Hello everyone. This is my code:
Code:
int main ()
{
STARTUPINFO si;
PROCESS_INFORMATION pi;
char* cl;
char fileName[]="target.exe";
ZeroMemory (&si,sizeof(si));
si.cb=sizeof(si);
cl=GetCommandLine();
if (CreateProcess (&fileName,cl,NULL,NULL,FALSE,CREATE_SUSPENDED, NULL,NULL,&si,&pi))
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;
if (!OpenProcessToken(pi.hProcess,TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,&hToken))
{
return;
}
else{
if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
return;
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = 1 ? SE_PRIVILEGE_ENABLED : 0;
AdjustTokenPrivileges(hToken,FALSE,&tp,0,0,0);
}
LPVOID LoadLibAddr = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
LPVOID RemoteString = (LPVOID)VirtualAllocEx(pi.hProcess,NULL,sizeof(DLL_NAME),MEM_COMMIT,PAGE_EXECUTE_READWRITE);
WriteProcessMemory(pi.hProcess, (LPVOID)RemoteString,DLL_NAME,sizeof(DLL_NAME), NULL);
ResumeThread(pi.hThread);
Sleep(10);//If this is not here, everything goes to hell
HANDLE hThread = CreateRemoteThread(pi.hProcess,NULL,NULL,(LPTHREAD_START_ROUTINE)LoadLibAddr,(LPVOID)RemoteString,NULL,NULL);
WaitForSingleObject( hThread, INFINITE );
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
}
}
The problem is that certain app's crash when I remove the "Sleep(10)" code, not all of them. I'm trying to intercept all the calls to CreateFileA using API hooking by loading my DLL in the target process. It works great until I remove the Sleep part, the thing is, in those 10ms is possible that many calls to CreateFileA are made and I missed them.
The problem is not in my DLL, I can even load a blank DLL and the target program still crashes.
The only thing that comes to mind is that not everything is loaded properly in the target app when I call CreateRemoteThread and that gives me problems. I don't know what to think, I've searched everywhere for people with the same problem and found nothing. I'll be extremely grateful if someone can help me with this. Thanks for your time,
Domingo Guzman