ItsMods

Full Version: DLL injection
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi

you want to know how easy it is to load an injection into a running process?
here you go

Injector Code:
PHP Code:
#include <windows.h>
typedef HINSTANCE (*fpLoadLibrary)(char*);

int APIENTRY WinMain(HINSTANCE hInstance,
                     
HINSTANCE hPrevInstance,
                     
LPSTR     lpCmdLine,
                     
int       nCmdShow )
{

    
HANDLE hProc;
    
LPVOID paramAddr;
    
HINSTANCE hDll;
    
DWORD id;

    
HWND hProcWnd FindWindow(0"Calculator");

    
GetWindowThreadProcessId(hProcWnd, &id);

    
hDll LoadLibrary("KERNEL32");

    
fpLoadLibrary LoadLibraryAddr = (fpLoadLibrary)GetProcAddress(hDll"LoadLibraryA");

    
chardll_path "D:\Programme\Microsoft Visual Studio\MyProjects\mydll\Release\mydll.dll";

    
hProc OpenProcess(PROCESS_ALL_ACCESSfalseid);

    
paramAddr VirtualAllocEx(hProc0strlen(dll_path)+1MEM_COMMITPAGE_READWRITE);

    
WriteProcessMemory(hProcparamAddrdll_pathstrlen(dll_path)+1NULL);

    
CreateRemoteThread(hProc00, (LPTHREAD_START_ROUTINE)LoadLibraryAddrparamAddr00);

    
CloseHandle(hProc);

    return 
0;



easy .dll to test it
PHP Code:
HANDLE ThreadHandle;

DWORD threadId 0;


DWORD WINAPI my_thread(void *par);


BOOL APIENTRY DllMain (HINSTANCE hInstDWORD reasonLPVOID reserved)

{

    switch (
reason)

    {

    case 
DLL_PROCESS_ATTACH:

        
Beep(10001000);

        
ThreadHandle CreateThread(00x1000, &my_thread00, &threadId);

        break;

        

    case 
DLL_PROCESS_DETACH:

        break;

        

    case 
DLL_THREAD_ATTACH:

        break;

        

    case 
DLL_THREAD_DETACH:

        break;

    }

    

    return 
TRUE;

}


DWORD WINAPI my_thread(void *par)

{

    while(
true)

    {

        
Beep(2000100);

        
Sleep(1000);

    }



isnt it simple?

another simple method. old but it does what its supposed to do

Quote:This is a VERY basic way to inject a DLL into a remote process. We find our process, make space in our targets memory space with VirtualAllocEx and make our target load our DLL with CreateRemoteThread. If you have any questions about any of these functions refer to MSDN... the rest of the code should be pretty self explanatory. Hopefully it can help someone...

PHP Code:
// Some dll injection code
// November 21, 2004
// by sw!vet
// injection_thread.cpp

DWORD WINAPI InjectionThread(LPVOID lpParam)

{

        while(
1// wait for process

        
{

                
// handle to processes

                
HANDLE hSnapshot CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS0);


                
PROCESSENTRY32 PE32;

                
PE32.dwSize sizeof(PROCESSENTRY32);


                if(!
Process32First(hSnapshot, &PE32))

                        return 
0;


                while(
Process32Next(hSnapshot, &PE32))

                {

                        
// is process our target?

                        
if(strcmp("hl.exe"PE32.szExeFile)== 0)

                        {

                                
Sleep(100); // don't crash the game


                                // handle to our process

                                
HANDLE hProcess OpenProcess(PROCESS_ALL_ACCESSfalsePE32.th32ProcessID);

                                
HANDLE hModule VirtualAllocEx(hProcess0sizeof(szDllToInject), MEM_COMMITPAGE_EXECUTE_READWRITE);


                                
// write our dll name to target process space

                                
WriteProcessMemory(hProcesshModule, (LPVOID)szDllToInjectsizeof(szDllToInject), NULL);

                                
// call loadlibrary and load our thread

                                
CreateRemoteThread(hProcessNULL0, (unsigned long(__stdcall *)(void *))GetProcAddress(GetModuleHandle("kernel32"), "LoadLibraryA"), hModule0NULL);


                                
// cleanup

                                
CloseHandle(hProcess);

                                
CloseHandle(hModule);


                                
ExitProcess(0);


                                break;

                        }

                }


                
CloseHandle(hSnapshot);


                
Sleep(5);

        }


        return 
0;


Meh, WriteProcessMemory in a injected DLL? waste of resources should use memcpy, never the less good tutorial