problem- injection dll thru remotethread

This is a discussion on problem- injection dll thru remotethread within the Windows Programming forums, part of the Platform Specific Boards category; I am trying to inject Dll throught CreateRemoteThread. I am trying to inject it into notepad.exe whose pid is 1616 ...

  1. #1
    Registered User
    Join Date
    Sep 2006
    Posts
    19

    problem- injection dll thru remotethread

    I am trying to inject Dll throught CreateRemoteThread.
    I am trying to inject it into notepad.exe whose pid is 1616

    My code of injector program is

    Code:
    int main()
    {
    
    HANDLE hProcess = NULL, hThread = NULL;
    PWSTR p = NULL;
    
    // Get a handle for the target process.
    hProcess = OpenProcess(
    PROCESS_CREATE_THREAD | // For CreateRemoteThread
    PROCESS_VM_OPERATION | // For VirtualAllocEx/VirtualFreeEx
    PROCESS_VM_WRITE, // For WriteProcessMemory
    FALSE, 1616);
    printf("%d",hProcess);
    
    PTHREAD_START_ROUTINE pfnThreadRtn = (PTHREAD_START_ROUTINE)
    GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryA");
    
    printf("%d",pfnThreadRtn);
    char* pszLibFile = "C:\\dll_process_attach.dll";
    int cch = 1 + strlen(pszLibFile);
    int cb = cch * sizeof(WCHAR);
    
    p=(PWSTR)VirtualAllocEx(hProcess,0,cb,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
    if(p==NULL)
    {
    printf("virtual alloc funtion fiailed %d",GetLastError());
    }
    
    if (!WriteProcessMemory(hProcess, p,(PVOID)pszLibFile, cb, NULL))
    printf("failed");
    
    hThread = CreateRemoteThread(hProcess, NULL, 0,pfnThreadRtn, p, 0, NULL);
    if (hThread == NULL) printf("\nremorethrad failed");
    printf("%d",hThread);
    }
    code for the dll is....

    Code:
    #include "stdafx.h"
    #include
    
    BOOL WINAPI DllMain(HINSTANCE hinstDll, DWORD fdwReason, PVOID fImpLoad) 
    {
    if (fdwReason == DLL_PROCESS_ATTACH)
    {
    printf("Dll Injected");
    return(TRUE); // Used only for DLL_PROCESS_ATTACH
    }
    }
    Problem :-

    code for the injector program is not showing any error while execution . But at the same time i dont see any change into my notepad.exe(1616) process.
    I am a newbie to windows programming and just have basic knowledge abt dlls...
    Shud`nt after the dll injection into the notepad process, "dll_injected" shud be printed as specified in the DllMain

    If i am wrong or anything wrong with the injector code or dll code .. plz correct me ..

    Thanx in advance

  2. #2
    Yes, my avatar is stolen anonytmouse's Avatar
    Join Date
    Dec 2002
    Posts
    2,544
    Notepad doesn't have a console, so printf will not work. You could try MessageBox instead.

    Check out cbNotepad (short for cboard notepad) for a complete example of customising notepad using dll injection.

    Also pszLibFile is not a wide string, so you should multiply cch by sizeof(char) rather than sizeof(WCHAR). Your current code results in a buffer overrun.
    Last edited by anonytmouse; 10-28-2006 at 12:45 PM.

  3. #3
    CSharpener vart's Avatar
    Join Date
    Oct 2006
    Location
    Rishon LeZion, Israel
    Posts
    6,484
    I have nothing to say about your injection code, .. but you dll code has the following problem IMHO:

    printf tries to output into the console window, but TextPad has no consol, so this output is just waisted
    The first 90% of a project takes 90% of the time,
    the last 10% takes the other 90% of the time.

  4. #4
    Registered User
    Join Date
    Sep 2006
    Posts
    19

    hii

    i have tried both the changes as suggested bu u guys . but still i dont find any change when i execute the program .

  5. #5
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    Somehow get the handle to the edit box, and use SetWindowText on it.
    Get the Notepad window handle with EnumThreadWindows and then use EnumChildWindows to get the handle to the edit box.
    Last edited by maxorator; 10-29-2006 at 01:39 AM.
    "The Internet treats censorship as damage and routes around it." - John Gilmore

  6. #6
    Registered User
    Join Date
    Sep 2006
    Posts
    19
    hii

    thanx to all for ur kind help . Code is running fine now and message box is also appearing.

    i dont have much experience on dll programming .
    can anyone suggest some good books or materials on dll programming ?

    thanx

  7. #7
    CSharpener vart's Avatar
    Join Date
    Oct 2006
    Location
    Rishon LeZion, Israel
    Posts
    6,484
    When I have questions on Windows programming - first place where I look for answers is
    Jeffrey Richter - "Programming Applications for Microsoft Windows" currently using forth edition.
    BTW - Somebody knows about updates?
    The first 90% of a project takes 90% of the time,
    the last 10% takes the other 90% of the time.

  8. #8
    Registered User
    Join Date
    Sep 2006
    Posts
    19
    Hi Vart

    can u give the link to download this ebook
    Jeffrey Richter - "Programming Applications for Microsoft Windows" forth edition

    i tried on microsoft site . but couldnt get it .

    thanx

  9. #9
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    i tried on microsoft site . but couldnt get it .
    Microsoft is not a very good search engine, try google.
    "The Internet treats censorship as damage and routes around it." - John Gilmore

  10. #10
    CSharpener vart's Avatar
    Join Date
    Oct 2006
    Location
    Rishon LeZion, Israel
    Posts
    6,484
    Quote Originally Posted by Brij
    Hi Vart

    can u give the link to download this ebook
    Jeffrey Richter - "Programming Applications for Microsoft Windows" forth edition

    i tried on microsoft site . but couldnt get it .

    thanx
    Nope. Have no link - using it offline - printed version. It is worthy to buy.
    The first 90% of a project takes 90% of the time,
    the last 10% takes the other 90% of the time.

  11. #11
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    Wasn't it written in 1999?
    "The Internet treats censorship as damage and routes around it." - John Gilmore

  12. #12
    CSharpener vart's Avatar
    Join Date
    Oct 2006
    Location
    Rishon LeZion, Israel
    Posts
    6,484
    Quote Originally Posted by maxorator
    Wasn't it written in 1999?
    It was... but it knows about win64. For me it is enough
    The first 90% of a project takes 90% of the time,
    the last 10% takes the other 90% of the time.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. A question related to strcmp
    By meili100 in forum C++ Programming
    Replies: 6
    Last Post: 07-07-2007, 02:51 PM
  2. DLL Function / Load Library Problem
    By cboard_member in forum Windows Programming
    Replies: 5
    Last Post: 12-10-2005, 09:11 AM
  3. DLL Injection
    By Lionel in forum Windows Programming
    Replies: 6
    Last Post: 09-25-2005, 12:41 PM
  4. std::string vs char* DLL problem
    By aker_y3k in forum C++ Programming
    Replies: 13
    Last Post: 10-02-2002, 09:05 AM
  5. VCL and DLL class problem
    By borland_man in forum C++ Programming
    Replies: 1
    Last Post: 02-13-2002, 10:07 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21