Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import tkinter as tk
- from tkinter import scrolledtext, messagebox
- import ctypes
- import psutil
- import threading
- import time
- import os
- # --- Configuration ---
- DLL_NAME = "Executor.dll" # The name of your C++ exploit DLL
- PIPE_NAME = r'\\.\pipe\DolphinExecutorPipe' # The named pipe for communication
- # --- Windows API Definitions using ctypes ---
- # Constants
- PROCESS_ALL_ACCESS = (0x000F0000 | 0x00100000 | 0xFFF)
- MEM_COMMIT = 0x1000
- MEM_RESERVE = 0x2000
- PAGE_EXECUTE_READWRITE = 0x40
- # Kernel32 functions
- kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
- OpenProcess = kernel32.OpenProcess
- OpenProcess.argtypes = [ctypes.c_uint, ctypes.c_bool, ctypes.c_uint]
- OpenProcess.restype = ctypes.c_void_p
- VirtualAllocEx = kernel32.VirtualAllocEx
- VirtualAllocEx.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_size_t, ctypes.c_uint, ctypes.c_uint]
- VirtualAllocEx.restype = ctypes.c_void_p
- WriteProcessMemory = kernel32.WriteProcessMemory
- WriteProcessMemory.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_size_t, ctypes.POINTER(ctypes.c_size_t)]
- WriteProcessMemory.restype = ctypes.c_bool
- GetModuleHandleA = kernel32.GetModuleHandleA
- GetModuleHandleA.argtypes = [ctypes.c_char_p]
- GetModuleHandleA.restype = ctypes.c_void_p
- GetProcAddress = kernel32.GetProcAddress
- GetProcAddress.argtypes = [ctypes.c_void_p, ctypes.c_char_p]
- GetProcAddress.restype = ctypes.c_void_p
- CreateRemoteThread = kernel32.CreateRemoteThread
- CreateRemoteThread.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_size_t, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_uint, ctypes.c_void_p]
- CreateRemoteThread.restype = ctypes.c_void_p
- CloseHandle = kernel32.CloseHandle
- CloseHandle.argtypes = [ctypes.c_void_p]
- CloseHandle.restype = ctypes.c_int
- class ExecutorApp:
- def __init__(self, root):
- self.root = root
- self.root.title("Dolphin Executor")
- self.root.geometry("500x350")
- self.root.configure(bg="#2E2E2E")
- self.root.resizable(False, False)
- self.injected = False
- self.roblox_pid = None
- # --- UI Elements ---
- self.title_label = tk.Label(root, text="Dolphin Executor", bg="#2E2E2E", fg="#00BFFF", font=("Arial", 16, "bold"))
- self.title_label.pack(pady=5)
- self.script_editor = scrolledtext.ScrolledText(root, width=58, height=15, bg="#1E1E1E", fg="white", insertbackground="white", font=("Consolas", 10))
- self.script_editor.pack(pady=5, padx=10)
- self.script_editor.insert(tk.INSERT, "-- Paste your Lua script here")
- self.button_frame = tk.Frame(root, bg="#2E2E2E")
- self.button_frame.pack(pady=5)
- self.inject_button = tk.Button(self.button_frame, text="Inject", command=self.inject_thread, bg="#4CAF50", fg="white", font=("Arial", 10, "bold"), relief=tk.FLAT)
- self.inject_button.grid(row=0, column=0, padx=10)
- self.execute_button = tk.Button(self.button_frame, text="Execute", command=self.execute_script, bg="#008CBA", fg="white", font=("Arial", 10, "bold"), relief=tk.FLAT)
- self.execute_button.grid(row=0, column=1, padx=10)
- self.status_label = tk.Label(root, text="Status: Ready", bg="#2E2E2E", fg="white", font=("Arial", 9))
- self.status_label.pack(side=tk.BOTTOM, fill=tk.X, ipady=2)
- def find_roblox_pid(self):
- """Finds the process ID of RobloxPlayerBeta.exe."""
- for proc in psutil.process_iter(['pid', 'name']):
- if proc.info['name'] == 'RobloxPlayerBeta.exe':
- return proc.info['pid']
- return None
- def inject_thread(self):
- """Starts the injection process in a separate thread to keep the UI responsive."""
- threading.Thread(target=self.inject_logic).start()
- def inject_logic(self):
- """Handles the core DLL injection logic."""
- if self.injected:
- self.update_status("Already injected.", "yellow")
- return
- self.update_status("Searching for Roblox...", "orange")
- self.roblox_pid = self.find_roblox_pid()
- if not self.roblox_pid:
- self.update_status("Roblox process not found.", "red")
- return
- self.update_status(f"Roblox found (PID: {self.roblox_pid}). Injecting...", "orange")
- dll_path = os.path.abspath(DLL_NAME)
- if not os.path.exists(dll_path):
- self.update_status(f"Error: {DLL_NAME} not found in the same directory.", "red")
- messagebox.showerror("DLL Not Found", f"The required DLL '{DLL_NAME}' was not found.")
- return
- # 1. Get a handle to the process
- h_process = OpenProcess(PROCESS_ALL_ACCESS, False, self.roblox_pid)
- if not h_process:
- self.update_status(f"Error: Could not open process. Try running as admin.", "red")
- return
- # 2. Allocate memory for the DLL path in the target process
- dll_path_bytes = dll_path.encode('ascii')
- path_alloc_mem = VirtualAllocEx(h_process, None, len(dll_path_bytes) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE)
- if not path_alloc_mem:
- self.update_status("Error: Could not allocate memory.", "red")
- CloseHandle(h_process)
- return
- # 3. Write the DLL path to the allocated memory
- bytes_written = ctypes.c_size_t(0)
- if not WriteProcessMemory(h_process, path_alloc_mem, dll_path_bytes, len(dll_path_bytes), ctypes.byref(bytes_written)):
- self.update_status("Error: Could not write to process memory.", "red")
- CloseHandle(h_process)
- return
- # 4. Get the address of LoadLibraryA
- h_kernel32 = GetModuleHandleA(b"kernel32.dll")
- load_library_addr = GetProcAddress(h_kernel32, b"LoadLibraryA")
- # 5. Create a remote thread to load the DLL
- h_thread = CreateRemoteThread(h_process, None, 0, load_library_addr, path_alloc_mem, 0, None)
- if not h_thread:
- self.update_status("Error: Failed to create remote thread.", "red")
- CloseHandle(h_process)
- return
- CloseHandle(h_thread)
- CloseHandle(h_process)
- self.injected = True
- self.update_status("Injection successful!", "green")
- def execute_script(self):
- """Sends the script from the text box to the injected DLL via a named pipe."""
- if not self.injected:
- self.update_status("You must inject before executing.", "yellow")
- messagebox.showwarning("Not Injected", "Please press the 'Inject' button first.")
- return
- script_content = self.script_editor.get("1.0", tk.END)
- if not script_content.strip():
- self.update_status("Cannot execute empty script.", "yellow")
- return
- try:
- self.update_status("Executing script...", "orange")
- # Connect to the named pipe created by the DLL
- pipe = open(PIPE_NAME, 'w')
- pipe.write(script_content)
- pipe.close()
- self.update_status("Script sent to Roblox.", "green")
- except FileNotFoundError:
- self.update_status(f"Error: Pipe '{PIPE_NAME}' not found. Is DLL running?", "red")
- self.injected = False # Assume DLL crashed or failed
- except Exception as e:
- self.update_status(f"Pipe Error: {e}", "red")
- self.injected = False
- def update_status(self, message, color):
- """Updates the status label with a given message and color."""
- self.status_label.config(text=f"Status: {message}", fg=color)
- if __name__ == "__main__":
- # Check for admin rights, as they are often required for OpenProcess
- try:
- is_admin = (os.getuid() == 0)
- except AttributeError:
- is_admin = ctypes.windll.shell32.IsUserAnAdmin() != 0
- if not is_admin:
- messagebox.showwarning("Admin Rights", "This program may require administrator privileges to function correctly.")
- root = tk.Tk()
- app = ExecutorApp(root)
- root.mainloop()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
