mactec0/Kernelmode-manual-mapping-through-IAT

kernel injection not working (vmt version)

beranos opened this issue · 8 comments

beranos commented

hi, i tried the kernel injector this version (https://github.com/mactec0/Kernelmode-manual-mapping-through-IAT/tree/swapchain_vmt_example)

i'm testing on RainbowSix when i open the injector the console says everything is fine even tho the dll is not being injected (using testdll)

EDIT: Oh, nevermind. i figured out GameOverlayRenderer64.dll is from steam overlay but i'm using the uplay version. my bad
anyways now it's saying "Cannot find vmt table" so i'm guessing the offsets changed?

reahly commented

hi, i tried the kernel injector this version (https://github.com/mactec0/Kernelmode-manual-mapping-through-IAT/tree/swapchain_vmt_example)

i'm testing on RainbowSix when i open the injector the console says everything is fine even tho the dll is not being injected (using testdll)

EDIT: Oh, nevermind. i figured out GameOverlayRenderer64.dll is from steam overlay but i'm using the uplay version. my bad
anyways now it's saying "Cannot find vmt table" so i'm guessing the offsets changed?

yes it changed, https://i.imgur.com/fKLxlcc.png
1800AEECB - imagebase = 0x18D4C8

Bix3 commented

for me the game crashes with the offset @DollarSSign posted (0x18D4C8) tough i can confirm its the right one when i scan the sig i get the same. it crashes on:

Kernelmode-manual-mapping-through-IAT/mmap/mmap.cpp

Line 230 in dd1d848

proc->write_memory(vmt_function_ptr, (uintptr_t)&stub_base, sizeof(uint64_t));

reahly commented

for me the game crashes with the offset @DollarSSign posted (0x18D4C8) tough i can confirm its the right one when i scan the sig i get the same. it crashes on:

Kernelmode-manual-mapping-through-IAT/mmap/mmap.cpp

Line 230 in dd1d848

proc->write_memory(vmt_function_ptr, (uintptr_t)&stub_base, sizeof(uint64_t));

are you sure? it works fine for me with the test dll attached to the project

Bix3 commented

yes it works now, i compiled the dll from source and didnt saw that there were project files, thank you!

reahly commented

changed again, new offset: 0x18E528

Grabowski95 commented

hi there,
thanks for the splendit work but i cant manage it to work (testing on warhammer vermintide 2 mod realm). I grabbed new offset 0x01B7528 but seems its not correct. It says injected but no messagebox shows up.
Also, where did you get these 2 pointers 0xE0 and 0x00?

ThaFurther commented

Also, where did you get these 2 pointers 0xE0 and 0x00?

Did you get an answer on this?

GerritdinaH commented

anyone found a Swapchain pointer for DiscordHook64?