DLL Injection with slots... ?!?!?

**Lykurg** · 17th October 2010, 11:44

Originally Posted by gilamran

I'm unable to debug this... so where can I see the console?

If you start your application on the command line and the slot can't be found a warning will be printed (or inside Qt Creator on the application output), but

what do you need me to clarify?

I get the "injecting" wrong (thought you would using QPluginLoader), so your slot should be found. So I am out of ideas right now.

**gilamran** · 17th October 2010, 11:58

Ok, I'll check the command line error.
And I'll post a short code that do what I say, maybe it'll be clear than.

Thanks again!

**tbscope** · 17th October 2010, 12:51

I'm assuming you didn't create a plugin. This means a library exporting certain symbols that you use directly in the application you want to inject.

I assume that you can not change the application code itself directly. If that's not the case, then see the examples and documentation of creating plugins or using libraries.

Consider the following schema:

Qt Code:

Switch view

+-----------------------------------------------------------------------------------------+
| Application                                                                             |
|                                                                                         |
|    +---------------+               +-----------------------------------------+          |
|   +---------------+|               | Application code, contains objects.     |          |
|  +---------------+||               |                                         |          |
| +---------------+|||               | mainWindow (a QMainWindow)              |          |
| | Linked        |||+               |      |                                  |          |
| | libraries     ||+                |      +-- button (a QPushButton)         |          |
| |               |+                 |      +-- label (a QLabel)               |          |
| +---------------+                  +-----------------------------------------+          |
|        |                                                                                |
|        v                                                                                |
| +-------------------------------------------------------------------------------------+ |
| | Your injected DLL                                                                   | |
| |                                                                                     | |
| | +--------------------------+                                                        | |
| | | Class based on QObject   |                                                        | |
| | | inside DLL               |                                                        | |
| | |                          |                                                        | |
| | | Contains signals and     |                                                        | |
| | | slots                    |                                                        | |
| | +--------------------------+                                                        | |
| |              |                                                                      | |
| |              v                                                                      | |
| |      +-------------------------------------------------------------------------+    | |
| |      | Create an object:                       | Do this from within a context |    | |
| |      |                                         | where the application event   |    | |
| |      | MyClass *myclass = new MyClass;         | loop is running.              |    | |
| |      +-------------------------------------------------------------------------+    | |
| |                            |                                                        | |
| |                            v                                                        | |
| |                +------------------------------------------------+                   | |
| |                | Example:                                       |                   | |
| |                | Suppose you have installed an application      |                   | |
| |                | event filter.                                  |                   | |
| |                |                                                |                   | |
| |                | Also, suppose you intercept the mainWindow     |                   | |
| |                | show event.                                    |                   | |
| |                |                                                |                   | |
| |                | From this event, you have a pointer to         |                   | |
| |                | mainWindow, let's call it pMainWindow          |                   | |
| |                |                                                |                   | |
| |                | Then you can write:                            |                   | |
| |                |                                                |                   | |
| |                | connect(pMainWindow->button, SIGNAL(...),      |                   | | 
| |                | myclass, SLOT(...));                           |                   | |
| |                |                                                |                   | |
| |                |                                                |                   | |
| |                | In pseudocode:                                 |                   | |
| |                | ---------------------------------------------- |                   | |
| |                | when application started                       |                   | |
| |                |     install eventfilter                        |                   | |
| |                |                                                |                   | |
| |                | when eventfilter gets called                   |                   | |
| |                |     check the event and the target object      |                   | |
| |                |     if event = show and object = mainWindow    |                   | |
| |                |         Create a new MyClass object if none    |                   | |
| |                |         already exists.                        |                   | |
| |                |         Connect signals and slots              |                   | |
| |                |                                                |                   | |
| |                +------------------------------------------------+                   | |
| |                                                                                     | |
| +-------------------------------------------------------------------------------------+ |
|                                                                                         |
+-----------------------------------------------------------------------------------------+

+-----------------------------------------------------------------------------------------+
| Application                                                                             |
|                                                                                         |
|    +---------------+               +-----------------------------------------+          |
|   +---------------+|               | Application code, contains objects.     |          |
|  +---------------+||               |                                         |          |
| +---------------+|||               | mainWindow (a QMainWindow)              |          |
| | Linked        |||+               |      |                                  |          |
| | libraries     ||+                |      +-- button (a QPushButton)         |          |
| |               |+                 |      +-- label (a QLabel)               |          |
| +---------------+                  +-----------------------------------------+          |
|        |                                                                                |
|        v                                                                                |
| +-------------------------------------------------------------------------------------+ |
| | Your injected DLL                                                                   | |
| |                                                                                     | |
| | +--------------------------+                                                        | |
| | | Class based on QObject   |                                                        | |
| | | inside DLL               |                                                        | |
| | |                          |                                                        | |
| | | Contains signals and     |                                                        | |
| | | slots                    |                                                        | |
| | +--------------------------+                                                        | |
| |              |                                                                      | |
| |              v                                                                      | |
| |      +-------------------------------------------------------------------------+    | |
| |      | Create an object:                       | Do this from within a context |    | |
| |      |                                         | where the application event   |    | |
| |      | MyClass *myclass = new MyClass;         | loop is running.              |    | |
| |      +-------------------------------------------------------------------------+    | |
| |                            |                                                        | |
| |                            v                                                        | |
| |                +------------------------------------------------+                   | |
| |                | Example:                                       |                   | |
| |                | Suppose you have installed an application      |                   | |
| |                | event filter.                                  |                   | |
| |                |                                                |                   | |
| |                | Also, suppose you intercept the mainWindow     |                   | |
| |                | show event.                                    |                   | |
| |                |                                                |                   | |
| |                | From this event, you have a pointer to         |                   | |
| |                | mainWindow, let's call it pMainWindow          |                   | |
| |                |                                                |                   | |
| |                | Then you can write:                            |                   | |
| |                |                                                |                   | |
| |                | connect(pMainWindow->button, SIGNAL(...),      |                   | | 
| |                | myclass, SLOT(...));                           |                   | |
| |                |                                                |                   | |
| |                |                                                |                   | |
| |                | In pseudocode:                                 |                   | |
| |                | ---------------------------------------------- |                   | |
| |                | when application started                       |                   | |
| |                |     install eventfilter                        |                   | |
| |                |                                                |                   | |
| |                | when eventfilter gets called                   |                   | |
| |                |     check the event and the target object      |                   | |
| |                |     if event = show and object = mainWindow    |                   | |
| |                |         Create a new MyClass object if none    |                   | |
| |                |         already exists.                        |                   | |
| |                |         Connect signals and slots              |                   | |
| |                |                                                |                   | |
| |                +------------------------------------------------+                   | |
| |                                                                                     | |
| +-------------------------------------------------------------------------------------+ |
|                                                                                         |
+-----------------------------------------------------------------------------------------+

To copy to clipboard, switch view to plain text mode

You create a dll that reimplements the application event function to install an event filter.
In that event filter, you intercept the show event of a widget (for example). While intercepting that event, create a new QObject based object that contains signals and slots. Connect the slots of that object to the signals of the widget (or a member of that widget).

Make sure that when you build your library, the definitions of all the classes are known (include the correct headers). Also make sure that your code is processed by MOC.

Then inject the library in the program.

How this is exactly done on Windows, I don't know. Maybe you don't need to reimplement the event function of the application in order to install an event filter. That would make it a little bit easier.

EDIT: this is just a brainstorm from me. I do not assume that everything above is 100% correct.

**squidge** · 17th October 2010, 13:38

I think what he means is that the application doesn't know about the DLL and is not loading the DLL.

Instead, he is using Winject to inject the DLL into the applications memory space, the application doesn't know the DLL has been injected. I assume it is being done this way because the source code of the original application isn't available and he wants to modify that application somehow. Maybe get some data from an existing Qt widget or manipulate the data somehow.

Kinda similar to how flaab wanted to grab data from inside a Poker engine in his thread.

**gilamran** · 17th October 2010, 14:44

This is almost the same thing... and we're talking about the same software, FullTiltPoker!
But flaab is asking how to intercept into internal function of QString or somthing like that...
I want my DLL to get signals from this software, like dataChanged, etc.

I'm not building a poker bot like flaab, I'm collecting players statistics.

for this, I need my DLL to be able to "connect" to the software UI signals.
Thanks for clearing me up.

Gil.

**squidge** · 17th October 2010, 16:51

For best results in this case, you should use the same compiler as FTP. I'm going to guess that FTP uses something like Visual Studio 2008 rather than QtCreator (big companies don't like using free software)

**gilamran** · 17th October 2010, 17:56

yea I'm using Visual Studio 2008, How can I tell what's the FTP QT version?

**squidge** · 17th October 2010, 18:14

Is it dynamically linked? (does it refuse to run if the DLLs are missing?)

**wysota** · 17th October 2010, 19:47

Can you inject a dll into a statically linked app (which is probably packed or encrypted too) at all?

**tbscope** · 17th October 2010, 19:52

Originally Posted by wysota

Can you inject a dll into a statically linked app (which is probably packed or encrypted too) at all?

Short answer: yes
But: it is extremely difficult. It is done in software cracking. You need to alter the assembly source code.

**squidge** · 17th October 2010, 22:44

You can do it without altering the application code at all, if have something that easily identifies the 'target' application (such as the text for the window title or the process name) you can VirtualAllocEx and CreateRemoteThread, then your thread runs in the process space of the application and can do whatever it wishes.

**gilamran** · 17th October 2010, 23:16

Originally Posted by squidge

You can do it without altering the application code at all, if have something that easily identifies the 'target' application (such as the text for the window title or the process name) you can VirtualAllocEx and CreateRemoteThread, then your thread runs in the process space of the application and can do whatever it wishes.

Hey guys, this is not the issue at all...
It is possible, and this is the working part of my question.
I'll post my code soon (And you can try it too)

Back to the original question:
Can I connect a slot function in my injected dll to the main app?

Thanks

Thread: DLL Injection with slots... ?!?!?

Thread Tools

Search Thread

Display

Hybrid View

Re: DLL Injection with slots... ?!?!?

Re: DLL Injection with slots... ?!?!?

Re: DLL Injection with slots... ?!?!?

Re: DLL Injection with slots... ?!?!?

Re: DLL Injection with slots... ?!?!?

Re: DLL Injection with slots... ?!?!?

Re: DLL Injection with slots... ?!?!?

Re: DLL Injection with slots... ?!?!?

Re: DLL Injection with slots... ?!?!?

Re: DLL Injection with slots... ?!?!?

Re: DLL Injection with slots... ?!?!?

Re: DLL Injection with slots... ?!?!?

Similar Threads

Signals & Slots!

Can you use dependency injection with Qt?

How do you add slots?

Slots or new slots

signal and slots

Bookmarks

Bookmarks

Posting Permissions