PDA

View Full Version : [Java] JNI Hacking Interface



bulk_4me
07-26-2006, 05:54 PM
Well, yeah I found my code. Please keep in mind that I just did it for that workshop and it's far from perfect, maybe I'll update this as a Java iNHALE template.

You have the basic stuff, OpenProcess finds a window either by ClassName or WindowName and returns the processHandle to you.

Refer to the MSDN WriteProcessMemory documentation for information on the return values of this function. Additionally you should only write n bytes where n%2 == 0. The same goes for ReadProcessMemory you should only read n bytes where n%2 == 0. I may or may not improve this interface in the future, mainly because the use of chars was a nasty fix and I had little time to implement this. (chars are unsigned in Java) :p

Main.java

/**
* [descripción]
* Creado el 2/11/2005 @ 11:47:58 AM
*
* @author
* @version %I%, %G%
*/
public class Main {

public static void main(String[] args) {

System.out.println();

Process process = new Process(null, "MSN Messenger");

// WriteProcessMemory
if ( process.getpHandle() != 0 ) {
System.out.println("MSN Messenger encontrado!");
process.WriteProcessMemory(0x5070ED, new char[] {0x77EB});
}
else {
System.out.println("Error: MSN Messenger no econtrado!.");
}
}

Process.java

/**
* [descripción]
* Creado el 31/10/2005 @ 09:46:47 PM
*
* @author
* @version %I%, %G%
*/
public class Process {
private int pHandle;
private static String NULL = "";

private native int OpenProcess(String lpClassName, String lpWindowName);
private native int WriteProcessMemory(int pHandle, int lpBaseAddress, char[] lpBuffer);
private native char[] ReadProcessMemory(int pHandle, int lpBaseAddress, int nSize);

static {
System.loadLibrary("SandBox");
}

public Process() {
}

public Process(int pHandle) {
this.pHandle = pHandle;
}

public Process(String lpClassName, String lpWindowName) {
this.pHandle = OpenProcess(lpClassName == null ? NULL : lpClassName, lpWindowName == null ? NULL : lpWindowName);
}

public int getpHandle() {
return pHandle;
}

public void setpHandle(int pHandle) {
this.pHandle = pHandle;
}

public void setpHandle(String lpClassName, String lpWindowName) {
this.pHandle = OpenProcess(lpClassName == null ? NULL : lpClassName, lpWindowName == null ? NULL : lpWindowName);
}

public int WriteProcessMemory(int lpBaseAddress, char[] lpBuffer) {
return WriteProcessMemory(pHandle, lpBaseAddress, lpBuffer);
}

public char[] ReadProcessMemory(int lpBaseAddress, int nSize) {
return ReadProcessMemory(pHandle, lpBaseAddress, nSize);
}
}


SandBox.DLL (http://byteptr.no-ip.com/SandBox.dll)

kds
07-26-2006, 06:10 PM
Ah, if only I could remember back to last school year when I was working with Java JNI. Good job bulk.

bulk_4me
07-26-2006, 06:13 PM
You mentioned something about a joystick interface.

arpsmack
07-27-2006, 01:26 PM
/me gives mad props to bulk

Enjoy the props, they are extra mad.

kds
07-27-2006, 01:32 PM
You mentioned something about a joystick interface.
Yeah, we were using JNI to interact with the serial port and joystick.

Pwnd
07-27-2006, 06:10 PM
Oo, please do improve. Dude, I'll try and help. Thing is, I don't know anything about process modifying/hacking/whatever. I've been going along with Java though. I'm not to bad at that :D I'm very unfamiliar with JNI though, for now.

JavaFreak
02-04-2007, 10:14 AM
I'm also trying to hack with java using the win32 api. The JNI is cumbursome and requires a steep learning curve, which is what java is NOT about. Though one day I want to be able to work with JNI inside out, let me offer a slightly easier approach. Use jawin, a java/win32 interop project. Google it or go to their homepage at http://jawinproject.sourceforge.net/. I have not done much with it yet as I have to concern myself with other matters that are more important to my job (Like higher level stuff that people who use java only cares about). Remember, Sun designed java to be platform independent and relatively easy to use, JNI breaks both paradigm so support for it is not widely available. I honestly wish Sun would implement a wrapper package (maybe something like javax.win32 and each sub package each has DLL as a static library), it would definitely make hacking in java a lot easier. I'm very interested in this topic, if you guys discover more about JNI and hacking please post it here :)

Totte_ch
07-11-2007, 04:21 AM
I'm intressted of this...
...but the link is broken!
Please insert a new link, send the dll-file to me or message me

bulk_4me
07-11-2007, 07:15 AM
I restored the file. Try again.

Totte_ch
07-13-2007, 12:22 AM
Thank you

Do you know how to hack Brood War? I understand that I must use WriteProcessMemory, but how??
What means lpBaseAddress and what means with lpBuffer??

public int WriteProcessMemory(int lpBaseAddress, char[] lpBuffer)

Thanks for help

bulk_4me
07-13-2007, 07:18 AM
Address is target address when you want to start writing data, lpBuffer is an array of bytes you want to write to that address this example will not work with Broodwar unless you patch it to enable OpenProcess.