Today is the day I release the official GuidedHacking Loader v2.0!
Written entirely in C++ using the Win32 API and my own really shitty GUI framework.
This project was really born as a test for said framework
The project consists of 2 components.
I wanted it to be dead easy to use and intuitive.
Open the generator, select a process, load dll, load readme (or risk distributing the default readme ), set your injection settings and hit the generate button.
I included a random name option that'll make the loader write the injector and dll to disk with random names, whatever.
UPX Loader... upx's the loader. Whatever lol...
First I'll start by explaining how most dll injectors work
The most basic DLL injector works by
Using WriteProcessMemory to write the DLL path to memory
Calling CreateRemoteThread() which creates a new thread in the target process
Inside this new thread you call LoadLibrary() and it loads the DLL into memory
Then your code in your DLL starts executing
CreateRemoteThread does not allow a user process in one session inject into a system or otherwise different session.
If you want to inject into a system process or a process in a different session you need to use NtCreateThreadEx
NtCreateThreadEx doesn't care about the process session
LoadLibrary() Tells the OS to load a .dll into memory, it's just one function call nice and easy.
Now what if an anticheat hooks LoadLibrary to detect you?
Let's take a step back and explain a little bit of Windows Internals
It exported by kernel32.dll, Kernel32 exposes your process to the Win32 API.
These... [Read More]
How To Pointer Scan Faster (Like a Boss Edition)
2 Methods Traditional & Multiple PointerMaps
Traditional Pointer Scanning with 1 pointermap:
1) Use 1 pointermap
2) Define last offset
3) Use Value instead of address scan
4) Define base module address range
5) Restart Game + rescan until you get diminishing returns
Results of this method:
36000 = Results with default settings
32000 = Results with base module defined
2000 = Results with base module + last offset defined
2000 = Results with pointermap
140 = Results after restart + rescan
118 = Results after second restart