Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
sddvxd2018-05-02 21:28:09
C++ / C#
sddvxd, 2018-05-02 21:28:09

Why does an application with an embedded DLL crash?

Good day
I decided to write my first injector with a library, the library is injected by CreateRemoteThread and passing the LoadLibraryW address as an input function and passing the address of pre-allocated memory with an argument for this function:

//Инжектор
LPTHREAD_START_ROUTINE lpThreadSR = (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("kernel32")),"LoadLibraryW");
HWND hwnd = FindWindow(NULL, TEXT("cpp"));
DWORD pID;
GetWindowThreadProcessId(hwnd, &pID);
HANDLE hProcess = OpenProcess(
                              PROCESS_CREATE_THREAD | // для CreateRemoteTnread
                              PROCESS_VM_OPERATION | // для VirtualAllocEx/VirtualFreeEx
                              PROCESS_VM_WRITE, // для WriteProcessMemory
                              FALSE, pID);
LPCWSTR path = L"C:\\cpp\\dll\\mydll";
DWORD sizeP = (lstrlenW(path)+1)*sizeof(wchar_t);
PVOID addr_VP = VirtualAllocEx(hProcess, NULL, sizeP, MEM_COMMIT, PAGE_READWRITE);
SIZE_T t;
if(WriteProcessMemory(hProcess, addr_VP, (LPCVOID)path, sizeP, &t)){
  cout<<t<<endl;
}
HANDLE hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, lpThreadSR, addr_VP, 0, NULL);
WaitForSingleObject(hRemoteThread, INFINITE);
cout<<"Ready!"<<endl;
//lpThreadSR = //(LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("kernel32")),"FreeLibrary");
//hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, lpThreadSR, addr_VP, 0, NULL); //С этим плохо работало - закоментил
VirtualFreeEx(hProcess, addr_VP, sizeP, MEM_RELEASE);
cout<<hRemoteThread;
cin.get();

And the DLL itself:
BOOL WINAPI DllMain(HINSTANCE hH, DWORD fdwReason, PVOID){
  if(fdwReason==DLL_PROCESS_ATTACH){
    HWND hwnd = FindWindow(NULL, TEXT("cpp"));
    MessageBoxW(hwnd, L"э", L"э?", MB_OK);
  }
  return TRUE;
}

In my case, I open the "cpp" folder in the explorer and run the application. The injection is successful - I look through ProcessHacker. In some versions, it was even possible to show a pop-up window, although after closing it, it either “dropped out” of the application again, or pop-up windows appeared endlessly (after clicking on “OK”, a new one popped up)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
K
Kamil Khamitov, 2018-05-02
@Kobalt_x

GetProcAddress -- returns the address from the current injector process.
And in the structure you must have an address in the injected process, respectively, as an option, we calculate the offset from the beginning of image in the injector and then add this offset to the base address of the injected process.

Similar questions
U
Uno2018-12-07 00:48:24
What is more important: experience or diploma? 7Reply
L
Liselsh2014-06-08 19:05:44
Problem with Word 2013, top toolbar is constantly hidden 4Reply
I
Ilya Filonov2020-10-09 12:04:39
Why does the site appear crooked in the search engine? 3Reply
A
Alexander Ivanov2022-02-22 20:02:57
How to distinguish between a click on a circle and inside it? 4Reply
B
bydlokoder2282020-08-04 14:40:16
How to start animation on click in unity? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question