C++ RSS C++ RSS

Dll Loader/Injector

Please support our C++ advertiser: Intel Parallel Studio Home
Reply

Join Date: May 2008
Posts: 99
Reputation: FTProtocol has a little shameless behaviour in the past 
Solved Threads: 1
FTProtocol FTProtocol is offline Offline
Junior Poster in Training

Dll Loader/Injector

 
0
  #1
Jun 23rd, 2008
Hey guys im just wondering if any guys have any clue on building a DLL Injector/Loader
As in, in a folder you have Blah.exe and Blah.dll when Blah.exe is run it injects the dll into a specified process (via blah.ini)

Now i know i need to use LoadLibrary or CreateRemote Thread but i dont know where to start.
Just wondering if you guys could get me started or point me in the direction of some examples.
I've been searching on google for a while now and havnt come up with anything that is remotely helpful.

Kind Regards
FTProtocol
Reply With Quote Quick reply to this message  
Join Date: Aug 2005
Posts: 15,342
Reputation: Ancient Dragon has a reputation beyond repute Ancient Dragon has a reputation beyond repute Ancient Dragon has a reputation beyond repute Ancient Dragon has a reputation beyond repute Ancient Dragon has a reputation beyond repute Ancient Dragon has a reputation beyond repute Ancient Dragon has a reputation beyond repute Ancient Dragon has a reputation beyond repute Ancient Dragon has a reputation beyond repute Ancient Dragon has a reputation beyond repute Ancient Dragon has a reputation beyond repute 
Solved Threads: 1460
Team Colleague
Featured Poster
Ancient Dragon's Avatar
Ancient Dragon Ancient Dragon is offline Offline
Still Learning

Re: Dll Loader/Injector

 
0
  #2
Jun 23rd, 2008
You mean you want to write a program that injects a DLL into another already running program? As far as I know that can't be done because when the operating system loads a dll it adds the code in the dll to the address space of the program that uses it. Unless you write your own operating system that behavior won't be (easily) possible for you to duplicate.
Don't PM me with questions -- you might get a nasty PM in response. If you have a question then post it in one of the forums.
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 99
Reputation: FTProtocol has a little shameless behaviour in the past 
Solved Threads: 1
FTProtocol FTProtocol is offline Offline
Junior Poster in Training

Re: Dll Loader/Injector

 
0
  #3
Jun 23rd, 2008
its been done in VB so i dont see why it cant be done in c++.....
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 978
Reputation: mitrmkar is just really nice mitrmkar is just really nice mitrmkar is just really nice mitrmkar is just really nice mitrmkar is just really nice 
Solved Threads: 208
mitrmkar mitrmkar is offline Offline
Posting Shark

Re: Dll Loader/Injector

 
0
  #4
Jun 23rd, 2008
Originally Posted by FTProtocol View Post
its been done in VB so i dont see why it cant be done in c++.....
http://www.codeproject.com/KB/threads/winspy.aspx
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 99
Reputation: FTProtocol has a little shameless behaviour in the past 
Solved Threads: 1
FTProtocol FTProtocol is offline Offline
Junior Poster in Training

Re: Dll Loader/Injector

 
0
  #5
Jun 24th, 2008
C++ Syntax (Toggle Plain Text) 
  1. #include <windows.h>
  2. #include <stdio.h>
  3. #include <tlhelp32.h>
  4. #include <shlwapi.h>
  5.  
  6. #define PROCESS_NAME "target.exe"
  7. #define DLL_NAME "injected.dll"
  8.  
  9.  
  10. //I could just use PROCESS_ALL_ACCESS but it's always best to use the absolute bare minimum of priveleges, so that your code works in as
  11. //many circumstances as possible.
  12. #define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
  13.  
  14. BOOL WriteProcessBYTES(HANDLE hProcess,LPVOID lpBaseAddress,LPCVOID lpBuffer,SIZE_T nSize);
  15.  
  16. BOOL LoadDll(char *procName, char *dllName);
  17. BOOL InjectDLL(DWORD ProcessID, char *dllName);
  18. unsigned long GetTargetProcessIdFromProcname(char *procName);
  19.  
  20. bool IsWindowsNT()
  21. {
  22.    // check current version of Windows
  23.    DWORD version = GetVersion();
  24.    // parse return
  25.    DWORD majorVersion = (DWORD)(LOBYTE(LOWORD(version)));
  26.    DWORD minorVersion = (DWORD)(HIBYTE(LOWORD(version)));
  27.    return (version < 0x80000000);
  28. }
  29.  
  30. int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)
  31. {
  32.     if(IsWindowsNT())
  33.        LoadDll(PROCESS_NAME, DLL_NAME);
  34.     else
  35.    MessageBox(0, "Your system does not support this method", "Error!", 0);
  36.  
  37.     return 0;
  38. }
  39.  
  40.  
  41. BOOL LoadDll(char *procName, char *dllName)
  42. {
  43.    DWORD ProcID = 0;
  44.  
  45.    ProcID = GetTargetProcessIdFromProcname(procName);
  46.  
  47.    if(!(InjectDLL(ProcID, dllName)))
  48.       MessageBox(NULL, "Process located, but injection failed", "Loader", NULL);
  49.  
  50.    return true;
  51. }
  52.  
  53. BOOL InjectDLL(DWORD ProcessID, char *dllName)
  54. {
  55.    HANDLE Proc;
  56.    char buf[50]={0};
  57.    LPVOID RemoteString, LoadLibAddy;
  58.  
  59.    if(!ProcessID)
  60.       return false;
  61.  
  62.    Proc = OpenProcess(CREATE_THREAD_ACCESS, FALSE, ProcessID);
  63.  
  64.    if(!Proc)
  65.    {
  66.       sprintf(buf, "OpenProcess() failed: %d", GetLastError());
  67.       MessageBox(NULL, buf, "Loader", NULL);
  68.       return false;
  69.    }
  70.  
  71.    LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
  72.  
  73.    RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
  74.    WriteProcessMemory(Proc, (LPVOID)RemoteString, dllName, strlen(dllName), NULL);
  75.         CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL);   
  76.  
  77.    CloseHandle(Proc);
  78.  
  79.    return true;
  80. }
  81.  
  82. unsigned long GetTargetProcessIdFromProcname(char *procName)
  83. {
  84.    PROCESSENTRY32 pe;
  85.    HANDLE thSnapshot;
  86.    BOOL retval, ProcFound = false;
  87.  
  88.    thSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  89.  
  90.    if(thSnapshot == INVALID_HANDLE_VALUE)
  91.    {
  92.       MessageBox(NULL, "Error: unable to create toolhelp snapshot", "Loader", NULL);
  93.       return false;
  94.    }
  95.  
  96.    pe.dwSize = sizeof(PROCESSENTRY32);
  97.  
  98.    retval = Process32First(thSnapshot, &pe);
  99.  
  100.    while(retval)
  101.    {
  102.       if(StrStrI(pe.szExeFile, procName) )
  103.       {
  104.          ProcFound = true;
  105.          break;
  106.       }
  107.  
  108.       retval    = Process32Next(thSnapshot,&pe);
  109.       pe.dwSize = sizeof(PROCESSENTRY32);
  110.    }
  111.  
  112.    return pe.th32ProcessID;
  113. }

Someone gave me this yesterday but it doesnt seem to work? i changed the dll name and process name but it doesnt inject.

I dont really want to try and pull apart an example that doesnt work as well it may be all wrong and theres no point in learning something that is wrong.
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 978
Reputation: mitrmkar is just really nice mitrmkar is just really nice mitrmkar is just really nice mitrmkar is just really nice mitrmkar is just really nice 
Solved Threads: 208
mitrmkar mitrmkar is offline Offline
Posting Shark

Re: Dll Loader/Injector

 
0
  #6
Jun 24th, 2008
Originally Posted by FTProtocol View Post
Someone gave me this yesterday but it doesnt seem to work?
I dont really want to try and pull apart an example that doesnt work as well it may be all wrong and theres no point in learning something that is wrong.
What does it fail to do? What code do you have in the .DLL?

I gave the code you've tried a test ride and it worked. The code for the .DLL that I injected is below ...

C++ Syntax (Toggle Plain Text) 
  1. BOOL APIENTRY DllMain( HANDLE hModule, 
  2.                        DWORD  ul_reason_for_call, 
  3.                        LPVOID lpReserved)
  4. {
  5.     if(ul_reason_for_call == DLL_PROCESS_ATTACH)
  6.     {
  7.         MessageBox(NULL,
  8.                 "inject.cpp -> DLL_PROCESS_ATTACH", 
  9.                 "Injected",
  10.                 MB_ICONINFORMATION);
  11.     }
  12.  
  13.     return TRUE;
  14. }

Please note that the topic is non-trivial, so everything might not work out of the box.
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 99
Reputation: FTProtocol has a little shameless behaviour in the past 
Solved Threads: 1
FTProtocol FTProtocol is offline Offline
Junior Poster in Training

Re: Dll Loader/Injector

 
0
  #7
Jun 24th, 2008
my DLL is working and i know that for sure because when i use an already posted and compiled dll injector it works. but heres the code so i definately its not injection the dll correctly or something like this.
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 99
Reputation: FTProtocol has a little shameless behaviour in the past 
Solved Threads: 1
FTProtocol FTProtocol is offline Offline
Junior Poster in Training

Re: Dll Loader/Injector

 
0
  #8
Jun 25th, 2008
bump?
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 978
Reputation: mitrmkar is just really nice mitrmkar is just really nice mitrmkar is just really nice mitrmkar is just really nice mitrmkar is just really nice 
Solved Threads: 208
mitrmkar mitrmkar is offline Offline
Posting Shark

Re: Dll Loader/Injector

 
0
  #9
Jun 25th, 2008
Originally Posted by FTProtocol View Post
my DLL is working and i know that for sure because when i use an already posted and compiled dll injector it works.
Umm .. out of that I sort of figured that you already have a working injection (?).

If not, then again, the example code you've posted, seems to be capable of doing the injection. So, I take that your DLL along with that example code, is doing something that breaks the injection or maybe you are erroneously expecting something to happen in your DLL. Really difficult to say anything more, not knowing a bit of your DLL's code.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Other Threads in the C++ Forum
Thread Tools Search this Thread



api array based beginner binary bitmap c++ c/c++ calculator char char* class classes code coding compile compiler console conversion count database delete deploy desktop developer directshow dll dynamiccharacterarray email encryption error file forms fstream function functions game givemetehcodez google graph homeworkhelp homeworkhelper iamthwee ifstream input int integer lib linkedlist linux list loop looping loops map math matrix memory multiple news node number numbertoword output parameter pointer problem program programming project python random read recursion recursive reference return rpg sorting string strings struct temperature template templates test text tree unix url variable vector video visualstudio win32 windows winsock word wordfrequency wxwidgets
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC