Yizheng, you have some way to make a new trainer if they do update?
Yizheng, you have some way to make a new trainer if they do update?
i look for someone with hack to npn/a ^^ pls contact me by priv ;D
How i bypass 64bit to 32bit hack ,,,please help me!!
it doesnt work anymore try by yourself :'(
what exactly did the server updated? new adresses so the trainer's adresses dont match anymore?
Can u update to windows 32 please?
if you can help me with dll injection then i can
This code help you? C++private IntPtr InjectLibraryInternal(string libFullPath)
{
uint sizeUni = (uint)Encoding.Unicode.GetByteCount(libFullPath);
// Get Handle to Kernel32.dll and pointer to LoadLibraryW
IntPtr hKernel32 = Imports.GetModuleHandle("Kernel32");
if (hKernel32 == IntPtr.Zero)
throw new Win32Exception(Marshal.GetLastWin32Error());
IntPtr hLoadLib = Imports.GetProcAddress(hKernel32, "LoadLibraryW");
if (hLoadLib == IntPtr.Zero)
throw new Win32Exception(Marshal.GetLastWin32Error());
// allocate memory to the local process for libFullPath
IntPtr pLibPath = Imports.VirtualAllocEx(_process.Handle, IntPtr.Zero, sizeUni, AllocationType.Commit, MemoryProtection.ReadWrite);
if (pLibPath == IntPtr.Zero)
throw new Win32Exception(Marshal.GetLastWin32Error());
// write libFullPath to pLibPath
int bytesWritten;
if (!Imports.WriteProcessMemory(_process.Handle, pLibPath, Marshal.StringToHGlobalUni(libFullPath), sizeUni, out bytesWritten) || bytesWritten != (int)sizeUni)
throw new Win32Exception(Marshal.GetLastWin32Error());
// load dll via call to LoadLibrary using CreateRemoteThread
IntPtr hThread = Imports.CreateRemoteThread(_process.Handle, IntPtr.Zero, 0, hLoadLib, pLibPath, 0, IntPtr.Zero);
if (hThread == IntPtr.Zero)
throw new Win32Exception(Marshal.GetLastWin32Error());
if (Imports.WaitForSingleObject(hThread, uint.MaxValue) != 0)
throw new Win32Exception(Marshal.GetLastWin32Error());
// get address of loaded module
IntPtr hLibModule;// = IntPtr.Zero;
if (!Imports.GetExitCodeThread(hThread, out hLibModule))
throw new Win32Exception(Marshal.GetLastWin32Error());
if (hLibModule == IntPtr.Zero)
throw new Exception("Code executed properly, but unable to get an appropriate module handle, possible Win32Exception", new Win32Exception(Marshal.GetLastWin32Error()));
// clean up
if (!Imports.CloseHandle(hThread))
throw new Win32Exception(Marshal.GetLastWin32Error());
if (!Imports.VirtualFreeEx(_process.Handle, pLibPath, 0, AllocationType.Release))
throw new Win32Exception(Marshal.GetLastWin32Error());
return hLibModule;
}
DLL Injection 32.
Module InjLib
'CreateRemoteThread for calling loadlibrary in the target process address space to load our Dll
Private Declare Function CreateRemoteThread Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpThreadAttributes As Int32, ByVal dwStackSize As Int32, ByVal lpStartAddress As Int32, ByVal lpParameter As Int32, ByVal dwCreationFlags As Int32, ByRef lpThreadId As Int32) As Int32
'VirtualAllocEx to allocate space in our target process so that we can write the path to our Dll
Private Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpAddress As Int32, ByVal dwSize As Int32, ByVal flAllocationType As Int32, ByVal flProtect As Int32) As Int32
'WriteProcessMemory to write the path to our Dll in the target process address space
Private Declare Function WriteProcessMemory Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpBaseAddress As Int32, ByVal lpBuffer As String, ByVal nSize As Int32, ByRef lpNumberOfBytesWritten As Int32) As Int32
'VirtualFreeEx to clean up when done
Private Declare Function VirtualFreeEx Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpAddress As Int32, ByRef dwSize As Int32, ByVal dwFreeType As Int32) As Int32
'Get ModuleHandle to get a handle to LoadLibrary so we can use the Handle to get its Address in the target Process' space
Private Declare Function GetModuleHandle Lib "kernel32.dll" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Int32
'GetProcAddress to get the address that LoadLibraryA resides at
Private Declare Function GetProcAddress Lib "kernel32.dll" (ByVal hModule As Int32, ByVal lpProcName As String) As Int32
'OpenProcess to get a handle to our target process and open it with the rights we require
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Int32, ByVal bInheritHandle As Int32, ByVal dwProcessId As Int32) As Int32
'CloseHandle to Close all open handles we needed
Private Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As Int32) As Int32
Private Const Create_Suspended As Int32 = &H4 'To freeze process when we call createremotethread
Private Const process_vm_operation As Int32 = &H8 ' Access Rights
Private Const process_create_thread As Int32 = &H2
Private Const process_suspend_resume As Int32 = &H800
Private Const process_vm_write As Int32 = &H20 ' Access Rights
Private Const process_vm_read As Int32 = &H10 ' Access Rights
Private Const mem_commit As Int32 = &H1000 ' What to do with memory from VirtualallocEx
Private Const mem_release As Int32 = &H8000 ' Tells the Computer to free memory when called with VirtualFree
Private Const page_readwrite As Int32 = &H4
Private Access As Int32 = process_vm_read Or process_vm_write Or process_vm_operation Or process_create_thread
Public Function InjectDlls(ByVal ProcessName As String, ByVal DllPaths() As String) As int32
Dim ProcHandle As Int32 ' Handle to Target Process
Dim DllVirtLoc As Int32 ' Address of Dll Path
Dim Inject As Int32 ' Error Checking
Dim CreateThread As Int32 ' Error Checking
Dim ThreadID As Int32 ' Handle to our Created Thread
Dim MHandle As Int32 ' Handle to Kernel32.dll
Dim i As Int32 ' Counter
Dim TargetProc As Process() = Process.GetProcessesByName(ProcessName) ' Gets Process info
MHandle = GetModuleHandle("Kernel32.dll") ' Gets Handle to Kernel32.dll
If MHandle = 0 Then
MessageBox.Show("Could not get a handle to Kernel32.dll", "Error", MessageBoxButtons.OK)
Return 0
Exit Function
Else
ProcHandle = OpenProcess(Access, 0, TargetProc(0).Id) ' Gets Handle to Process and opens with our desired rights
If ProcHandle = 0 Then
MessageBox.Show("Could not get a handle to Target process", "Error", MessageBoxButtons.OK)
CloseHandle(MHandle) ' Closes handle to kernel32.dll because we could not open our target process
Return 0
Exit Function
Else
For i = 0 To UBound(DllPaths) - 1
System.Threading.Thread.Sleep(100) ' Our Delay for initial Injection and subsequent injection
DllVirtLoc = VirtualAllocEx(ProcHandle, 0, DllPaths(i), mem_commit, page_readwrite) ' Allocates Space in Target Address Space
If DllVirtLoc = 0 Then
MessageBox.Show("Could not allocate space in target process", "Error", MessageBoxButtons.OK)
CloseHandle(MHandle) ' Closes Handle to Kernel32.dll because we could not allocate space
CloseHandle(ProcHandle) ' Closes Handle to Process becausewe could not allocate the space
Else
Inject = WriteProcessMemory(ProcHandle, DllVirtLoc, DllPaths(i), DllPaths(i).Length + 1, Nothing) ' Writes our Dll's path to Targets Address Space
If Inject = 0 Then
MessageBox.Show("Could not write to process' address space", "Error", MessageBoxButtons.OK)
VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) ' Free Allocated Space because writing failed
CloseHandle(MHandle) ' Close handle to kernel32.dll because writing failed
CloseHandle(ProcHandle) ' Close Handle to Process because writing failed
Else
CreateThread = CreateRemoteThread(ProcHandle, 0, 0, GetProcAddress(MHandle, "LoadLibraryA"), DllVirtLoc, 0, ThreadID)
If CreateThread = 0 Then
MessageBox.Show("Could not create remote thread", "Error", MessageBoxButtons.OK)
VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) ' Frees Allocated space because we could not create our remote thread
CloseHandle(MHandle) ' Closes Handle to Kernel32.dll because we could not create our remote thread
CloseHandle(ProcHandle) ' Closes Handle to Target Process because we could not create our remote thread
Return 0
Exit Function
Else
VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) ' Frees Allocated Space because we are done
End If
End If
End If
Return 1 ' Returns 1 for Success 0 for failure declare recieving variable as array
Next i
CloseHandle(MHandle) ' Close Handle to Kernel32.dll because we are done
CloseHandle(ProcHandle) ' Close Handle to Target Process because we are done
End If
End If
End Function
End Module
This is a easy tutorial on how to make an Advanced Injector!
Open Microsoft Visual Basics 2008.
So do a 5 Buttons.
What we gonna do?
We are going to do an Advanced Injector.
What Items we will have?
* 5 Buttons.
* 1 Label.
* 1 TextBox.
* 1 ListBox.
* 1 Timer.
* 1 OpenFileDialog.
Name Button1 "Clear Selected"
Name Button2 "Clear Process"
Name Button3 "Clear List"
Name Button4 "Browse"
Name Button5 "Inject"
Do a Label.
Do a TextBox.
Do a ListBox and name ListBox1 to "Dlls"
Do a OpenFileDialog and go to Properties and MultiSelect do it True.
Add a Timer.
Click on Form1 and delete the words and copy and paste this:
Public Class Form1
Private TargetProcessHandle As Integer
Private pfnStartAddr As Integer
Private pszLibFileRemote As String
Private TargetBufferSize As Integer
Public Const PROCESS_VM_READ = &H10
Public Const TH32CS_SNAPPROCESS = &H2
Public Const MEM_COMMIT = 4096
Public Const PAGE_READWRITE = 4
Public Const PROCESS_CREATE_THREAD = (&H2)
Public Const PROCESS_VM_OPERATION = (&H8)
Public Const PROCESS_VM_WRITE = (&H20)
Dim DLLFileName As String
Public Declare Function ReadProcessMemory Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpBaseAddress As Integer, _
ByVal lpBuffer As String, _
ByVal nSize As Integer, _
ByRef lpNumberOfBytesWritten As Integer) As Integer
Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" ( _
ByVal lpLibFileName As String) As Integer
Public Declare Function VirtualAllocEx Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpAddress As Integer, _
ByVal dwSize As Integer, _
ByVal flAllocationType As Integer, _
ByVal flProtect As Integer) As Integer
Public Declare Function WriteProcessMemory Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpBaseAddress As Integer, _
ByVal lpBuffer As String, _
ByVal nSize As Integer, _
ByRef lpNumberOfBytesWritten As Integer) As Integer
Public Declare Function GetProcAddress Lib "kernel32" ( _
ByVal hModule As Integer, ByVal lpProcName As String) As Integer
Private Declare Function GetModuleHandle Lib "Kernel32" Alias "GetModuleHandleA" ( _
ByVal lpModuleName As String) As Integer
Public Declare Function CreateRemoteThread Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpThreadAttributes As Integer, _
ByVal dwStackSize As Integer, _
ByVal lpStartAddress As Integer, _
ByVal lpParameter As Integer, _
ByVal dwCreationFlags As Integer, _
ByRef lpThreadId As Integer) As Integer
Public Declare Function OpenProcess Lib "kernel32" ( _
ByVal dwDesiredAccess As Integer, _
ByVal bInheritHandle As Integer, _
ByVal dwProcessId As Integer) As Integer
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" ( _
ByVal lpClassName As String, _
ByVal lpWindowName As String) As Integer
Private Declare Function CloseHandle Lib "kernel32" Alias "CloseHandleA" ( _
ByVal hObject As Integer) As Integer
Dim ExeName As String = IO.Path.GetFileNameWithoutExtension(Application.Ex ecutablePath)
Private Sub Inject()
On Error GoTo 1 ' If error occurs, app will close without any error messages
Timer1.Stop()
Dim TargetProcess As Process() = Process.GetProcessesByName(TextBox1.Text)
TargetProcessHandle = OpenProcess(PROCESS_CREATE_THREAD Or PROCESS_VM_OPERATION Or PROCESS_VM_WRITE, False, TargetProcess(0).Id)
pszLibFileRemote = OpenFileDialog1.FileName
pfnStartAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
TargetBufferSize = 1 + Len(pszLibFileRemote)
Dim Rtn As Integer
Dim LoadLibParamAdr As Integer
LoadLibParamAdr = VirtualAllocEx(TargetProcessHandle, 0, TargetBufferSize, MEM_COMMIT, PAGE_READWRITE)
Rtn = WriteProcessMemory(TargetProcessHandle, LoadLibParamAdr, pszLibFileRemote, TargetBufferSize, 0)
CreateRemoteThread(TargetProcessHandle, 0, 0, pfnStartAddr, LoadLibParamAdr, 0, 0)
CloseHandle(TargetProcessHandle)
1: Me.Show()
End Sub
Private Sub OpenFileDialog1_FileOk(ByVal sender As System.Object, ByVal e As System.ComponentModel.CancelEventArgs) Handles OpenFileDialog1.FileOk
End Sub
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Button1.Text = "Clear Selected"
Label1.Text = "Waiting for Process Start..."
Timer1.Interval = 50
Timer1.Start()
End Sub
Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
If IO.File.Exists(OpenFileDialog1.FileName) Then
Dim TargetProcess As Process() = Process.GetProcessesByName(TextBox1.Text)
If TargetProcess.Length = 0 Then
Me.Label1.Text = ("Waiting for " + TextBox1.Text + ".exe...")
Else
Timer1.Stop()
Me.Label1.Text = "Successfully Injected!"
Call Inject()
End If
End If
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
For i As Integer = (Dlls.SelectedItems.Count - 1) To 0 Step -1
Dlls.Items.Remove(Dlls.SelectedItems(i))
Next
End Sub
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
TextBox1.Clear()
End Sub
Private Sub Button3_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button3.Click
Dlls.Items.Clear()
End Sub
Private Sub Button4_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button4.Click
OpenFileDialog1.Filter = "DLL (*.dll) |*.dll|(*.*) |*.*"
OpenFileDialog1.ShowDialog()
Dim FileName As String
FileName = OpenFileDialog1.FileName.Substring(OpenFileDialog1 .FileName.LastIndexOf("\"))
Dim DllFileName As String = FileName.Replace("\", "")
Me.Dlls.Items.Add(DllFileName)
End Sub
Private Function GetAsyncKeyState(ByVal vKey As Integer) As Short
If GetAsyncKeyState(Keys.F12) Then
If IO.File.Exists(OpenFileDialog1.FileName) Then
Dim TargetProcess As Process() = Process.GetProcessesByName(TextBox1.Text)
If TargetProcess.Length = 0 Then
Me.Label1.Text = ("Waiting for " + TextBox1.Text + ".exe Injection(F12)...")
Else
Timer1.Stop()
Me.Label1.Text = "Successfully Injected!"
Call Inject()
' If CheckBox1.Checked = True Then
'Me.Close()
'Else
' End If
End If
Else
End If
End If
End Function
Private Sub Button5_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button5.Click
If IO.File.Exists(OpenFileDialog1.FileName) Then
Dim TargetProcess As Process() = Process.GetProcessesByName(TextBox1.Text)
If TargetProcess.Length = 0 Then
Me.Label1.Text = ("Waiting for " + TextBox1.Text + ".exe Injection(F12)...")
Else
Timer1.Stop()
Me.Label1.Text = "Successfully Injected!"
Call Inject()
' If CheckBox1.Checked = True Then
'Me.Close()
'Else
' End If
End If
Else
End If
End Sub
End Class
Last edited by saracie; 2011-02-19 at 10:35 AM.