Inject.au3

[DeathlyAssassin]

Hi Folks!

After hours of work, I've completed my Inject.au3!

It contains 4 functions that can be used to gain process information, e/inject a .dll file by name or hModule into/off a process.

Containing:

_InjectAttachDll

_InjectDetachDllEx

_InjectDetachDll

_InjectModulInfo

give it a try

greetings,

Deathly Assassin

Inject.rar

Edited January 31, 2010 by DeathlyAssassin

[DeathlyAssassin]

I still have to work on the example... I've put so much time in the UDF, that the example might be a bit... unprofessional

Nevertheless it would be nice, if u try to get it work

I should have mentioned that u usually have to compile it in x86, even if you are on a x64 system

[DeathlyAssassin]

give it a try .. i think it should work

[wraithdu]

I've got a bit more complete implementation in my _WinApiHook UDF. You've got the essentials down, except for a few things:

1) You cannot rely on the base address of kernel32 being the same in your local and remote process. Vista+ introduced base address randomization.

2) In Vista+ CreateRemoteThread cannot create threads in processes running in different sessions. Most system processes and services run in session 0, while user applications run in session 1+.

The injection / removal portions of my UDF overcome these problems.

[wraithdu]

Would it be possible to use this with MemoryDLL to inject a DLL that is embedded in an AutoIt script?

No, this cannot work with this type of implementation. While I'm sure trancexxx could come up with something crazy in assembly to do it, this implementation requires a complete path to a physical DLL to be injected.

[DeathlyAssassin]

I've got a bit more complete implementation in my _WinApiHook UDF

Thanks, I'll take a close look at that. I haven't known, that there was a UDF for that before =)

1) You cannot rely on the base address of kernel32 being the same in your local and remote process. Vista+ introduced base address randomization.

2) In Vista+ CreateRemoteThread cannot create threads in processes running in different sessions. Most system processes and services run in session 0, while user applications run in session

Thanks again .. I'll correct this as soon as possible :-)

[delme]

Hey, would you mind sharing the code for the dll? I can't get any of mine to display a message box or do anything once they are injected into a process.. I know this isn't a C++ forum but I thought you may be able to help

This is the code I have..

main.h

#ifndef __MAIN_H__
#define __MAIN_H__

#include <windows.h>

/*  To use this exported function of dll, include this header
 *  in your project.
 */

#ifdef BUILD_DLL
    #define DLL_EXPORT __declspec(dllexport)
#else
    #define DLL_EXPORT __declspec(dllimport)
#endif


#ifdef __cplusplus
extern "C"
{
#endif

void DLL_EXPORT SomeFunction(const LPCSTR sometext);

#ifdef __cplusplus
}
#endif

#endif // __MAIN_H__

main.cpp

#include "main.h"

// a sample exported function
void DLL_EXPORT MessageBox(const LPCSTR sometext)
{
    MessageBoxA(0, sometext, "DLL Message", MB_OK | MB_ICONINFORMATION);
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    MessageBox("Testing");
    switch (fdwReason)
    {
        case DLL_PROCESS_ATTACH:
            // attach to process
            // return FALSE to fail DLL load
            break;

        case DLL_PROCESS_DETACH:
            // detach from process
            break;

        case DLL_THREAD_ATTACH:
            // attach to thread
            break;

        case DLL_THREAD_DETACH:
            // detach from thread
            break;
    }
    return TRUE; // succesful
}

but it isn't displaying a message...

Thanks for the UDF!

Edited May 18, 2010 by DELmE

[chong]

Thanks for your hard work!I think if with more examples,your UDF will be well understood.

[matwachich]

Hey, would you mind sharing the code for the dll? I can't get any of mine to display a message box or do anything once they are injected into a process.. I know this isn't a C++ forum but I thought you may be able to help

This is the code I have..

main.h

#ifndef __MAIN_H__
#define __MAIN_H__

#include <windows.h>

/*  To use this exported function of dll, include this header
 *  in your project.
 */

#ifdef BUILD_DLL
    #define DLL_EXPORT __declspec(dllexport)
#else
    #define DLL_EXPORT __declspec(dllimport)
#endif


#ifdef __cplusplus
extern "C"
{
#endif

void DLL_EXPORT SomeFunction(const LPCSTR sometext);

#ifdef __cplusplus
}
#endif

#endif // __MAIN_H__

main.cpp

#include "main.h"

// a sample exported function
void DLL_EXPORT MessageBox(const LPCSTR sometext)
{
    MessageBoxA(0, sometext, "DLL Message", MB_OK | MB_ICONINFORMATION);
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    MessageBox("Testing");
    switch (fdwReason)
    {
        case DLL_PROCESS_ATTACH:
            // attach to process
            // return FALSE to fail DLL load
            break;

        case DLL_PROCESS_DETACH:
            // detach from process
            break;

        case DLL_THREAD_ATTACH:
            // attach to thread
            break;

        case DLL_THREAD_DETACH:
            // detach from thread
            break;
    }
    return TRUE; // succesful
}

but it isn't displaying a message...

Thanks for the UDF!

look at this: www.daniweb.com