Jump to content
Sub_Zero

DLL injection in ASM

By Sub_Zero, in Programare

Recommended Posts

Sub_Zero Newbie

Sub_Zero

Posted
Posted

----------- Injection DLL into a target process ----------------------------

(((((((((((((( by berniee/faked_minded ))))))))))))))))

In This Article I will discuss how to inject a simple silly dll into a remote process...

I will not get you wait any longer...

*Note: My code that i use mostly is assembley ..so ...if u dont know assembley..you may just have a look that may help

you to understand the whole idea.(SINCE I AM NOT A COMPUTER SPECIALIST THIS CODE PRESENTS

THE IDEA THAT I MADE FROM MY PERSONAL EXPERIENCE)

and aslo note that my english is not my native language so sorry for not being english !!

---------------------------------------------------------------------------------------------------------------------------------------------

first of all lets start our miny tutorial ..with ..the stuff we need (apis), are:

-FindWindow---->to find the target process window handle(hWnd)

-GetWindowThreadProcessId-----> to get process id from hWnd

-OpenProcess ---> to get the handle to the target process

-VirtualAllocEx ---->to allocate memory within target process

-CreateRemoteThread--->to run our thread in that process that will load the dll

that is all lets get start it... ...BUT first YOU MUST NOTICE that

the dll path that should be loaded must be well defined ..b/c the dll will load from target process's

current directory or windowsystem32 if the dll name was naked -means without drive letter (full path)- it will not be loaded.

I will go with plain code i will discuss a little more :-

;--------------------------------------------------------------------KUT FRUM HEER----------------------------------------------

;this example will try to find notepad.exe id and then open it to get process handle ,so you must run ;notepad.exe first;and then it will inject a silly simple dll to the notepad process..

;

;

.586

.model flat,stdcall

option casemap:none

include masm32includewindows.inc

include masm32includekernel32.inc

include masm32includeuser32.inc

includelib masm32libkernel32.lib

includelib masm32libuser32.lib

.data

kernel32 db "kernel32.dll",0

mydll db "c:mydll.dll",0 ;here were the whole path of our dll

LoadLib db "LoadLibraryA",0

classname db "Notepad",0 ; notepad.exe classname

.data?

PID dd ?

asd dd ?

hProcess dd ?

newhandle dd ?

ProcAdd dd ?

bwr dd ?

.code

start:

invoke FindWindow,offset classname,0 ;here we start..by finding window handle

invoke GetWindowThreadProcessId,eax,addr PID ;take the PID

invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,PID ; Open the process

cmp eax,0

je exit_all

mov hProcess,eax

invoke VirtualAllocEx,hProcess,0,sizeof mydll,MEM_COMMIT,PAGE_READWRITE ; allocate enough space for

mov newhandle,eax ;dll name,,ok see extended explanation below ok!!

cmp eax,0

je exit_all

invoke WriteProcessMemory,hProcess,newhandle,offset mydll,sizeof mydll,addr bwr ;write the name of our dll

invoke LoadLibrary,offset kernel32 ;get kerel32 base u can use also GetModuleHandle,offset kerenl32

invoke GetProcAddress,eax,offset LoadLib ;get LoadLibrary process address

mov ProcAdd ,eax

invoke CreateRemoteThread,hProcess,0,0,ProcAdd,newhandle,0,0 ;bingo !! we did it ,see below the code

exit_all:

invoke ExitProcess,0

end start

;-------------------KUT stop-------------------------------------------

------------------->>>and here is the silly dll

;-------------kut frum here

;

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...