开发者

how to use dll injecting?

开发者 https://www.devze.com 2022-12-28 16:33 出处:网络
i was looking how to inject a dll into a program (exe, or dll, etc). i have been googleing dll injecting but i have not found anything that is very helpful :(. i have not worked with dlls very much so

i was looking how to inject a dll into a program (exe, or dll, etc). i have been googleing dll injecting but i have not found anything that is very helpful :(. i have not worked with dlls very much so im not sure on what to do, i really could use some help on this.

uhh the only thing i have really found is setwindowshookex but i can't find any examples for it and i don't how to use 开发者_如何转开发it. any questions just ask and i'll try to help.

EDIT hey i was googling and this looks like something about dll injecting that is worth looking at but i can't get the code to run :\ (How to hook external process with SetWindowsHookEx and WH_KEYBOARD)


The method I'm most familiar with was is was described by Jefferey Richter in Programming Applications for Microsoft Windows. I mention this because even if you don't get your hands on the book itself there is probably sample code floating around. I think he may have also written some journal articles. He, also mentions a couple of alternative approaches, of which I will describe only one, from memory. He also may have written some MSJ / MSDN articles that are relevant.

Anyway, the basic idea is to cause the process that you want to load your DLL to issue a call to LoadLibrary. This is done using CreateRemoteThread with the address of LoadLibary for lpStartAddress and the address of a string naming your DLL in for lpParameter. Arranging for and locating the string is done using VirtualAllocEx to allocate some memory in the remote process, and WriteProcessMemory to fill it with the string.

PSEUDO CODE:

void InjectDllIntoProcess(DWORD processId, char *dllName)
{
  HANDLE hRemoteProcess = OpenProcess(

  // Assumes that dll and function addresses are the same in different processes
  // on the same system. I think that this is true even with ASLR, only issue I
  // can think of is to make sure that the source and target process are both 32
  // or both 64 bit, not a mixture.
  // Note that it is asking for the ASCII version
  HMODULE hDll = LoadLibrary(_T("Kernel32.dll"));
  void *loadLibAddr = GetProcAddress(hDll, _T("LoadLibraryA"));


  // Inject the DLL name
  char * remoteAddr = 
        (char *)VirtualAllocEx(hRemoteProcess, NULL, strlen(dllName) + 1, ...
  WriteProcessMemory(hRemoteProcess, remoteAddr, dllName, strlen(dllName) + 1 ...

  CreateRemoteThread(hRemoteProcess, ??, 0, loadLibAddr, remoteAddr, ...
}
0

精彩评论

暂无评论...
验证码 换一张
取 消