Any questions? Ask us: support@enigmaprotector.com

Enigma Protector x86: Check Injected DLL

Questions, downloads, issues related to plugins for Enigma Protector

Enigma Protector x86: Check Injected DLL

Postby Enigma » Tue Apr 19, 2011 10:15 am

This plugin checks all the modules of the current process and searches for unallowed modules.

This can be one of the ways to check injected dlls. Method is working if the name of injected dll is known.

Attached is the source of plugin written in Delphi. To adapt plugin for own needs you need to modify the array UNALLOWED_MODULES and replace it with the names of your unallowed dlls. Then compile plugin.
You do not have the required permissions to view the files attached to this post.
Enigma
Site Admin
 
Posts: 2139
Joined: Wed Aug 20, 2008 2:24 pm

Re: Enigma Protector x86: Check Injected DLL

Postby P4ulo » Thu Apr 28, 2011 9:42 pm

Hi Enigma,
Blocking dll names is easy to cheat... just rename the file name...
Is possible block DLL INJECTION METHODS? Like, some api's or functions used to inject...
P4ulo
 
Posts: 4
Joined: Fri Apr 08, 2011 10:36 pm

Re: Enigma Protector x86: Check Injected DLL

Postby Enigma » Fri Apr 29, 2011 6:32 am

Hi P4ulo,

P4ulo wrote:Blocking dll names is easy to cheat... just rename the file name...Is possible block DLL INJECTION METHODS? Like, some api's or functions used to inject...


Yes, frustrating but I agree. But this method is working very well not non advanced users. Imagine you want to cheat program and you renamed this dll, but you have not only rename it itself, but also rename name of this dll in the process that hooks it. Usual users will not be able to do this.

There are other ways to avoid injection:
1. Disable remote call in protected application. This is dangerous and may damage workability of protected file
2. Probably better solution - check injected module by a signature, and not by a name. Need to enumerate all modules, and for example, search in each module some string that mainly belongs to only unallowed dll/module. If the signature/string is found, then the process is injected.
3. Another way - disable LdrLoadDll, but this way will also not help if file is renamed, moreover, I know the injection method that works around LdrLoadDll.
4. I'm not sure if this way exists, but probably it is possible somehow disallow injecting any dll into process by granted or removing process permissions...

Finally, it is better to use simple way that I have made. Because if advanced cracker will want to cheat - he will do it, not a deal.
Enigma
Site Admin
 
Posts: 2139
Joined: Wed Aug 20, 2008 2:24 pm

Re: Enigma Protector x86: Check Injected DLL

Postby mage200 » Thu Sep 29, 2011 11:40 am

please can you upload bin file i soo noob i cant find my brain work with vb6 heaven XD
mage200
 
Posts: 3
Joined: Thu Sep 29, 2011 10:46 am

Re: Enigma Protector x86: Check Injected DLL

Postby Enigma » Thu Sep 29, 2011 12:01 pm

mage200 wrote:please can you upload bin file i soo noob i cant find my brain work with vb6 heaven XD


You have to know the name of the file you would like to test if it is injected. What dll you want to check?
Enigma
Site Admin
 
Posts: 2139
Joined: Wed Aug 20, 2008 2:24 pm

Re: Enigma Protector x86: Check Injected DLL

Postby mage200 » Thu Sep 29, 2011 12:17 pm

can you upload the compiled dll file please
mage200
 
Posts: 3
Joined: Thu Sep 29, 2011 10:46 am

Re: Enigma Protector x86: Check Injected DLL

Postby Enigma » Thu Sep 29, 2011 12:23 pm

I have to know the name of the dll that you want to check before compilation.

If I compile it now then it will do nothing. This plugin checks if some dll is injected, you have to know what is the name of dll.
Enigma
Site Admin
 
Posts: 2139
Joined: Wed Aug 20, 2008 2:24 pm

Re: Enigma Protector x86: Check Injected DLL

Postby mage200 » Thu Sep 29, 2011 12:26 pm

i need block all gunz dll hacks
its anti hack for gunz
EDIT: i mean anti inject with injector
mage200
 
Posts: 3
Joined: Thu Sep 29, 2011 10:46 am

Re: Enigma Protector x86: Check Injected DLL

Postby Sh4DoVV » Fri Oct 14, 2011 6:29 am

Hi friends
I write a plugin for anti dll injection
i upload my protected file , please test it for dll injecting and report bugs
Dwonload Link :
notepad_protected.rar

Go0d luck
You do not have the required permissions to view the files attached to this post.
Sh4DoVV
 
Posts: 16
Joined: Tue May 31, 2011 4:11 pm

Re: Enigma Protector x86: Check Injected DLL

Postby Enigma » Fri Oct 14, 2011 7:09 am

HI,

This is a plugin that Sh4DoVV developed is for preventing of injecting of DLL files into protected process. This technique (dll injection) is used by game cheaters to cheat the online MMORPG games.

Sh4DoVV, as far as I understand, posted this protected example just for people who are interesting of this plugin and who want to use it.

ANTI DLL INJECTION is DONE - it is commercial plugin and requires payment! I think it is very useful for game developers! If somebody are interesting in this plugin, please contact to Sh4DoVV in this thread or using PM!

Move discussions to http://forum.enigmaprotector.com/viewto ... =26&t=1506
Enigma
Site Admin
 
Posts: 2139
Joined: Wed Aug 20, 2008 2:24 pm

Next

Return to Plugins

Who is online

Users browsing this forum: No registered users and 1 guest