How could I use a procedure from .dll? I really need help.

[Dronic]

Hi.
I found this topic: http://tpforums.org/forum/threads/40...Tibia-internal and I would like to write it in my .dll and when I want I would like to use this procedure in my .exe file.

I've got a lot problems with that, so I will be grateful when someone will just look at this.

That's the code of my current dll:

Code:

 library oskar;
 
uses
  SysUtils,
  Classes,
  Messages,
  Windows;
 
{$R *.res}
 
procedure FSpeech(AType: Byte; AText:PChar); cdecl; export;
 
const
  Adr = $004073F0; //8.60
 
var
  FSpeech: procedure(AType: Byte; AText:PChar);
 
begin
  @FSpeech := Ptr(Adr);
 
end;
 
exports
FSpeech;
end.

I calling this procedure in my exe by using this code:

Code:

procedure FSpeech(AType: Byte; AText:PChar); cdecl; external 'oskar.dll';

I trying to use it by clicking on button. That's what I've got on my button:
fspeech(1,'help me');

I think that everything looks normal and it should be work, but it isn't. Could someone help me?

Thanks.


@@Edit
If anything is not able to understand please tell me. I will try to make it easier to understand. My english is not perfect (especially when I am drunk). xD

[ottizy]

You need to inject the DLL or call the internal procedure using codecaves and CreateRemoteThread

[Dronic]

Okay. So you just saying that everything is fine with my dll, but I have to inject it, yes?
As I said I calling my .dll file by using this code: procedure FSpeech(AType: Byte; AText:PChar); cdecl; external 'oskar.dll';
I think it should be enough. We're not injecting packet.dll into your client, we just calling function written inside. I used same method.

[ottizy]

If you look at the link you posted you can see an example of how the DLL should like and how you inject it

[Dronic]

The problem is that my .dll cannot looks like this one from the link what I posted. I would like to use this function when I will click on button. To do it I should make a procedure what I could call whenever I want.

[ottizy]

It looks like you're just exporting the DLL function. This won't work. You need to inject the DLL.

[Blequi]

if I understood you correctly, you just want to expose Tibias functions through an injected dll to your main program outside the dll.

You can create a named pipe between your .exe <-> injected dll to call functions, talk to each other and so on (if I'm not wrong, TibiaApi does this way). Alternatively, as ottizy said, CreateRemoteThread and call the internal function (ex: at $004073F0) directly without inject a dll, just by allocating and freeing memory to push parameters and bytes to the function call (sometimes called codecave) with VirtualAllocEx and VirtualFreeEx.

Either way, you have to pay attention to the packet sender thread (stop it, execute the procedure, resume it) to prevent race conditions and so on.

[Dronic]

I am able to use packet.dll and it's so easy to send packets to the game by this way
I really want to do it by injecting dll, but if there is no chance (or it's harder) could you tell me more about CreateRemoteThread in delphi? Maybe any tutorial/example ?


By the way. That's how my

Code:

 unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls;

type
  TForm1 = class(TForm)
    Button1: TButton;
    Button2: TButton;
    Edit1: TEdit;
    Button3: TButton;
    Button4: TButton;
    procedure FormCreate(Sender: TObject);
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;
  PID:Cardinal;
  hWndF:hwnd;


implementation
Procedure FSpeech (TalkMode: Integer;Text: Pchar);cdecl ;external 'say.dll';
{$R *.dfm}

procedure InjectDll(PID: dword;  DLL: pChar);
var
  BytesWritten, hProcess, hThread, TID: Cardinal;
  Parameters: pointer;
  pThreadStartRoutine: Pointer;
begin
  hProcess := OpenProcess(PROCESS_ALL_ACCESS,  False,  PID);
  Parameters := VirtualAllocEx( hProcess, nil, Length(DLL)+1, MEM_COMMIT or MEM_RESERVE, PAGE_READWRITE);
  WriteProcessMemory(hProcess,Parameters,Pointer(DLL),Length(DLL)+1,BytesWritten);
  pThreadStartRoutine := GetProcAddress(GetModuleHandle('KERNEL32.DLL'), 'LoadLibraryA');
  hThread := CreateRemoteThread(hProcess,  nil,  0,  pThreadStartRoutine,  Parameters,  0,  TID);
  CloseHandle(hProcess);
end;






procedure TForm1.FormCreate(Sender: TObject);
begin
  hwndf:=findwindow(nil,'Tibia');
  Getwindowthreadprocessid(hwndf,@PID);
InjectDll(PID,pchar(ExtractFilePath(Application.ExeName)+'say.dll'));
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
FSpeech(1,'lolek');
end;


end.

and that's how my .dll looks like:

Code:

 library say;
 
uses
  SysUtils,
  Classes,
  Messages,
  Windows;
 
{$R *.res}


 
 
procedure FSpeech (AType: Byte; AText:PChar); cdecl;
const
  Adr = $004073F0;
var
  FSpeech: procedure(AType: Byte; AText:PChar); cdecl;

begin
  @FSpeech := Ptr(Adr);
end;
 
exports
FSpeech;
end.

And one more think. As you said exacly I would like to export the procedure from .dll and I want to use this procedure in my .exe by clicking on button.

[ottizy]

It won't work to export the function from the DLL when it's injected. Like Blequi said, you can use named pipes to interact with the DLL while it's injected.

[Dronic]

What the *** are named pipes ? xD How it works ?