Sub_Zero Posted October 10, 2006 Report Share Posted October 10, 2006 ----------- Injection DLL into a target process ----------------------------(((((((((((((( by berniee/faked_minded ))))))))))))))))In This Article I will discuss how to inject a simple silly dll into a remote process...I will not get you wait any longer...*Note: My code that i use mostly is assembley ..so ...if u dont know assembley..you may just have a look that may helpyou to understand the whole idea.(SINCE I AM NOT A COMPUTER SPECIALIST THIS CODE PRESENTSTHE IDEA THAT I MADE FROM MY PERSONAL EXPERIENCE)and aslo note that my english is not my native language so sorry for not being english !!---------------------------------------------------------------------------------------------------------------------------------------------first of all lets start our miny tutorial ..with ..the stuff we need (apis), are:-FindWindow---->to find the target process window handle(hWnd)-GetWindowThreadProcessId-----> to get process id from hWnd-OpenProcess ---> to get the handle to the target process-VirtualAllocEx ---->to allocate memory within target process-CreateRemoteThread--->to run our thread in that process that will load the dllthat is all lets get start it... ...BUT first YOU MUST NOTICE thatthe dll path that should be loaded must be well defined ..b/c the dll will load from target process'scurrent directory or windowsystem32 if the dll name was naked -means without drive letter (full path)- it will not be loaded.I will go with plain code i will discuss a little more :-;--------------------------------------------------------------------KUT FRUM HEER----------------------------------------------;this example will try to find notepad.exe id and then open it to get process handle ,so you must run ;notepad.exe first;and then it will inject a silly simple dll to the notepad process..;;.586.model flat,stdcalloption casemap:noneinclude masm32includewindows.incinclude masm32includekernel32.incinclude masm32includeuser32.incincludelib masm32libkernel32.libincludelib masm32libuser32.lib.datakernel32 db "kernel32.dll",0mydll db "c:mydll.dll",0 ;here were the whole path of our dllLoadLib db "LoadLibraryA",0classname db "Notepad",0 ; notepad.exe classname.data?PID dd ?asd dd ?hProcess dd ?newhandle dd ?ProcAdd dd ?bwr dd ?.codestart:invoke FindWindow,offset classname,0 ;here we start..by finding window handleinvoke GetWindowThreadProcessId,eax,addr PID ;take the PIDinvoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,PID ; Open the processcmp eax,0je exit_allmov hProcess,eaxinvoke VirtualAllocEx,hProcess,0,sizeof mydll,MEM_COMMIT,PAGE_READWRITE ; allocate enough space formov newhandle,eax ;dll name,,ok see extended explanation below ok!!cmp eax,0je exit_allinvoke WriteProcessMemory,hProcess,newhandle,offset mydll,sizeof mydll,addr bwr ;write the name of our dllinvoke LoadLibrary,offset kernel32 ;get kerel32 base u can use also GetModuleHandle,offset kerenl32invoke GetProcAddress,eax,offset LoadLib ;get LoadLibrary process addressmov ProcAdd ,eaxinvoke CreateRemoteThread,hProcess,0,0,ProcAdd,newhandle,0,0 ;bingo !! we did it ,see below the codeexit_all:invoke ExitProcess,0end start;-------------------KUT stop-------------------------------------------------------------->>>and here is the silly dll;-------------kut frum here; Quote Link to comment Share on other sites More sharing options...