-
-
Notifications
You must be signed in to change notification settings - Fork 208
Make a Named Pipe DLL (Cplusplus)
erfg12 edited this page Dec 5, 2017
·
6 revisions
This C++ DLL will create a named pipe called EQTPipe. If you send the command "warp" through the named pipe, it will trigger the "ResetView();" function that we create in this code. This function will then trigger the function at the address 0x006053D4 in our game.
#define MoveLocalPlayerToSafeCoords 0x006053D4;
VOID EQTFunctions (const char *func, int len) {
char newText[1024] = { 0 };
strncpy(newText, func, sizeof(func));
// DEBUG
wchar_t *DbgTxtMsg = new wchar_t[sizeof(newText)];
mbstowcs(DbgTxtMsg, newText, sizeof(newText));
//MessageBox(NULL, DbgTxtMsg, NULL, MB_OK); //show a debug message box from within the injected game
char cmd[1024] = { 0 };
strcpy(cmd, newText);
strtok(cmd, " ");
if(strcmp("warp", cmd) == 0){
typedef void (__thiscall* CGCamera__ResetView)();
CGCamera__ResetView ResetView = (CGCamera__ResetView)MoveLocalPlayerToSafeCoords;
ResetView();
}
memset(cmd, 0, 1024);
memset(newText, 0, 1024);
return;
}
void OnAttach( HMODULE hModule ) {
HANDLE hPipe;
char buffer[1024];
char text[1024];
DWORD dwRead;
std::string myProcID = "\\\\.\\pipe\\EQTPipe" + std::to_string(GetCurrentProcessId());
std::wstring To(myProcID.begin(), myProcID.end());
LPCWSTR a = To.c_str();
//MessageBox(NULL, a, NULL, MB_OK);
hPipe = CreateNamedPipe(a,
PIPE_ACCESS_DUPLEX | PIPE_TYPE_BYTE | PIPE_READMODE_BYTE,
PIPE_WAIT,
1,
1024 * 16,
1024 * 16,
NMPWAIT_USE_DEFAULT_WAIT,
NULL);
while (hPipe != NULL)
{
if (ConnectNamedPipe(hPipe, NULL) != FALSE)
{
while (ReadFile(hPipe, buffer, sizeof(buffer), &dwRead, NULL) != FALSE)
{
int i = 0;
for (; i < strlen(buffer); i++)
{
if (isprint(buffer[i]) == false)
break;
text[i] = buffer[i];
}
EQTFunctions(text, sizeof(buffer));
memset(text, 0, sizeof(text));
memset(buffer, 0, sizeof(buffer));
dwRead = {};
}
FlushFileBuffers(hPipe);
}
DisconnectNamedPipe(hPipe);
}
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)OnAttach, hModule, 0, NULL );
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}