory area to the size of the name
    SetLength(ClassName,GetClassName(hHwnd,PChar(className),Length(className)));
    SetLength(title, 255);
    //get the process title; usually displayed 
    //on the top bar in visible process
    SetLength(title, GetWindowText(hHwnd, PChar(title), Length(title)));
    //Display the process information 
    //by adding it to a list box
if className = 'D3D Window' then
begin
form1.edit2.Text := IntToStr(pPid);
end;
    Result := true;
  end;
  end;
  //**********************************************
function SetDebugPrivilege: Boolean;
var
  TokenHandle: THandle;
  TokenPrivileges : TTokenPrivileges;
begin
  Result := false;
  if OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, TokenHandle) then
  begin
    if LookupPrivilegeValue(nil, PChar('SeDebugPrivilege'), TokenPrivileges.Privileges[0].Luid) then
    begin
      TokenPrivileges.PrivilegeCount := 1;
      TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
      Result := AdjustTokenPrivileges(TokenHandle, False,
        TokenPrivileges, 0, PTokenPrivileges(nil)^, PDWord(nil)^);
    end;
  end;
end;
//*********************************************************************
procedure TForm1.CheckBox1Click(Sender: TObject);
begin
if checkbox1.Checked = true then
begin
if edit2.Text ='' then
begin
lp:=0; // Private declarations
if EnumWindows(@EnumProcess,lp) = false then
begin
end;
end;
timer1.Interval := strtoint(edit1.Text);
timer1.Enabled := true;
end;
if checkbox1.Checked = false then timer1.Enabled := false;
end;
//**************************************************************************
procedure TForm1.Timer1Timer(Sender: TObject);
var
yaz,ProcessId:integer;
HandleWindow,baseaddress:int64;
write,read: Cardinal;
buf:dword;
begin
  baseaddress:=$B93530; // in olly address $44EB2A;
  yaz:=0; // yaz = can you write here running value
  ProcessId := strtoint(edit2.text);
  HandleWindow := OpenProcess(PROCESS_ALL_ACCESS, False, ProcessId);
//ReadProcessMemory(HandleWindow, ptr(baseaddress), @buf, 4, Read);// $44EB2A = in ollydbg Base address ;)
  ReadProcessMemory(HandleWindow, ptr(baseaddress), @buf, 4, Read);
  WriteProcessMemory(HandleWindow, ptr(buf+$72D4), @yaz, 4, write);
  CloseHandle(HandleWindow);
end;

procedure TForm1.FormCreate(Sender: TObject);
begin
SetDebugPrivilege;
end;

end. 


finished form look like this:

inject dll to xtrap:

[mustafaay100]

work cabal eu?

[Wayntressierts]

Quote:

Originally Posted by mustafaay100

work cabal eu?

Since when is EU using XTrap ??

[FUJl]

Nice method...

although i'm not injecting DLL, still works like offline trainer...

but in gameguard it doesn't work...

[alexnico08]

sry... but i am noobbbbb..... how make .dll??? anyway,can somebody make the .dll for unitedcabal?
i know how to inject only...
respect!

[renmer_2013]

can you help me make a dll in unitedcabal

[andrefsp]

hi, this is to confusing :x i do everything like u but i can get to that image that u have on "finished form look like this:"

[newman12352]

Who can send, me this xtrap bloker and dll? I can pay you in ext cabal pm me

[andrewfam]

Sorry, if I dig up this old post.
I'm a little confuse about your methods.
Assume that there's no Xtrap involve, the normal way to get our hacks into the game by injecting our DLL to the game exe file. The DLL will run the Dllmain thread from within the exe memory space and we can control the game from there.
With your method, the DLL is injected to XTrap.xt instead of the exe file.
So the Dllmain thread runs within Xtrap.xt memory space. How are you going to pass your function from Xtrap.xt memory space to the exe memory space?
Sorry, I'm newbie to this, I just want to learn.