search

mactec0 / Kernelmode-manual-mapping-through-IAT

Manual mapping without creating any threads, with rw only access
676 stars 121 forks source link

kernel injection not working (vmt version) #7

Open beranos opened 4 years ago

beranos commented 4 years ago

hi, i tried the kernel injector this version (https://github.com/mactec0/Kernelmode-manual-mapping-through-IAT/tree/swapchain_vmt_example)

i'm testing on RainbowSix when i open the injector the console says everything is fine even tho the dll is not being injected (using testdll)

EDIT: Oh, nevermind. i figured out GameOverlayRenderer64.dll is from steam overlay but i'm using the uplay version. my bad anyways now it's saying "Cannot find vmt table" so i'm guessing the offsets changed?

reahly commented 4 years ago

hi, i tried the kernel injector this version (https://github.com/mactec0/Kernelmode-manual-mapping-through-IAT/tree/swapchain_vmt_example)

i'm testing on RainbowSix when i open the injector the console says everything is fine even tho the dll is not being injected (using testdll)

EDIT: Oh, nevermind. i figured out GameOverlayRenderer64.dll is from steam overlay but i'm using the uplay version. my bad anyways now it's saying "Cannot find vmt table" so i'm guessing the offsets changed?

yes it changed, https://i.imgur.com/fKLxlcc.png 1800AEECB - imagebase = 0x18D4C8

Bix3 commented 4 years ago

for me the game crashes with the offset @dollarssign posted (0x18D4C8) tough i can confirm its the right one when i scan the sig i get the same. it crashes on: https://github.com/mactec0/Kernelmode-manual-mapping-through-IAT/blob/dd1d848a380c9496cbdbafc0225790bd09ba0d52/mmap/mmap.cpp#L230

reahly commented 4 years ago

for me the game crashes with the offset @dollarssign posted (0x18D4C8) tough i can confirm its the right one when i scan the sig i get the same. it crashes on:

https://github.com/mactec0/Kernelmode-manual-mapping-through-IAT/blob/dd1d848a380c9496cbdbafc0225790bd09ba0d52/mmap/mmap.cpp#L230

are you sure? it works fine for me with the test dll attached to the project

Bix3 commented 4 years ago

yes it works now, i compiled the dll from source and didnt saw that there were project files, thank you!

reahly commented 4 years ago

changed again, new offset: 0x18E528

Grabowski95 commented 4 years ago

hi there, thanks for the splendit work but i cant manage it to work (testing on warhammer vermintide 2 mod realm). I grabbed new offset 0x01B7528 but seems its not correct. It says injected but no messagebox shows up. Also, where did you get these 2 pointers 0xE0 and 0x00?

ThaFurther commented 4 years ago

Also, where did you get these 2 pointers 0xE0 and 0x00?

Did you get an answer on this?

GerritdinaH commented 4 years ago

anyone found a Swapchain pointer for DiscordHook64?