Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
armadillo-cld2020-07-04 01:09:09
C++ / C#
armadillo-cld, 2020-07-04 01:09:09

Unable to inject dll into process?

Hello.
There is such a code for injecting a dll into a process

HANDLE h_process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);

  char fullDLLPath[_MAX_PATH];
  GetFullPathNameA(file_name.c_str(), _MAX_PATH, fullDLLPath, NULL);

  LPVOID DLLPath_addr = VirtualAllocEx(h_process, NULL, _MAX_PATH,
    MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
  WriteProcessMemory(h_process, DLLPath_addr, fullDLLPath,
    strlen(fullDLLPath), NULL);

  LPVOID LoadLib_addr = GetProcAddress(GetModuleHandleA("Kernel32"),
    "LoadLibraryA");

  HANDLE h_rThread = CreateRemoteThread(h_process, NULL, 0,(LPTHREAD_START_ROUTINE)LoadLib_addr, DLLPath_addr, 0, NULL);

  WaitForSingleObject(h_rThread, INFINITE);

  DWORD exit_code;
  GetExitCodeThread(h_rThread, &exit_code);                                         
  CloseHandle(h_rThread);
  VirtualFreeEx(h_process, DLLPath_addr, 0, MEM_RELEASE);
  CloseHandle(h_process);

  return (HANDLE)exit_code;

But when I call it like this:
di.inject_DLL("module.dll", di.GetPID("winhex.exe"));

PS This is class. Here is another GetPID function
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
  PROCESSENTRY32 pe32;
  pe32.dwSize = sizeof(PROCESSENTRY32);
  if (hSnap) {
    if (Process32First(hSnap, &pe32)) {
      if (strcmp(pe32.szExeFile, processname.c_str()) == 0) {
        return pe32.th32ProcessID;
      }
    }

    while (Process32Next(hSnap, &pe32)) {
      if (strcmp(pe32.szExeFile, processname.c_str()) == 0) {
        return pe32.th32ProcessID;
      }
    }

    CloseHandle(hSnap);
    return 0;
  }
  else {
    return 0;
  }

So.
After the call, nothing happens.
I do not inject into a system process.
I tried to inject through Process Hacker and everything worked.
What could be the problem?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
A
armadillo-cld, 2020-07-04
@armadillo-cld

Laughed myself. The decision was easy enough.
I called the function incorrectly.
Called:

di.inject_DLL("winhex.exe", di.GetPID("winhex.exe"));

Need:
di.inject_DLL("module.dll", di.GetPID("winhex.exe"));

Thank you all for your help.

Report
C
cython, 2020-07-04
@cython

Try like this:

LPVOID LoadLib_addr = GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");

And check if the DLL was loaded successfully:
if (h_rThread)
{
  <код>
}

Report
N
none7, 2020-07-04
@none7

Of course, I understand that laziness, but you always need to write error handling, then it would be obvious where the problem is. I have 2 options why it might not work:
1. The bitness of your application is not the same as that of the attacked process.
2. The location of kernel32 in the attacked process is different from the location in yours.

Similar questions
B
Be Clack2015-07-15 20:10:58
How to properly create multiple broadcasts in Nginx RTMP? 2Reply
R
romasovest2019-12-03 11:38:19
How to bypass the 1000 communities limit for groups.get? 4Reply
D
Danil Polyansky2019-02-10 19:45:29
How can I make the script output 4 numbers, then step back by 10 numbers, and then output 4 numbers again? 2Reply
T
Theory Theory2021-05-26 07:47:38
Does wp_mail() go to spam via smtp? 2Reply
O
Oleg Pariyev2020-11-17 21:35:13
how to get cookie in python? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question