Dll Loader/Injector

You mean you want to write a program that injects a DLL into another already running program? As far as I know that can't be done because when the operating system loads a dll it adds the code in the dll to the address space of the program that uses it. Unless you write your own operating system that behavior won't be (easily) possible for you to duplicate.

its been done in VB so i dont see why it cant be done in c++.....

its been done in VB so i dont see why it cant be done in c++.....

http://www.codeproject.com/KB/threads/winspy.aspx

#include <windows.h>
#include <stdio.h>
#include <tlhelp32.h>
#include <shlwapi.h>

#define PROCESS_NAME "target.exe"
#define DLL_NAME "injected.dll"


//I could just use PROCESS_ALL_ACCESS but it's always best to use the absolute bare minimum of priveleges, so that your code works in as
//many circumstances as possible.
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
 
BOOL WriteProcessBYTES(HANDLE hProcess,LPVOID lpBaseAddress,LPCVOID lpBuffer,SIZE_T nSize);

BOOL LoadDll(char *procName, char *dllName);
BOOL InjectDLL(DWORD ProcessID, char *dllName);
unsigned long GetTargetProcessIdFromProcname(char *procName);

bool IsWindowsNT()
{
   // check current version of Windows
   DWORD version = GetVersion();
   // parse return
   DWORD majorVersion = (DWORD)(LOBYTE(LOWORD(version)));
   DWORD minorVersion = (DWORD)(HIBYTE(LOWORD(version)));
   return (version < 0x80000000);
}

int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)
{
    if(IsWindowsNT())
       LoadDll(PROCESS_NAME, DLL_NAME);
    else
   MessageBox(0, "Your system does not support this method", "Error!", 0);

    return 0;
}


BOOL LoadDll(char *procName, char *dllName)
{
   DWORD ProcID = 0;

   ProcID = GetTargetProcessIdFromProcname(procName);

   if(!(InjectDLL(ProcID, dllName)))
      MessageBox(NULL, "Process located, but injection failed", "Loader", NULL);
   
   return true;
}

BOOL InjectDLL(DWORD ProcessID, char *dllName)
{
   HANDLE Proc;
   char buf[50]={0};
   LPVOID RemoteString, LoadLibAddy;

   if(!ProcessID)
      return false;

   Proc = OpenProcess(CREATE_THREAD_ACCESS, FALSE, ProcessID);

   if(!Proc)
   {
      sprintf(buf, "OpenProcess() failed: %d", GetLastError());
      MessageBox(NULL, buf, "Loader", NULL);
      return false;
   }

   LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");

   RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
   WriteProcessMemory(Proc, (LPVOID)RemoteString, dllName, strlen(dllName), NULL);
        CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL);   
   
   CloseHandle(Proc);

   return true;
}

unsigned long GetTargetProcessIdFromProcname(char *procName)
{
   PROCESSENTRY32 pe;
   HANDLE thSnapshot;
   BOOL retval, ProcFound = false;

   thSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

   if(thSnapshot == INVALID_HANDLE_VALUE)
   {
      MessageBox(NULL, "Error: unable to create toolhelp snapshot", "Loader", NULL);
      return false;
   }

   pe.dwSize = sizeof(PROCESSENTRY32);

   retval = Process32First(thSnapshot, &pe);

   while(retval)
   {
      if(StrStrI(pe.szExeFile, procName) )
      {
         ProcFound = true;
         break;
      }

      retval    = Process32Next(thSnapshot,&pe);
      pe.dwSize = sizeof(PROCESSENTRY32);
   }

   return pe.th32ProcessID;
}

Someone gave me this yesterday but it doesnt seem to work? i changed the dll name and process name but it doesnt inject.

I dont really want to try and pull apart an example that doesnt work as well it may be all wrong and theres no point in learning something that is wrong.

Someone gave me this yesterday but it doesnt seem to work?
I dont really want to try and pull apart an example that doesnt work as well it may be all wrong and theres no point in learning something that is wrong.

What does it fail to do? What code do you have in the .DLL?

I gave the code you've tried a test ride and it worked. The code for the .DLL that I injected is below ...

BOOL APIENTRY DllMain( HANDLE hModule, 
                       DWORD  ul_reason_for_call, 
                       LPVOID lpReserved)
{
    if(ul_reason_for_call == DLL_PROCESS_ATTACH)
    {
        MessageBox(NULL,
                "inject.cpp -> DLL_PROCESS_ATTACH", 
                "Injected",
                MB_ICONINFORMATION);
    }

    return TRUE;
}

Please note that the topic is non-trivial, so everything might not work out of the box.

my DLL is working and i know that for sure because when i use an already posted and compiled dll injector it works. but heres the code so i definately its not injection the dll correctly or something like this.

bump?

my DLL is working and i know that for sure because when i use an already posted and compiled dll injector it works.

Umm .. out of that I sort of figured that you already have a working injection (?).

If not, then again, the example code you've posted, seems to be capable of doing the injection. So, I take that your DLL along with that example code, is doing something that breaks the injection or maybe you are erroneously expecting something to happen in your DLL. Really difficult to say anything more, not knowing a bit of your DLL's code.