Spirited Posted January 7, 2022 Share Posted January 7, 2022 IntroductionHi all! I wrote a little launcher and some hooks recently as practice (since I've never written client hooks before). I decided to make it open-source since I didn't find a lot of examples of QueueUserAPC DLL injection or some of the hooks I wrote using Detours. Enjoy, and give me feedback if you'd like. Thanks!About the projectDragon is Chimera's game client launcher. This open-source version of the project excludes the auto-patch / launcher application, but includes the command-line code injector and three modules: a flash module that loads the ActiveX Flash plugin from the client's directory, a connect module for redirecting socket connections for private servers, and a websites module for redirecting / blocking website popups.Dragon uses code injection to change the behavior of the game client. It starts a new process for the game client in a suspended state. Then, queues asynchronous procedure calls on the main thread of the client using QueueUserAPC. Once injected, the process is resumed. Modules injected into the client will load before the entry point of the client is called.LinkYou can find the project on my website here:https://spirited.io/project/dragon/ Quote Link to comment Share on other sites More sharing options...
Konichu Posted January 8, 2022 Share Posted January 8, 2022 IntroductionHi all! I wrote a little launcher and some hooks recently as practice (since I've never written client hooks before). I decided to make it open-source since I didn't find a lot of examples of QueueUserAPC DLL injection or some of the hooks I wrote using Detours. Enjoy, and give me feedback if you'd like. Thanks!About the projectDragon is Chimera's game client launcher. This open-source version of the project excludes the auto-patch / launcher application, but includes the command-line code injector and three modules: a flash module that loads the ActiveX Flash plugin from the client's directory, a connect module for redirecting socket connections for private servers, and a websites module for redirecting / blocking website popups.Dragon uses code injection to change the behavior of the game client. It starts a new process for the game client in a suspended state. Then, queues asynchronous procedure calls on the main thread of the client using QueueUserAPC. Once injected, the process is resumed. Modules injected into the client will load before the entry point of the client is called.LinkYou can find the project on my website here:https://spirited.io/project/dragon/Ok, that's something you know that I'll be working on it lol it looks pretty good.Of course I'll keep the credits, thank you Gareth, this looks amazing Quote Link to comment Share on other sites More sharing options...
Spirited Posted January 8, 2022 Author Share Posted January 8, 2022 Ok, that's something you know that I'll be working on it lol it looks pretty good.Of course I'll keep the credits, thank you Gareth, this looks amazingOh, thank you. And okie dokie. You're welcome to contribute back to the open-source repo as well. I'll add a contributing.md and contributors.md file. Quote Link to comment Share on other sites More sharing options...
Tyrantosaurus Posted February 17, 2022 Share Posted February 17, 2022 I've been looking into downgrading this to work on lower patches (~4348). There's some obvious things, like the check for 64 bit would have to be removed/changed to 32. But other than that I'm not actually sure what I'd have to change to make it work. It doesn't want to inject into these lower patches. Any ideas on what would have to be changed?Edit: Wow I was stuck on this for so long, and now like 10 minutes after I post this I figured it out. I _thought_ I had changed this to compile to 32bit, but apparently not. I think that's all it took. At first I was using TH32CS_SNAPMODULE32 for taking the snapshot, but that's only needed if running a 64 bit process. Doh. Quote Link to comment Share on other sites More sharing options...
Spirited Posted February 17, 2022 Author Share Posted February 17, 2022 I've been looking into downgrading this to work on lower patches (~4348). There's some obvious things, like the check for 64 bit would have to be removed/changed to 32. But other than that I'm not actually sure what I'd have to change to make it work. It doesn't want to inject into these lower patches. Any ideas on what would have to be changed?Edit: Wow I was stuck on this for so long, and now like 10 minutes after I post this I figured it out. I _thought_ I had changed this to compile to 32bit, but apparently not. I think that's all it took. At first I was using TH32CS_SNAPMODULE32 for taking the snapshot, but that's only needed if running a 64 bit process. Doh.Yep, it should just be ready to go. Let me know if you run into any issues developing on it. It's my first time writing a client hook / injector. Quote Link to comment Share on other sites More sharing options...
Dandy Posted January 8, 2023 Share Posted January 8, 2023 If you're open to some contributions, I spent a little while with this not realizing we had NuGet packages and the msys64 g++ not playing ball .I did need to make some updates to the project, so I threw them into a PR: https://gitlab.com/spirited/dragon/-/merge_requests/1Welcome to close if you don't think this is worthwhile. Quote Link to comment Share on other sites More sharing options...
Spirited Posted January 9, 2023 Author Share Posted January 9, 2023 If you're open to some contributions, I spent a little while with this not realizing we had NuGet packages and the msys64 g++ not playing ball .I did need to make some updates to the project, so I threw them into a PR: https://gitlab.com/spirited/dragon/-/merge_requests/1Welcome to close if you don't think this is worthwhile.Merged. And yeah, feel free to make changes. That's why it's open source! Quote Link to comment Share on other sites More sharing options...
Konichu Posted July 15, 2023 Share Posted July 15, 2023 I'm into an issue with Dragon. Like 20% of the times you run the launcher it returns an error 1067 which means that the injection failed.The error happens before any Module DLL injection, as far as I noticed, it does not log the DLLs injection and just fails. And this is not only on my launcher, running the launcher directly via CMD also does it.Forget about the Console, I targeted the wrong folder within the Console, Conquer.exe is 1 folder behind. Quote Link to comment Share on other sites More sharing options...
Spirited Posted July 15, 2023 Author Share Posted July 15, 2023 I'm into an issue with Dragon. Like 20% of the times you run the launcher it returns an error 1067 which means that the injection failed.The error happens before any Module DLL injection, as far as I noticed, it does not log the DLLs injection and just fails. And this is not only on my launcher, running the launcher directly via CMD also does it.Forget about the Console, I targeted the wrong folder within the Console, Conquer.exe is 1 folder behind.Does it return an error code back to your launcher? There should be an exit code with the error. Quote Link to comment Share on other sites More sharing options...
Konichu Posted July 16, 2023 Share Posted July 16, 2023 The error 1067 is from the StartProcess method on launch_process.cpp// Check the architecture of the running process BOOL parentWow64, childWow64; IsWow64Process(GetCurrentProcess(), &parentWow64); IsWow64Process(processInfo.hProcess, &childWow64); if (!parentWow64 || !childWow64) { TerminateProcess(processInfo.hProcess, ERROR_PROCESS_ABORTED); CloseHandle(processInfo.hProcess); CloseHandle(processInfo.hThread); return ERROR_PROCESS_ABORTED; }I will debug it properly later to see if I manage to get a solution for this. Quote Link to comment Share on other sites More sharing options...
Spirited Posted July 16, 2023 Author Share Posted July 16, 2023 The error 1067 is from the StartProcess method on launch_process.cpp// Check the architecture of the running process BOOL parentWow64, childWow64; IsWow64Process(GetCurrentProcess(), &parentWow64); IsWow64Process(processInfo.hProcess, &childWow64); if (!parentWow64 || !childWow64) { TerminateProcess(processInfo.hProcess, ERROR_PROCESS_ABORTED); CloseHandle(processInfo.hProcess); CloseHandle(processInfo.hThread); return ERROR_PROCESS_ABORTED; }I will debug it properly later to see if I manage to get a solution for this.Oh, interesting. Are you trying to start a 64-bit application using a 32-bit build of Dragon by any chance? Quote Link to comment Share on other sites More sharing options...
Konichu Posted July 16, 2023 Share Posted July 16, 2023 Everything is being compiled as x86, even the Launcher. I still have no info on this since I'm trying to finish my Elite PK Tournament but I'll debug this issue asap. Quote Link to comment Share on other sites More sharing options...
Zedaf Posted September 3 Share Posted September 3 Does anyone know how I can find more info about what went wrong? I had a few issues to work through during the initial steps (unblocking .resx files and a couple other things I can't remember) but it builds fine now without any problems but I just can't run the project (trying to run with Dragon.Launch as the startup project). One thing I do notice which seems a bit strange, the target framework is .net7.0-windows but my output appears to be in a .net6.0-windows folder so maybe that's the issue. I have .net7.0 installed though and I'm not getting any warnings about it not being able to find things when it runs. Slightly perplexed. Quote Link to comment Share on other sites More sharing options...
Zedaf Posted September 3 Share Posted September 3 hmm seems I was running into issues by using this version of dragon: https://gitlab.com/world-conquer-online/canyon/dragon instead of this version: https://gitlab.com/spirited/dragon Quote Link to comment Share on other sites More sharing options...
Spirited Posted September 4 Author Share Posted September 4 3 hours ago, Zedaf said: hmm seems I was running into issues by using this version of dragon: https://gitlab.com/world-conquer-online/canyon/dragon instead of this version: https://gitlab.com/spirited/dragon Ahhh, yeah. You'll have to check with @Konichu on his fork of it. Quote Link to comment Share on other sites More sharing options...
Konichu Posted September 4 Share Posted September 4 He probably is just trying to debug the Launch application from VS and is not using the right parameters (or no params at all) since its exiting with error 2 ERROR_FILE_NOT_FOUND 2 Quote Link to comment Share on other sites More sharing options...
Zedaf Posted September 4 Share Posted September 4 8 hours ago, Konichu said: He probably is just trying to debug the Launch application from VS and is not using the right parameters (or no params at all) since its exiting with error 2 ERROR_FILE_NOT_FOUND 2 I used the parameters outlined in the readme: <Path to conquer folder> <name of conquer exe> blacknull and tried with both debugging and the shortcut params. Three of us followed the steps and arrived at the same conclusion but we got the original version in Spirited's repo working so no worries. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.