1 Replies - 1491 Views - Last Post: 24 August 2009 - 10:12 AM Rate Topic: -----

#1 nmgod  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 48
  • View blog
  • Posts: 233
  • Joined: 26-March 08

Dll Injection

Post icon  Posted 22 August 2009 - 08:39 PM

Friend made an app a while ago for me and i need to inject a dll to see if some updates will work can anyone spot what i have got wrong?

It all seems fine to me and if you did the equivalent code in c++ it would work

I was using ollydgb assembler to chech and it crashes once it reaches the CreateThread, before that it writes the location of the dll to memory no prob its just once it hits the create thread it crashes.

   Private Declare Function WriteProcessMem Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As IntPtr, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Byte, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Boolean
	Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Boolean, ByVal dwProcessId As Integer) As IntPtr
	Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Integer
	Private Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, ByVal dwSize As UInteger, ByVal flAllocationType As UInteger, ByVal flProtect As UInteger) As IntPtr
	Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Integer, ByRef lpThreadAttributes As Object, ByVal dwStackSize As Integer, ByRef lpStartAddress As Integer, ByRef lpParameter As Object, ByVal dwCreationFlags As Integer, ByRef lpThreadId As Integer) As Integer
	Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Integer, ByVal lpProcName As String) As Integer
	Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Integer, ByVal dwMilliseconds As Integer) As Integer
	Private Declare Function GetExitCodeThread Lib "kernel32" (ByVal hThread As Integer, ByRef lpExitCode As Integer) As Integer
	Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Integer) As Integer
	Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As IntPtr, ByVal lpAddress As Integer, ByVal dwSize As Integer, ByVal dwFreeType As Integer) As Integer
	Private Const MEM_RELEASE As Integer = &H8000
	Private Const PROCESS_ALL_ACCESS As Integer = &H1F0FFF
	Private Const WAIT_ABANDONED As Integer = &H80
	Private Const WAIT_FAILED As Integer = &HFFFFFFFF
	Private Const WAIT_OBJECT_0 As Integer = &H0
	Private Const WAIT_TIMEOUT As Integer = &H102
	Private Const INFINITE As Integer = &HFFFF

	Public Sub IJ(ByVal DllFile As String)
		Dim Procs() As Process = Process.GetProcesses
		For Each Proc As Process In Procs
			If Proc.MainWindowTitle = "MyApp" Then
				If Proc.Id <> 0 Then
					Dim hProcess As IntPtr = OpenProcess(PROCESS_ALL_ACCESS, False, Proc.Id)
					If hProcess <> IntPtr.Zero Then
						Dim MemLoc As IntPtr = VirtualAllocEx(hProcess, IntPtr.Zero, CUInt(DllFile.Length), &H1000, &H4)

						Dim Address As Integer = CInt(MemLoc)
						For i = 0 To DllFile.Length - 1
							WriteProcessMem(hProcess, MemLoc, CByte(Asc(DllFile.ElementAt(i))), 1, 0&)
							Address += 1
						Next

						'Problems is here
						Dim hThread As Integer = CreateRemoteThread(CInt(hProcess), 0, 0, GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"), CInt(MemLoc), 0, 0)
						

						WaitForSingleObject(hThread, INFINITE)

						Dim hMod As Integer
						GetExitCodeThread(hThread, hMod)

						CloseHandle(hThread)
						VirtualFreeEx(hProcess, CInt(MemLoc), DllFile.Length, MEM_RELEASE)
					End If
				End If
			End If
		Next
	End Sub


Is This A Good Question/Topic? 0
  • +

Replies To: Dll Injection

#2 piman314  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 32
  • View blog
  • Posts: 169
  • Joined: 07-August 09

Re: Dll Injection

Posted 24 August 2009 - 10:12 AM

Try using CREATE_THREAD_ACCESS (1082) instead of PROCESS_ALL_ACCESS
Also try making all handle parameters ByVal IntPtr instead of ByRef Integer
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As IntPtr, ByVal lpThreadAttributes As IntPtr, ByVal dwStackSize As Integer, ByVal lpStartAddress As IntPtr, ByRef lpParameter As Object, ByVal dwCreationFlags As Integer, ByRef lpThreadId As Integer) As IntPtr



Dim hThread As IntPtr = CreateRemoteThread(hProcess, Nothing, Nothing, GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"), MemLoc, Nothing, Nothing)


Was This Post Helpful? 0
  • +
  • -

Page 1 of 1