Jump to content
Sign in to follow this  
FireFox

Dll inject process

Recommended Posts

FireFox

Hi,

I have done my script for inject dll, the problem is that the dll inject function doesnt work :lmao: , I have tried another one and its the same thing...

I hope someone will solve my :) problem :

in the script you can see at line 83,84 the call for inject dll functions, just switch them for test both

#include <Process.au3>
#include <Memory.au3>
#include <Array.au3>

Local $g_aProcs, $g_aMods, $g_LoadLibraryA, $g_FreeLibrary

Opt('GuiOnEventMode', 1)

#Region GUI
$GUI = GUICreate('Dll Injector <d3montools>', 200, 200, -1, -1, -1, 262272)
GUISetOnEvent(-3, '_Exit')

GUICtrlCreateGroup('Process', 5, 5, 190, 80)
$plc = GUICtrlCreateCombo('Process list', 42, 23, 145, 23, 0x3)
$path = GUICtrlCreateEdit(@ScriptFullPath, 15, 48, 172, 17, 2176)
$icon = GUICtrlCreateIcon('shell32.dll', -72, 17, 25, 16, 16)
GUICtrlSetOnEvent($icon, '_Shellfolder')
GUICtrlSetCursor($icon, 0)

GUICtrlCreateGroup('DLL', 5, 90, 190, 85)
GUICtrlCreateIcon('shell32.dll', -73, 15, 107, 18, 18)
$DLLname = GUICtrlCreateEdit('DLL', 40, 108, 120, 17, 0x0080)
GUICtrlCreateButton('...', 165, 108, 20, 17)
GUICtrlSetOnEvent(-1, '_BrowseDLL')
$DLLpath = GUICtrlCreateEdit(@ScriptDir, 15, 130, 170, 17, 2176)

GUICtrlCreateButton('Inject !', 15, 150, 50, 20)
GUICtrlSetOnEvent(-1, '_Inject')

$st = GUICtrlCreateLabel('Waiting for Inject...', 10, 180, 240, 17)

_ProcessList()
$lcp = GUICtrlRead($plc)
GUISetState(@SW_SHOW, $GUI)
#EndRegion GUI
;

While 1
    Sleep(250)
    $cp = GUICtrlRead($plc)
    If $cp <> $lcp Then
        $ID = _ProcessGetID($cp)
        $picon = _Process_GetPath($ID)
        If (StringLeft($picon, 4) = '\??\') Then
            $picon = StringTrimLeft($picon, 4)
        ElseIf (StringLeft($picon, 12) = '\SystemRoot\') Then
            $picon = @SystemDir & StringTrimLeft($picon, 20)
        ElseIf ($picon = 'Process list') Then
            $picon = 'Please select a valid process'
        EndIf
        $SetImage = GUICtrlSetImage($icon, $picon, -1)
        If $SetImage <> 1 Then
            GUICtrlSetImage($icon, 'shell32.dll', -72)
        EndIf
        $lcp = GUICtrlRead($plc)
        GUICtrlSetData($path, $picon)
    EndIf
WEnd

#Region Func
Func _ProcessList()
    $pl = ProcessList()
    For $p = 1 To $pl[0][0]
        GUICtrlSetData($plc, $pl[$p][0], 'Process list')
    Next
EndFunc   ;==>_ProcessList

Func _BrowseDLL()
    $nDLL = FileOpenDialog('Browse DLL to Inject...', @ScriptDir, 'DLL (*.dll)', 1 + 2, 'DLL', $GUI)
    If Not @error Then
        GUICtrlSetData($DLLpath, $nDLL)
        $DLLn = StringRegExpReplace($nDLL, '^.*\\', '')
        GUICtrlSetData($DLLname, $DLLn)
    EndIf
EndFunc   ;==>_BrowseDLL

Func _Shellfolder()
    ShellExecute(StringReplace(GUICtrlRead($path), GUICtrlRead($plc), ''))
EndFunc   ;==>_Shellfolder

Func _Inject()
    $s_PID = _ProcessGetID(GUICtrlRead($plc))
;~     $ret = _InjectDll($s_PID, GUICtrlRead($DLLpath))                            ; ------------------ TEST FUNCTION INJECT 1 ------------------
    $ret = _InjectModule($s_PID, GUICtrlRead($DLLpath)) ; ------------------ TEST FUNCTION INJECT 2 ------------------
    
    If Not @error Then
        GUICtrlSetData($st, 'Process successfuly injected !')
        GUICtrlSetColor($st, 0x00FF00)
    Else
        GUICtrlSetData($st, 'Error ' & @error & ' : ' & $ret)
        GUICtrlSetColor($st, 0xFF0000)
    EndIf
EndFunc   ;==>_Inject

Func _Exit()
    Exit
EndFunc   ;==>_Exit
#EndRegion Func
;

#Region InjectDll
Func _InjectDll($pid, $DLLpath)
    ;make sure the user passed valid parameters
    If Not IsNumber($pid) Then
        SetError(-1)
        Return 'ProcessPid failed !'
    ElseIf StringLen($DLLpath) <= 4 Or StringRight($DLLpath, 4) <> '.dll' Then
        SetError(-2)
        Return 'DLL format failed !'
    EndIf
    
    Local $pHandle, $pLibRemote, $modHandle, $LoadLibraryA, $hThread
    
    ;open dll that we'll be using
    Local $kernel32 = DllOpen('kernel32.dll')
    
    ;open the process for writing
    $pHandle = DllCall($kernel32, 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 0, 'int', $pid)
    If IsArray($pHandle) And $pHandle[0] > 0 Then
        $pHandle = $pHandle[0]
    Else
        SetError(-4)
        Return 'OpenProcess failed !'
    EndIf
    
    $pLibRemote = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $pHandle, 'short', 0, 'int', 0x1000, 'int', 0x1000, 'int', 4)
    If IsArray($pLibRemote) Then
        If $pLibRemote[0] > 0 Then
;~             ConsoleWrite('0x' & Hex($pLibRemote[0], 8) & @CR)
            $pLibRemote = $pLibRemote[0]
        Else
            SetError(-5)
            Return 'VirtualAllocEx failed !'
        EndIf
    Else
        SetError(-6)
        Return 'VirtualAllocEx failed !'
    EndIf
    
    For $i = 0 To StringLen($DLLpath)
        $ret = DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $pHandle, 'int', $pLibRemote + $i, 'int_ptr', Asc(StringMid($DLLpath, $i + 1, 1)), 'int', 1, 'int', 0)
        If IsArray($ret) Then
            If $ret[0] = 0 Then
                SetError(-7)
                Return 'WriteProcessMemory failed !'
            EndIf
        Else
            SetError(-8)
            Return 'WriteProcessMemory failed !'
        EndIf
    Next
    
    $modHandle = DllCall($kernel32, 'long', 'GetModuleHandle', 'str', 'kernel32.dll')
    If IsArray($modHandle) Then
        If $modHandle[0] > 0 Then
            $modHandle = $modHandle[0]
        Else
            SetError(-9)
            Return 'GetModuleHandle failed !'
        EndIf
    Else
        SetError(-10)
        Return 'GetModuleHandle failed !'
    EndIf
    
    $LoadLibraryA = DllCall($kernel32, 'long', 'GetProcAddress', 'long', $modHandle, 'str', 'LoadLibraryA')
    If IsArray($LoadLibraryA) Then
        If $LoadLibraryA[0] > 0 Then
            $LoadLibraryA = $LoadLibraryA[0]
        Else
            SetError(-11)
            Return 'GetProcAddress failed !'
        EndIf
    Else
        SetError(-12)
        Return 'GetProcAddress failed !'
    EndIf
    
    $hThread = DllCall($kernel32, 'int', 'CreateRemoteThread', 'int', $pHandle, 'int', 0, 'int', 0, 'long', $LoadLibraryA, 'long', $pLibRemote, 'int', 0, 'int', 0)
    If IsArray($hThread) Then
        ConsoleWrite($hThread[0] & @CR)
        If $hThread[0] > 0 Then
            $hThread = $hThread[0]
        Else
            SetError(-13)
            Return 'CreateRemoteThread failed !'
        EndIf
    Else
        SetError(-14)
        Return 'CreateRemoteThread failed !'
    EndIf
    
    DllCall($kernel32, 'int', 'VirtualFreeEx', 'int', $pHandle, 'int', $pLibRemote, 'int', 0x1000, 'int', 0x8000)
    DllCall($kernel32, 'int', 'CloseHandle', 'int', $hThread)
    DllCall($kernel32, 'int', 'CloseHandle', 'int', $pHandle)
    
    DllClose($kernel32)
    
    Return 1
EndFunc   ;==>_InjectDll

Func _InjectModule($pid, $DLLpath)
    If Not IsNumber($pid) Then
        SetError(-1)
        Return 'ProcessPid failed !'
    EndIf
    
    If StringRight($DLLpath, 4) <> '.dll' Then
        SetError(-2)
        Return 'DLL format failed !'
    EndIf
    
    ; allocate memory in remote process for dll path
    Local $pMem = _MemVirtualAllocEx($pid, 0, 260, 0x00001000, 0x00000004)
    If Not $pMem Then
        SetError(-3)
        Return '_MemVirtualAllocEx failed !'
    EndIf
    
    ; write dll path to remote process
    Local $ret = DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'ptr', $pid, 'ptr', $pMem, 'str', $DLLpath, 'uint', 260, 'uint*', 0)
    If $ret[5] <> 260 Then
        SetError(-4)
        Return 'WriteProcessMemory failed !'
    EndIf
    
    ; get LoadLibraryA address and call the remote thread with a pointer to the dll path
    Local $kernelidx = _ArraySearch($g_aMods, 'kernel32.dll', 0, 0, 0, 0, 1, 1)
    If $kernelidx == -1 Then
        SetError(-5)
        Return '_ArraySearch failed !'
    EndIf
    
    Local $LoadLibraryA = $g_aMods[$kernelidx][0] + $g_LoadLibraryA ; add offset to base address
    $ret = DllCall('kernel32.dll', 'ptr', 'CreateRemoteThread', 'ptr', $pid, 'ptr', 0, 'uint', 0, 'ptr', $LoadLibraryA, 'ptr', $pMem, 'dword', 0, 'ptr', 0)
    If Not $ret[0] Then
        SetError(-6)
        Return 'CreateRemoteThread failed !'
    EndIf
    Local $hThread = $ret[0]
    _WinAPI_WaitForSingleObject($hThread) ; wait for thread to finish
    ; get thread return value, which is the HMODULE (base address) of the injected dll
    $ret = DllCall('kernel32.dll', 'int', 'GetExitCodeThread', 'ptr', $hThread, 'dword*', 0)
    $hModule = Ptr($ret[2])
    _WinAPI_CloseHandle($hThread) ; close thread handle

    _MemVirtualFreeEx($pid, $pMem, 260, 0x00004000) ; release memory for dll path
    _WinAPI_CloseHandle($pid)
    Return 1
EndFunc   ;==>_InjectModule
#EndRegion InjectDll

Thanks for anyhelp :think:

Cheers, FireFox.

Edited by FireFox

 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
Authenticity

#Region InjectDll
Func _InjectDll($pid, $DLLpath)
    ;make sure the user passed valid parameters
    If Not IsNumber($pid) Then
        SetError(-1)
        Return 'ProcessPid failed !'
    ElseIf StringLen($DLLpath) <= 4 Or StringRight($DLLpath, 4) <> '.dll' Then
        SetError(-2)
        Return 'DLL format failed !'
    EndIf

And the rest of the function never get executed. I guess this is not the problem though. ;P

Share this post


Link to post
Share on other sites
FireFox

@Authenticity

No, you have to select process from process listand browse for dll, then check if it works :)

Cheers, FireFox.


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
Authenticity

Where is the $g_aMods get reference to an array?

Share this post


Link to post
Share on other sites
FireFox

@Authenticity

I dont know, where i found the the function it was on Local... take a look to ModuleSpy if you want to help me

Cheers, FireFox.


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
FireFox

For lazy people the topic of modulespy is here

And the project link is here

Cheers, FireFox.

Edited by FireFox

 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
hot202

did u end up getting this to work?

Share this post


Link to post
Share on other sites
demandnothing

hey firefox.. im tryin to use this script but i get the undefined function error for _ProcessGetID and _Process_GetPath

Share this post


Link to post
Share on other sites
powerpoison

hey firefox.. im tryin to use this script but i get the undefined function error for _ProcessGetID and _Process_GetPath

this is the help section, not the example section... so u actually need to help him, not to leech his code...

Share this post


Link to post
Share on other sites
demandnothing

this is the help section, not the example section... so u actually need to help him, not to leech his code...

gee you'd think i would be trying to help him, you know since this is the help section and not the example section, but i guess since i came into other complications than he has, it must mean my intentions are only to leech this code, and take all his hard work, knowing full well that the code isn't perfect and the person who posted it is having problems with it.. get a fuckin brain man. i am trying to help him.. firefox is all over the place helping people, i came across this thread in my searches, excuse me for trying to put out an effort to help somebody who helps others.. piss off asshole.. and yea i do plan on using this script personally but in order to do that i would need to help him perfect it.. so either way you're an idiot.

Edited by demandnothing

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×