D Module Injector

I wrote a D module injector! It’s coded in C++, but it works with the latest DMD2.

Basically, here’s a rundown of the problem I was facing. You can’t use CreateRemoteThread to invoke LoadLibrary to load a D module into a foreign (or local, for that matter, seriously try LoadLibrary with CreateThread in a C++ application) process without it crashing. For some reason or another you must load the module in the primary process thread. This is what this hook does. I suspend the “main” thread, switch out EIP for my own (allocated code cave) and JMP back to the original code.

This has only been tested with “Hitman: Absolution” but give it a shot on your process and let me know how it goes! I included the source code and binary for the C++ program in the download below. Enjoy.

Download551 downloads

5 comments

  1. RaptorFactor says:

    I compiled a dummy DLL using the instructions on the D website (http://dlang.org/dll.html) and then successfully injected it into calc.exe using my injector (https://code.google.com/p/hadesmem/), which uses CreateRemoteThread. I was also able to successfully call an export (I changed the example code to just have an export called ‘test’ which simply did ‘return 1234′).[1]

    It sounds like there’s some piece missing. Something the DLL is doing must be causing it (though without a repro I can’t tell whether it’s the D runtime that’s doing it, or something in your code)… Any chance you could provide the source code and compilation steps of a minimized repro DLL? Also, what compiler (and version) are you using, and what Windows version are you running?

    When I tried injecting your DLL into calc.exe I got a message box with what I assume is a log path in it, and then after clicking “Okay” it crashed. Though I didn’t bother looking through the dump file because I’m not sure whether it’s the crash you’re talking about, or whether it’s just because it’s expecting to be injected into Hitman, and ends up trying to read some memory that doesn’t exist etc. So yeah, a minimal repro with source code would be helpful in order to investigate further.

    If you’d like to try my injector for yourself to see if it makes a difference and don’t want to go to the trouble of setting up the build environment required to compile my code, I’ve dropped binaries from the top of trunk here (will require the Visual C++ 2013 Redistributable):
    http://sdrv.ms/1agnfZ6

    Btw, I only tried x86 not x64. Is there an x64 build of DMD (or whatever compiler you use), and does it exhibit the same problem?

    [1] Example output:
    C:\Code\hadesmem-trunk\dist\msvc\debug\x86>inject.exe –pid=75904 –module=c:\Code\Scratch\D\mydll.dll –inject –export=D5mydll4testFZi
    HadesMem Injector [v2.0.0]

    Failed to acquire SeDebugPrivilege.

    Successfully injected module at base address 10000000.

    Successfully called module export.
    Return: 1234.
    LastError: 0.

    • s0beit says:

      The DLL has since been lost, sadly, but the HMA.dll included is meant to be injected with hitman.

      I was actually not aware I included it at all. I can test this with calc later and an empty EXE, but the work environment I was using was Visual Studio 2010 (for C++ and D) with DMD2. I used the D addon for Visual Studio.

      As for hitman, as I was testing this with the DMD2 that was out at the time, other people came forward on the forums and explained they were having similar issues and that the thread hijacking method fixed their issue, so I assume that at some level there is something the D garbage collector is doing which causes an exception if you load it into a thread outright.

      If it works with your version, perhaps they updated it and resolved the issue. I’ll test today and let you know how it goes with the version I have now, and see if there is updates since I made this (some time ago).

  2. RaptorFactor says:

    Okay cool. Let me know what you find, because if it’s still not working I’d definitely be interested in figuring out why.

    Thanks.

  3. Good work bruh, Im fuckin the D atm and im amused how little attention it gets. Beautiful languages to beautiful people I guess. hu3