It is currently Tue Dec 10, 2019 3:17 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: CreateRemoteThread code does not work properly
PostPosted: Sun Sep 26, 2010 6:02 am 
Offline
Addict
Addict

Joined: Sat Jul 11, 2009 4:57 am
Posts: 933
Location: United States
Hi, I took thoriums advice and just went directly for DLL injection, however my code fails and crashes notepad. I'm not sure what is wrong as this is a direct translation(I think).

Here is my procedure:
Code:
Procedure InjectRemoteCode(processID,DLL_NAME.s)
   hProcess = OpenProcess_(#PROCESS_ALL_ACCESS,#False,processID)
   If hProcess
      LoadLibAddy = GetProcAddress_(GetModuleHandle_("kernal32.dll"),"LoadLibraryA")
      dwSize = Len(DLL_NAME.s) + 1
      RemoteString = VirtualAllocEx_(hProcess,#Null,dwSize,#MEM_RESERVE|#MEM_COMMIT,#PAGE_READWRITE)
      WriteProcessMemory_(hProcess,RemoteString,DLL_NAME.s,dwSize,#Null)
      CreateRemoteThread_(hProcess,#Null,#Null,LoadLibAddy,RemoteString,#Null,#Null)
   Else
      Debug "failed to open process"
   EndIf
   CloseHandle_(hProcess)
EndProcedure


Here is my DLL code:
Code:
ProcedureDLL    msg()
MessageBox_(0,"Hello, World!","Hi",#MB_APPLMODAL)   
EndProcedure

_________________
▓▓▓▓▓▒▒▒▒▒░░░░░


Top
 Profile  
Reply with quote  
 Post subject: Re: CreateRemoteThread code does not work properly
PostPosted: Sun Sep 26, 2010 7:02 am 
Offline
Moderator
Moderator
User avatar

Joined: Sat Apr 26, 2003 1:11 am
Posts: 1390
"kernal32.dll"
or
"kernel32.dll"

if you check for results, such errors never happens.

_________________
SPAMINATOR NR.1


Top
 Profile  
Reply with quote  
 Post subject: Re: CreateRemoteThread code does not work properly
PostPosted: Sun Sep 26, 2010 7:17 am 
Offline
Addict
Addict

Joined: Sat Jul 11, 2009 4:57 am
Posts: 933
Location: United States
Damn you my brain, I will teach it a lesson by watching and finishing the Dune movie! That will show it who's boss.

[edit] Well, notepad doesn't crash any more but it doesn't seem like my dll is injecting since the messagebox doesn't pop up.
[edit2] the problem was I was using a procedure instead of an actual function. Damn you brain, I will watch not only the rest of Dune but also Texas Chainsaw Massacre on channel 503!

[Edit3] Okay so I can inject my DLL or whatever however I cannot inject it twice. Any ideas? Do I need to free the memory up after injecting or something? If so how? VirtualFreeEx?

_________________
▓▓▓▓▓▒▒▒▒▒░░░░░


Top
 Profile  
Reply with quote  
 Post subject: Re: CreateRemoteThread code does not work properly
PostPosted: Tue Sep 28, 2010 6:43 am 
Offline
User
User

Joined: Mon Mar 22, 2010 3:08 pm
Posts: 61
Owh, this is a very suitable addon to my PureBasic API Hooking. What do you mean by injecting it twice? Is it somehow near these actions?

You have injected the DLL and it works!. Then, It's is now the time to add some more code into the DLL. When you wanna inject it again. It fails. (Same injection process, Not yet exited)

If you somehow trying to do the above actions, You need to eject the DLL first.


Top
 Profile  
Reply with quote  
 Post subject: Re: CreateRemoteThread code does not work properly
PostPosted: Tue Sep 28, 2010 7:13 am 
Offline
Addict
Addict

Joined: Sat Jul 11, 2009 4:57 am
Posts: 933
Location: United States
PyroStrex wrote:
Owh, this is a very suitable addon to my PureBasic API Hooking. What do you mean by injecting it twice? Is it somehow near these actions?

You have injected the DLL and it works!. Then, It's is now the time to add some more code into the DLL. When you wanna inject it again. It fails. (Same injection process, Not yet exited)

If you somehow trying to do the above actions, You need to eject the DLL first.


Well, I tried to inject A.DLL, it worked. Then I tried to inject B.DLL and nothing happened.
A contained: messagerequester("","DLL A")
B contained: messagerequester("","DLL B")

Not sure what I really need to do to get both to work properly. I don't really know how to eject it.

_________________
▓▓▓▓▓▒▒▒▒▒░░░░░


Top
 Profile  
Reply with quote  
 Post subject: Re: CreateRemoteThread code does not work properly
PostPosted: Tue Sep 28, 2010 8:37 am 
Offline
User
User

Joined: Mon Mar 22, 2010 3:08 pm
Posts: 61
Here you are. I've convert this directly from my VB.net project. I also have the ejection method but i will post only if requested since I didn't convert it yet. (I've removed some of the actual code for example like injection directly to Process Name since i wanna convert it fast and VB.net detection is different than C or C++)

Tested and working in Windows 7.

Code:
Procedure.i InjectLibrary(ProcessID.l, DLLPath.s)
  Define ProcessHandle.l
  Define StartAddress.l
  Define BufferSize.i
  Define ParamAddress.l
  Define ThreadHandle.l
 
  ProcessHandle = OpenProcess_(#PROCESS_ALL_ACCESS,#False,processID)
 
  If ProcessHandle = 0
    ProcedureReturn -1
  EndIf
 
  StartAddress = GetProcAddress_(GetModuleHandle_("kernel32.dll"), "LoadLibraryA")
 
  If StartAddress = 0
    ProcedureReturn -1
  EndIf
 
  BufferSize = Len(DLLPath) + 1
 
  ParamAddress = VirtualAllocEx_(ProcessHandle, 0, BufferSize, #MEM_COMMIT, #PAGE_READWRITE)
 
  If ParamAddress = 0
    ProcedureReturn -1
  EndIf
 
  If Not WriteProcessMemory_(ProcessHandle, ParamAddress, DLLPath, BufferSize, 0)
    ProcedureReturn -1
  EndIf
 
  ThreadHandle = CreateRemoteThread_(ProcessHandle, 0, 0, StartAddress, ParamAddress, 0, 0)
 
  WaitForSingleObject_(ThreadHandle, #INFINITE)
 
  If ParamAddress <> 0
    VirtualFreeEx_(ProcessHandle, ParamAddress, 0, #MEM_RELEASE)
  Else
    ProcedureReturn -1
  EndIf
 
  CloseHandle_(ProcessHandle)
 
  ProcedureReturn 0
EndProcedure

NotePad = RunProgram("notepad", "", "", #PB_Program_Open|#PB_Program_Read)

Debug(NotePad)

If NotePad
  ProcessID = ProgramID(NotePad)
 
  If ProcessID
    InjectLibrary(ProcessID, "dll01.dll")
    InjectLibrary(ProcessID, "dll02.dll")
  EndIf
EndIf


Top
 Profile  
Reply with quote  
 Post subject: Re: CreateRemoteThread code does not work properly
PostPosted: Tue Sep 28, 2010 10:07 am 
Offline
Addict
Addict
User avatar

Joined: Sat Aug 15, 2009 6:59 pm
Posts: 1252
Nituvious wrote:
Well, I tried to inject A.DLL, it worked. Then I tried to inject B.DLL and nothing happened.
A contained: messagerequester("","DLL A")
B contained: messagerequester("","DLL B")

Not sure what I really need to do to get both to work properly. I don't really know how to eject it.

It sounds like you dont exit the remotly created thread. You must exit that thread!
There is a safty mechanism in windows to prevent endless loops on dll loading. I dont remember how exactly it works but it cancels the loading of dll's while a thread executes AttachProcess() of a dll. If you want a persistent thread running after injection, you have to create a new thread and let AttachProcess() exit. So just put a CreateThread() inside of AttachProcess().


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye