I changed it to MT, but win7 still doesn't work!

Both the cheat.dll and memject.exe are Compiled in x86.

Crashes and says that it's Successfully Injected in 0x0.

csgo.exe (or another selected process) crashes when I try to inject the dll using this method, but if I inject the dll using for example Extreme injector (with mmap method selected) it works fine

hi, can someone answer me regarding about the question? thank you! :D

How to convert this code to C++?

Guys, this code is very good with osiris, there are no problems, and it seems very safe, just a few things that you @danielkrupinski need to improve and update.

im kinda new to coding and stuff can you explain me why are you adding 1 to
ntHeaders. Adding 1 to ntHeader is for making sure every byte checks?
https://github.com/danielkrupinski/MemJect/blob/master/MemJect/MemJect.c#L271

@danielkrupinski This injector has Loadlibrary, ManualMap?

Hi, man! I kindly ask you to help me figure out how to pass my own (custom) GetProcAdress function in LoaderData structure. Is it possible?

I will be very grateful! Ty!

Here is code of it:

FARPROC __stdcall InternalGetProcAddressP(HMODULE ModuleHandle, LPCSTR ProcessName) 
{
    PIMAGE_DOS_HEADER ImageDosHeader = (PIMAGE_DOS_HEADER)ModuleHandle;
    PIMAGE_NT_HEADERS ImageNtHeader = (PIMAGE_NT_HEADERS)((BYTE*)ModuleHandle + ImageDosHeader->e_lfanew);
    PIMAGE_EXPORT_DIRECTORY ImageExportDirectory = (PIMAGE_EXPORT_DIRECTORY) ((BYTE*)ModuleHandle + ImageNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);

    DWORD* AddressOfFunctions = (DWORD*)((BYTE*)ModuleHandle + ImageExportDirectory->AddressOfFunctions);
    WORD* AddressOfNameOrdinals = (WORD*)((BYTE*)ModuleHandle + ImageExportDirectory->AddressOfNameOrdinals);
    DWORD* AddressOfNames = (DWORD*)((BYTE*)ModuleHandle + ImageExportDirectory->AddressOfNames);

    for (DWORD i = 0; i < ImageExportDirectory->NumberOfNames; ++i) {
        if (strcmp(ProcessName, (const char*)ModuleHandle + AddressOfNames[i]) == 0) {
            return (FARPROC)((BYTE*)ModuleHandle + AddressOfFunctions[AddressOfNameOrdinals[i]]);
        }
    }

    return NULL;
}

I replace this fild:
LoaderData.GetProcAdressPointer = (InternalGetProcAddress)InternalGetProcAddressP;
But target application crushes.

good

Hi Daniel, probably this is not the right page to ask help, but, how can i use the script? I can open the solution on VS and i have already downloaded Python but what i need to do before opening the script? If you can send me some imgur screens. Thank you

1st Question
There are two Methods which Zero's the Memory, they are both equal but besides the Secure one Zero's the Memory even the Compile Optimization removes the Function. Why don't use the Secure Version?

RtlSecureZeroMemory vs RtlZeroMemory

2nd Question
Is the AddressOfEntryPoint deleted if you Zero the PE Header completly? Or do I have to Zero the AddressOfEntryPoint seperatly?

Hello @danielkrupinski

The csgo.exe is found but this is not working
process = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION | PROCESS_CREATE_THREAD, FALSE, processInfo.th32ProcessID);

process is 0x0

best regards

I got this error when injecting, I'm pretty sure that all av & windows defender is off. And I have no problem using other injector.

Whether it is installed runtime or set static win7 system or can not inject, I really can not find a solution, can you help me, thank you!

Just to emphasis. He erase entrypoint+header of the cheat? Or only injector?

What it means?

I'm curious are 64 bit supported? Asking only because getting successful injection message to 64 bit process but in fact dll is not injected. Bytes 100% valid, dll was tested with xenos afterwards

Cześć, zainteresowałem się twoim oprogramowaniem lecz kompletnie nie rozumiem co mam zrobić. Wyjaśnisz to w języku polskim?

If i compile the programm with Release | x86 everything is perfectly working and i get this Hello World message box from csgo but if i try to compile it with my own dll converted with https://github.com/danielkrupinski/PE2HEX the game crashes

There is an option to decrypt the DLL but how would i encrypt it? I have tried googling methods to encrypt bytes etc but no help tbh

I have the script (PE2HEX) and the DLL, what i need to do?

I was having a look at the code and found "decryptBinary" method. What does it do? Does it decrypt encrypted byte array? If so, how can we encrypt the byte array?

Hi! I an not good at programming, just learning how it works and trying modify ur code. I want to find another way to erase dll entry point and PE header. I implemented it like this in "WinMain":

NtWriteVirtualMemory(ProcessHandle, TargetBase, ZeroBuffer, 4096, nullptr);
NtWriteVirtualMemory(ProcessHandle, (BYTE*)TargetBase + ImageOptionalHeader->AddressOfEntryPoint, ZeroBuffer, 32, nullptr);

Is this a correct way?

Also I discovered that I can erase PE header like this in the end of Loader function:

MappingData->DllEntryFunction(MappingData->TargetBase, DLL_PROCESS_ATTACH, nullptr);

MappingData->ModuleHandle = reinterpret_cast<HINSTANCE>(MappingData->TargetBase);

int i = 1024;

unsigned char* ptr = (unsigned char*)MappingData->TargetBase;

while (i-- > 0)         //working
{
	*ptr++ = 0;
}

while (ImageOptionalHeader->SizeOfHeaders-- > 0)        //also working
{
	*ptr++ = 0;
}

unsigned char* ptr = (unsigned char*)MappingData->TargetBase;

int i = ImageOptionalHeader->SizeOfHeaders;
	
while (i-- > 0)                //dont work
{
		*ptr++ = 0;
}

Its just memset implemention. By bruteforce method I found "1024" which erases all page and target working correctly. But sadly I cant understand how its working. When I pass "4096" my target crashes. The same situation with entry point erasing with the same memset method. Do u see the problem?

Then I made this to erase address of entry point:

//TargetBase is PVOID
	register unsigned char* ptr1 = (unsigned char*)(BYTE*)MappingData->TargetBase + ImageOptionalHeader->AddressOfEntryPoint;

	int SizeOfAddressOfEntryPoint = 32;

	while (SizeOfAddressOfEntryPoint-- > 0)
	{
		*ptr1++ = 0;
	}

Program not crushes but how can I check that entry point was erased?

Another question is how to calculate number of bytes to erase in address of dll entry point? Why its "32" size? Unfortunately I not found any information about this.

I will be gratefull for any answer! Thank you!