Hi all.
I've been looking into injection with c++ as im finding it interesting. However im running into difficulties. Im trying to inject internet explorer with the following line of code
system("c:/windows/notepad.exe");
so notepad is launched from internet explorer. I know it seems like a useless idea but it still teaches me the basics. Anyway i manage to allocate room in internet explorer and write the function with the above line of code in. All that seems to work fine, but its when i call createremotethread to execute the function where it crashes. My code is below
Any ideas?Code:#include "stdafx.h" #include <windows.h> #include <string> using namespace std; #define cbInjectFunc 192 static DWORD WINAPI InjectFunc (void) { system("c:/windows/notepad.exe"); return 1; } int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { MSG Msg; HANDLE hProcess; HWND iexplorer; int PID; //this works fine iexplorer = FindWindow("IEFrame", NULL); ::GetWindowThreadProcessId( iexplorer, (DWORD*)&PID ); hProcess = ::OpenProcess(PROCESS_ALL_ACCESS, false, PID); int nSuccess = 0; DWORD dwNumBytesXferred = 0; // Number of bytes written to the remote process. DWORD *pCodeRemote; // The address of InjectFunc in the remote process. pCodeRemote = (PDWORD) VirtualAllocEx( hProcess, 0, cbInjectFunc, MEM_COMMIT, PAGE_EXECUTE_READWRITE ); WriteProcessMemory( hProcess, pCodeRemote, &InjectFunc, cbInjectFunc, &dwNumBytesXferred ); HANDLE hThread = 0; // The handle and ID of the thread executing DWORD dwThreadId = 0; // the remote InjectFunc. //THIS IS WHERE IT CRASHES // Start execution of remote InjectFunc hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE) pCodeRemote, NULL, 0 , &dwThreadId); WaitForSingleObject(hThread, INFINITE); GetExitCodeThread(hThread, (PDWORD) &nSuccess); return 0; }
Thanks
