CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 8 of 8
  1. #1
    Join Date
    May 2013
    Posts
    46

    DLL Injection and DLL Fails to inject

    Pls help.
    Dont be offended i have been trying to work somethings out.
    The DLL injector as well as the DLL has been having some slight issues , and thats why i decided to paste on here

    the DLL injector i wrote with your help fails, been trying to dig up something , but still fails along the line code for it goes thus

    Code:
    #include <stdio.h>
    #include <windows.h>
    #include <stdlib.h>
    #include <shlwapi.h>
    #include <tlhelp32.h>
    #include <conio.h>
    
    
    //prototypes 
    
    BOOL InjectDLL(DWORD ID, const char* dll);
    DWORD GetProcessId(IN PCHAR szExeName);
    BOOL SetDebugPriviledge(BOOL State);
    
    //Main codes
    
    int main()
    	{
    		
    	  char dll[MAX_PATH];
    		
    	 GetFullPathName("SendRecvHook.dll",MAX_PATH,dll,NULL);
    	  DWORD ID = GetProcessId("firefox.exe");
    
    	  SetDebugPriviledge(TRUE);
    		
    	  if(!InjectDLL(ID,dll))
    	  {
    		printf("ID Is False");
    	       	Sleep(3000);
    		exit(1);
    	  }
    	else
    	{
    		printf("Success!");
    	       	Sleep(3000);
    		exit(1);
    	}
    	return 0;	
         }
    
    //Functions
    
    DWORD GetProcessId(IN PCHAR szExeName)
    {
    	DWORD dwRet = 0;
    	DWORD dwCount = 0;
    	
    	HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    	if (hSnapshot !=INVALID_HANDLE_VALUE)
    		{
    		  PROCESSENTRY32 pe = {0};
    		  pe.dwSize = sizeof(PROCESSENTRY32);
    		  
    		  BOOL bRet = Process32First(hSnapshot, &pe);
    		  
    		  while(bRet)
    		   {
    		   if(!_stricmp(pe.szExeFile,szExeName))
    			{
    			  dwCount++;
    			  dwRet = pe.th32ProcessID;
    			}
    			bRet = Process32Next(hSnapshot, &pe);
    		  }
    		  if(dwCount >1)
    		   dwRet = 0XFFFFFFFF;
    			CloseHandle(hSnapshot);
    		}
    	return dwRet;
    }
    
    BOOL SetDebugPriviledge(BOOL State)
    {
    	HANDLE hToken;
    	TOKEN_PRIVILEGES tp;
    	DWORD dwSize;
    	ZeroMemory(&tp,sizeof(tp));
    	tp.PrivilegeCount =1;
    	if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS, &hToken))
    	{
    		return FALSE;
    	}
    	if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME,&tp.Privileges[0].Luid))
    	{
    		CloseHandle(hToken);
    	}
    	if(State)
    	{
    		tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    	}else
    	{
    		tp.Privileges[0].Attributes = SE_PRIVILEGE_REMOVED;
    	}
    	if(!AdjustTokenPrivileges(hToken,FALSE,&tp, 0, NULL, &dwSize))
    	{
    		CloseHandle(hToken);
    	}
    	return CloseHandle(hToken);
    }
    
    BOOL InjectDLL(DWORD ID, const char* dll)
    {
    	HANDLE hProcess;
    	LPVOID Memory;
    	LPVOID LoadLibrary;
    	
    	if(!ID)
    	  {
    	    return false;
    	  }
    
    	hProcess = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_VM_OPERATION,FALSE,ID);
    	if(!hProcess)
    	{
    		printf("Error, Reason: %s",GetLastError());
    		return false;
    	}
    
    	LoadLibraryA = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"),"LoadLibraryA");
    	if(!LoadLibraryA)
    	{
    		printf("Error, Reason: %i",GetLastError());
    		return false;
    	}
    	
    	Memory = (LPVOID)VirtualAllocEx(hProcess,NULL,strlen(dll)+1,MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE);
    	if(!Memory)
    	{
    		printf("Error, Reason: %i",GetLastError());
    		return false;
    	}
    	
    	if(!WriteProcessMemory(hProcess,(LPVOID)Memory, dll, strlen(dll)+1,NULL))
    	{
    		printf("Error, Reason: %i",GetLastError());
    		return false;
    	}
    	
    	if(!CreateRemoteThread(hProcess,NULL,NULL,(LPTHREAD_START_ROUTINE)LoadLibrary,(LPVOID)Memory,NULL,NULL))
    	{
    		printf("Error, Reason: %i",GetLastError());
    		return false;
    	}
    	
    	if(!CloseHandle(hProcess))
    	{
    		printf("Error, Reason: %i",GetLastError());
    		return false;
    	}
    	
    	return true;
    
    }
    Now when i run this i get this error for dll injector
    Name:  unnamed.jpg
Views: 987
Size:  29.9 KB

    output.c opens in the same process.

    i tried using the remote DLL Injector , injected send () recv() dll into firefox and got this too

    Name:  rerdd.PNG
Views: 906
Size:  33.1 KB

    i got tired, since i am still learning, i needed a hand. Pls help ...
    Attached Images Attached Images  

  2. #2
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: DLL Injection and DLL Fails to inject

    With your injector and my simplistic dll I was able to inject just fine (Windows 7 x64, firefox 32-bit, the dll 32-bit):

    Name:  my-dll-injected.jpg
Views: 1276
Size:  79.0 KB
    Last edited by Igor Vartanov; June 1st, 2015 at 02:31 AM.
    Best regards,
    Igor

  3. #3
    Join Date
    May 2013
    Posts
    46

    Re: DLL Injection and DLL Fails to inject

    Ha! Thanks, here is what. I injected into Iexplore.exe and chrome.exe it gave me error 87. I was thinking, why, maybe, it seems to be because, the parameter couldn't be found. What could be the problem, or rather what do you think it is, do u think in the GetProcessId() I put the full path of the target process

  4. #4
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: DLL Injection and DLL Fails to inject

    Code:
    DWORD GetProcessId(IN PCHAR szExeName)
    {
        DWORD dwRet = 0;
        DWORD dwCount = 0;
        
        HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
        if (hSnapshot !=INVALID_HANDLE_VALUE)
            {
              PROCESSENTRY32 pe = {0};
              pe.dwSize = sizeof(PROCESSENTRY32);
              
              BOOL bRet = Process32First(hSnapshot, &pe);
              
              while(bRet)
               {
               if(!_stricmp(pe.szExeFile,szExeName))
                {
                  dwCount++;
                  dwRet = pe.th32ProcessID;
                }
                bRet = Process32Next(hSnapshot, &pe);
              }
    #if 0
              if(dwCount >1)
               dwRet = 0XFFFFFFFF;
    #endif
                CloseHandle(hSnapshot);
            }
        return dwRet;
    }
    I don't know what you did think about being blocking PID retrieval when there is more than one process with the same name exists. With that part removed injection into IE goes just fine:

    Name:  my-dll-injected-ie.jpg
Views: 1130
Size:  72.7 KB
    Best regards,
    Igor

  5. #5
    Join Date
    May 2013
    Posts
    46

    Re: DLL Injection and DLL Fails to inject

    Guess that should be the same thing wrong with chrome and the rest of them... hmm. I'm happy in learning here.
    Thank you sir. What's the name of the tool you used to check for the injected dll? Process hacker?

    Once again, thanks for your help

  6. #6
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: DLL Injection and DLL Fails to inject

    Process Explorer

    Already mentioned the name in the conversation. Seems like you missed that.
    Best regards,
    Igor

  7. #7
    Join Date
    May 2013
    Posts
    46

    Re: DLL Injection and DLL Fails to inject

    Quote Originally Posted by Igor Vartanov View Post
    Process Explorer

    Already mentioned the name in the conversation. Seems like you missed that.
    You didn't get me, I meant the software used to view the injected dll inside the process. You sent me a screenshot, so I wanted to know the name of the software, that's what I meant

  8. #8
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: DLL Injection and DLL Fails to inject

    The name of the software I used to view the list of DLLs loaded to a process, no matter injected or loaded natural way, is: Process Explorer.

    And this is the post where I mentioned it. I did exactly what I recommended in the post

    By the way, there is much more easy way to make sure your dll is successfully injected. The way is called Process Explorer. So you just get rid of all the odd stuff in dll, and inject it with your injector, and inspect your victim with Process Explorer.
    Last edited by Igor Vartanov; June 1st, 2015 at 09:04 AM.
    Best regards,
    Igor

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured