Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Tutorial DLL injection
#1
Hi

you want to know how easy it is to load an injection into a running process?
here you go

Injector Code:
PHP Code:
#include <windows.h>
typedef HINSTANCE (*fpLoadLibrary)(char*);

int APIENTRY WinMain(HINSTANCE hInstance,
                     
HINSTANCE hPrevInstance,
                     
LPSTR     lpCmdLine,
                     
int       nCmdShow )
{

    
HANDLE hProc;
    
LPVOID paramAddr;
    
HINSTANCE hDll;
    
DWORD id;

    
HWND hProcWnd FindWindow(0"Calculator");

    
GetWindowThreadProcessId(hProcWnd, &id);

    
hDll LoadLibrary("KERNEL32");

    
fpLoadLibrary LoadLibraryAddr = (fpLoadLibrary)GetProcAddress(hDll"LoadLibraryA");

    
chardll_path "D:\Programme\Microsoft Visual Studio\MyProjects\mydll\Release\mydll.dll";

    
hProc OpenProcess(PROCESS_ALL_ACCESSfalseid);

    
paramAddr VirtualAllocEx(hProc0strlen(dll_path)+1MEM_COMMITPAGE_READWRITE);

    
WriteProcessMemory(hProcparamAddrdll_pathstrlen(dll_path)+1NULL);

    
CreateRemoteThread(hProc00, (LPTHREAD_START_ROUTINE)LoadLibraryAddrparamAddr00);

    
CloseHandle(hProc);

    return 
0;



easy .dll to test it
PHP Code:
HANDLE ThreadHandle;

DWORD threadId 0;


DWORD WINAPI my_thread(void *par);


BOOL APIENTRY DllMain (HINSTANCE hInstDWORD reasonLPVOID reserved)

{

    switch (
reason)

    {

    case 
DLL_PROCESS_ATTACH:

        
Beep(10001000);

        
ThreadHandle CreateThread(00x1000, &my_thread00, &threadId);

        break;

        

    case 
DLL_PROCESS_DETACH:

        break;

        

    case 
DLL_THREAD_ATTACH:

        break;

        

    case 
DLL_THREAD_DETACH:

        break;

    }

    

    return 
TRUE;

}


DWORD WINAPI my_thread(void *par)

{

    while(
true)

    {

        
Beep(2000100);

        
Sleep(1000);

    }



isnt it simple?

another simple method. old but it does what its supposed to do

Quote:This is a VERY basic way to inject a DLL into a remote process. We find our process, make space in our targets memory space with VirtualAllocEx and make our target load our DLL with CreateRemoteThread. If you have any questions about any of these functions refer to MSDN... the rest of the code should be pretty self explanatory. Hopefully it can help someone...

PHP Code:
// Some dll injection code
// November 21, 2004
// by sw!vet
// injection_thread.cpp

DWORD WINAPI InjectionThread(LPVOID lpParam)

{

        while(
1// wait for process

        
{

                
// handle to processes

                
HANDLE hSnapshot CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS0);


                
PROCESSENTRY32 PE32;

                
PE32.dwSize sizeof(PROCESSENTRY32);


                if(!
Process32First(hSnapshot, &PE32))

                        return 
0;


                while(
Process32Next(hSnapshot, &PE32))

                {

                        
// is process our target?

                        
if(strcmp("hl.exe"PE32.szExeFile)== 0)

                        {

                                
Sleep(100); // don't crash the game


                                // handle to our process

                                
HANDLE hProcess OpenProcess(PROCESS_ALL_ACCESSfalsePE32.th32ProcessID);

                                
HANDLE hModule VirtualAllocEx(hProcess0sizeof(szDllToInject), MEM_COMMITPAGE_EXECUTE_READWRITE);


                                
// write our dll name to target process space

                                
WriteProcessMemory(hProcesshModule, (LPVOID)szDllToInjectsizeof(szDllToInject), NULL);

                                
// call loadlibrary and load our thread

                                
CreateRemoteThread(hProcessNULL0, (unsigned long(__stdcall *)(void *))GetProcAddress(GetModuleHandle("kernel32"), "LoadLibraryA"), hModule0NULL);


                                
// cleanup

                                
CloseHandle(hProcess);

                                
CloseHandle(hModule);


                                
ExitProcess(0);


                                break;

                        }

                }


                
CloseHandle(hSnapshot);


                
Sleep(5);

        }


        return 
0;


Reply

#2
Meh, WriteProcessMemory in a injected DLL? waste of resources should use memcpy, never the less good tutorial
Reply



Possibly Related Threads…
Thread Author Replies Views Last Post
Question [Request] Help on dll Injection code! barata 8 5,356 12-15-2012, 18:52
Last Post: kokole
  Help WinSock DLL Injection JariZ 6 5,316 05-05-2012, 23:15
Last Post: Pozzuh
  Mw2 Functions Injection - DLL NieXrlaM 11 10,290 08-01-2011, 08:52
Last Post: d0h!
  [Tutorial] C++ Trainer without dll injection d0h! 3 8,485 01-16-2011, 04:33
Last Post: TimeShift
Star [Tutorial] VB Injection Source Cgallagher 3 5,560 11-07-2010, 13:00
Last Post: Cgallagher

Forum Jump:


Users browsing this thread:
1 Guest(s)

Forum Powered By MyBB, Theme by © 2002-2024 Melroy van den Berg.