[Starcraft] Overcoming DLL Injection Issues

[Zephyrix]

You are right, which is why what I had in mind was to remove the function that is actually stopping OpenProcess. Other than that, I didn't even post this method.
00FA is 11111010, So if I were to change it to FFFF, it would allow everything, or do we want only to allow OpenProcess, but I can't seem to find which bit that is..

[arpsmack]

The function that is stopping OpenProcess is built into Windows. Your process token's access rights are being compared with Starcraft's DACL (discrecionary access control list) and you are being denied.

Carrying out this plan would take a good deal of knowledge about the internal workings of Windows regarding security, and I am certainly no guru on this matter. I know only what my personal research and scouring of MSDN has taught me.

I too searched for what that access mask represented, and granted, I only spent about 5 minutes on MSDN searching, but I couldn't find any info either.

Anyway, the point is that you don't need to know. Just set SeDebugPrivilege for your process and be done with it.

[Vague]

Code:

Private Const CREATE_SUSPENDED = &H4&
Private Const STARTF_USESHOWWINDOW = &H1

Private Enum enSW
    SW_NORMAL = 1
End Enum

Private Type PROCESS_INFORMATION
    hProcess As Long
    hThread As Long
    dwProcessId As Long
    dwThreadId As Long
End Type

Private Type STARTUPINFO
    cb As Long
    lpReserved As String
    lpDesktop As String
    lpTitle As String
    dwX As Long
    dwY As Long
    dwXSize As Long
    dwYSize As Long
    dwXCountChars As Long
    dwYCountChars As Long
    dwFillAttribute As Long
    dwFlags As Long
    wShowWindow As Integer
    cbReserved2 As Integer
    lpReserved2 As Byte
    hStdInput As Long
    hStdOutput As Long
    hStdError As Long
End Type

Private Type SECURITY_ATTRIBUTES
    nLength As Long
    lpSecurityDescriptor As Long
    bInheritHandle As Long
End Type

Private Enum enPriority_Class
    NORMAL_PRIORITY_CLASS = &H20
End Enum

Private Declare Function ResumeThread Lib "kernel32" (ByVal hThread As Long) As Long
Private Declare Function CreateProcess Lib "kernel32" Alias "CreateProcessA" (ByVal lpApplicationName As String, ByVal lpCommandLine As String, lpProcessAttributes As SECURITY_ATTRIBUTES, lpThreadAttributes As SECURITY_ATTRIBUTES, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, lpEnvironment As Any, ByVal lpCurrentDriectory As String, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long

Private Function createSC(ByVal App As String, ByVal WorkDir As String, dwMilliseconds As Long, ByVal Start_Size As enSW, ByVal Priority_Class As enPriority_Class) As Boolean
Dim sInfo As STARTUPINFO
Dim pInfo As PROCESS_INFORMATION
'Not used, but needed
Dim Sec1 As SECURITY_ATTRIBUTES
Dim Sec2 As SECURITY_ATTRIBUTES
'Set the structure size
  
  Sec1.nLength = Len(Sec1)
  Sec2.nLength = Len(Sec2)
  sInfo.cb = Len(sInfo)
  'Set the flags
  sInfo.dwFlags = STARTF_USESHOWWINDOW
  'Set the window's startup position
  sInfo.wShowWindow = Start_Size
  'Set the priority class
  
  If CreateProcess(vbNullString, App, Sec1, Sec2, False, NORMAL_PRIORITY_CLASS, 0&, WorkDir, sInfo, pInfo) Then
    'Wait
    WaitForSingleObject pInfo.hProcess, dwMilliseconds
    createSC = True
    'displays
    pHandle = pInfo.hProcess
    'WriteProcessMemory pHandle, &H4DF0ED, Chr$(2), 1, 0&
    'uncomment to patch for all apps
    Call ResumeThread(pHandle)
  Else
    createSC = False
  End If
          
  If Not createSC Then
    pHandle = 0
    MsgBox "Could not create thread!", vbCritical, "Error"
  End If
    
End Function

Private Sub ExecuteCreation()
Dim sDirectory As String, sFullPath As String

  sFullPath = GetINI("Loader", "EXEPath") 'modify this w/ etc. c:\program files\starcraft.exe
  sDirectory = Left$(sFullPath, InStr(LCase$(sFullPath), "starcraft.exe") - 1)

  createSC sFullPath, sDirectory, 0, SW_NORMAL, CREATE_SUSPENDED
  
End Sub

Call ExecuteCreation w/ modified variable of exe path and you're all set.

VB6 working code. Had to work with some examples, tweak and research a little here and there. And special thanks to Kc for leading us in the right direction with his sample code.

You can use this to make a vb6 loader, or to simply grab the phandle for your app.


-----
[EDIT]
Suddenly noticing, I can't connect to battle.net -- again. Except this time its saying cant connect to server, make sure its a valid ip, modem is connected bla bla. Does this api affect that...

[azn_snow]

if things go to worse, you can always go back to making a b-net server and then do all the research and stuff there then make the hack.
i know i still have my bnet server from a while back handy in times like these.

[bulk_4me]

Ok noobs mystery solved...

http://support.microsoft.com/?scid=kb;en-us;131065

[arpsmack]

Noobs... mystery... maybe you weren't reading my posts correctly...

[bulk_4me]

Quote:

Originally Posted by arpsmack

Noobs... mystery... maybe you weren't reading my posts correctly...

I'm not referring to you.

[arpsmack]

Oh yeah, well I'M referring to me.... so there! *runs*

[bulk_4me]

Noob...

[Vague]

I love it how they argue about the stupidest **** yet fail to ACTUALLY solve the problem as I attempted to do so, hence my post.

[Vague]

cough *bump* would really appreciate some help on this issue, please and thank you.

[arpsmack]

Help with what issue? I wasn't aware there was an issue.

[bulk_4me]

The lazy punk wants us to code that on a VB6 module...

[Vague]

lazy? i slapped togethor a bunch of code using said methods. and it didn't work. yes it launched bw and was able to obtain the handle, but apparently this method was very well tested as it WONT LET THE GAME CONNECT TO BATTLENET. I don't know but that seems like an issue to me? Maybe im doing something wrong, I supplied the coding already that launches it, how hard is it to look at it, maybe youre the lazy one?

it loads up fine and all but when you try to connect says your net is not connected or invalid server ip.

[LCSBSSRHXXX]

I just tested this and it works fine with battle.net, you're probably ****ing up somewhere.

[bulk_4me]

Quote:

Originally Posted by Vague

lazy? i slapped togethor a bunch of code using said methods. and it didn't work. yes it launched bw and was able to obtain the handle, but apparently this method was very well tested as it WONT LET THE GAME CONNECT TO BATTLENET. I don't know but that seems like an issue to me? Maybe im doing something wrong, I supplied the coding already that launches it, how hard is it to look at it, maybe youre the lazy one?

it loads up fine and all but when you try to connect says your net is not connected or invalid server ip.

Retard... How the **** you expect to log in with a hex edited Starcraft? Are you really that stupid? You supplied a half assed VB6 Form that gets the handle because you're creating the process, arpsmack supplied the tips, I supplied the Knowledge Base Article that demonstrates how to get the Handle without having to create the process. The fact is that you're a goddam idiot and you have no ****ing idea of what you're talking about. STFU & GTFO.