Come Creare un Injector

In questa parte useremo Visual Basic 2008 per costruire il nostro injector,quindi apritelo e selezionate l'Application Windows Form.

Inserite nella nostra form 2 texbox un timer 4 label e un button.Fatto questo passiamo ai codici.

Nel timer
Codice:
Codice:
Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
        If IO.File.Exists(Application.StartupPath & "\" + TextBox2.Text) Then
            Dim TargetProcess As Process() = Process.GetProcessesByName("HSUpdate")
            If TargetProcess.Length = 0 Then
                Me.Label2.Text = ("In Attesa Di " + TextBox1.Text)
            Else
                Timer1.Stop()
                Me.Label2.Text = "DLL Iniettata"
                Call Inject()
            End If
        Else
            Me.Label2.Text = ("" + TextBox2.Text + ".dll Non Trovata!")
        End If
    End Sub
Nel button
Codice:
Codice:
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        Timer1.Interval = 50
        Timer1.Start()
    End Sub
Nel Public Class Form
Codice:
Codice:
Public Class Form1
    Private TargetProcessHandle As Integer
    Private pfnStartAddr As Integer
    Private pszLibFileRemote As String
    Private TargetBufferSize As Integer

    Public Const PROCESS_VM_READ = &H10
    Public Const TH32CS_SNAPPROCESS = &H2
    Public Const MEM_COMMIT = 4096
    Public Const PAGE_READWRITE = 4
    Public Const PROCESS_CREATE_THREAD = (&H2)
    Public Const PROCESS_VM_OPERATION = (&H8)
    Public Const PROCESS_VM_WRITE = (&H20)

    Public Declare Function ReadProcessMemory Lib "kernel32" ( _
    ByVal hProcess As Integer, _
    ByVal lpBaseAddress As Integer, _
    ByVal lpBuffer As String, _
    ByVal nSize As Integer, _
    ByRef lpNumberOfBytesWritten As Integer) As Integer

    Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" ( _
    ByVal lpLibFileName As String) As Integer

    Public Declare Function VirtualAllocEx Lib "kernel32" ( _
    ByVal hProcess As Integer, _
    ByVal lpAddress As Integer, _
    ByVal dwSize As Integer, _
    ByVal flAllocationType As Integer, _
    ByVal flProtect As Integer) As Integer

    Public Declare Function WriteProcessMemory Lib "kernel32" ( _
    ByVal hProcess As Integer, _
    ByVal lpBaseAddress As Integer, _
    ByVal lpBuffer As String, _
    ByVal nSize As Integer, _
    ByRef lpNumberOfBytesWritten As Integer) As Integer

    Public Declare Function GetProcAddress Lib "kernel32" ( _
    ByVal hModule As Integer, ByVal lpProcName As String) As Integer

    Private Declare Function GetModuleHandle Lib "Kernel32" Alias "GetModuleHandleA" ( _
    ByVal lpModuleName As String) As Integer

    Public Declare Function CreateRemoteThread Lib "kernel32" ( _
    ByVal hProcess As Integer, _
    ByVal lpThreadAttributes As Integer, _
    ByVal dwStackSize As Integer, _
    ByVal lpStartAddress As Integer, _
    ByVal lpParameter As Integer, _
    ByVal dwCreationFlags As Integer, _
    ByRef lpThreadId As Integer) As Integer

    Public Declare Function OpenProcess Lib "kernel32" ( _
    ByVal dwDesiredAccess As Integer, _
    ByVal bInheritHandle As Integer, _
    ByVal dwProcessId As Integer) As Integer

    Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" ( _
    ByVal lpClassName As String, _
    ByVal lpWindowName As String) As Integer

    Private Declare Function CloseHandle Lib "kernel32" Alias "CloseHandleA" ( _
    ByVal hObject As Integer) As Integer


    Dim ExeName As String = IO.Path.GetFileNameWithoutExtension(Application.ExecutablePath)
Una volta messi questi codici aggiungete questo sotto tutti gli altri
Codice:
Codice:
Private Sub Inject()
        On Error GoTo 1 ' If error occurs, app will close without any error messages
        Timer1.Stop()
        Dim TargetProcess As Process() = Process.GetProcessesByName(TextBox1.Text)
        TargetProcessHandle = OpenProcess(PROCESS_CREATE_THREAD Or PROCESS_VM_OPERATION Or PROCESS_VM_WRITE, False, TargetProcess(0).Id)
        pszLibFileRemote = Application.StartupPath & "\" + ExeName + TextBox2.Text
        pfnStartAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
        TargetBufferSize = 1 + Len(pszLibFileRemote)
        Dim Rtn As Integer
        Dim LoadLibParamAdr As Integer
        LoadLibParamAdr = VirtualAllocEx(TargetProcessHandle, 0, TargetBufferSize, MEM_COMMIT, PAGE_READWRITE)
        Rtn = WriteProcessMemory(TargetProcessHandle, LoadLibParamAdr, pszLibFileRemote, TargetBufferSize, 0)
        CreateRemoteThread(TargetProcessHandle, 0, 0, pfnStartAddr, LoadLibParamAdr, 0, 0)
        CloseHandle(TargetProcessHandle)
1:      Me.Close()
    End Sub
Bene ora il label2 mostrerÓ l'avanzamento dell'injector.Nel texbox1 si dovrÓ scrivere il processo di warrock e nel texbox2 il file .dll.Gli altri 3 label serviranno come guida su dove mettere i nomi della dll e il processo del programma.Adesso abbiamo finito l'injector ora passiamo alla dll

Fonte:Guida mia i codici sono conosciuti li potete trovare in qualsiasi forum che parli di programmazione in D3D.

Come Creare file .dll

Requisiti:
-D3D Starter Kit V3.0
-Generatetexture Function (Texture Maker)
-Microsoft Visual C++ 2008 Express Edition
-MSDN
-D3D SDK

Per iniziare:
Scarichiamo lo starter kit sul nostro desktop ed apriamolo.

Coding:
Per prima cosa andremo a creare un Wallhack:

Nello starter kit andiamo su d3d8dev.ccp
Sotto i #defines

Codice:
Codice:
bool wallhack; //made by thimo
UINT m_Stride; //made by thimo
Piazziamo questo nel DrawIndexedPrimitive
Codice:
Codice:
if (wallhack) //If wallhack bool is called.
    {
    if(m_stride == 44) //On the players model.
    {
            m_pD3Ddev->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE); //Then bring to the front
        }
        else
        {
            m_pD3Ddev->SetRenderState(D3DRS_ZENABLE, TRUE); //Evertyhing else is normal
        } 
    }

if ((GetAsyncKeyState(VK_NUMPAD1)&1) == 1) // If get numpad 1 then
     wallhack = !wallhack;         //toggle wallhack
Chams:
Iniziamo con gli stessi codice sopra

In alto:

Codice:
Codice:
bool chams;
UINT m_Stride;
LPDIRECT3DTEXTURE8 texRed, texGreen; //textures
Ora nel DrawIndexedPrimitive:

Codice:
Codice:
if (chams)            //if cham bool is called
    {
        if (m_Stride == 44)            //on the player models
        {
            m_pD3Ddev->SetRenderState(D3DRS_ZENABLE,false);         //bring to front
            m_pD3Ddev->SetRenderState(D3DRS_FILLMODE,D3DFILL_SOLID);        //fill it with a solid color
            m_pD3Ddev->SetTexture( 0, texRed);      //fill it wih red
            m_pD3Ddev->DrawIndexedPrimitive(PrimitiveType, minIndex, NumVertices, startIndex, primCount);
            m_pD3Ddev->SetRenderState(D3DRS_ZENABLE, true);
            m_pD3Ddev->SetRenderState(D3DRS_FILLMODE,D3DFILL_SOLID);
            m_pD3Dde->SetTexture( 0, texGreen);             //fill it with green
        }

if ((GetAsyncKeyState(VK_NUMPAD2)&1) == 1)         //id numpad 2 is called then
     Chams = !Chams;   //chams on and off
Ora abbiamo bisogno di settare i colori!

Ora cerchiamo

HRESULT CD3DManager::Release()

Sotto

HRESULT CD3DManager::Release()
{
return S_OK;
}

Aggiungiamo il GenerateTexture Function

Codice:
Codice:
HRESULT GenerateTexture(IDirect3DDevice8 *pD3Ddev, IDirect3DTexture8 **ppD3Dtex, DWORD colour32)
{
    if( FAILED(pD3Ddev->CreateTexture(8, 8, 1, 0, D3DFMT_A4R4G4B4, D3DPOOL_MANAGED, ppD3Dtex)) )
        return E_FAIL;
    
    WORD colour16 =    ((WORD)((colour32>>28)&0xF)<<12)
            |(WORD)(((colour32>>20)&0xF)<<8)
            |(WORD)(((colour32>>12)&0xF)<<4)
            |(WORD)(((colour32>>4)&0xF)<<0);

    D3DLOCKED_RECT d3dlr;    
    (*ppD3Dtex)->LockRect(0, &d3dlr, 0, 0);
    WORD *pDst16 = (WORD*)d3dlr.pBits;

    for(int xy=0; xy < 8*8; xy++)
        *pDst16++ = colour16;

    (*ppD3Dtex)->UnlockRect(0);

    return S_OK;
}
Ora in EndScene andremo a settare queste funzioni!

Cerchiamo EndScene

In EndScene aggiungiamo:

Codice:
Codice:
GenerateTexture(m_pD3Ddev, &texRed,D3DCOLOR_ARGB(255,255,0,0));
GenerateTexture(m_pD3Ddev, &texGreen,D3DCOLOR_ARGB(255,0,255,0));
E nel SetStreamSource mettiamo:

Codice:
Codice:
if( StreamNumber == 0 ){m_Stride = Stride;