Skip to content

Make a Named Pipe DLL (Cplusplus)

Jump to bottom Edit New page
erfg12 edited this page Dec 5, 2017 · 6 revisions

This C++ DLL will create a named pipe called EQTPipe and the DLL will stay injected until the game is closed. If you send the command "warp" through the named pipe, it will trigger the "ResetView();" function that we create in this code. This function will then trigger the internal function at the address 0x006053D4 in our game.

#include "windows.h"
#include "Stdafx.h"
#include <string>

#define MoveLocalPlayerToSafeCoords 0x006053D4;

VOID EQTFunctions (const char *func, int len) {
char newText[1024] = { 0 };
strncpy(newText, func, sizeof(func));

// DEBUG
wchar_t *DbgTxtMsg = new wchar_t[sizeof(newText)];
mbstowcs(DbgTxtMsg, newText, sizeof(newText));
//MessageBox(NULL, DbgTxtMsg, NULL, MB_OK); //show a debug message box from within the injected game

char cmd[1024] = { 0 };
strcpy(cmd, newText);
strtok(cmd, " ");

if(strcmp("warp", cmd) == 0){
	typedef void (__thiscall* CGCamera__ResetView)();
	CGCamera__ResetView ResetView = (CGCamera__ResetView)MoveLocalPlayerToSafeCoords;
	ResetView();
}
    memset(cmd, 0, 1024);
memset(newText, 0, 1024);
return;
}

void OnAttach( HMODULE hModule ) {

HANDLE hPipe;
char buffer[1024];
char text[1024];
DWORD dwRead;

std::string myProcID = "\\\\.\\pipe\\EQTPipe");
std::wstring To(myProcID.begin(), myProcID.end());
LPCWSTR a = To.c_str();

//MessageBox(NULL, a, NULL, MB_OK);

hPipe = CreateNamedPipe(a,
                        PIPE_ACCESS_DUPLEX | PIPE_TYPE_BYTE | PIPE_READMODE_BYTE,
                        PIPE_WAIT,
                        1,
                        1024 * 16,
                        1024 * 16,
                        NMPWAIT_USE_DEFAULT_WAIT,
                        NULL);
while (hPipe != NULL)
{
    if (ConnectNamedPipe(hPipe, NULL) != FALSE)
    {
        while (ReadFile(hPipe, buffer, sizeof(buffer), &dwRead, NULL) != FALSE)
        {
			int i = 0;
			for (; i < strlen(buffer); i++)
			{
				if (isprint(buffer[i]) == false)
					break;

				text[i] = buffer[i];
			}
			EQTFunctions(text, sizeof(buffer));
			memset(text, 0, sizeof(text));
			memset(buffer, 0, sizeof(buffer));
			dwRead = {};
        }
		FlushFileBuffers(hPipe);
    }
    DisconnectNamedPipe(hPipe);
}
}

BOOL APIENTRY DllMain( HMODULE hModule,
                   DWORD  ul_reason_for_call,
                   LPVOID lpReserved
				 )
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
	CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)OnAttach, hModule, 0, NULL );            
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
	break;
}
return TRUE;
}
Add a custom footer
Add a custom sidebar
Clone this wiki locally