Jump to content
Returning Members: Password Reset Required ×

Client: Dragon Launcher


Spirited

Recommended Posts

Introduction

Hi all! I wrote a little launcher and some hooks recently as practice (since I've never written client hooks before). I decided to make it open-source since I didn't find a lot of examples of QueueUserAPC DLL injection or some of the hooks I wrote using Detours. Enjoy, and give me feedback if you'd like. Thanks!

About the project

Dragon is Chimera's game client launcher. This open-source version of the project excludes the auto-patch / launcher application, but includes the command-line code injector and three modules: a flash module that loads the ActiveX Flash plugin from the client's directory, a connect module for redirecting socket connections for private servers, and a websites module for redirecting / blocking website popups.

Dragon uses code injection to change the behavior of the game client. It starts a new process for the game client in a suspended state. Then, queues asynchronous procedure calls on the main thread of the client using QueueUserAPC. Once injected, the process is resumed. Modules injected into the client will load before the entry point of the client is called.

Link

You can find the project on my website here:

https://spirited.io/project/dragon/

Link to comment
Share on other sites

Introduction

Hi all! I wrote a little launcher and some hooks recently as practice (since I've never written client hooks before). I decided to make it open-source since I didn't find a lot of examples of QueueUserAPC DLL injection or some of the hooks I wrote using Detours. Enjoy, and give me feedback if you'd like. Thanks!

About the project

Dragon is Chimera's game client launcher. This open-source version of the project excludes the auto-patch / launcher application, but includes the command-line code injector and three modules: a flash module that loads the ActiveX Flash plugin from the client's directory, a connect module for redirecting socket connections for private servers, and a websites module for redirecting / blocking website popups.

Dragon uses code injection to change the behavior of the game client. It starts a new process for the game client in a suspended state. Then, queues asynchronous procedure calls on the main thread of the client using QueueUserAPC. Once injected, the process is resumed. Modules injected into the client will load before the entry point of the client is called.

Link

You can find the project on my website here:

https://spirited.io/project/dragon/

Ok, that's something you know that I'll be working on it lol it looks pretty good.

Of course I'll keep the credits, thank you Gareth, this looks amazing

Link to comment
Share on other sites

Ok, that's something you know that I'll be working on it lol it looks pretty good.

Of course I'll keep the credits, thank you Gareth, this looks amazing

Oh, thank you. And okie dokie. You're welcome to contribute back to the open-source repo as well. I'll add a contributing.md and contributors.md file.

Link to comment
Share on other sites

  • 1 month later...

I've been looking into downgrading this to work on lower patches (~4348). There's some obvious things, like the check for 64 bit would have to be removed/changed to 32. But other than that I'm not actually sure what I'd have to change to make it work. It doesn't want to inject into these lower patches. Any ideas on what would have to be changed?

Edit:

Wow I was stuck on this for so long, and now like 10 minutes after I post this I figured it out. I _thought_ I had changed this to compile to 32bit, but apparently not. I think that's all it took. At first I was using TH32CS_SNAPMODULE32 for taking the snapshot, but that's only needed if running a 64 bit process. Doh.

Link to comment
Share on other sites

I've been looking into downgrading this to work on lower patches (~4348). There's some obvious things, like the check for 64 bit would have to be removed/changed to 32. But other than that I'm not actually sure what I'd have to change to make it work. It doesn't want to inject into these lower patches. Any ideas on what would have to be changed?

Edit:

Wow I was stuck on this for so long, and now like 10 minutes after I post this I figured it out. I _thought_ I had changed this to compile to 32bit, but apparently not. I think that's all it took. At first I was using TH32CS_SNAPMODULE32 for taking the snapshot, but that's only needed if running a 64 bit process. Doh.

Yep, it should just be ready to go. Let me know if you run into any issues developing on it. It's my first time writing a client hook / injector.

Link to comment
Share on other sites

  • 10 months later...

If you're open to some contributions, I spent a little while with this not realizing we had NuGet packages and the msys64 g++ not playing ball .

I did need to make some updates to the project, so I threw them into a PR: https://gitlab.com/spirited/dragon/-/merge_requests/1

Welcome to close if you don't think this is worthwhile.

Merged. And yeah, feel free to make changes. That's why it's open source!

Link to comment
Share on other sites

  • 6 months later...

I'm into an issue with Dragon. Like 20% of the times you run the launcher it returns an error 1067 which means that the injection failed.

The error happens before any Module DLL injection, as far as I noticed, it does not log the DLLs injection and just fails. And this is not only on my launcher, running the launcher directly via CMD also does it.

imagem-2023-07-15-130136190.png

Forget about the Console, I targeted the wrong folder within the Console, Conquer.exe is 1 folder behind.

Link to comment
Share on other sites

I'm into an issue with Dragon. Like 20% of the times you run the launcher it returns an error 1067 which means that the injection failed.

The error happens before any Module DLL injection, as far as I noticed, it does not log the DLLs injection and just fails. And this is not only on my launcher, running the launcher directly via CMD also does it.

imagem-2023-07-15-130136190.png

Forget about the Console, I targeted the wrong folder within the Console, Conquer.exe is 1 folder behind.

Does it return an error code back to your launcher? There should be an exit code with the error.

Link to comment
Share on other sites

The error 1067 is from the StartProcess method on launch_process.cpp

// Check the architecture of the running process
   BOOL parentWow64, childWow64;
   IsWow64Process(GetCurrentProcess(), &parentWow64);
   IsWow64Process(processInfo.hProcess, &childWow64);

   if (!parentWow64 || !childWow64) {
       TerminateProcess(processInfo.hProcess, ERROR_PROCESS_ABORTED);
       CloseHandle(processInfo.hProcess);
       CloseHandle(processInfo.hThread);
       return ERROR_PROCESS_ABORTED;
   }

I will debug it properly later to see if I manage to get a solution for this.

Link to comment
Share on other sites

The error 1067 is from the StartProcess method on launch_process.cpp

// Check the architecture of the running process
   BOOL parentWow64, childWow64;
   IsWow64Process(GetCurrentProcess(), &parentWow64);
   IsWow64Process(processInfo.hProcess, &childWow64);

   if (!parentWow64 || !childWow64) {
       TerminateProcess(processInfo.hProcess, ERROR_PROCESS_ABORTED);
       CloseHandle(processInfo.hProcess);
       CloseHandle(processInfo.hThread);
       return ERROR_PROCESS_ABORTED;
   }

I will debug it properly later to see if I manage to get a solution for this.

Oh, interesting. Are you trying to start a 64-bit application using a 32-bit build of Dragon by any chance?

Link to comment
Share on other sites

  • 1 year later...

Does anyone know how I can find more info about what went wrong? I had a few issues to work through during the initial steps (unblocking .resx files and a couple other things I can't remember) but it builds fine now without any problems but I just can't run the project (trying to run with Dragon.Launch as the startup project).

One thing I do notice which seems a bit strange, the target framework is .net7.0-windows but my output appears to be in a .net6.0-windows folder so maybe that's the issue. I have .net7.0 installed though and I'm not getting any warnings about it not being able to find things when it runs. Slightly perplexed.

image.png.1757ee5217afef87151e4644f03fe2ea.png

Link to comment
Share on other sites

8 hours ago, Konichu said:

He probably is just trying to debug the Launch application from VS and is not using the right parameters (or no params at all) since its exiting with error 2

ERROR_FILE_NOT_FOUND 2

I used the parameters outlined in the readme: <Path to conquer folder> <name of conquer exe> blacknull and tried with both debugging and the shortcut params. Three of us followed the steps and arrived at the same conclusion but we got the original version in Spirited's repo working so no worries.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...