Process injection Question

netfriends · Post by **netfriends** » Sat Sep 30, 2006 3:29 pm

I have used the code To inject the test.dll To taskgmr.exe

enter.exe

#PROCESS_VM_OPERATION = $8
#PROCESS_VM_READ = $10
#PROCESS_VM_WRITE = $20


#PAGE_READWRITE = $4

#MEM_COMMIT = $1000 


Procedure FindPID(process.s)
For i=1 To 2000
If FindString(LCase(GetProcessName(i)),process,0)>0
Break
EndIf
Next
ProcedureReturn i
EndProcedure


hProcess=OpenProcess_(#PROCESS_CREATE_THREAD | #PROCESS_VM_OPERATION | #PROCESS_VM_WRITE,#False,FindPID("taskmgr.exe"))

dllfilename.s="E:\LibraryDesigner\test.dll"
dllsize.l=Len(dllfilename)+1


lpbuf=VirtualAllocEx_(hProcess,#Null,dllsize,#MEM_COMMIT,#PAGE_READWRITE)

myreturn=WriteProcessMemory_(hProcess,lpbuf,dllfilename,dllsize,temp)

pFunc=GetProcAddress_(LoadLibrary_("kernel32.dll"),"LoadLibraryA")

myresult=CreateRemoteThread_(hProcess,#Null,0,pFunc,lpbuf,0,temp32)

CloseHandle_(myresult)
CloseHandle_(hProcess)

test.dll

Code: Select all

ProcedureDLL AttachProcess(Instance)


OpenWindow(1, 257, 0, 600, 300,  #PB_Window_SystemMenu | #PB_Window_SizeGadget | #PB_Window_TitleBar ,PeekS(GetCommandLine_()))

Repeat 

Until WaitWindowEvent()=#PB_Event_CloseWindow


   EndProcedure

when I use loop keywords To wait the messages
The target Process (taskmgr.exe) will be uncontrol
How can I write the code with loop keywords?
I turn the code from C++,thanks For correct

netfriends · Post by **netfriends** » Sun Oct 01, 2006 12:25 pm

Add on (still waiting)

Inf0Byt3 · Post by **Inf0Byt3** » Sun Oct 01, 2006 12:27 pm

Try using a thread in the DLL... If you need further help i can try to make you some code.

Inf0Byt3 · Post by **Inf0Byt3** » Sun Oct 01, 2006 12:40 pm

The DLL:

Test.dll

Code: Select all

Procedure Attached(Dummy.l)
 
 OpenWindow(1, 257, 0, 600, 300, "Test", #PB_Window_SystemMenu | #PB_Window_SizeGadget | #PB_Window_TitleBar)

 Repeat
  event = WaitWindowEvent()
 Until event = #PB_Event_CloseWindow

EndProcedure

ProcedureDLL AttachProcess(Instance)

 CreateThread(@Attached(),0)

EndProcedure

The program:
Test.exe

Code: Select all

#PROCESS_VM_OPERATION = $8
#PROCESS_VM_READ = $10
#PROCESS_VM_WRITE = $20


#PAGE_READWRITE = $4

#MEM_COMMIT = $1000


Procedure FindPID(process.s)
For i=1 To 2000
If FindString(LCase(GetProcessName(i)),process,0)>0
Break
EndIf
Next
ProcedureReturn i
EndProcedure

Procedure InjectDLL(DllFileName$,ProcessID.l)
  Protected Result.l,Size.l,Process.l,RemoteMem.l,BytesWritten.l,LoadLibrary_Address.l,hThread.l
  Result=#False
  Size=Len(DllFileName$)+1
  Process=OpenProcess_(#PROCESS_ALL_ACCESS,0,ProcessID)
  If Process
    RemoteMem=VirtualAllocEx_(Process,#Null,Size,#MEM_COMMIT,#PAGE_READWRITE)
    If RemoteMem
      WriteProcessMemory_(Process,RemoteMem,DllFileName$,Size,@BytesWritten);BytesWritten can be #Null....
      If BytesWritten=>Size
        If OpenLibrary(0,"Kernel32.dll")
          LoadLibrary_Address=GetFunction(0,"LoadLibraryA")
          CloseLibrary(0)
          If LoadLibrary_Address
            hThread=CreateRemoteThread_(Process,#Null,#Null,LoadLibrary_Address,RemoteMem,#Null,#Null)
            If hThread
              WaitForSingleObject_(hThread, #INFINITE)
              GetExitCodeThread_(hThread,@Result)
            EndIf
          EndIf
        EndIf
      EndIf
      VirtualFreeEx_(Process,RemoteMem,Size,#MEM_DECOMMIT)
    EndIf
    CloseHandle_(Process)
  EndIf
  ProcedureReturn Result
EndProcedure

InjectDLL(GetCurrentDirectory()+"test.dll",3312) ;PUT THE PID HERE!!!

Is this what you need??

netfriends · Post by **netfriends** » Sun Oct 01, 2006 1:08 pm

Yeah Inf0Byt3 ! Thanks for your help.

Inf0Byt3 · Post by **Inf0Byt3** » Sun Oct 01, 2006 1:44 pm

No problem

.