I'm trying to make it work an injected dll inside Notepad.exe. For now, the injection is OK but I can't get the handle of the notepad window.
I don't want to use FindWindow_(). Tested on Windows 7 64 bits, compiled in 64 bits
Dll code :
Code: Select all
Global hSASWnd.l, OldSASProc.l
ProcedureDLL myWinProc(hWnd, uMsg, wParam, lParam)
Select uMsg
Case #WM_NCLBUTTONDBLCLK
Select wParam
Case #HTCAPTION
RunProgram("calc.exe")
EndSelect
Case #WM_NCLBUTTONDOWN
EndSelect
ProcedureReturn CallWindowProc_(OldSASProc, hWnd, uMsg, wParam, lParam)
EndProcedure
ProcedureDLL EnumProc(hwnd, lParam)
*hwnd.LONG = lParam
*hwnd\l = hwnd
ProcedureReturn 0
EndProcedure
ProcedureDLL GetCallingHwnd()
EnumThreadWindows_(GetCurrentThreadId_(), @EnumProc(), @hwnd)
ProcedureReturn hwnd
EndProcedure
ProcedureDLL AttachProcess(hInstance)
hSASWnd = GetCallingHwnd()
MessageRequester("hSASWnd=", Str(hSASWnd))
OldSASProc = GetWindowLong_(hSASWnd, #GWL_WNDPROC)
SetWindowLong_(hSASWnd, #GWL_WNDPROC, @myWinProc())
EndProcedure
ProcedureDLL DetachProcess(hInstance)
SetWindowLong_(hSASWnd, #GWL_WNDPROC, OldSASProc)
EndProcedure
Code: Select all
EnableExplicit
Procedure GetPidByName(pName.s)
Protected.s processName.s = Space(#MAX_PATH)
Protected pEntry.PROCESSENTRY32
Protected.i hTool32, pId
pEntry\dwSize = SizeOf(PROCESSENTRY32)
hTool32 = CreateToolhelp32Snapshot_(#TH32CS_SNAPPROCESS, 0)
pName = UCase(pName)
Process32First_(hTool32, @pEntry)
CopyMemory(@pEntry\szExeFile, @processName, #MAX_PATH)
If UCase(processName) = pName
pId = pEntry\th32ProcessID
Else
While Process32Next_(hTool32, @pEntry) > 0
CopyMemory(@pEntry\szExeFile, @processName, #MAX_PATH)
If UCase(processName) = pName
pId = PEntry\th32ProcessID
Break
EndIf
Wend
EndIf
CloseHandle_(hTool32)
ProcedureReturn pId
EndProcedure
; Inject Library To A Target Process
; Both DLL And Process Must Be Unicode
; For ASCII: Change LoadLibraryW > LoadLibraryA And Modify Strings Related To pszLibFile
Procedure LoadLibrary(dwProcessId.i, pszLibFile.s)
Protected.i hProcess, hThread, lzLibFileRemote, endSize, lsThreadRtn
hProcess = OpenProcess_(#PROCESS_QUERY_INFORMATION | #PROCESS_CREATE_THREAD | #PROCESS_VM_OPERATION | #PROCESS_VM_WRITE, 0, dwProcessId)
If hProcess = 0 : Goto ErrHandle : EndIf
endSize = 1 + StringByteLength(pszLibFile)
lzLibFileRemote = VirtualAllocEx_(hProcess, #Null, endSize, #MEM_COMMIT, #PAGE_READWRITE)
If lzLibFileRemote = 0 : Goto ErrHandle : EndIf
If WriteProcessMemory_(hProcess, lzLibFileRemote, pszLibFile, endSize, #Null) = 0 : Goto ErrHandle : EndIf
CompilerIf #PB_Compiler_Unicode
OpenLibrary(0, "Kernel32.dll") : lsThreadRtn = GetFunction(0, "LoadLibraryW") : CloseLibrary(0)
CompilerElse
OpenLibrary(0, "Kernel32.dll") : lsThreadRtn = GetFunction(0, "LoadLibraryA") : CloseLibrary(0)
CompilerEndIf
If lsThreadRtn = 0 : Goto ErrHandle : EndIf
hThread = CreateRemoteThread_(hProcess, #Null, #Null, lsThreadRtn, lzLibFileRemote, #Null, #Null)
If hThread = 0 : Goto ErrHandle : EndIf
WaitForSingleObject_(hThread, #INFINITE)
If lzLibFileRemote <> 0
VirtualFreeEx_(hProcess, lzLibFileRemote, 0, #MEM_RELEASE)
MessageRequester("Inject Status", "Injection Suceeded!", #MB_ICONINFORMATION)
Else
VirtualFreeEx_(hProcess, lzLibFileRemote, 0, #MEM_RELEASE)
MessageRequester("Inject Status", "Injection Failed!", #MB_ICONERROR)
EndIf
End
ErrHandle:
CloseHandle_(hThread)
CloseHandle_(hProcess)
EndProcedure
; ----- Main Program -----
CompilerIf #PB_Compiler_IsMainFile
Define.s nDLL, procName = InputRequester("Simple DLL Injector", "Enter Target Process Name (*.exe):", "")
Define.i pId = GetPidByName(procName)
If pId
nDLL = OpenFileRequester("Choose DLL File To Inject", "C:\", "DLL File (*.dll)|*.dll;*.dll", 0)
If nDLL
LoadLibrary(pId, nDLL)
EndIf
Else
MessageRequester("Error", "Process ID Not Found!", #MB_ICONERROR)
EndIf
CompilerEndIf