Libcod for windows

**Mitch** · 19th December 2013, 19:04

I am gonna try to port libcod to windows. In the newer windows it is made harder to inject DLL's. But it is possible.

I tested the solution below and it works on windows 8.1.
https://github.com/stephenfewer/ReflectiveDLLInjection

Code:

Usage: inject.exe [pid] [dll_file]

My first goal will be overriding the closer function.

Edit: added latest version as attachment
Edit 2: if you are getting a unknown function error, it is caused because the dll is linked to mysql. (copy libmysql.dll from lib/ with your libcod dll)
http://killtube.org/showthread.php?1...ll=1#post10967

Edit 3: It might be that pushing a vector or entity doesn't work. (unverified)

Latest source code: https://github.com/M-itch/libcod_win
CoD2 1.0: http://killtube.org/showthread.php?1...ll=1#post11117
CoD2 1.3: http://killtube.org/showthread.php?1...ull=1#post8864

**Mitch** · 19th December 2013, 21:05

Closer isn't working yet but I can now easily inject the DLL.

Inject console application (needs to be run as administrator)

PHP Code:


#include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>

void EnableDebugPriv() {
    HANDLE hToken;
    LUID luid;
    TOKEN_PRIVILEGES tkp;

    OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken );

    LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid );

    tkp.PrivilegeCount = 1;
    tkp.Privileges[0].Luid = luid;
    tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

    AdjustTokenPrivileges( hToken, false, &tkp, sizeof( tkp ), NULL, NULL );

    CloseHandle( hToken );
}

int main( int, char *[] ) {
    PROCESSENTRY32 entry;
    entry.dwSize = sizeof( PROCESSENTRY32 );

    HANDLE snapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, NULL );

    if ( Process32First( snapshot, &entry ) == TRUE ) {
        while ( Process32Next( snapshot, &entry ) == TRUE ) {
            if ( stricmp( entry.szExeFile, "CoD2MP_s.exe" ) == 0 ) {
                EnableDebugPriv();

                char dirPath[MAX_PATH];
                char fullPath[MAX_PATH];

                GetCurrentDirectory( MAX_PATH, dirPath );

                snprintf ( fullPath, MAX_PATH, "%s\\libcod_win.dll", dirPath );

                HANDLE hProcess = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, entry.th32ProcessID );
                LPVOID libAddr = (LPVOID)GetProcAddress( GetModuleHandle( "kernel32.dll" ), "LoadLibraryA" );
                LPVOID llParam = (LPVOID)VirtualAllocEx( hProcess, NULL, strlen( fullPath ), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE );

                WriteProcessMemory( hProcess, llParam, fullPath, strlen( fullPath ), NULL );
                CreateRemoteThread( hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)libAddr, llParam, NULL, NULL );
                CloseHandle( hProcess );
            }
        }
    }

    CloseHandle( snapshot );

    return 0;
}

(Credits goes to http://stackoverflow.com/a/873659)

DLL

PHP Code:


#include "main.h"

int cdecl_injected_closer()
{
    MessageBoxA( NULL, "CLOSER", "libcod", MB_OK );
    return 1337;
}

void init()
{
    int *addressToCloserPointer = (int *)0x0070955B;
    *addressToCloserPointer = (int) cdecl_injected_closer;
}

extern "C" DLL_EXPORT BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    switch (fdwReason)
    {
        case DLL_PROCESS_ATTACH:
            MessageBoxA( NULL, "[PLUGIN LOADED]", "libcod", MB_OK );
            init();
            break;

        case DLL_PROCESS_DETACH:
            // detach from process
            break;

        case DLL_THREAD_ATTACH:
            // attach to thread
            break;

        case DLL_THREAD_DETACH:
            // detach from thread
            break;
    }
    return TRUE; // succesful
}

header

PHP Code:


#ifndef __MAIN_H__
#define __MAIN_H__

#include <windows.h>

/*  To use this exported function of dll, include this header
 *  in your project.
 */

#ifdef BUILD_DLL
    #define DLL_EXPORT __declspec(dllexport)
#else
    #define DLL_EXPORT __declspec(dllimport)
#endif


#ifdef __cplusplus
extern "C"
{
#endif

#ifdef __cplusplus
}
#endif

#endif // __MAIN_H__

**php** · 20th December 2013, 13:02

If anyone is looking for libcod CoD 1.5 Windows, have a look at this; https://github.com/riicchhaarrd/MDLL/
OT; Why would you want to make it available for Windows 8(.1), since I doubt servers use that to host.

**Mitch** · 20th December 2013, 15:06

Originally Posted by php

If anyone is looking for libcod CoD 1.5 Windows, have a look at this; https://github.com/riicchhaarrd/MDLL/
OT; Why would you want to make it available for Windows 8(.1), since I doubt servers use that to host.

Because i use 8.1 myself and it is easier to test when it works on the os i use on my laptop.

Edit: and the dll is the same for all windows version, but you need to inject it on 7/8.

I am gonna try to print the start message in the console. (it is less annoying than a popup)

**Mitch** · 26th January 2014, 16:58

I got currently the closer function hooked and i can read parameters from the closer function from the stack. (cod2 1.3)

I cleaned up the code and started merging stuff from libcod.
https://github.com/M-itch/libcod_win

Status:
- Retrieve gsc function parameters: working
- pushStackInt, pushStackString, pushStackFloat, stackPushArray, stackPushArrayLast, pushStackVector: working
- pushStackEntity (get spectatorclient): not working
- mysql support: working
- setvelocity: working
- disableGlobalPlayerCollision: working
- getip, getport: working
- io::print (200): working
- stance: working
- get buttons: untested (likely to work)

Thread: Libcod for windows

Thread Tools

Search Thread

Display

Libcod for windows

The Following 6 Users Say Thank You to Mitch For This Useful Post:

The Following 2 Users Say Thank You to php For This Useful Post:

The Following User Says Thank You to Mitch For This Useful Post: