DLL injection and DLL injection example

View here for understand DLL injection and example
- Today I will show you another way using DLL Injection with parameters
- Change NewWndProc function.

NewWndProc

Data Structure

typedef struct tag_locksomeoneuseskill
{ 
 int iIndex;   // skill ID
 int iPos;   // vị trí monster trong mảng NPC
}Locksomeoneuseskill; // struct tham số cho function LockSomeOneUseSkill 

Source code

// dllmain.cpp : Defines the entry point for the DLL application.
/* ****************************************
 * Author: Zidane (huuvi168@gmail.com)
 * Last modified: 2015-06-08
 * ****************************************/

/************************************************************************
VịLH - NewWndProc - 23/05/2013
 Hàm nhận các sự kiện bên chương trình chính gửi qua
params:
 + HWND: HWnd cửa sổ đang chọn
 + UINT: Message của chương trình
 + WPARAM: Tham số wparam
 + LPARAM: Tham số lparam
return: 
 
*************************************************************************/

LRESULT CALLBACK NewWndProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{ 
      switch(uMsg) 
      {
          case WM_COPYDATA: // get data from shared memory area
                        COPYDATASTRUCT* pcds = (COPYDATASTRUCT *)lParam; 
                 if (pcds->dwData == DATA_LOCKSOMEONEUSESKILL)
                 {           
                    iIdSkill = ((Locksomeoneuseskill *)(pcds->lpData))->iIndex;
                    iPosition = ((Locksomeoneuseskill *)(pcds->lpData))->iPos;
                  }
               break; 
      }


     if (!hWnd)
                                                       return CallWindowProc(OldWndProc, hWnd, uMsg, wParam, lParam);
     DWORD pid;
     GetWindowThreadProcessId(hWnd, &pid);  
 

      // Ứng dụng gửi rất nhiều message nhưng chỉ xử lý message 
      // WM_HOOK_WRITE thôi
      if (uMsg == WM_HOOK_WRITE)
      {   
    switch (wParam)
    {     
  case WPARAM_LOCKSOMEONEUSESKILL:
      if (iPosition > 0 && iIdSkill > 0)
   LockSomeOneUseSkill(pid, iPosition, iIdSkill);
      break;   
  }
           } 

           return CallWindowProc(OldWndProc, hWnd, uMsg, wParam, lParam);
      }
}

Main function

COPYDATASTRUCT MyCDS;
Locksomeoneuseskill locksomeoneStruct;
locksomeoneStruct.iIndex = 128;
locksomeoneStruct.iPos = 10488;
  
MyCDS.dwData = DATA_LOCKSOMEONEUSESKILL;
MyCDS.cbData = sizeof(locksomeoneStruct);
MyCDS.lpData = &locksomeoneStruct;

// copy data locksomeoneuseskill
::SendMessage(m_hCurrentWnd, WM_COPYDATA, 0, reinterpret_cast<lparam>(&MyCDS));  

// using function looksomeoneusekill
::SendMessage(m_hCurrentWnd, WM_HOOK_WRITE, WPARAM_LOCKSOMEONEUSESKILL, 1); 

Description

WM_COPYDATA constant will be reference to below source

case WM_COPYDATA: // get data from shared memory area
   COPYDATASTRUCT* pcds = (COPYDATASTRUCT *)lParam; 
   if (pcds->dwData == DATA_LOCKSOMEONEUSESKILL)
   {           
 iIdSkill = ((Locksomeoneuseskill *)(pcds->lpData))->iIndex;
 iPosition = ((Locksomeoneuseskill *)(pcds->lpData))->iPos;
   } 

View more: http://learn-tech-tips.blogspot.com/2015/08/dll-injection-exmaple.html
Have a nice weekend day!
Zidane