Ok.

I have not ever attempted this yet but i need some help doing it.

I'm a video game modder. I add functions like Anti Cheating, Punting, Banning and so on.

Right Now i use Lord Pe To add the dll's that i create into the exe and then patch the exe to use
the dll the way i want it to.

the main problem is. Is that windows 2000 systems can run the modded exe's.

so what im looking to do is instead of modding the exe its self I want to for the dll into the memory of
the exe by a loader and then patch the exe in the memory to use the dll.

i know to patch the exe in the memory you juse do a WriteProcessMemory.

but what i dont know how to do is to force the dll into the memory.

I got ahold of TSnoop from a friend that does it. but it requires ikernel32.lib iuser32.lib and i cant seem to find
those files anywere.

so if you could help me get those files or help me find another way to get the dll into the memory of the game.
Posted on 2002-12-12 18:03:26 by devilsclaw
Devilsclaw, there is nothing special with the libraries 'iuser32.lib' etc. You could
just change it to 'user32.lib' and changing the 'iWin32' commands to 'invoke'.
However, there is alot of command/macros used with those library's.

So I would suggest that you download 'EliASM2' from this site:
http://www.anticracking.sk/EliCZ/infos.htm
He is the one who made those macros wich create/use the library files 'iuser32.lib'.
You'll probably find alot of other info/examples regarding your other question there
also.

BTW: I would really like to see that source code you where talking about. So
could you attach it to a post? ( :) )

Another thing, this topic is mainly for the MASM32 package. So any other question
regarding asembly etc. Should mainly be posted in 'Main', read the rules. ( ;) )
Posted on 2002-12-12 18:13:45 by natas
trnsnpd.obj : error LNK2001: unresolved external symbol __imp__CreateFileA
trnsnpd.obj : error LNK2001: unresolved external symbol __imp__MessageBoxA
trnsnpd.obj : error LNK2001: unresolved external symbol __imp__lstrlenA
trnsnpd.obj : error LNK2001: unresolved external symbol __imp__WriteFile
trnsnpd.obj : error LNK2001: unresolved external symbol __imp__CloseHandle
trnsnpd.obj : error LNK2001: unresolved external symbol __imp__lstrcatA
trnsnpd.obj : error LNK2001: unresolved external symbol __imp__WinExec
trnsnpd.obj : error LNK2001: unresolved external symbol __imp__lstrcmpA
trnsnpd.obj : error LNK2001: unresolved external symbol __imp__GetProcAddress
trnsnpd.obj : error LNK2001: unresolved external symbol __imp__WriteProcessMemor

is what i get when i change the iUSER.LIB and iKERNEL32.LIB

and if i dont change it lol you know it just does not find it.

thats what brought me to thinking the iUSER32.LIB were diff from the original.

also the weird thing is that it does not use call or invoke in the actuall code its all in the macros
Posted on 2002-12-12 18:34:10 by devilsclaw
oh now i feel dumb lol i think i should just add in the inc files. mainly was exspecting working code.

i had to mod it a bit to get it this far im going to try it now. normaly i write my won code.
so i dont have this problem.
Posted on 2002-12-12 18:42:32 by devilsclaw
Well he uses EliCZ macro's, and they are called things like 'iWin32'. (Not
'invoke/call'). Since the package wich i told you about above, uses alot of
macros etc. only available inside the whole package. I suggested that
you download and read the whole pack, to gain any undestanding.

I am very tired right now so i forgot to say that the 'iuser32.lib' are different from
the other ones. They were made to be used by EliCZ macros.However, im pretty
shure that if you had changed the 'iuser32.lib' to 'user32.lib', and replaced 'iWin32'
to 'Invoke' you would not have gotten those messages.But do as i sayd and
download that package to understand what im talking about.

And once again: could you post the source code? im interested in looking at it. :)

-Cheers
Posted on 2002-12-12 18:43:32 by natas
nope dangit umm not sure whats up still
Posted on 2002-12-12 18:45:34 by devilsclaw
Well you say that you usually write your own code? then you do have
knowledge about the assembly language? well since it doesnt seem
like you want to read the package. Then post the code and ill convert
it to plain assembly using normal invoke or call if you want to.

BDW: please compress the files to .zip if your going to post a long code. ( ;) )
Posted on 2002-12-12 18:47:56 by natas
i looked at the code and it does not need converting so im going to convert the mac file from the site that i go the apihooks pack a while ago. as for the soure i dont know if im allowed to give it out. i was given to me by a friend and he got it from someone else.
Posted on 2002-12-13 00:31:31 by devilsclaw
Well i got the exe to compile now i need to figure out the dll its a bit diff but thanks for the help and sorry about the source but it is not mine to give out.
Posted on 2002-12-13 01:32:00 by devilsclaw
oh and quick referance i had to make my own DEF file from my dlls with iDEF and then Link them to a lib and i dont have import problems anymore with the exe now the dll is looking for a OldGetProcAddress and if i goto the Kernel32.inc and put OldGetProcAddress equ <GetProcAddress>

i get past that one section yet comes up with other error with the same import but its using a new name again so it must be something else with the macro.
Posted on 2002-12-13 02:05:29 by devilsclaw
Well Finaly got the dll to compile but it still didnt work untill i added a def with a fake export now it all work.

man the guy sure made a person work for what he wants lol.
Posted on 2002-12-13 04:31:02 by devilsclaw
Well too bad that you couldnt give out the source. But I understand
that you cannot. But it's good to hear that you finally got it running.

-Cheers
Posted on 2002-12-13 04:49:51 by natas
Well i looked in the zip and it had a readme.txt and it pointed to a email addy but i went to that site and its for download to the public so i guess i could send you the original source or give you the link to download it.

well i will link you lol.


{LINK HAS BEEN REMOVED}

its the trainer spy software called trnsnp.zip

have fun getting it to work lol. if you dont figure it out on your own i can help you of course.
Posted on 2002-12-13 05:04:01 by devilsclaw
ok new problem..... well not really a problem but the original exe has the ApiHooks.dll actually in the exe its self.

well sort of for that fact there is no other MZ at the start so im not sure how it does not need the ApiHooks.dll

but when you finaly get the source working it needs the dll and his does not. so if anyone can tell me how to put the dll into the exe its self i would be happy. ty
Posted on 2002-12-13 05:08:10 by devilsclaw
Thanks for putting up the link to the source. ( :) ) This is going to sound
a little bit wierd, but you need to remove the link by using the 'edit' button.
Because it contains contents wich is illegal on this board(virii). So if you
dont remove it, im pretty shure the moderators will.

Thanks for the source tho. ( ;) )
Posted on 2002-12-13 05:09:38 by natas
np and link has been removed. also can you help me with loading the dll into the actually exe its self well the apihooks one at least.
Posted on 2002-12-13 05:12:55 by devilsclaw
There are different ways of including a .dll file into an exe file. You can either
convert the contents to data/var(using a tool like 'BINTODB' found in the masm pack).
Or you could include it as a resource. Whatever you prefer. Since I dont think
I need to write the answer wich is already on this board, ill just point you to
the threads. +more reading can be found by searching. ( ;) )
http://www.asmcommunity.net/board/showthread.php?threadid=9535
http://www.asmcommunity.net/board/index.php?topic=8699
http://www.asmcommunity.net/board/showthread.php?threadid=845&highlight=dll+resource

Now thats outta the way, lets go back to the source in question. What do you
mean by the ApiHooks.dll? I have compiled the source code and I dont need
that .dll file to make it run. Since it uses the ApiHook .lib files. The problem
is with the version of the hook libs/inc(and the linker i think).

Well I wanted to show you that you dont need that .dll, so I decided to slap-it-
together for you. The zipped archive below contains everything you need!
Including .libs .linker etc. I changed the .bat files, other then that I didnt change a
thing in the source code. :alright: http://home.no/natasx/_trnsnp.zip
Posted on 2002-12-13 10:47:00 by natas
hmm very interesting. i use MASM32 V7 and i had to mod the code and everything to get it to work. and when i did the dll and the exe both were 4k and the original that is in the zip is like 19k so im not sure why mine would not just compile. i tryed the 3.8 version and the 5.6 version it likes the older one better. did you have to do anything to make it work or did it just work and if it did can you send me you APIMACRO file mine might be out of date.
Posted on 2002-12-14 17:26:51 by devilsclaw
The program was created to be used by the apihook version. 3.8. In the
new version alot of the macro's etc. have probably changed. I didnt
care to look into the changes in the new one tho. The only thing I changed
is within the .bat file as you will notice when you look at it. Nothing
else was done to the source code.

Anyways, all of the files you need is inside the archive linked above.
The archive contains: source code,librarys,includes,linker,etc. Everything
you need to compile it. There is no other file you should need. ( ;) )
Posted on 2002-12-14 17:50:09 by natas
ok thanks alot and i will look at the bat file and i see it works fine now that i downloaded it.
Posted on 2002-12-15 01:44:10 by devilsclaw