C++ Hooking?

[ClassicGTAManiac]

Hey,

 

I am currently learning C++, and am interested in working with the Grand Theft Auto series (with mods such as Multi Theft Auto), but I was wondering if anybody could lend a hand and give me some brief guidelines? Basically, I just need to know an overview of how C++ hooking works, what libraries/functions I should look into, any documentation on doing so (I've looked around and not found anything relatively good). Any examples (even if extremely basic) would be fantastic.

 

Thanks,

Callum

[Deji]

To make ASI mods, have the ASI loader installed and create a DLL Project and set the output destination to the GTASA dir with .asi extension.

 

Example (VC++), forum messed up the indention or something:

 

 

#include "StdAfx.h"BOOL APIENTRY DllMain(HMODULE hModule, DWORD reason, LPVOID lpReserved){if(reason==DLL_PROCESS_ATTACH){ // Hack away!  patch(0x476154, &func_089D, 4);   // what I use in VJ to replace a dummy opcode}return TRUE;}// use this function to write protected memory...void _patch(void *pAddress, DWORD data, DWORD iSize){unsigned long dwProtect[2];VirtualProtect(pAddress, iSize, PAGE_EXECUTE_READWRITE, &dwProtect[0]);switch(iSize){ case 1: *(BYTE*)pAddress = (BYTE)data; break; case 2: *(WORD*)pAddress = (WORD)data; break; case 4: *(DWORD*)pAddress = (DWORD)data; break; default: memset(pAddress, data, iSize); break;}VirtualProtect(pAddress, iSize, dwProtect[0], &dwProtect[1]);}

 

 

Good luck

[ClassicGTAManiac]

Thanks, I'll look into this when I get home, but I was hoping to find out more about hooking into GTA from a seperate process (obviously programmed in C++).

[Swoorup]

You are probably looking for an injector.

Here:

 

#include <windows.h> #include <tlhelp32.h> #include <shlwapi.h> #include <conio.h> #include <stdio.h> #define WIN32_LEAN_AND_MEAN #define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ) BOOL Inject(DWORD pID, const char * DLL_NAME); DWORD GetTargetThreadIDFromProcName(const char * ProcName); int main(int argc, char * argv[]) {   // Retrieve process ID   DWORD pID = GetTargetThreadIDFromProcName("cmd.exe");      // Get the dll's full path name   char buf[MAX_PATH] = {0};   GetFullPathName("injected.dll", MAX_PATH, buf, NULL);   printf(buf);   printf("\n");      // Inject our main dll   if(!Inject(pID, buf))   {        printf("DLL Not Loaded!");    }else{        printf("DLL Loaded!");    }    _getch();   return 0; } BOOL Inject(DWORD pID, const char * DLL_NAME) {   HANDLE Proc;   HMODULE hLib;   char buf[50] = {0};   LPVOID RemoteString, LoadLibAddy;   if(!pID)      return false;   Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);   if(!Proc)   {      sprintf(buf, "OpenProcess() failed: %d", GetLastError());      //MessageBox(NULL, buf, "Loader", MB_OK);      printf(buf);      return false;   }      LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");   // Allocate space in the process for our DLL   RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);   // Write the string name of our DLL in the memory allocated   WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL);   // Load our DLL   CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL);   CloseHandle(Proc);   return true; } DWORD GetTargetThreadIDFromProcName(const char * ProcName) {   PROCESSENTRY32 pe;   HANDLE thSnapShot;   BOOL retval, ProcFound = false;   thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);   if(thSnapShot == INVALID_HANDLE_VALUE)   {      //MessageBox(NULL, "Error: Unable to create toolhelp snapshot!", "2MLoader", MB_OK);      printf("Error: Unable to create toolhelp snapshot!");      return false;   }   pe.dwSize = sizeof(PROCESSENTRY32);      retval = Process32First(thSnapShot, &pe);   while(retval)   {      if(StrStrI(pe.szExeFile, ProcName))      {         return pe.th32ProcessID;      }      retval = Process32Next(thSnapShot, &pe);   }   return 0; }

 

 

It simply loads a dll file into a process. Rename the process and dll file according to your needs and compile it as an exe.

EDIT: BTW its not mine but I found this somewhere and found it reliable.

[DK22Pac]

@Up

We have already ASI loader @[email protected]

[ClassicGTAManiac]

Swoorup, thanks for the help, really appreciate it.

 

However, when I try and compile the code you supplied, I get;

 

 

main.obj : error LNK2019: unresolved external symbol [email protected] referenced in function "unsigned long __cdecl GetTargetThreadIDFromProcName(char const *)" ([email protected]@[email protected])

[Swoorup]

I am not sure if Visual C++ compiler can compile it because it throws a lot of errors.

If you have ming gw compiler throw this in the command line.

 

 

g++ dll_injector.cpp -o injector.exe

OR

gcc dll_injector.cpp -o injector.exe

 

Also note that this is a C program not C++.

 

 

@Up

We have already ASI loader @[email protected]

 

Yes, of course. But I don't asi loader can load dll from a seperate process.

This is just an injector. It can load into a process from anywhere, anytime

Edited January 29, 2012 by Swoorup