0

So I'm working on a C++ Dll cheat/hack for a game (Minecraft). I created a little sample JNI project just to test things out, but a couple seconds after injecting the dll, Minecraft stops responding with a 'win32 unhandled exception'. I'm not experienced enough in C++ or using the JNI to understand what I'm doing wrong...

Here's my sample code (Not actually a hack, just wanted to try calling the clickMouse function to see if I was on the right track):

DWORD WINAPI Main_Thread(LPVOID lpParam)
{
HMODULE m_hDllInstance = LoadLibraryA("jvm.dll");
JavaVM *jvm;
JNIEnv *env;

typedef jint(JNICALL * GetCreatedJavaVMs)(JavaVM**, jsize, jsize*);

GetCreatedJavaVMs jni_GetCreatedJavaVMs = 
(GetCreatedJavaVMs)GetProcAddress(m_hDllInstance, "JNI_GetCreatedJavaVMs");

jint size = 1;
jint vmCount;

jint ret = jni_GetCreatedJavaVMs(&jvm, size, &vmCount);
jint rc = jvm->AttachCurrentThread((void **)& env, NULL);


jclass Minecraft = env->FindClass("net.minecraft.client.Minecraft");
jmethodID constructor = env->GetMethodID(Minecraft, "<init>", "()V");

jobject mc = env->NewObject(Minecraft, constructor);
jmethodID clickMouse = env->GetMethodID(Minecraft, "clickMouse", "()V");


while (!GetAsyncKeyState(VK_END))
{
    env->CallVoidMethod(mc, clickMouse);
}

jvm->DestroyJavaVM();
return S_OK;
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID 
lpReserved)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
{
    CreateThread(0, 0, Main_Thread, 0, 0, NULL);
}

return TRUE;
}

What's causing this to go wrong and how can I fix it?

P.S: Sorry if code looks a little funny, had a bit of trouble pasting it in here.

Edit: I tried running a debugger upon the crash, and it comes up with this: https://i.stack.imgur.com/HJXCv.jpg. I'm still not sure how to fix this...

4Dimensions
  • 83
  • 1
  • 10
  • Shouldn't you use `DetachCurrentThread()` instead of `DestroyJavaVM()`? – ssbssa Aug 06 '17 at 14:42
  • @ssbssa added this in, thanks. Any idea as to why it's crashing though? Should it theoretically work? – 4Dimensions Aug 06 '17 at 14:53
  • So you don't actually know where it's crashing, and you can't debug it?. You could try adding [OutputDebugString()](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363362.aspx) calls throughout so you know how far it went. – ssbssa Aug 06 '17 at 15:00
  • Just figured out where the problem lies with the help from running VS2017 debugger when the program stopped responding.. It says there's an access violation at line 17 which is jint ret = jni_GetCreatedJavaVMs(&jvm, size, &vmCount); See this for more details: http://imgur.com/a/E4UR1 – 4Dimensions Aug 06 '17 at 15:56
  • 1
    It seems like your call for `GetProcAddress(m_hDllInstance, "JNI_GetCreatedJavaVMs");` is failing. According to the debugging image you posted, the value of `jni_GetCreatedJavaVMs` is set to `0x00`. I am inexperienced with the content of this question, but I would hazard a guess that `GetProcAddress(...)` is failing to find the function you are looking for, and as such, it is returning NULL. As for how you can fix that, though, I am unsure. – Spencer D Aug 06 '17 at 16:12
  • @SpencerD thanks for the help. Pretty sure I fixed that by changing LoadLibrary with a param casted to LPCWSTR to LoadLibraryA, without needing to cast. Looks like I'm getting another error now though: http://imgur.com/a/Uot9K top image is in jni.h and bottom is in my DllMain (the cause of this error). Pretty sure it may be something to do with me getting the object parameters wrong? – 4Dimensions Aug 06 '17 at 16:21
  • @4Dimensions, the `clazz` (i.e., `Minecraft`) appears to be having the same issue: it is being returned as NULL. Again, being inexperienced with this topic, I cannot confidently give a solution, but the following may be of use: https://stackoverflow.com/a/27943091/2694511 – Spencer D Aug 06 '17 at 17:26

0 Answers0