Sign in to follow this  
Followers 0
monoceres

Injecting and executing code in external process

12 posts in this topic

This is based on trancexx's work in this thread.

It's an example of executing a function from the winapi in another process (MessageBoxW).

It's not very useful at the moment, but this could very well be used to inject code that does whatever.

I commented pretty much so it should be quite easy to follow how it works.

The basic structure is:

1. Allocate memory in the target process for code and strings.

2. Generate the machine code.

3. Copy the code and strings to the process.

4. Start executing the code using CreateRemoteThread

Download: RemoteMessageBox.au3

Enjoy :)


Broken link? PM me and I'll send you the file!

Share this post


Link to post
Share on other sites



@monoceres

Really nice ! It could be very useful :)

I think I will work on something with this !

Cheers, FireFox.


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites

Thanks.

Good luck, no idea what you could do with it in the current form though :)


Broken link? PM me and I'll send you the file!

Share this post


Link to post
Share on other sites

What if I do:

$processname = @AutoItPID
and lose
_WinAPI_WaitForSingleObject($hThread)

Wouldn't that be multithreading?

If so only inter-thread (one way is enough) communication is needed to have it as a... something great.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

What if I do:

$processname = @AutoItPID
and lose
_WinAPI_WaitForSingleObject($hThread)

Wouldn't that be multithreading?

If so only inter-thread (one way is enough) communication is needed to have it as a... something great.

You don't need this code for multi-threading in AutoIt. Some time ago i made an example for multi-threading (here it is). The only thing you have to consider is that you have to create the function for the Thread in a compiled language and put it into a DLL (e.g. use FreeBasic) Edited by ProgAndy

*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

You don't need this code for multi-threading in AutoIt. Some time ago i made an example for multi-threading (here it is). The only thing you have to consider is that you have to create the function for the Thread in a compiled language and put it into a DLL (e.g. use FreeBasic)

Yes, I know about that code (even suggested it recently in one particular occasion). I actually dismantled it completely and that resulted in finding it to be buggy (I think I remember enough of that process to replicate found collisions, ...will see).

Btw, congratulations on MVP status. Very much earned IMHO.

Edited by trancexx

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

2 silly :) questions:

1) what is the goal of code injection?

2) what is MVP exactly? Congratulations to ProgAndy, BrettF and TheSaint... for MVP status.

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

1) what is the goal of code injection?

The example doesn't fill much purpose, it's simply an example for us that like messing around with windows on a lower level.

However code injection in general has many uses, hooking internal workings, extending functionality, debugging etc.

Oh and there's also the many malicious uses, but I'm not worried since the kiddies that uses autoit to write crap won't understand this anyway.

Edit: MVP is much valuable person or something like that, it's a kind of acknowledge if you are useful for the community.

Edited by monoceres

Broken link? PM me and I'll send you the file!

Share this post


Link to post
Share on other sites

The example doesn't fill much purpose, it's simply an example for us that like messing around with windows on a lower level.

However code injection in general has many uses, hooking internal workings, extending functionality, debugging etc.

Oh and there's also the many malicious uses, but I'm not worried since the kiddies that uses autoit to write crap won't understand this anyway.

Edit: MVP is much valuable person or something like that, it's a kind of acknowledge if you are useful for the community.

Thanks for the explanation.

I meant the shortcut for MVP.

UEZ


Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯

Share this post


Link to post
Share on other sites

2 silly :) questions:

1) what is the goal of code injection?

2) what is MVP exactly? Congratulations to ProgAndy and TheSaint...

UEZ

i can only answer the MVP one

an mvp have a larger storage on the forum account and like ahmmm. a premium account but for no money (i think)

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

Thanks, but what does MVP mean (shortcut for)?

Microsoft V.... Professional? Most Valuable Poster? :) ...

Anyway, it is not so important...

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

MVP Means : Most Valuable Player

Edited by lordicast

[Cheeky]Comment[/Cheeky]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0