Spirited Posted January 7, 2022 Posted January 7, 2022 IntroductionHi all! I wrote a little launcher and some hooks recently as practice (since I've never written client hooks before). I decided to make it open-source since I didn't find a lot of examples of QueueUserAPC DLL injection or some of the hooks I wrote using Detours. Enjoy, and give me feedback if you'd like. Thanks!About the projectDragon is Chimera's game client launcher. This open-source version of the project excludes the auto-patch / launcher application, but includes the command-line code injector and three modules: a flash module that loads the ActiveX Flash plugin from the client's directory, a connect module for redirecting socket connections for private servers, and a websites module for redirecting / blocking website popups.Dragon uses code injection to change the behavior of the game client. It starts a new process for the game client in a suspended state. Then, queues asynchronous procedure calls on the main thread of the client using QueueUserAPC. Once injected, the process is resumed. Modules injected into the client will load before the entry point of the client is called.LinkYou can find the project on my website here:https://spirited.io/project/dragon/ Quote
Konichu Posted January 8, 2022 Posted January 8, 2022 IntroductionHi all! I wrote a little launcher and some hooks recently as practice (since I've never written client hooks before). I decided to make it open-source since I didn't find a lot of examples of QueueUserAPC DLL injection or some of the hooks I wrote using Detours. Enjoy, and give me feedback if you'd like. Thanks!About the projectDragon is Chimera's game client launcher. This open-source version of the project excludes the auto-patch / launcher application, but includes the command-line code injector and three modules: a flash module that loads the ActiveX Flash plugin from the client's directory, a connect module for redirecting socket connections for private servers, and a websites module for redirecting / blocking website popups.Dragon uses code injection to change the behavior of the game client. It starts a new process for the game client in a suspended state. Then, queues asynchronous procedure calls on the main thread of the client using QueueUserAPC. Once injected, the process is resumed. Modules injected into the client will load before the entry point of the client is called.LinkYou can find the project on my website here:https://spirited.io/project/dragon/Ok, that's something you know that I'll be working on it lol it looks pretty good.Of course I'll keep the credits, thank you Gareth, this looks amazing Quote
Spirited Posted January 8, 2022 Author Posted January 8, 2022 Ok, that's something you know that I'll be working on it lol it looks pretty good.Of course I'll keep the credits, thank you Gareth, this looks amazingOh, thank you. And okie dokie. You're welcome to contribute back to the open-source repo as well. I'll add a contributing.md and contributors.md file. Quote
Tyrantosaurus Posted February 17, 2022 Posted February 17, 2022 I've been looking into downgrading this to work on lower patches (~4348). There's some obvious things, like the check for 64 bit would have to be removed/changed to 32. But other than that I'm not actually sure what I'd have to change to make it work. It doesn't want to inject into these lower patches. Any ideas on what would have to be changed?Edit: Wow I was stuck on this for so long, and now like 10 minutes after I post this I figured it out. I _thought_ I had changed this to compile to 32bit, but apparently not. I think that's all it took. At first I was using TH32CS_SNAPMODULE32 for taking the snapshot, but that's only needed if running a 64 bit process. Doh. Quote
Spirited Posted February 17, 2022 Author Posted February 17, 2022 I've been looking into downgrading this to work on lower patches (~4348). There's some obvious things, like the check for 64 bit would have to be removed/changed to 32. But other than that I'm not actually sure what I'd have to change to make it work. It doesn't want to inject into these lower patches. Any ideas on what would have to be changed?Edit: Wow I was stuck on this for so long, and now like 10 minutes after I post this I figured it out. I _thought_ I had changed this to compile to 32bit, but apparently not. I think that's all it took. At first I was using TH32CS_SNAPMODULE32 for taking the snapshot, but that's only needed if running a 64 bit process. Doh.Yep, it should just be ready to go. Let me know if you run into any issues developing on it. It's my first time writing a client hook / injector. Quote
Dandy Posted January 8, 2023 Posted January 8, 2023 If you're open to some contributions, I spent a little while with this not realizing we had NuGet packages and the msys64 g++ not playing ball .I did need to make some updates to the project, so I threw them into a PR: https://gitlab.com/spirited/dragon/-/merge_requests/1Welcome to close if you don't think this is worthwhile. Quote
Spirited Posted January 9, 2023 Author Posted January 9, 2023 If you're open to some contributions, I spent a little while with this not realizing we had NuGet packages and the msys64 g++ not playing ball .I did need to make some updates to the project, so I threw them into a PR: https://gitlab.com/spirited/dragon/-/merge_requests/1Welcome to close if you don't think this is worthwhile.Merged. And yeah, feel free to make changes. That's why it's open source! Quote
Konichu Posted July 15, 2023 Posted July 15, 2023 I'm into an issue with Dragon. Like 20% of the times you run the launcher it returns an error 1067 which means that the injection failed.The error happens before any Module DLL injection, as far as I noticed, it does not log the DLLs injection and just fails. And this is not only on my launcher, running the launcher directly via CMD also does it.Forget about the Console, I targeted the wrong folder within the Console, Conquer.exe is 1 folder behind. Quote
Spirited Posted July 15, 2023 Author Posted July 15, 2023 I'm into an issue with Dragon. Like 20% of the times you run the launcher it returns an error 1067 which means that the injection failed.The error happens before any Module DLL injection, as far as I noticed, it does not log the DLLs injection and just fails. And this is not only on my launcher, running the launcher directly via CMD also does it.Forget about the Console, I targeted the wrong folder within the Console, Conquer.exe is 1 folder behind.Does it return an error code back to your launcher? There should be an exit code with the error. Quote
Konichu Posted July 16, 2023 Posted July 16, 2023 The error 1067 is from the StartProcess method on launch_process.cpp// Check the architecture of the running process BOOL parentWow64, childWow64; IsWow64Process(GetCurrentProcess(), &parentWow64); IsWow64Process(processInfo.hProcess, &childWow64); if (!parentWow64 || !childWow64) { TerminateProcess(processInfo.hProcess, ERROR_PROCESS_ABORTED); CloseHandle(processInfo.hProcess); CloseHandle(processInfo.hThread); return ERROR_PROCESS_ABORTED; }I will debug it properly later to see if I manage to get a solution for this. Quote
Spirited Posted July 16, 2023 Author Posted July 16, 2023 The error 1067 is from the StartProcess method on launch_process.cpp// Check the architecture of the running process BOOL parentWow64, childWow64; IsWow64Process(GetCurrentProcess(), &parentWow64); IsWow64Process(processInfo.hProcess, &childWow64); if (!parentWow64 || !childWow64) { TerminateProcess(processInfo.hProcess, ERROR_PROCESS_ABORTED); CloseHandle(processInfo.hProcess); CloseHandle(processInfo.hThread); return ERROR_PROCESS_ABORTED; }I will debug it properly later to see if I manage to get a solution for this.Oh, interesting. Are you trying to start a 64-bit application using a 32-bit build of Dragon by any chance? Quote
Konichu Posted July 16, 2023 Posted July 16, 2023 Everything is being compiled as x86, even the Launcher. I still have no info on this since I'm trying to finish my Elite PK Tournament but I'll debug this issue asap. Quote
Zedaf Posted September 3, 2024 Posted September 3, 2024 Does anyone know how I can find more info about what went wrong? I had a few issues to work through during the initial steps (unblocking .resx files and a couple other things I can't remember) but it builds fine now without any problems but I just can't run the project (trying to run with Dragon.Launch as the startup project). One thing I do notice which seems a bit strange, the target framework is .net7.0-windows but my output appears to be in a .net6.0-windows folder so maybe that's the issue. I have .net7.0 installed though and I'm not getting any warnings about it not being able to find things when it runs. Slightly perplexed. Quote
Zedaf Posted September 3, 2024 Posted September 3, 2024 hmm seems I was running into issues by using this version of dragon: https://gitlab.com/world-conquer-online/canyon/dragon instead of this version: https://gitlab.com/spirited/dragon Quote
Spirited Posted September 4, 2024 Author Posted September 4, 2024 3 hours ago, Zedaf said: hmm seems I was running into issues by using this version of dragon: https://gitlab.com/world-conquer-online/canyon/dragon instead of this version: https://gitlab.com/spirited/dragon Ahhh, yeah. You'll have to check with @Konichu on his fork of it. Quote
Konichu Posted September 4, 2024 Posted September 4, 2024 He probably is just trying to debug the Launch application from VS and is not using the right parameters (or no params at all) since its exiting with error 2 ERROR_FILE_NOT_FOUND 2 Quote
Zedaf Posted September 4, 2024 Posted September 4, 2024 8 hours ago, Konichu said: He probably is just trying to debug the Launch application from VS and is not using the right parameters (or no params at all) since its exiting with error 2 ERROR_FILE_NOT_FOUND 2 I used the parameters outlined in the readme: <Path to conquer folder> <name of conquer exe> blacknull and tried with both debugging and the shortcut params. Three of us followed the steps and arrived at the same conclusion but we got the original version in Spirited's repo working so no worries. Quote
megabandit Posted May 3 Posted May 3 (edited) Hi, Have a good day all, i try to use the tool and i have a error and is: maybe I am using this tool for a different purpose than the one it was originally made for, sorry for the question, it may be a bit silly but can this tool be used to make a “ConquerLoader”? Thank you for your attention, sorry for the inconvenience. Pst: Thanks for the valuable information, Spirited ,nowadays we can find quality information about Conquer 2.0 thanks to you. Edit: i put the configuration of the repository of Dragon in Gitlab. Edited May 3 by megabandit Quote
Spirited Posted May 4 Author Posted May 4 On 5/2/2025 at 11:53 PM, megabandit said: Hi, Have a good day all, i try to use the tool and i have a error and is: maybe I am using this tool for a different purpose than the one it was originally made for, sorry for the question, it may be a bit silly but can this tool be used to make a “ConquerLoader”? Thank you for your attention, sorry for the inconvenience. Pst: Thanks for the valuable information, Spirited ,nowadays we can find quality information about Conquer 2.0 thanks to you. Edit: i put the configuration of the repository of Dragon in Gitlab. Yes! It can be used to make your own Conquer Loader. Can you post the error in text form? I can't read other languages. Thanks! Quote
megabandit Posted May 4 Posted May 4 (edited) Just now, Spirited said: Yes! It can be used to make your own Conquer Loader. Can you post the error in text form? I can't read other languages. Thanks! the error is: C:\Users\cesar\source\repos\dragon\bin\x86\Debug\net6.0-windows\Dragon.Launch.exe (proceso 5192) se cerró con el código 2 (0x2). Para cerrar automáticamente la consola cuando se detiene la depuración, habilite Herramientas ->Opciones ->Depuración ->Cerrar la consola automáticamente al detenerse la depuración. Presione cualquier tecla para cerrar esta ventana. . . in English is: C:\Usersourceource.dragon.launch.exe (process 5192) was closed with code 2 (0x2). To automatically close the console when debugging stops, enable Tools ->Options ->Debugging ->Close console automatically when debugging stops. Press any key to close this window. . . I am using the tool on Conquer.exe that I got from your mega link with all the info that you post (thank you very much for that really), I understand that it is version 5517 of hellmouth client maybe that's why I have problems? I should use the installer and patch 5517 clean? Edit: the process enclosed in parenthesis like (process 5192) or (process 12104) for the image of original question always pulls different but 0x02 always gives it I also tried to use it on another computer and it gave the same error, I also used the same 5517 hellmouth client. Edited May 4 by megabandit Quote
Spirited Posted May 4 Author Posted May 4 Ah, sorry - I opened up the Dragon source code and found what error two is. That's file not found, so you may not be starting the executable correctly or including all of the dlls it needs for each module. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.