locked
Spoof Or Capture un-manged App / Dll RRS feed

  • Question

  • i have Another Exe hooked with unmanged .dll , the app simply run like this

    Run App > While Running The Hooked Dll Reading Windows System info ( like HWID or Mac Address )

    is there anyway to capture or spoof the data return to dll from system ? like  changing the HWID return string from system info

    c#

    thanks in advance

    Sunday, September 9, 2018 4:49 PM

All replies

  • What do you mean by "i have another exe hooked"?  If you have injected a DLL into another process, then you can certainly find the entry points of the DLL you're interested in and overwrite the entry point code with your own code that intercepts the call.  Something like the Detours library could help with that.

    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Monday, September 10, 2018 4:51 AM
  • Hi Eslam Galull,

    c# could call unmanaged dll via DllImport, and the following blog provide a method about how to do it.

    https://blogs.msdn.microsoft.com/jonathanswift/2006/10/02/calling-an-unmanaged-dll-from-net-c/

    Best regards,

    Zhanglong 


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, September 10, 2018 8:03 AM
  • well i mean 

    Well simply we got a game client .exe while running its inject a dll to ready the current system HWID

    and send it to its server to record player info

    what we need to do ( Any Hint )

    To Catch infos coming from dll to the game or catching dll while reading the system info and edit or change the hwid info

    Tuesday, September 11, 2018 2:59 PM
  • Hi Eslam Galull,

    If you want to inject a dll by dynamic, please refer to the following blogs, which you need to import all the dll into one static class.

    static class NativeMethods
    {
            [DllImport("kernel32.dll")]
            public static extern IntPtr LoadLibrary(string dllToLoad);
    
            [DllImport("kernel32.dll")]
            public static extern IntPtr GetProcAddress(IntPtr hModule, string procedureName);
    
    
            [DllImport("kernel32.dll")]
            public static extern bool FreeLibrary(IntPtr hModule);
    }
    
    class Program
    {
            [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
            private delegate int MultiplyByTen(int numberToMultiply);
    
            static void Main(string[] args)
            {
                    IntPtr pDll = NativeMethods.LoadLibrary(@"PathToYourDll.DLL");
                    //oh dear, error handling here
                    //if (pDll == IntPtr.Zero)
    
                    IntPtr pAddressOfFunctionToCall = NativeMethods.GetProcAddress(pDll, "MultiplyByTen");
                    //oh dear, error handling here
                    //if(pAddressOfFunctionToCall == IntPtr.Zero) 
    
                    MultiplyByTen multiplyByTen = (MultiplyByTen)Marshal.GetDelegateForFunctionPointer(
                                                                                            pAddressOfFunctionToCall,
                                                                                            typeof(MultiplyByTen));
    
                    int theResult = multiplyByTen(10);
    
                    bool result = NativeMethods.FreeLibrary(pDll);
                    //remaining code here
    
                    Console.WriteLine(theResult);
            }
    } 

    https://blogs.msdn.microsoft.com/jonathanswift/2006/10/03/dynamically-calling-an-unmanaged-dll-from-net-c/

    Best regards,

    Zhanglong


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, September 18, 2018 1:09 AM