anyone familiar with DetourCreateProcessWithDllA() Sparkie?

[mikecaliber]

Anyone who has any knowledge of how to do the following:

I want to be able to inject a .dll into a program when it launches.

The .dll needs to be injected pretty much right at the moment the program .exe runs.

at any rate i found the DetourCreateProcessWithDllA() WINAPI function.

can someone write some simple code to help me do this?

I think I have the structs and function params here (but they are in c++) from the MSDN website:

STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(si));
ZeroMemory(&pi, sizeof(pi));

DetourCreateProcessWithDllA(strTargetFullExe,NULL,NULL,NULL,FALSE,CREATE_DEFAULT_ERROR_MODE,NULL,chdir,&si,&pi,strDllFileName,NULL);

A simple program than can be used to launch a program and inject a .dll as it launches is what i am after. I appreciate the help in these useful forums, as always!

best,
cal

[dell_jockey]

what exactly do you mean with 'injecting a .dll into a program' ?

Would that be a .dll that the program wouldn't initialise itself, if it weren't for the 'injection' ?

[Straker]

If you mean to compile the DLL into your EXE, load into memory, then call it from memory, do a search for PBOSL.

[traumatic]

This has got nothing to do with loading a dll from memory.
He wants to inject a dll to another process, kinda like a loader I suppose.

I don't have MS' detour library so I can't help...

[mikecaliber]

yes. this is what i need. to be able to inject the .dll into the memory of the .exe just as it runs. some people would call it a "loader". is there code for dll injection of loaders already. perhaps i am doing a search in the wrong way. i am sure that the api call i gave here is the correct one based on what i read at the msdn. anyways, hopefully someone can decipher how to do this or point me into the right direction-

best,
cal

[mikecaliber]

bump for more views and replies.

surely someone in here has injected .dll's before. nobody here is experienced with this?

best,
cal

[traumatic]

viewtopic.php?t=15313
viewtopic.php?t=16676

If you're going to buy me a detours license, I'll help converting the examples
to PB

[mikecaliber]

viewtopic.php?t=15313
viewtopic.php?t=16676

If you're going to buy me a detours license, I'll help converting the examples
to PB

no need to go to extremes! i figured it out-

basically i "polled" once i ran the program to see if it was running and immediately injected using other methods.

pb is pretty powerful to be able to do this in such simple code, but takes time to convert and "simplify". lots of trial and error-

best,
mike

[thefool]

Code: Select all

Procedure InjectDLL(DllFileName$,ProcessID.l)
  Protected Result.l,DllFileName$,Size.l,Process.l,RemoteMem.l,BytesWritten.l,LoadLibrary_Address.l,hThread.l
  Result=#False
  Size=Len(DllFileName$)+1
  Process=OpenProcess_(#PROCESS_ALL_ACCESS,0,ProcessID)
  If Process
    RemoteMem=VirtualAllocEx_(Process,#Null,Size,#MEM_COMMIT,#PAGE_READWRITE)
    If RemoteMem
      WriteProcessMemory_(Process,RemoteMem,DllFileName$,Size,@BytesWritten);@bw can also be null
      If BytesWritten=>Size
        If OpenLibrary(0,"Kernel32.dll")
          LoadLibrary_Address=IsFunction(0,"LoadLibraryA")
          CloseLibrary(0)
          If LoadLibrary_Address
            hThread=CreateRemoteThread_(Process,#Null,#Null,LoadLibrary_Address,RemoteMem,#Null,#Null)
            If hThread
              WaitForSingleObject_(hThread, #INFINITE)
              GetExitCodeThread_(hThread,@Result)
            EndIf
          EndIf
        EndIf
      EndIf
      VirtualFreeEx_(Process,RemoteMem,Size,#MEM_DECOMMIT)
    EndIf
    CloseHandle_(Process)
  EndIf
  ProcedureReturn Result
EndProcedure

can it be simpler?

[mikecaliber]

Code: Select all

Procedure InjectDLL(DllFileName$,ProcessID.l)
  Protected Result.l,DllFileName$,Size.l,Process.l,RemoteMem.l,BytesWritten.l,LoadLibrary_Address.l,hThread.l
  Result=#False
  Size=Len(DllFileName$)+1
  Process=OpenProcess_(#PROCESS_ALL_ACCESS,0,ProcessID)
  If Process
    RemoteMem=VirtualAllocEx_(Process,#Null,Size,#MEM_COMMIT,#PAGE_READWRITE)
    If RemoteMem
      WriteProcessMemory_(Process,RemoteMem,DllFileName$,Size,@BytesWritten);@bw can also be null
      If BytesWritten=>Size
        If OpenLibrary(0,"Kernel32.dll")
          LoadLibrary_Address=IsFunction(0,"LoadLibraryA")
          CloseLibrary(0)
          If LoadLibrary_Address
            hThread=CreateRemoteThread_(Process,#Null,#Null,LoadLibrary_Address,RemoteMem,#Null,#Null)
            If hThread
              WaitForSingleObject_(hThread, #INFINITE)
              GetExitCodeThread_(hThread,@Result)
            EndIf
          EndIf
        EndIf
      EndIf
      VirtualFreeEx_(Process,RemoteMem,Size,#MEM_DECOMMIT)
    EndIf
    CloseHandle_(Process)
  EndIf
  ProcedureReturn Result
EndProcedure

can it be simpler?

that injection code is elsewhere in the forums. i should have searched better because i got ahold of some c++ code that does the same thing but i had to convert it, which is what i meant by trial and error and stuff. thanks for this code. i can't remember who originally wrote it, but it is succinct and useful=

best,
cal

[DarkDragon]

remoteAPI.dll of purefan helps. Well, otherwise you need to search for API-Hook in google or such.

[thefool]

bradan why not just use the code i gave him?

The original author is PolyVector. He decided not to release the code so i got permission to use it. Later when someone requested it a while ago i posted it again.

[DarkDragon]

bradan why not just use the code i gave him?

The original author is PolyVector. He decided not to release the code so i got permission to use it. Later when someone requested it a while ago i posted it again.

Because you just inject it. You don't replace a DLL of the Import Table.

[thefool]

I want to be able to inject a .dll into a program when it launches.

A simple program than can be used to launch a program and inject a .dll as it launches is what i am after. I appreciate the help in these useful forums, as always!

[DarkDragon]

I want to be able to inject a .dll into a program when it launches.

A simple program than can be used to launch a program and inject a .dll as it launches is what i am after. I appreciate the help in these useful forums, as always!

what a world, all are too lazy to interpret something. What the hell can you do now with the DLL? Nothing, that's all! So think of what he would like to do: hooking is the next thought so.