Hi
you want to know how easy it is to load an injection into a running process?
here you go
Injector Code:
easy .dll to test it
isnt it simple?
another simple method. old but it does what its supposed to do
you want to know how easy it is to load an injection into a running process?
here you go
Injector Code:
PHP Code:
#include <windows.h>
typedef HINSTANCE (*fpLoadLibrary)(char*);
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow )
{
HANDLE hProc;
LPVOID paramAddr;
HINSTANCE hDll;
DWORD id;
HWND hProcWnd = FindWindow(0, "Calculator");
GetWindowThreadProcessId(hProcWnd, &id);
hDll = LoadLibrary("KERNEL32");
fpLoadLibrary LoadLibraryAddr = (fpLoadLibrary)GetProcAddress(hDll, "LoadLibraryA");
char* dll_path = "D:\Programme\Microsoft Visual Studio\MyProjects\mydll\Release\mydll.dll";
hProc = OpenProcess(PROCESS_ALL_ACCESS, false, id);
paramAddr = VirtualAllocEx(hProc, 0, strlen(dll_path)+1, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProc, paramAddr, dll_path, strlen(dll_path)+1, NULL);
CreateRemoteThread(hProc, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibraryAddr, paramAddr, 0, 0);
CloseHandle(hProc);
return 0;
}
easy .dll to test it
PHP Code:
HANDLE ThreadHandle;
DWORD threadId = 0;
DWORD WINAPI my_thread(void *par);
BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
{
switch (reason)
{
case DLL_PROCESS_ATTACH:
Beep(1000, 1000);
ThreadHandle = CreateThread(0, 0x1000, &my_thread, 0, 0, &threadId);
break;
case DLL_PROCESS_DETACH:
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
DWORD WINAPI my_thread(void *par)
{
while(true)
{
Beep(2000, 100);
Sleep(1000);
}
}
isnt it simple?
another simple method. old but it does what its supposed to do
Quote:This is a VERY basic way to inject a DLL into a remote process. We find our process, make space in our targets memory space with VirtualAllocEx and make our target load our DLL with CreateRemoteThread. If you have any questions about any of these functions refer to MSDN... the rest of the code should be pretty self explanatory. Hopefully it can help someone...
PHP Code:
// Some dll injection code
// November 21, 2004
// by sw!vet
// injection_thread.cpp
DWORD WINAPI InjectionThread(LPVOID lpParam)
{
while(1) // wait for process
{
// handle to processes
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 PE32;
PE32.dwSize = sizeof(PROCESSENTRY32);
if(!Process32First(hSnapshot, &PE32))
return 0;
while(Process32Next(hSnapshot, &PE32))
{
// is process our target?
if(strcmp("hl.exe", PE32.szExeFile)== 0)
{
Sleep(100); // don't crash the game
// handle to our process
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, PE32.th32ProcessID);
HANDLE hModule = VirtualAllocEx(hProcess, 0, sizeof(szDllToInject), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
// write our dll name to target process space
WriteProcessMemory(hProcess, hModule, (LPVOID)szDllToInject, sizeof(szDllToInject), NULL);
// call loadlibrary and load our thread
CreateRemoteThread(hProcess, NULL, 0, (unsigned long(__stdcall *)(void *))GetProcAddress(GetModuleHandle("kernel32"), "LoadLibraryA"), hModule, 0, NULL);
// cleanup
CloseHandle(hProcess);
CloseHandle(hModule);
ExitProcess(0);
break;
}
}
CloseHandle(hSnapshot);
Sleep(5);
}
return 0;
}