On Wednesday, 11 April 2012 at 13:26:23 UTC, maarten van damme
wrote:
the code I use for injecting is
/**
* injectDLL injects a dll in a given process using the
CreateRemoteThread
function.
*
* arguments:
* HANDLE proc = A HANDLE to the process
* string dllName = A string containting the name of the dll
**/
void injectDLL(HANDLE proc,string dllName)
{
//first we need to get a pointer to the loadlibrary function
LPVOID LoadLibAddy =
cast(LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"),
"LoadLibraryA");
//The problem is that we need to pass an argument(string) but
that string
is in our memory space
//so we have to allocate space to write our dllName to using
writeprocessmemory
LPVOID RemoteString =
VirtualAllocEx(proc,null,dllName.length,MEM_COMMIT |
MEM_RESERVE,PAGE_READWRITE);
//write the dllName
WriteProcessMemory(proc,RemoteString,toStringz(dllName),dllName.length,null);
//create a thread in the remote process loading the dll
CreateRemoteThread(proc, null, 0,
cast(LPTHREAD_START_ROUTINE)LoadLibAddy,
cast(LPVOID)RemoteString, 0, null);
}
Try to run a simple C program like
---
#include <windows.h>
void main()
{
LoadLibraryA("mydll.dll");
}
---
And check whether it fails and how.
