Help DLL Injector Fails [C++]

[Tomsen1410]

Need help!
I have my little DLLInjector code and it can inject DLLs!
But...
it ONLY can inject a DLL in a process, when i already injected the DLL with Winject.
So i wrote a DLL to display a messageBox, when injected, and then ive tried to inject it to Notepad++...but it didnt work. But when i inject the DLL in notepad++ with Winject it works...and then when i try it with my Injector again it works, too o.0.

Also i cant inject the DLL to the basic notepad(not ++)...neither with my injector nor with Winject. Maybe because of 64bit stuff?
Anyways need help.

Here is the Injector source:

PHP Code:

#include <windows.h>
#include <tlhelp32.h>
#include <shlwapi.h>
#include "cus.h"

#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)

using namespace std;

//fr errorcode
DWORD dErr;
TCHAR sErrStatus[256];    
//

DWORD ProcID;
bool InjectSuccess;
bool hasProcID;

string sDLLStatus;
string sProcessStatus;
string sEndStatus = "Press [F2] to quit";
string sCusInjectStatus = "Press [F1] to inject DLL";

char* DLLName = NULL;
char* ProcName = NULL;
string sProcName;
string sDLLName;

bool getProcID(char* cPName,DWORD *idAdd);
bool InjectDLL(DWORD pID);
void UI();


int main()
{
    eigen::central("----------DLL INJECTOR---------");
    cout << endl;
    eigen::central("by Tomsen1410");
    cout << endl;
    eigen::central("-------------------------------");
    cout << endl;
    cout << endl;
    
    cout << "Type in process name: ";
    cin >> sProcName;
    ProcName = new char[sProcName.length()];
    strcpy(ProcName, sProcName.c_str());
    
    cout << endl;
    cout << "Type in the DLL name: ";
    cin >> sDLLName;
    DLLName = new char[sDLLName.length()];
    strcpy(DLLName, sDLLName.c_str());
    
    sDLLStatus = "-";
    sProcessStatus = "-";
    UI();
    while(!InjectSuccess){
    
        if(GetAsyncKeyState(VK_F1))
        {    
            hasProcID = getProcID(ProcName,&ProcID);
            InjectSuccess = InjectDLL(ProcID);
            if(InjectSuccess){sEndStatus = "";sCusInjectStatus = "";}
            UI();
            Sleep(100);
        }
        if(GetAsyncKeyState(VK_F2))
        {    
            return 0;
        }
    }
    Beep(1600,200);
    UI();
    cout << endl << endl;
    cout << "---INJECTED---"<<endl;
    for(int i=3;i>0;i--){
        cout << "Closing in " << i << endl;
        Sleep(1000);
    }

    
    return 0;
}

bool getProcID(char* cPName,DWORD *idAdd){

    bool isHere;
    PROCESSENTRY32 pe32;
    HANDLE hSnapShot;

    hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if(hSnapShot == INVALID_HANDLE_VALUE){
               dErr = GetLastError();
               FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, dErr, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)sErrStatus,0,NULL);return false;}
    pe32.dwSize = sizeof(PROCESSENTRY32);

    isHere = Process32First(hSnapShot,&pe32);

    while(isHere){

        if(strcmp(cPName,pe32.szExeFile) == 0){
            *idAdd = pe32.th32ProcessID;
            CloseHandle(hSnapShot);
            sProcessStatus = "--Fine--";
            return true;}
        isHere = Process32Next(hSnapShot,&pe32);
        pe32.dwSize = sizeof(PROCESSENTRY32);
    }

    CloseHandle(hSnapShot);
    sProcessStatus = "Process not found!";


    return false;
}

bool InjectDLL(DWORD pID){


    //check if DLL exists
    ifstream fDLL(DLLName);
    if(!fDLL){

            sDLLStatus = "File not found!";
            return false;}
    
   HANDLE Proc;
   HANDLE hWirt;
   char buf[50]={0};
   LPVOID RemoteString, LoadLibAddy;

   Proc = OpenProcess(CREATE_THREAD_ACCESS, FALSE, pID);

   if(!Proc)
   {    
       dErr = GetLastError();
       FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, dErr, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)sErrStatus,0,NULL);
       return false;
   }

   LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
   if(LoadLibAddy == NULL){
       dErr = GetLastError();
       FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, dErr, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)sErrStatus,0,NULL);
       return false;}
   RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLLName)+1, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
   if(RemoteString == NULL){
       dErr = GetLastError();
       FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, dErr, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)sErrStatus,0,NULL);
       return false;}
   if(WriteProcessMemory(Proc, (LPVOID)RemoteString, DLLName, strlen(DLLName)+1, NULL) == 0){
       dErr = GetLastError();
       FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, dErr, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)sErrStatus,0,NULL);
       return false;}
   hWirt = CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL);
   if(hWirt = NULL){
       dErr = GetLastError();
       FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, dErr, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)sErrStatus,0,NULL);
       return false;}
   sDLLStatus = "--Fine--";
   CloseHandle(Proc);   
   return true;
}

//
void UI(){

    system("CLS");
    eigen::central("----------DLL INJECTOR---------");
    cout << endl;
    eigen::central("by Tomsen1410");
    cout << endl;
    eigen::central("-------------------------------");
    cout << endl;
    cout << endl;
    cout << endl;
    cout << sCusInjectStatus << endl;
    cout << sEndStatus << endl << endl;
    cout << "Process Status: " << sProcessStatus << endl;
    cout << "DLL Status    : " << sDLLStatus << endl;
    if(sErrStatus != ""){
        cout << endl;
        cout << "Error: " << sErrStatus;}

} 


And here is the DLL source:

PHP Code:

#include "main.h"

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    MessageBoxA(0, "test", "", 0);

    return TRUE;
} 


[kokole]

im not experienced in this shit but maybe you must first open the offset or something like that?

[JellyInjector]

Sorry, i only inject jelly.

[Tomsen1410]

im not experienced in this shit but maybe you must first open the offset or something like that?

what do u mean with that? :>

[Tomsen1410]

no really... i dont know how to do that what u said^^

[aosma8]

Try this

Console injector by PhyX

main.cpp

Code:

#include <windows.h>
#include <iostream>
#include <tlhelp32.h>
#define MAXWAIT 10000
#include "injection.h"

using namespace std;

int main()
{
    char exename[MAX_PATH];
    char dllname[MAX_PATH];

    cout << "Welcome to PhyX injector v1.0" << endl;
    Sleep(1000);
    cout << "Please enter dll name Example: c:\\PhyX.dll\n" << endl;
    cin >> dllname;
    cout << "Dll name is:" << dllname << endl;
    Sleep(1000);
    cout << " Please enter window name of the processor example:notepad " << endl;
    cin >> exename;
    cout << "Widnow name is" << exename << endl;
    Sleep(1000);

    BOOL bFound;
    PROCESSENTRY32 pe;
    HANDLE hSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    pe.dwSize=sizeof(pe);
    bFound=Process32First(hSnap,&pe);
    do {
        if (strstr(pe.szExeFile,exename)) {
            insertDll(pe.th32ProcessID, dllname); // c:\\PhyX.dll
            cout << "Injection successful!" << endl;
        }else{ cout << "Injection failed!" << endl; }

        pe.dwSize=sizeof(pe);
        bFound=Process32Next(hSnap,&pe);
    } while(bFound);
    getchar();
}

injection.h

Code:

bool insertDll(DWORD procID, char *dll)
{
    //Find the address of the LoadLibrary api, luckily for us, it is loaded in the same address for every process
    HMODULE hLocKernel32 = GetModuleHandle("Kernel32");
    FARPROC hLocLoadLibrary = GetProcAddress(hLocKernel32, "LoadLibraryA");

    HANDLE hProc = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_VM_OPERATION, FALSE, procID);

    printf("prochandle %d %d\n",hProc,procID);
    //Allocate memory to hold the path to the Dll File in the process's memory

    LPVOID hRemoteMem = VirtualAllocEx(hProc, NULL,strlen( dll)+1, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE);
    printf("%x\n",hRemoteMem);

    //Write the path to the Dll File in the location just created
    WriteProcessMemory(hProc, hRemoteMem, dll, strlen(dll)+1,0);

    //Create a remote thread that starts begins at the LoadLibrary function and is passed are memory pointer
    HANDLE hRemoteThread = CreateRemoteThread(hProc, NULL, 0, (LPTHREAD_START_ROUTINE)hLocLoadLibrary, hRemoteMem, 0, NULL);

    //Release the handle to the other process
    CloseHandle(hProc);

    return 0;
}

[Tomsen1410]

thanks but thats nearly the same as mine