FireFox Posted January 28, 2009 Share Posted January 28, 2009 (edited) Hi, I have done my script for inject dll, the problem is that the dll inject function doesnt work , I have tried another one and its the same thing... I hope someone will solve my problem : in the script you can see at line 83,84 the call for inject dll functions, just switch them for test both expandcollapse popup#include <Process.au3> #include <Memory.au3> #include <Array.au3> Local $g_aProcs, $g_aMods, $g_LoadLibraryA, $g_FreeLibrary Opt('GuiOnEventMode', 1) #Region GUI $GUI = GUICreate('Dll Injector <d3montools>', 200, 200, -1, -1, -1, 262272) GUISetOnEvent(-3, '_Exit') GUICtrlCreateGroup('Process', 5, 5, 190, 80) $plc = GUICtrlCreateCombo('Process list', 42, 23, 145, 23, 0x3) $path = GUICtrlCreateEdit(@ScriptFullPath, 15, 48, 172, 17, 2176) $icon = GUICtrlCreateIcon('shell32.dll', -72, 17, 25, 16, 16) GUICtrlSetOnEvent($icon, '_Shellfolder') GUICtrlSetCursor($icon, 0) GUICtrlCreateGroup('DLL', 5, 90, 190, 85) GUICtrlCreateIcon('shell32.dll', -73, 15, 107, 18, 18) $DLLname = GUICtrlCreateEdit('DLL', 40, 108, 120, 17, 0x0080) GUICtrlCreateButton('...', 165, 108, 20, 17) GUICtrlSetOnEvent(-1, '_BrowseDLL') $DLLpath = GUICtrlCreateEdit(@ScriptDir, 15, 130, 170, 17, 2176) GUICtrlCreateButton('Inject !', 15, 150, 50, 20) GUICtrlSetOnEvent(-1, '_Inject') $st = GUICtrlCreateLabel('Waiting for Inject...', 10, 180, 240, 17) _ProcessList() $lcp = GUICtrlRead($plc) GUISetState(@SW_SHOW, $GUI) #EndRegion GUI ; While 1 Sleep(250) $cp = GUICtrlRead($plc) If $cp <> $lcp Then $ID = _ProcessGetID($cp) $picon = _Process_GetPath($ID) If (StringLeft($picon, 4) = '\??\') Then $picon = StringTrimLeft($picon, 4) ElseIf (StringLeft($picon, 12) = '\SystemRoot\') Then $picon = @SystemDir & StringTrimLeft($picon, 20) ElseIf ($picon = 'Process list') Then $picon = 'Please select a valid process' EndIf $SetImage = GUICtrlSetImage($icon, $picon, -1) If $SetImage <> 1 Then GUICtrlSetImage($icon, 'shell32.dll', -72) EndIf $lcp = GUICtrlRead($plc) GUICtrlSetData($path, $picon) EndIf WEnd #Region Func Func _ProcessList() $pl = ProcessList() For $p = 1 To $pl[0][0] GUICtrlSetData($plc, $pl[$p][0], 'Process list') Next EndFunc ;==>_ProcessList Func _BrowseDLL() $nDLL = FileOpenDialog('Browse DLL to Inject...', @ScriptDir, 'DLL (*.dll)', 1 + 2, 'DLL', $GUI) If Not @error Then GUICtrlSetData($DLLpath, $nDLL) $DLLn = StringRegExpReplace($nDLL, '^.*\\', '') GUICtrlSetData($DLLname, $DLLn) EndIf EndFunc ;==>_BrowseDLL Func _Shellfolder() ShellExecute(StringReplace(GUICtrlRead($path), GUICtrlRead($plc), '')) EndFunc ;==>_Shellfolder Func _Inject() $s_PID = _ProcessGetID(GUICtrlRead($plc)) ;~ $ret = _InjectDll($s_PID, GUICtrlRead($DLLpath)) ; ------------------ TEST FUNCTION INJECT 1 ------------------ $ret = _InjectModule($s_PID, GUICtrlRead($DLLpath)) ; ------------------ TEST FUNCTION INJECT 2 ------------------ If Not @error Then GUICtrlSetData($st, 'Process successfuly injected !') GUICtrlSetColor($st, 0x00FF00) Else GUICtrlSetData($st, 'Error ' & @error & ' : ' & $ret) GUICtrlSetColor($st, 0xFF0000) EndIf EndFunc ;==>_Inject Func _Exit() Exit EndFunc ;==>_Exit #EndRegion Func ; #Region InjectDll Func _InjectDll($pid, $DLLpath) ;make sure the user passed valid parameters If Not IsNumber($pid) Then SetError(-1) Return 'ProcessPid failed !' ElseIf StringLen($DLLpath) <= 4 Or StringRight($DLLpath, 4) <> '.dll' Then SetError(-2) Return 'DLL format failed !' EndIf Local $pHandle, $pLibRemote, $modHandle, $LoadLibraryA, $hThread ;open dll that we'll be using Local $kernel32 = DllOpen('kernel32.dll') ;open the process for writing $pHandle = DllCall($kernel32, 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 0, 'int', $pid) If IsArray($pHandle) And $pHandle[0] > 0 Then $pHandle = $pHandle[0] Else SetError(-4) Return 'OpenProcess failed !' EndIf $pLibRemote = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $pHandle, 'short', 0, 'int', 0x1000, 'int', 0x1000, 'int', 4) If IsArray($pLibRemote) Then If $pLibRemote[0] > 0 Then ;~ ConsoleWrite('0x' & Hex($pLibRemote[0], 8) & @CR) $pLibRemote = $pLibRemote[0] Else SetError(-5) Return 'VirtualAllocEx failed !' EndIf Else SetError(-6) Return 'VirtualAllocEx failed !' EndIf For $i = 0 To StringLen($DLLpath) $ret = DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $pHandle, 'int', $pLibRemote + $i, 'int_ptr', Asc(StringMid($DLLpath, $i + 1, 1)), 'int', 1, 'int', 0) If IsArray($ret) Then If $ret[0] = 0 Then SetError(-7) Return 'WriteProcessMemory failed !' EndIf Else SetError(-8) Return 'WriteProcessMemory failed !' EndIf Next $modHandle = DllCall($kernel32, 'long', 'GetModuleHandle', 'str', 'kernel32.dll') If IsArray($modHandle) Then If $modHandle[0] > 0 Then $modHandle = $modHandle[0] Else SetError(-9) Return 'GetModuleHandle failed !' EndIf Else SetError(-10) Return 'GetModuleHandle failed !' EndIf $LoadLibraryA = DllCall($kernel32, 'long', 'GetProcAddress', 'long', $modHandle, 'str', 'LoadLibraryA') If IsArray($LoadLibraryA) Then If $LoadLibraryA[0] > 0 Then $LoadLibraryA = $LoadLibraryA[0] Else SetError(-11) Return 'GetProcAddress failed !' EndIf Else SetError(-12) Return 'GetProcAddress failed !' EndIf $hThread = DllCall($kernel32, 'int', 'CreateRemoteThread', 'int', $pHandle, 'int', 0, 'int', 0, 'long', $LoadLibraryA, 'long', $pLibRemote, 'int', 0, 'int', 0) If IsArray($hThread) Then ConsoleWrite($hThread[0] & @CR) If $hThread[0] > 0 Then $hThread = $hThread[0] Else SetError(-13) Return 'CreateRemoteThread failed !' EndIf Else SetError(-14) Return 'CreateRemoteThread failed !' EndIf DllCall($kernel32, 'int', 'VirtualFreeEx', 'int', $pHandle, 'int', $pLibRemote, 'int', 0x1000, 'int', 0x8000) DllCall($kernel32, 'int', 'CloseHandle', 'int', $hThread) DllCall($kernel32, 'int', 'CloseHandle', 'int', $pHandle) DllClose($kernel32) Return 1 EndFunc ;==>_InjectDll Func _InjectModule($pid, $DLLpath) If Not IsNumber($pid) Then SetError(-1) Return 'ProcessPid failed !' EndIf If StringRight($DLLpath, 4) <> '.dll' Then SetError(-2) Return 'DLL format failed !' EndIf ; allocate memory in remote process for dll path Local $pMem = _MemVirtualAllocEx($pid, 0, 260, 0x00001000, 0x00000004) If Not $pMem Then SetError(-3) Return '_MemVirtualAllocEx failed !' EndIf ; write dll path to remote process Local $ret = DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'ptr', $pid, 'ptr', $pMem, 'str', $DLLpath, 'uint', 260, 'uint*', 0) If $ret[5] <> 260 Then SetError(-4) Return 'WriteProcessMemory failed !' EndIf ; get LoadLibraryA address and call the remote thread with a pointer to the dll path Local $kernelidx = _ArraySearch($g_aMods, 'kernel32.dll', 0, 0, 0, 0, 1, 1) If $kernelidx == -1 Then SetError(-5) Return '_ArraySearch failed !' EndIf Local $LoadLibraryA = $g_aMods[$kernelidx][0] + $g_LoadLibraryA ; add offset to base address $ret = DllCall('kernel32.dll', 'ptr', 'CreateRemoteThread', 'ptr', $pid, 'ptr', 0, 'uint', 0, 'ptr', $LoadLibraryA, 'ptr', $pMem, 'dword', 0, 'ptr', 0) If Not $ret[0] Then SetError(-6) Return 'CreateRemoteThread failed !' EndIf Local $hThread = $ret[0] _WinAPI_WaitForSingleObject($hThread) ; wait for thread to finish ; get thread return value, which is the HMODULE (base address) of the injected dll $ret = DllCall('kernel32.dll', 'int', 'GetExitCodeThread', 'ptr', $hThread, 'dword*', 0) $hModule = Ptr($ret[2]) _WinAPI_CloseHandle($hThread) ; close thread handle _MemVirtualFreeEx($pid, $pMem, 260, 0x00004000) ; release memory for dll path _WinAPI_CloseHandle($pid) Return 1 EndFunc ;==>_InjectModule #EndRegion InjectDll Thanks for anyhelp Cheers, FireFox. Edited January 28, 2009 by FireFox Link to comment Share on other sites More sharing options...
Authenticity Posted January 28, 2009 Share Posted January 28, 2009 #Region InjectDll Func _InjectDll($pid, $DLLpath) ;make sure the user passed valid parameters If Not IsNumber($pid) Then SetError(-1) Return 'ProcessPid failed !' ElseIf StringLen($DLLpath) <= 4 Or StringRight($DLLpath, 4) <> '.dll' Then SetError(-2) Return 'DLL format failed !' EndIf And the rest of the function never get executed. I guess this is not the problem though. ;P Link to comment Share on other sites More sharing options...
FireFox Posted January 28, 2009 Author Share Posted January 28, 2009 @Authenticity No, you have to select process from process listand browse for dll, then check if it works Cheers, FireFox. Link to comment Share on other sites More sharing options...
Authenticity Posted January 28, 2009 Share Posted January 28, 2009 Where is the $g_aMods get reference to an array? Link to comment Share on other sites More sharing options...
FireFox Posted January 28, 2009 Author Share Posted January 28, 2009 @Authenticity I dont know, where i found the the function it was on Local... take a look to ModuleSpy if you want to help me Cheers, FireFox. Link to comment Share on other sites More sharing options...
FireFox Posted January 28, 2009 Author Share Posted January 28, 2009 (edited) For lazy people the topic of modulespy is hereAnd the project link is hereCheers, FireFox. Edited January 28, 2009 by FireFox Link to comment Share on other sites More sharing options...
hot202 Posted August 13, 2009 Share Posted August 13, 2009 did u end up getting this to work? Link to comment Share on other sites More sharing options...
demandnothing Posted September 21, 2009 Share Posted September 21, 2009 hey firefox.. im tryin to use this script but i get the undefined function error for _ProcessGetID and _Process_GetPath Link to comment Share on other sites More sharing options...
powerpoison Posted September 21, 2009 Share Posted September 21, 2009 hey firefox.. im tryin to use this script but i get the undefined function error for _ProcessGetID and _Process_GetPaththis is the help section, not the example section... so u actually need to help him, not to leech his code... Link to comment Share on other sites More sharing options...
demandnothing Posted September 22, 2009 Share Posted September 22, 2009 (edited) this is the help section, not the example section... so u actually need to help him, not to leech his code...gee you'd think i would be trying to help him, you know since this is the help section and not the example section, but i guess since i came into other complications than he has, it must mean my intentions are only to leech this code, and take all his hard work, knowing full well that the code isn't perfect and the person who posted it is having problems with it.. get a fuckin brain man. i am trying to help him.. firefox is all over the place helping people, i came across this thread in my searches, excuse me for trying to put out an effort to help somebody who helps others.. piss off asshole.. and yea i do plan on using this script personally but in order to do that i would need to help him perfect it.. so either way you're an idiot. Edited September 22, 2009 by demandnothing Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now