Categories > Exploiting > Roblox >

Roblox blocks DLL injection

Gulg

The sus guy

Posts: 24

Threads: 2

Joined: Feb, 2022

Reputation: 0

Posted

I wrote C# DLL injector (a little bit changed WRD API):

byte[] bytes = Encoding.ASCII.GetBytes("test.dll");
IntPtr hModule = LoadLibraryA("kernel32.dll");
UIntPtr procAddress = GetProcAddress(hModule, "LoadLibraryA");
FreeLibrary(hModule);
if (procAddress == UIntPtr.Zero)
    return false;
IntPtr hProcess = OpenProcess(ProcessAccess.AllAccess, false, RobloxProcessId);
if (hProcess == IntPtr.Zero)
    return false;
IntPtr num = VirtualAllocEx(hProcess, (IntPtr)0, (uint)bytes.Length, 12288U, 4U);
return !(num == IntPtr.Zero) && WriteProcessMemory(hProcess, num, bytes, (uint)bytes.Length, out UIntPtr _) && !(CreateRemoteThread(hProcess, (IntPtr)0, 0U, procAddress, num, 0U, out IntPtr _) == IntPtr.Zero);

Here is dllmain.cpp:

#include <Windows.h>

extern "C" {
#include "lua\lua.h"
#include "lua\lua.hpp"
#include "lua\lualib.h"
#include "lua\lauxlib.h"
#include "lua\luaconf.h"
#include "lua\llimits.h"
}

DWORD WINAPI LuaPipe(PVOID lvpParameter)
{
	HANDLE hPipe;
	char buffer[4000];
	DWORD dwRead;
	hPipe = CreateNamedPipe(TEXT("\\\\.\\pipe\\PipeLua"),
		PIPE_ACCESS_DUPLEX,
		PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
		PIPE_UNLIMITED_INSTANCES,
		4000,
		4000,
		NMPWAIT_USE_DEFAULT_WAIT,
		NULL);
	while (hPipe != INVALID_HANDLE_VALUE)
	{
		if (ConnectNamedPipe(hPipe, NULL) != FALSE)
		{
			while (ReadFile(hPipe, buffer, sizeof(buffer) - 1, &dwRead, NULL) != FALSE)
			{
				buffer[dwRead] = '\0';
				try {
					if (strlen(buffer) != NULL) {
						lua_State* luaS = luaL_newstate();
						lua_State* LuaS = lua_newthread(luaS);
						luaL_openlibs(LuaS);
						std::string total;
						if (luaL_dostring(LuaS, buffer)) {
							lua_pop(LuaS, 1);
						}
						else {
							lua_settop(LuaS, 0);
							lua_close(LuaS);
						}
					}
				}
				catch (...) {}
			}
		}
		DisconnectNamedPipe(hPipe);
	}
	return 0;
}

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        MessageBox(NULL, TEXT("Hello from Dll"), TEXT("Hi"), 0);
        DisableThreadLibraryCalls(hModule);
        CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)LuaPipe, NULL, NULL, NULL);
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

Injection to Roblox process doesn't work, but if I change RobloxProcessId to something different (for example notepad pid) it works fine.
How do I fix this?

  • 0

[DeletedUser]

Posts: 0

Threads: 0

Joined: ?

Reputation:

Replied

it is probably injecting to the second roblox process,

 Process[] processes = Process.GetProcessesByName("RobloxPlayerBeta");
            int pid = 0;
            try
            {

                pid = processes[0].Id;
            }
            catch (FormatException)
            {
             
                return;
            }

using get processbyname then converting it into the pid it should work but however setting the process name to RobloxPlayerBeta.exe will not work it has to be without the .exe at the end.

hope it helped
this is a c# example btw i dont know cpp

  • 1

Gulg

The sus guy

Posts: 24

Threads: 2

Joined: Feb, 2022

Reputation: 0

Replied

@75975 I start Roblox process from C# like this:

RobloxProcess = Process.Start(Path.Combine(RobloxPlayerDirectory, "RobloxPlayerBeta.exe"), "-app");
while (RobloxProcess.MainWindowHandle == IntPtr.Zero)
    Thread.Sleep(100);
RobloxProcessId = RobloxProcess.Id;

  • 0

[DeletedUser]

Posts: 0

Threads: 0

Joined: ?

Reputation:

Replied

@Gulg
try removing the .exe at the end

  • 0

Gulg

The sus guy

Posts: 24

Threads: 2

Joined: Feb, 2022

Reputation: 0

Replied

@75975 I'm starting the exe file. It won't work if I remove exe. Do you really can answer this question or you one of this fake programmers?

  • 0

VoidableMethod

vip

Posts: 1600

Threads: 166

Joined: Apr, 2021

Reputation: 13

Replied

I don't know if it works, but vouch.

  • 0

Random quote here...

Gulg

The sus guy

Posts: 24

Threads: 2

Joined: Feb, 2022

Reputation: 0

Replied

@67078No? it doesn't. Roblox blocks injection.

  • 0

Added

@89215 I got this code from WRD API. I replaced all (IntPtr)0 to IntPtr.Zero that I mentioned but missed this. So it's not my fault.

  • 0

SeizureSalad

i love femboys

Posts: 1016

Threads: 73

Joined: Mar, 2021

Reputation: 37

Replied

man wtf is this :skull:

  • 0

"Questionable intellegence, but I like the mystery" - CubeFaces

https://cdn.discordapp.com/attachments/1136067487847415848/1138948596679589898/sig.png

Gulg

The sus guy

Posts: 24

Threads: 2

Joined: Feb, 2022

Reputation: 0

Replied

@89215 I got the code only for injecting and added some changes.

  • 0

Added

It doesn't work anyway so answer the question please.

  • 0

[DeletedUser]

Posts: 0

Threads: 0

Joined: ?

Reputation:

Replied

@SeizureSalad
im wondering the same thing here

  • 0

Added

@Gulg
if you wanna skid something, pls skid an open src project and actually learn from it

  • 0

Added

I would have given you the code to fix this, but your big ego has made me revise my decision 

  • 0

Gulg

The sus guy

Posts: 24

Threads: 2

Joined: Feb, 2022

Reputation: 0

Replied

Ok. Sorry everyone, I got mad. No more swearing. I got code from an open source project named Axon. But the code didn't work. So I tried taking code from WRD API. It uses same kernel32 functions but a little other way. It didn't work too. The problem wasn't in the code: I tried exploiting notepad and it worked. The problem was in Roblox. Can you help me, please. Sorry for this again, it's my fault. I didn't describe the problem and was mad.

  • 0

Next >>>

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )