Menu
I'm working on way to inject a dll into any process on windows. I already have a code that work for my own program, like hello world or thing like that but other programs, like notepad , calc, chrome, etc..
Program can prevent the injection of dll, so I don't know what I can do to bypass this.
My final goal is to hook the api call of any program.
This domains is new for me, so I'm a beginner here, if you have any resource or solution about it !
injector.cpp
#include <iostream>
#include <Windows.h>
int main()
{
// path to our dll
LPCSTR DllPath = "D:\\projects\\standardinjection\\release\\testlib.dll";
INT process_id = 14367;
// Open a handle to target process
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_id);
// Allocate memory for the dllpath in the target process
// length of the path string + null terminator
LPVOID pDllPath = VirtualAllocEx(hProcess, 0, strlen(DllPath) + 1,
MEM_COMMIT, PAGE_READWRITE);
// Write the path to the address of the memory we just allocated
// in the target process
WriteProcessMemory(hProcess, pDllPath, (LPVOID)DllPath,
strlen(DllPath) + 1, 0);
// Create a Remote Thread in the target process which
// calls LoadLibraryA as our dllpath as an argument -> program loads our dll
HANDLE hLoadThread = CreateRemoteThread(hProcess, 0, 0,
(LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandleA("Kernel32.dll"),
"LoadLibraryA"), pDllPath, 0, 0);
// Wait for the execution of our loader thread to finish
WaitForSingleObject(hLoadThread, INFINITE);
std::cout << "Dll path allocated at: " << std::hex << pDllPath << std::endl;
std::cin.get();
// Free the memory allocated for our dll path
VirtualFreeEx(hProcess, pDllPath, strlen(DllPath) + 1, MEM_RELEASE);
return 0;
}
my dll
#include <Windows.h>
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
MessageBox(0, L"Hello From testlib!", L"Hello", MB_ICONINFORMATION);
return TRUE;
}
I'm currently on windows 10 x64 Coming from Unix os, so Windows is pretty new for me!
Thanks for your time !
605
DLL injection is a method of executing arbitrary code in the address space of a separate live process. DLL injection is commonly performed by writing the path to a DLL in the virtual address space of the target process before loading the DLL by invoking a new thread.
As wrote it has two options, one is to allocate memory in other process, copy your code to load DLL (call LoadLibrary) and use CreateRemoteThread to execute your code. Second way is nice trick. Allocate memory in other process and copy path to DLL into. Get address of LoadLibrary from kernel32.
For 99% of injection methods, you must be able to write your code into the target process. In order to do this, you need to be able to open a Process Handle by using OpenProcess() with the required privileges.
If the process you are trying to inject to is a game with kernel mode anticheat it will block you via ObjRegisterCallbacks. You will need to also be in kernel mode to bypass this protection, unless they have some whitelist system you can abuse in usermode.
If the process you are trying to inject into is running as SYSTEM or a Protected Process Light process then you are in trouble there as well. More info on that in my previous answer
In your comments you said your goal is to hook APIs, to answer this portion of your question I would refer you to this answer where I explain it
61
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
