Okay so Ive Ran and tested the solution given on the website http://ift.tt/1ApYMxJ which came with positive results.
Now ive converted this into a win32 unicode project without any compile errors or runtime errors(it even says its injected the dll). Without any noticeable errors everything seems fine other than the fact that the dll is not executing after injection.
Keep in mind the Dll does work if the Injectors character set is not set, but not if converted into unicode. Ive even converted the dll into unicode just to test and that works on the NON unicode Injector. With that in mind ive came to the conclusion that the problem lies in the converted Injector.
If anymore information is needed feel free to ask. You may also ask, why convert into unicode? its my personal preference. Since i did not write the code myself converting does help me learn the code.
I did Erase the 2nd function but that function was never called and was practically useless. it was the same function except with A different Variable Type. Conversion did not work prior to erasing.
Is there anything wrong with this code? I think the problem is here in Injector.cpp
#include "stdafx.h"
#include <windows.h>
#include <tlhelp32.h>
#include <shlwapi.h>
#include <conio.h>
#include <stdio.h>
#include <iostream>
#include "Resource.h"
Injector::Injector(void)
{
}
Injector::~Injector(void)
{
}
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
bool Injector::Inject(wchar_t* procName, wchar_t* DLL_NAME)
{
DWORD pID = GetTargetThreadIDFromProcName(procName);
HANDLE Proc = 0;
HMODULE hLib = 0;
wchar_t buf[50] = { 0 };
LPVOID RemoteString, LoadLibAddy;
if (!pID)
return false;
Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
if (!Proc)
{
swprintf_s(buf, L"OpenProcess() failed: %d", GetLastError());
MessageBoxW(NULL, buf, L"Loader", MB_OK);
wprintf(buf);
return false;
}
LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "LoadLibraryA");
// Allocate space in the process for our DLL
RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, wcslen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
// Write the string name of our DLL in the memory allocated
WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, wcslen(DLL_NAME), NULL);
// Load our DLL
CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL);
CloseHandle(Proc);
return true;
}
DWORD Injector::GetTargetThreadIDFromProcName(wchar_t* ProcName)
{
PROCESSENTRY32 pe;
HANDLE thSnapShot;
BOOL retval = false;
thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (thSnapShot == INVALID_HANDLE_VALUE)
{
MessageBoxW(NULL, L"Error: Unable to create toolhelp snapshot!", L"2MLoader", MB_OK);
return false;
}
pe.dwSize = sizeof(PROCESSENTRY32);
retval = Process32First(thSnapShot, &pe);
while (retval)
{
if (!wcscmp(pe.szExeFile, ProcName))
{
return pe.th32ProcessID;
}
retval = Process32Next(thSnapShot, &pe);
}
return 0;
}
Resource.h
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NO_MFC 130
#define _APS_NEXT_RESOURCE_VALUE 129
#define _APS_NEXT_COMMAND_VALUE 32771
#define _APS_NEXT_CONTROL_VALUE 1000
#define _APS_NEXT_SYMED_VALUE 110
#endif
#endif
#pragma once
#include <Windows.h>
class Injector
{
public:
Injector(void);
~Injector(void);
bool Inject(wchar_t* procName, wchar_t* DLL_NAME);
private:
DWORD GetTargetThreadIDFromProcName(wchar_t * ProcName);
};
Main.cpp
// DLL_Injector_WIN32.cpp : Defines the entry point for the application.
//
#include "stdafx.h"
#include "DLL_Injector_WIN32.h"
#include <Commdlg.h>
#include <iostream>
#include <Windows.h>
#include "Resource.h"
#define MAX_LOADSTRING 100
Injector* injector = new Injector();
// Global Variables:
HINSTANCE hInst; // current instance
TCHAR szTitle[MAX_LOADSTRING]; // The title bar text
TCHAR szWindowClass[MAX_LOADSTRING]; // the main window class name
wchar_t szFile[MAX_PATH];
LPTSTR PROC_NAME = new TCHAR[1024];
// Forward declarations of functions included in this code module:
ATOM MyRegisterClass(HINSTANCE hInstance);
BOOL InitInstance(HINSTANCE, int);
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM);
BOOL FileOpen(HWND hwnd);
int start(wchar_t* DLL_PATH, wchar_t* PROC_NAME);
int APIENTRY _tWinMain(_In_ HINSTANCE hInstance,
_In_opt_ HINSTANCE hPrevInstance,
_In_ LPTSTR lpCmdLine,
_In_ int nCmdShow)
{
UNREFERENCED_PARAMETER(hPrevInstance);
UNREFERENCED_PARAMETER(lpCmdLine);
// TODO: Place code here.
MSG msg;
HACCEL hAccelTable;
// Initialize global strings
LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);
LoadString(hInstance, IDC_DLL_INJECTOR_WIN32, szWindowClass, MAX_LOADSTRING);
MyRegisterClass(hInstance);
// Perform application initialization:
if (!InitInstance (hInstance, nCmdShow))
{
return FALSE;
}
hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_DLL_INJECTOR_WIN32));
// Main message loop:
while (GetMessage(&msg, NULL, 0, 0))
{
if (!TranslateAccelerator(msg.hwnd, hAccelTable, &msg))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
return (int) msg.wParam;
}
//
// FUNCTION: MyRegisterClass()
//
// PURPOSE: Registers the window class.
//
ATOM MyRegisterClass(HINSTANCE hInstance)
{
WNDCLASSEX wcex;
wcex.cbSize = sizeof(WNDCLASSEX);
wcex.style = CS_HREDRAW | CS_VREDRAW;
wcex.lpfnWndProc = WndProc;
wcex.cbClsExtra = 0;
wcex.cbWndExtra = 0;
wcex.hInstance = hInstance;
wcex.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(IDI_DLL_INJECTOR_WIN32));
wcex.hCursor = LoadCursor(NULL, IDC_ARROW);
wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
wcex.lpszMenuName = MAKEINTRESOURCE(IDC_DLL_INJECTOR_WIN32);
wcex.lpszClassName = szWindowClass;
wcex.hIconSm = LoadIcon(wcex.hInstance, MAKEINTRESOURCE(IDI_SMALL));
return RegisterClassEx(&wcex);
}
//
// FUNCTION: InitInstance(HINSTANCE, int)
//
// PURPOSE: Saves instance handle and creates main window
//
// COMMENTS:
//
// In this function, we save the instance handle in a global variable and
// create and display the main program window.
//
BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
{
HWND hWnd;
hInst = hInstance; // Store instance handle in our global variable
hWnd = CreateWindowEx(
WS_EX_CLIENTEDGE,
szWindowClass,
szTitle,
WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT, CW_USEDEFAULT, 350, 100,
NULL, NULL, hInstance, NULL);
if (!hWnd)
{
return FALSE;
}
ShowWindow(hWnd, nCmdShow);
UpdateWindow(hWnd);
return TRUE;
}
//
// FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM)
//
// PURPOSE: Processes messages for the main window.
//
// WM_COMMAND - process the application menu
// WM_PAINT - Paint the main window
// WM_DESTROY - post a quit message and return
//
//
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
int wmId, wmEvent;
PAINTSTRUCT ps;
HDC hdc;
switch (message)
{
case WM_CREATE:
CreateWindowEx(
WS_EX_CLIENTEDGE,
L"BUTTON",
L"Inject",
WS_CHILD | WS_VISIBLE | WS_EX_CLIENTEDGE,
280, 10, 45, 25,
hWnd, (HMENU)IDC_INJECT, ((LPCREATESTRUCT)lParam)->hInstance, NULL);
CreateWindowEx(
WS_EX_CLIENTEDGE,
L"BUTTON",
L"DLL",
WS_CHILD | WS_VISIBLE | WS_EX_CLIENTEDGE,
240, 10, 35, 25,
hWnd, (HMENU)IDC_DLL, ((LPCREATESTRUCT)lParam)->hInstance, NULL);
CreateWindowEx(
WS_EX_CLIENTEDGE,
L"EDIT",
L"",
WS_CHILD | WS_VISIBLE | WS_EX_CLIENTEDGE | ES_AUTOHSCROLL,
65, 10, 170, 25,
hWnd, (HMENU)IDC_PROCESS, ((LPCREATESTRUCT)lParam)->hInstance, NULL);
CreateWindowEx(
0,
L"STATIC",
L"Process",
WS_CHILD | WS_VISIBLE,
5, 10, 55, 25,
hWnd, (HMENU)NULL, ((LPCREATESTRUCT)lParam)->hInstance, NULL);
break;
case WM_COMMAND:
wmId = LOWORD(wParam);
wmEvent = HIWORD(wParam);
// Parse the menu selections:
switch (wmId)
{
case IDC_DLL:
{
FileOpen(hWnd);
// MessageBox(NULL, szFile, L"TEST", NULL);
}
break;
case IDC_INJECT:
{
GetDlgItemText(hWnd, IDC_PROCESS, PROC_NAME, 1024);
start(szFile, PROC_NAME);
}
break;
case IDM_ABOUT:
DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
break;
case IDM_EXIT:
DestroyWindow(hWnd);
break;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
}
break;
case WM_PAINT:
hdc = BeginPaint(hWnd, &ps);
// TODO: Add any drawing code here...
EndPaint(hWnd, &ps);
break;
case WM_DESTROY:
PostQuitMessage(0);
break;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
}
return 0;
}
// Message handler for about box.
INT_PTR CALLBACK About(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{
UNREFERENCED_PARAMETER(lParam);
switch (message)
{
case WM_INITDIALOG:
return (INT_PTR)TRUE;
case WM_COMMAND:
if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL)
{
EndDialog(hDlg, LOWORD(wParam));
return (INT_PTR)TRUE;
}
break;
}
return (INT_PTR)FALSE;
}
BOOL FileOpen(HWND hwnd)
{
OPENFILENAME ofn;
HANDLE hf;
ZeroMemory(&ofn, sizeof(ofn));
ofn.lStructSize = sizeof(ofn);
ofn.hwndOwner = hwnd;
ofn.lpstrFile = szFile;
ofn.lpstrFile[0] = '\0';
ofn.nMaxFile = sizeof(szFile);
ofn.lpstrFilter = L"DLL\0*.dll\0";
ofn.nFilterIndex = 1;
ofn.lpstrFileTitle = NULL;
ofn.nMaxFileTitle = 0;
ofn.lpstrInitialDir = NULL;
ofn.Flags = OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST;
if (GetOpenFileNameW(&ofn) == TRUE)
{
//CheckDlgButton(hwnd, IDC_PASS_LIST, BST_UNCHECKED);
hf = CreateFile(ofn.lpstrFile,
GENERIC_READ,
FILE_SHARE_READ,
(LPSECURITY_ATTRIBUTES)NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
(HANDLE)NULL);
return TRUE;
if (hf == (HANDLE)-1)
{
MessageBox(NULL, L"Could not open this file", L"File I/O Error", MB_ICONSTOP);
return FALSE;
}
}
else
{
return FALSE;
}
}
int start(wchar_t* DLL_PATH, wchar_t* PROC_NAME)
{
WCHAR dllDir[MAX_PATH];
wcscpy_s(dllDir, MAX_PATH, DLL_PATH);
//MessageBox(NULL, dllDir, L"DLL path: ", MB_ICONSTOP);
//MessageBox(NULL, PROC_NAME, L"Process: ", MB_ICONSTOP);
if (injector->Inject(PROC_NAME, dllDir)){
MessageBox(NULL, L"DLL injected!", L"DLL injected!", MB_ICONSTOP);
}
else {
MessageBox(NULL, L"Failed to inject the dll...", L"File I/O Error", MB_ICONSTOP);
}
return 0;
}
Aucun commentaire:
Enregistrer un commentaire