Hi all.
I've been looking into injection with c++ as im finding it interesting. However im running into difficulties. Im trying to inject internet explorer with the following line of code
system("c:/windows/notepad.exe");
so notepad is launched from internet explorer. I know it seems like a useless idea but it still teaches me the basics. Anyway i manage to allocate room in internet explorer and write the function with the above line of code in. All that seems to work fine, but its when i call createremotethread to execute the function where it crashes. My code is below
Code:
#include "stdafx.h"
#include <windows.h>
#include <string>
using namespace std;
#define cbInjectFunc 192
static DWORD WINAPI InjectFunc (void)
{
system("c:/windows/notepad.exe");
return 1;
}
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
MSG Msg;
HANDLE hProcess;
HWND iexplorer;
int PID;
//this works fine
iexplorer = FindWindow("IEFrame", NULL);
::GetWindowThreadProcessId( iexplorer, (DWORD*)&PID );
hProcess = ::OpenProcess(PROCESS_ALL_ACCESS, false, PID);
int nSuccess = 0;
DWORD dwNumBytesXferred = 0; // Number of bytes written to the remote process.
DWORD *pCodeRemote; // The address of InjectFunc in the remote process.
pCodeRemote = (PDWORD) VirtualAllocEx( hProcess, 0, cbInjectFunc, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
WriteProcessMemory( hProcess, pCodeRemote, &InjectFunc, cbInjectFunc, &dwNumBytesXferred );
HANDLE hThread = 0; // The handle and ID of the thread executing
DWORD dwThreadId = 0; // the remote InjectFunc.
//THIS IS WHERE IT CRASHES
// Start execution of remote InjectFunc
hThread = CreateRemoteThread(hProcess, NULL, 0,
(LPTHREAD_START_ROUTINE) pCodeRemote,
NULL, 0 , &dwThreadId);
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, (PDWORD) &nSuccess);
return 0;
}
Any ideas?
Thanks