• 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Tutorial VB Injection Source
#1
Star 
I would like to know a good source code on how to make a DLL injector
if you post the code = +1 Thanks
  Reply
#2
here ya go
there are different ways to inject a dll.

overall:
Loadlibrary syntax
VB Code
  1. HMODULE WINAPI LoadLibrary(
  2. __in LPCTSTR lpFileName
  3. );


FreeLibrary syntax
VB Code
  1. BOOL WINAPI FreeLibrary(
  2. __in HMODULE hModule
  3. );


1.
VB Code
  1. Public Class Form1
  2.  
  3. Private TargetProcessHandle As Integer
  4. Private pfnStartAddr As Integer
  5. Private pszLibFileRemote As String
  6. Private TargetBufferSize As Integer
  7.  
  8. Public Const PROCESS_VM_READ = &H10
  9. Public Const TH32CS_SNAPPROCESS = &H2
  10. Public Const MEM_COMMIT = 4096
  11. Public Const PAGE_READWRITE = 4
  12. Public Const PROCESS_CREATE_THREAD = (&H2)
  13. Public Const PROCESS_VM_OPERATION = (&H8)
  14. Public Const PROCESS_VM_WRITE = (&H20)
  15.  
  16. Public Declare Function ReadProcessMemory Lib "kernel32" ( _
  17. ByVal hProcess As Integer, _
  18. ByVal lpBaseAddress As Integer, _
  19. ByVal lpBuffer As String, _
  20. ByVal nSize As Integer, _
  21. ByRef lpNumberOfBytesWritten As Integer) As Integer
  22.  
  23. Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" ( _
  24. ByVal lpLibFileName As String) As Integer
  25.  
  26. Public Declare Function VirtualAllocEx Lib "kernel32" ( _
  27. ByVal hProcess As Integer, _
  28. ByVal lpAddress As Integer, _
  29. ByVal dwSize As Integer, _
  30. ByVal flAllocationType As Integer, _
  31. ByVal flProtect As Integer) As Integer
  32.  
  33. Public Declare Function WriteProcessMemory Lib "kernel32" ( _
  34. ByVal hProcess As Integer, _
  35. ByVal lpBaseAddress As Integer, _
  36. ByVal lpBuffer As String, _
  37. ByVal nSize As Integer, _
  38. ByRef lpNumberOfBytesWritten As Integer) As Integer
  39.  
  40. Public Declare Function GetProcAddress Lib "kernel32" ( _
  41. ByVal hModule As Integer, ByVal lpProcName As String) As Integer
  42.  
  43. Private Declare Function GetModuleHandle Lib "Kernel32" Alias "GetModuleHandleA" ( _
  44. ByVal lpModuleName As String) As Integer
  45.  
  46. Public Declare Function CreateRemoteThread Lib "kernel32" ( _
  47. ByVal hProcess As Integer, _
  48. ByVal lpThreadAttributes As Integer, _
  49. ByVal dwStackSize As Integer, _
  50. ByVal lpStartAddress As Integer, _
  51. ByVal lpParameter As Integer, _
  52. ByVal dwCreationFlags As Integer, _
  53. ByRef lpThreadId As Integer) As Integer
  54.  
  55. Public Declare Function OpenProcess Lib "kernel32" ( _
  56. ByVal dwDesiredAccess As Integer, _
  57. ByVal bInheritHandle As Integer, _
  58. ByVal dwProcessId As Integer) As Integer
  59.  
  60. Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" ( _
  61. ByVal lpClassName As String, _
  62. ByVal lpWindowName As String) As Integer
  63.  
  64. Private Declare Function CloseHandle Lib "kernel32" Alias "CloseHandleA" ( _
  65. ByVal hObject As Integer) As Integer
  66.  
  67.  
  68.  
  69.  
  70. Private Sub Inject()
  71.  
  72.  
  73. Timer1.Stop()
  74. Dim TargetProcess As Process() = Process.GetProcessesByName("processname without .exe")
  75. TargetProcessHandle = OpenProcess(PROCESS_CREATE_THREAD Or PROCESS_VM_OPERATION Or PROCESS_VM_WRITE, False, TargetProcess(0).Id)
  76. pszLibFileRemote = "path to the .dll"
  77. pfnStartAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
  78. TargetBufferSize = 1 + Len(pszLibFileRemote)
  79. Dim Rtn As Integer
  80. Dim LoadLibParamAdr As Integer
  81. LoadLibParamAdr = VirtualAllocEx(TargetProcessHandle, 0, TargetBufferSize, MEM_COMMIT, PAGE_READWRITE)
  82. Rtn = WriteProcessMemory(TargetProcessHandle, LoadLibParamAdr, pszLibFileRemote, TargetBufferSize, 0)
  83. CreateRemoteThread(TargetProcessHandle, 0, 0, pfnStartAddr, LoadLibParamAdr, 0, 0)
  84. CloseHandle(TargetProcessHandle)
  85.  
  86. End Sub
  87.  
  88. Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
  89. If IO.File.Exists("path to the .dll") Then
  90. Dim TargetProcess As Process() = Process.GetProcessesByName("processname without .exe")
  91. If TargetProcess.Length = 0 Then
  92.  
  93. Else
  94. Timer1.Stop()
  95. Call Inject()
  96. End If
  97. Else
  98. Timer1.Stop()
  99. MsgBox(".Dll not found.")
  100.  
  101. End If
  102. End Sub
  103.  
  104. Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
  105. Timer1.Interval = 50
  106. Timer1.Start()
  107. End Sub
  108. End Class


2. the attachment


Attached Files
.zip   VB Injector Source Code.zip (Size: 16.77 KB / Downloads: 144)
[-] The following 3 users say Thank You to d0h! for this post:
  • Cgallagher, Ferrari, Helios
  Reply
#3
CreateRemoteThread with the LoadLibraryA function is the essential part.
[-] The following 1 user says Thank You to SuperNovaAO for this post:
  • Cgallagher
  Reply
#4
Thanks doh
/Thanked

I'll dl when I'm back on my pc
  Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  [Release] [SOURCE] Random Weapons. [HARD] Tony. 1 1,769 11-08-2013, 11:11
Last Post: Nekochan
  Help source random weapons [HARD] Tony. 4 1,661 11-08-2013, 05:25
Last Post: [HARD] Tony.
  [Request] Health and Points on hud source robinvm 7 1,975 10-27-2013, 08:23
Last Post: robinvm
  [Release] [SOURCE] DOOR V2.0 [HARD] Tony. 5 2,291 09-26-2013, 14:01
Last Post: Nekochan
  [source] medic E-losev 6 2,158 07-26-2013, 06:18
Last Post: E-losev
  [source] vAmpIr E-losev 5 1,851 07-25-2013, 16:28
Last Post: Bandarigoda123
  [Release] Barata's REAL External Console Source C# barata 37 9,326 06-28-2013, 23:47
Last Post: barata
  [Release] Shoutbot + source JariZ 11 2,409 04-05-2013, 18:15
Last Post: SuperNovaAO
Rainbow [News] Valve strikes again (Source Filmmaker) estebespt 25 4,656 04-05-2013, 18:15
Last Post: SuperNovaAO
  MapEdit Source archit 0 1,592 03-28-2013, 12:06
Last Post: archit

Forum Jump:


Users browsing this thread: 1 Guest(s)