StoneIce Posted August 13, 2015 Report Posted August 13, 2015 Morning everyone, Mainly for educational purposes, hence I wonna discuss something like this on here, been trying to inject into chrome hence gave me some problems, but here is one of my sources I wanted pros on here to have a good look at. Some parts of this code was gotten from rohan from msdn. Credits should be given to him.When I inject it into chrome for instances, it opens the strcat.asm something like this A debug view on my visual studio, doesn't give me errors, on the code, started to wonder what went wrong Code looks like this #include "stdafx.h"#include <windows.h>#include <stdio.h>#include <stdlib.h>#include <string.h>int main (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow){ char chrome[260]; char *dll = "C:\\Users\\Emi\\Desktop\\akrikaht.dll";GetEnvironmentVariable("programfiles",chrome,sizeof(chrome));strcat(chrome,"Google\\Chrome\\Application\\chrome.exe"); //shows error at strcat, opens strcat.asmstrcpy(dll,lpCmdLine);STARTUPINFO si;PROCESS_INFORMATION pi;ZeroMemory(&si,sizeof(si));ZeroMemory(?,sizeof(pi));HANDLE baseAddress = VirtualAllocEx (pi.hProcess,NULL, 265, MEM_COMMIT,PAGE_READWRITE) ;WriteProcessMemory(pi.hProcess,baseAddress,dll,sizeof(dll),NULL);CreateRemoteThread(pi.hProcess, NULL,0,(LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32"),"LoadLibraryA"),baseAddress,0,NULL);Sleep(100) ;TerminateThread(pi.hThread,0);printf("Injected \n"); getchar();return 0; }Just trying to understand what the problem really is. Someone pls help. Quote
Nytro Posted August 13, 2015 Report Posted August 13, 2015 Maybe overflow.Declare the string as 1024 bytes and test.Check the return value of GetEnvironmentVariable and the contents of the variable after the call. Quote
StoneIce Posted August 13, 2015 Author Report Posted August 13, 2015 still gives me the same access violation error. When I remove it it tells me debug failure. unknown error. Quote
Nytro Posted August 13, 2015 Report Posted August 13, 2015 What does "GetEnvironmentVariable" return and what is the content of the "chrome" variable after "GetEnvironmentVariable" function call? Quote
StoneIce Posted August 13, 2015 Author Report Posted August 13, 2015 it returns the path inside the IDE upon debug. c//...//(x86) Chrome //Application//chrome.exe that's what I see Quote
Active Members MrGrj Posted August 13, 2015 Active Members Report Posted August 13, 2015 (edited) Use dynamic memory allocation (malloc() should be enough ) for your variable and it should work.Don't forget to also free() to deallocate the allocated memory Edited August 13, 2015 by MrGrj Quote
StoneIce Posted August 13, 2015 Author Report Posted August 13, 2015 (edited) @MrGrj, lemme give it a try and get back to you Edited August 13, 2015 by StoneIce Quote
Active Members MrGrj Posted August 13, 2015 Active Members Report Posted August 13, 2015 (edited) You don't have to knowthis type of dll injectionto be able to allocate some dynamic memory. It's basic and I strongly reccommend you to learn how to use pointers ( also have a look at dynamic allocated memory - malloc() / calloc() / realloc() / free()) / data structures etc before starting such a project.Now, what I think it will solve your issue:#include "stdafx.h"#include <windows.h>#include <stdio.h>#include <stdlib.h>#include <string.h>int main (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow){ int length = strlen(argv[1]); // argv[1] it's just an example char *chrome = (char*)malloc(length + 1); // +1 for null terminator char *dll = "C:\\Users\\Emi\\Desktop\\akrikaht.dll"; GetEnvironmentVariable("programfiles",chrome,sizeof(chrome)); strcat(chrome,"Google\\Chrome\\Application\\chrome.exe"); //shows error at strcat, opens strcat.asm strcpy(dll,lpCmdLine); STARTUPINFO si; PROCESS_INFORMATION pi; ZeroMemory(&si,sizeof(si)); ZeroMemory(?,sizeof(pi)); HANDLE baseAddress = VirtualAllocEx (pi.hProcess,NULL, 265, MEM_COMMIT,PAGE_READWRITE) ; WriteProcessMemory(pi.hProcess,baseAddress,dll,sizeof(dll),NULL); CreateRemoteThread(pi.hProcess, NULL,0, (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32"),"LoadLibraryA"),baseAddress,0,NULL); Sleep(100) ; TerminateThread(pi.hThread,0); printf("Injected \n"); getchar(); return 0; }Now obviously something is missing but I won't tell you everything. Just look up on the internet for dynamic memory allocation in c and you'll be ok. Edited August 13, 2015 by MrGrj Quote
Nytro Posted August 13, 2015 Report Posted August 13, 2015 it returns the path inside the IDE upon debug. c//...//(x86) Chrome //Application//chrome.exe that's what I seeReplace char chrome[260]; with char chrome[1024]; and check again. Quote
__self__ Posted August 13, 2015 Report Posted August 13, 2015 #include "stdafx.h"#include <windows.h>#include <stdio.h>#include <stdlib.h>#include <string.h>int main (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow){ char chrome[260]; char *dll = "C:\\Users\\Emi\\Desktop\\akrikaht.dll";[B]GetEnvironmentVariable("programfiles",chrome,sizeof(chrome));[/B]strcat(chrome,"Google\\Chrome\\Application\\chrome.exe"); //shows error at strcat, opens strcat.asmstrcpy(dll,lpCmdLine);...What if the call to GetEnvVar fails? and chrome is allocated on the stack and there's no zero to be taken as end-of-string? Simplest way to test: char chrome[256] = {};also, test return value of GetEnvironmentVariable [0=failed, sizeof(chrome)=not enough space, # = bytes written]. Quote
StoneIce Posted August 13, 2015 Author Report Posted August 13, 2015 @MrGrj, Free() I think that should be it. Quote
StoneIce Posted August 13, 2015 Author Report Posted August 13, 2015 lemme work on it and get back to you fellows. thanks a million all of you Quote
