Enigma Protector x86: Check Injected DLL
Enigma Protector x86: Check Injected DLL
This plugin checks all the modules of the current process and searches for unallowed modules.
This can be one of the ways to check injected dlls. Method is working if the name of injected dll is known.
Attached is the source of plugin written in Delphi. To adapt plugin for own needs you need to modify the array UNALLOWED_MODULES and replace it with the names of your unallowed dlls. Then compile plugin.
This can be one of the ways to check injected dlls. Method is working if the name of injected dll is known.
Attached is the source of plugin written in Delphi. To adapt plugin for own needs you need to modify the array UNALLOWED_MODULES and replace it with the names of your unallowed dlls. Then compile plugin.
You do not have the required permissions to view the files attached to this post.
Re: Enigma Protector x86: Check Injected DLL
Hi Enigma,
Blocking dll names is easy to cheat... just rename the file name...
Is possible block DLL INJECTION METHODS? Like, some api's or functions used to inject...
Blocking dll names is easy to cheat... just rename the file name...
Is possible block DLL INJECTION METHODS? Like, some api's or functions used to inject...
Re: Enigma Protector x86: Check Injected DLL
Hi P4ulo,
There are other ways to avoid injection:
1. Disable remote call in protected application. This is dangerous and may damage workability of protected file
2. Probably better solution - check injected module by a signature, and not by a name. Need to enumerate all modules, and for example, search in each module some string that mainly belongs to only unallowed dll/module. If the signature/string is found, then the process is injected.
3. Another way - disable LdrLoadDll, but this way will also not help if file is renamed, moreover, I know the injection method that works around LdrLoadDll.
4. I'm not sure if this way exists, but probably it is possible somehow disallow injecting any dll into process by granted or removing process permissions...
Finally, it is better to use simple way that I have made. Because if advanced cracker will want to cheat - he will do it, not a deal.
Yes, frustrating but I agree. But this method is working very well not non advanced users. Imagine you want to cheat program and you renamed this dll, but you have not only rename it itself, but also rename name of this dll in the process that hooks it. Usual users will not be able to do this.P4ulo wrote:Blocking dll names is easy to cheat... just rename the file name...Is possible block DLL INJECTION METHODS? Like, some api's or functions used to inject...
There are other ways to avoid injection:
1. Disable remote call in protected application. This is dangerous and may damage workability of protected file
2. Probably better solution - check injected module by a signature, and not by a name. Need to enumerate all modules, and for example, search in each module some string that mainly belongs to only unallowed dll/module. If the signature/string is found, then the process is injected.
3. Another way - disable LdrLoadDll, but this way will also not help if file is renamed, moreover, I know the injection method that works around LdrLoadDll.
4. I'm not sure if this way exists, but probably it is possible somehow disallow injecting any dll into process by granted or removing process permissions...
Finally, it is better to use simple way that I have made. Because if advanced cracker will want to cheat - he will do it, not a deal.
Re: Enigma Protector x86: Check Injected DLL
please can you upload bin file i soo noob i cant find my brain work with vb6 heaven XD
Re: Enigma Protector x86: Check Injected DLL
You have to know the name of the file you would like to test if it is injected. What dll you want to check?mage200 wrote:please can you upload bin file i soo noob i cant find my brain work with vb6 heaven XD
Re: Enigma Protector x86: Check Injected DLL
can you upload the compiled dll file please
Re: Enigma Protector x86: Check Injected DLL
I have to know the name of the dll that you want to check before compilation.
If I compile it now then it will do nothing. This plugin checks if some dll is injected, you have to know what is the name of dll.
If I compile it now then it will do nothing. This plugin checks if some dll is injected, you have to know what is the name of dll.
Re: Enigma Protector x86: Check Injected DLL
i need block all gunz dll hacks
its anti hack for gunz
EDIT: i mean anti inject with injector
its anti hack for gunz
EDIT: i mean anti inject with injector
Re: Enigma Protector x86: Check Injected DLL
Hi friends
I write a plugin for anti dll injection
i upload my protected file , please test it for dll injecting and report bugs
Dwonload Link : Go0d luck
I write a plugin for anti dll injection
i upload my protected file , please test it for dll injecting and report bugs
Dwonload Link : Go0d luck
You do not have the required permissions to view the files attached to this post.
Re: Enigma Protector x86: Check Injected DLL
HI,
This is a plugin that Sh4DoVV developed is for preventing of injecting of DLL files into protected process. This technique (dll injection) is used by game cheaters to cheat the online MMORPG games.
Sh4DoVV, as far as I understand, posted this protected example just for people who are interesting of this plugin and who want to use it.
ANTI DLL INJECTION is DONE - it is commercial plugin and requires payment! I think it is very useful for game developers! If somebody are interesting in this plugin, please contact to Sh4DoVV in this thread or using PM!
Move discussions to http://forum.enigmaprotector.com/viewto ... =26&t=1506
This is a plugin that Sh4DoVV developed is for preventing of injecting of DLL files into protected process. This technique (dll injection) is used by game cheaters to cheat the online MMORPG games.
Sh4DoVV, as far as I understand, posted this protected example just for people who are interesting of this plugin and who want to use it.
ANTI DLL INJECTION is DONE - it is commercial plugin and requires payment! I think it is very useful for game developers! If somebody are interesting in this plugin, please contact to Sh4DoVV in this thread or using PM!
Move discussions to http://forum.enigmaprotector.com/viewto ... =26&t=1506