943,915 Members | Top Members by Rank

Software Development > C++ > DLL Injection - Coding the DLL C++
Ad:
  • C++ Discussion Thread
  • Unsolved
  • Views: 3360
  • C++ RSS
Permalink
Mar 16th, 2009
0

DLL Injection - Coding the DLL C++

Expand Post »
Ok i've created basic DLL and DLL Injector/Loader which the DLL calls on a function called CreateRemoteThread inside the target process i was wondering how
to code DLL to read/write to memory

so e.g. lets say my target process is:
C++ Syntax (Toggle Plain Text)
  1. int main() 
  2. { 
  3.     int mytest = 2; 
  4.  
  5.     system("PAUSE"); 
  6.     return EXIT_SUCCESS; 
  7. }
How would i code a DLL to read ''mytest'' variable and display it and also write to it e.g. changing it to lets say 10


Thanks for taking your time reading
Any tips/help would be much appreciated

/PoZ
Reputation Points: 10
Solved Threads: 0
Newbie Poster
PoZHx is offline Offline
7 posts
since Feb 2009
Permalink
Mar 17th, 2009
0

Re: DLL Injection - Coding the DLL C++

Read this article
Last edited by Ancient Dragon; Mar 17th, 2009 at 1:33 am.
Sponsor
Team Colleague
Featured Poster
Reputation Points: 5608
Solved Threads: 2282
Retired and Enjoying Life
Ancient Dragon is offline Offline
21,953 posts
since Aug 2005
Permalink
Mar 17th, 2009
0

Re: DLL Injection - Coding the DLL C++

Click to Expand / Collapse  Quote originally posted by Ancient Dragon ...
Read this article
Thanks for reply but didnt quite understand 1/2 of it >.<

I've injected the process with the DLL which works fine...
I would like to read/write variables in the injected process (so il be needing to code the DLL to read/write) any chance you could show me abit of code on how it would be done?

Thanks,
PoZ
Reputation Points: 10
Solved Threads: 0
Newbie Poster
PoZHx is offline Offline
7 posts
since Feb 2009
Permalink
Mar 17th, 2009
0

Re: DLL Injection - Coding the DLL C++

>>any chance you could show me abit of code on how it would be done?

Nope --but possibly the windows debug api might be useful
Last edited by Ancient Dragon; Mar 17th, 2009 at 11:17 am.
Sponsor
Team Colleague
Featured Poster
Reputation Points: 5608
Solved Threads: 2282
Retired and Enjoying Life
Ancient Dragon is offline Offline
21,953 posts
since Aug 2005
Permalink
Mar 17th, 2009
0

Re: DLL Injection - Coding the DLL C++

Click to Expand / Collapse  Quote originally posted by Ancient Dragon ...
>>any chance you could show me abit of code on how it would be done?

Nope --but possibly the windows debug api might be useful
DLL Injector/Loader Code (Coded in C):
C++ Syntax (Toggle Plain Text)
  1. #include <windows.h> 
  2. #include <tlhelp32.h> 
  3. #include <shlwapi.h> 
  4. #include <conio.h> 
  5. #include <stdio.h> 
  6.  
  7. #define WIN32_LEAN_AND_MEAN 
  8. #define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ) 
  9.  
  10. BOOL Inject(DWORD pID, const char * DLL_NAME); 
  11. DWORD GetTargetThreadIDFromProcName(const char * ProcName); 
  12.  
  13. int main(int argc, char * argv[]) 
  14. { 
  15.    // Retrieve process ID 
  16.    DWORD pID = GetTargetThreadIDFromProcName("notepad.exe"); 
  17.  
  18.    // Get the dll's full path name 
  19.    char buf[MAX_PATH] = {0}; 
  20.    GetFullPathName("Project1.dll", MAX_PATH, buf, NULL); 
  21.    printf(buf); 
  22.    printf("\n"); 
  23.  
  24.    // Inject our main dll 
  25.    if(!Inject(pID, buf)) 
  26.    { 
  27.         printf("DLL Not Loaded!"); 
  28.     }else{ 
  29.         printf("DLL Loaded!"); 
  30.     } 
  31.  
  32.     _getch(); 
  33.    return 0; 
  34. } 
  35.  
  36. BOOL Inject(DWORD pID, const char * DLL_NAME) 
  37. { 
  38.    HANDLE Proc; 
  39.    HMODULE hLib; 
  40.    char buf[50] = {0}; 
  41.    LPVOID RemoteString, LoadLibAddy; 
  42.  
  43.    if(!pID) 
  44.       return false; 
  45.  
  46.    Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID); 
  47.    if(!Proc) 
  48.    { 
  49.       sprintf(buf, "OpenProcess() failed: %d", GetLastError()); 
  50.       //MessageBox(NULL, buf, "Loader", MB_OK); 
  51.       printf(buf); 
  52.       return false; 
  53.    } 
  54.  
  55.    LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); 
  56.  
  57.    // Allocate space in the process for our DLL 
  58.    RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); 
  59.  
  60.    // Write the string name of our DLL in the memory allocated 
  61.    WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL); 
  62.  
  63.    // Load our DLL 
  64.    CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL); 
  65.  
  66.    CloseHandle(Proc); 
  67.    return true; 
  68. } 
  69.  
  70. DWORD GetTargetThreadIDFromProcName(const char * ProcName) 
  71. { 
  72.    PROCESSENTRY32 pe; 
  73.    HANDLE thSnapShot; 
  74.    BOOL retval, ProcFound = false; 
  75.  
  76.    thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 
  77.    if(thSnapShot == INVALID_HANDLE_VALUE) 
  78.    { 
  79.       //MessageBox(NULL, "Error: Unable to create toolhelp snapshot!", "2MLoader", MB_OK); 
  80.       printf("Error: Unable to create toolhelp snapshot!"); 
  81.       return false; 
  82.    } 
  83.  
  84.    pe.dwSize = sizeof(PROCESSENTRY32); 
  85.  
  86.    retval = Process32First(thSnapShot, &pe); 
  87.    while(retval) 
  88.    { 
  89.       if(StrStrI(pe.szExeFile, ProcName)) 
  90.       { 
  91.          return pe.th32ProcessID; 
  92.       } 
  93.       retval = Process32Next(thSnapShot, &pe); 
  94.    } 
  95.    return 0; 
  96. }

DLL code (Coded in C++): its at home im currently at college >.< il post that later basically what it does it CreateRemoteThread in the process and produces a messagebox saying that remotethread is sucessfull

Going to read that link you send me ^.^ thank you for your help again

/PoZ
Last edited by PoZHx; Mar 17th, 2009 at 11:27 am.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
PoZHx is offline Offline
7 posts
since Feb 2009
Permalink
Mar 17th, 2009
0

Re: DLL Injection - Coding the DLL C++

Also read that link you send me Ancient Dragon ... it didn't cover what i was needing (well i don't think) >.< but thanks alot for trying mate

DLL Code:

Dllmain.cpp:
C++ Syntax (Toggle Plain Text)
  1. /* Replace "dll.h" with the name of your header */
  2. #include "dll.h"
  3. #include <windows.h>
  4. #include <stdio.h>
  5. #include <stdlib.h>
  6.  
  7. DWORD WINAPI MyFunction1(LPVOID pData) 
  8. { 
  9.  
  10. int temp = 10, *test;
  11.  
  12.  
  13. 	MessageBox(NULL,"Remote Thread was created!", "Successful Injection" ,NULL);
  14.  
  15.  
  16.   return 1; 
  17. } 
  18.  
  19.  
  20. BOOL APIENTRY DllMain (HINSTANCE hInst     /* Library instance handle. */ ,
  21.                        DWORD reason        /* Reason this function is being called. */ ,
  22.                        LPVOID reserved     /* Not used. */ )
  23. {
  24. switch (reason)
  25.     {
  26.       case DLL_PROCESS_ATTACH:
  27.  
  28.       HANDLE hThread;         // Thread handle 
  29. 	  DWORD nThread;        // Thread ID 
  30.  
  31.  
  32.       //Try to create a new thread (which will run my function()) 
  33.       if((hThread = CreateThread(NULL, 0, MyFunction1, NULL, 0, &nThread)) != NULL) 
  34.       { 
  35.  
  36.          // Close handle 
  37.          CloseHandle(hThread); 
  38.       } 
  39.  
  40. 	 break;
  41.  
  42.  
  43.  
  44.       case DLL_PROCESS_DETACH:
  45.   MessageBox(NULL,"Project1.dll detached to Process!", "Successful Injection" ,NULL);
  46.         break;
  47.  
  48.       case DLL_THREAD_ATTACH:
  49.         break;
  50.  
  51.       case DLL_THREAD_DETACH:
  52.         break;
  53.     }  
  54.  
  55.     /* Returns TRUE on success, FALSE on failure */
  56.     return TRUE;
  57. }

All these code work fine... just wanting to read/write process memory from injected process so e.g.

DLL Loader: Injector.exe
DLL: Project1.dll
Target: Test.exe

i want the Project1.dll to able to read variables from Test.exe so lets say Test.exe has variable such as int tcode = 10;

i want the DLL to be able to read/write to the variable "tcode".
Reputation Points: 10
Solved Threads: 0
Newbie Poster
PoZHx is offline Offline
7 posts
since Feb 2009

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in C++ Forum Timeline: Help auto adjust command
Next Thread in C++ Forum Timeline: Resizing created screen shot





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC