DeathlyAssassin Posted January 31, 2010 Share Posted January 31, 2010 (edited) Hi Folks! After hours of work, I've completed my Inject.au3! It contains 4 functions that can be used to gain process information, e/inject a .dll file by name or hModule into/off a process. Containing: _InjectAttachDll _InjectDetachDllEx _InjectDetachDll _InjectModulInfo give it a try greetings, Deathly AssassinInject.rar Edited January 31, 2010 by DeathlyAssassin [url='http://www.autoitbot.de'][/url] Link to comment Share on other sites More sharing options...
DeathlyAssassin Posted January 31, 2010 Author Share Posted January 31, 2010 I still have to work on the example... I've put so much time in the UDF, that the example might be a bit... unprofessional Nevertheless it would be nice, if u try to get it work I should have mentioned that u usually have to compile it in x86, even if you are on a x64 system [url='http://www.autoitbot.de'][/url] Link to comment Share on other sites More sharing options...
DeathlyAssassin Posted January 31, 2010 Author Share Posted January 31, 2010 give it a try .. i think it should work [url='http://www.autoitbot.de'][/url] Link to comment Share on other sites More sharing options...
wraithdu Posted February 2, 2010 Share Posted February 2, 2010 I've got a bit more complete implementation in my _WinApiHook UDF. You've got the essentials down, except for a few things:1) You cannot rely on the base address of kernel32 being the same in your local and remote process. Vista+ introduced base address randomization.2) In Vista+ CreateRemoteThread cannot create threads in processes running in different sessions. Most system processes and services run in session 0, while user applications run in session 1+.The injection / removal portions of my UDF overcome these problems. Link to comment Share on other sites More sharing options...
wraithdu Posted February 2, 2010 Share Posted February 2, 2010 Would it be possible to use this with MemoryDLL to inject a DLL that is embedded in an AutoIt script?No, this cannot work with this type of implementation. While I'm sure trancexxx could come up with something crazy in assembly to do it, this implementation requires a complete path to a physical DLL to be injected. Link to comment Share on other sites More sharing options...
DeathlyAssassin Posted February 2, 2010 Author Share Posted February 2, 2010 I've got a bit more complete implementation in my _WinApiHook UDFThanks, I'll take a close look at that. I haven't known, that there was a UDF for that before =)1) You cannot rely on the base address of kernel32 being the same in your local and remote process. Vista+ introduced base address randomization.2) In Vista+ CreateRemoteThread cannot create threads in processes running in different sessions. Most system processes and services run in session 0, while user applications run in sessionThanks again .. I'll correct this as soon as possible :-) [url='http://www.autoitbot.de'][/url] Link to comment Share on other sites More sharing options...
delme Posted May 18, 2010 Share Posted May 18, 2010 (edited) Hey, would you mind sharing the code for the dll? I can't get any of mine to display a message box or do anything once they are injected into a process.. I know this isn't a C++ forum but I thought you may be able to help This is the code I have.. main.h #ifndef __MAIN_H__ #define __MAIN_H__ #include <windows.h> /* To use this exported function of dll, include this header * in your project. */ #ifdef BUILD_DLL #define DLL_EXPORT __declspec(dllexport) #else #define DLL_EXPORT __declspec(dllimport) #endif #ifdef __cplusplus extern "C" { #endif void DLL_EXPORT SomeFunction(const LPCSTR sometext); #ifdef __cplusplus } #endif #endif // __MAIN_H__ main.cpp #include "main.h" // a sample exported function void DLL_EXPORT MessageBox(const LPCSTR sometext) { MessageBoxA(0, sometext, "DLL Message", MB_OK | MB_ICONINFORMATION); } BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { MessageBox("Testing"); switch (fdwReason) { case DLL_PROCESS_ATTACH: // attach to process // return FALSE to fail DLL load break; case DLL_PROCESS_DETACH: // detach from process break; case DLL_THREAD_ATTACH: // attach to thread break; case DLL_THREAD_DETACH: // detach from thread break; } return TRUE; // succesful } but it isn't displaying a message... Thanks for the UDF! Edited May 18, 2010 by DELmE Link to comment Share on other sites More sharing options...
chong Posted May 24, 2010 Share Posted May 24, 2010 Thanks for your hard work!I think if with more examples,your UDF will be well understood. Try to face everything troubles you.nothing is impossible! Link to comment Share on other sites More sharing options...
matwachich Posted November 6, 2010 Share Posted November 6, 2010 Hey, would you mind sharing the code for the dll? I can't get any of mine to display a message box or do anything once they are injected into a process.. I know this isn't a C++ forum but I thought you may be able to help This is the code I have.. main.h #ifndef __MAIN_H__ #define __MAIN_H__ #include <windows.h> /* To use this exported function of dll, include this header * in your project. */ #ifdef BUILD_DLL #define DLL_EXPORT __declspec(dllexport) #else #define DLL_EXPORT __declspec(dllimport) #endif #ifdef __cplusplus extern "C" { #endif void DLL_EXPORT SomeFunction(const LPCSTR sometext); #ifdef __cplusplus } #endif #endif // __MAIN_H__ main.cpp #include "main.h" // a sample exported function void DLL_EXPORT MessageBox(const LPCSTR sometext) { MessageBoxA(0, sometext, "DLL Message", MB_OK | MB_ICONINFORMATION); } BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { MessageBox("Testing"); switch (fdwReason) { case DLL_PROCESS_ATTACH: // attach to process // return FALSE to fail DLL load break; case DLL_PROCESS_DETACH: // detach from process break; case DLL_THREAD_ATTACH: // attach to thread break; case DLL_THREAD_DETACH: // detach from thread break; } return TRUE; // succesful } but it isn't displaying a message... Thanks for the UDF! look at this: www.daniweb.com Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now