Nytro Posted June 19, 2011 Report Posted June 19, 2011 [MASM] DLL Injection Author: steve10120; steve10120@ic0de.org; ######################################################################### .586 .model flat, stdcall option casemap :none ; case sensitive; ######################################################################### include \masm32\include\windows.inc include \masm32\include\user32.inc include \masm32\include\kernel32.inc include \masm32\include\comdlg32.inc includelib \masm32\lib\user32.lib includelib \masm32\lib\kernel32.lib includelib \masm32\lib\comdlg32.lib; ######################################################################### .data szDLL db "C:\masm32\projects\dll_injection\TestDll.dll",0 szKernel32 db "kernel32.dll",0 szLoadLibA db "LoadLibraryA",0.codeInjectDLL proc inProcess:DWORD, inDLLPath:DWORDLOCAL hProcess:DWORDLOCAL pDLL:DWORDLOCAL dwDLLSize:DWORDLOCAL dwWritten:DWORDLOCAL dwThreadID:DWORD invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, inProcess TEST EAX, EAX JE CodeFail MOV hProcess, EAX invoke lstrlenA, inDLLPath TEST EAX, EAX JE CodeFail INC EAX MOV dwDLLSize, EAX invoke VirtualAllocEx, hProcess, NULL, dwDLLSize, MEM_COMMIT, PAGE_READWRITE TEST EAX, EAX JE CodeFail MOV pDLL, EAX invoke WriteProcessMemory, hProcess, pDLL, inDLLPath, dwDLLSize, ADDR dwWritten TEST EAX, EAX JE CodeFail invoke LoadLibraryA, OFFSET szKernel32 invoke GetProcAddress, EAX, OFFSET szLoadLibA TEST EAX, EAX JE CodeFail MOV EBX, EAX ; got a compiler error if I just left EAX, so yeah.. invoke CreateRemoteThread, hProcess, NULL, 0, EBX, pDLL, 0, ADDR dwThreadID TEST EAX, EAX JE CodeFail invoke CloseHandle, hProcess XOR EAX, EAX INC EAX JMP EndInjectCodeFail: XOR EAX, EAXEndInject: MOV ESP, EBP ; yeah, still don't know why MASM creates a stack frame but doesn't restore it. Any ideas? POP EBP RETN 8InjectDLL endpstart: invoke InjectDLL, 2420, OFFSET szDLL EndMain: RETNend startSursa: ic0de.org Quote
