Injecting Procedure to another process

Share your advanced PureBasic knowledge/code with the community.
okasvi
Enthusiast
Enthusiast
Posts: 150
Joined: Wed Apr 27, 2005 9:41 pm
Location: Finland

Post by okasvi »

Found out that it really depends where you inject that what api's you can use... eg. when injecting to notepad.exe this wasnt possible:

Code: Select all

Procedure RemoteThread()
	MessageRequester("Success","Injection worked.")
	If URLDownloadToFile_(#Null,"http://www.google.fi/images/hp0.gif","c:\g00gle.gif",#Null,#Null) = #S_OK

		MessageRequester("works!","yay!")
	Else
		MessageRequester("error","doesnt work :(")
	EndIf
	MessageRequester("Injection","End...")
EndProcedure
but while injecting to eg. explorer.exe it worked. im pretty sure its about what does process it injects loads by default. havent had yet time to try out if i can load dll's in injected thread :D

edit:
i injected this to notepad.exe and it worked...

Code: Select all

Procedure RemoteThread()
	MessageRequester("Success","Injection worked.")
	hLibrary.l = LoadLibrary_("URLMON.DLL")
	If URLDownloadToFile_(#Null, "http://forums.purebasic.com/english/templates/subSilver/images/logo_phpBB.gif", "c:\logo_phpBB.gif", #Null, #Null) = #S_OK
		MessageRequester("works!","yay!")
	Else
		MessageRequester("error","doesnt work :(")
	EndIf
	MessageRequester("Injection","End...")
EndProcedure
and this would work also:

Code: Select all

Procedure bleh()
	MessageRequester("Success","Injection worked.")
	hLibrary.l = LoadLibrary_("URLMON.DLL")
	If URLDownloadToFile_(#Null, "http://forums.purebasic.com/english/templates/subSilver/images/logo_phpBB.gif", "c:\logo_phpBB.gif", #Null, #Null) = #S_OK
		MessageRequester("works!","yay!")
	Else
		MessageRequester("error","doesnt work :(")
	EndIf
	MessageRequester("Injection","End...")
EndProcedure

Procedure RemoteThread()
	bleh()
EndProcedure
so you can call other procedures within your remotethread (havent tested yet how they work with procedures returning something)
Dreglor
Enthusiast
Enthusiast
Posts: 759
Joined: Sat Aug 02, 2003 11:22 pm
Location: OR, USA

Post by Dreglor »

I was reading an artical and it said that the only libary (for api) that is constant in all programs is kernal32.dll and with that you can load other libaries
and thats why some code will crash in one program but not in another its becasue it doesn't have a required libary loaded

i suggest is put the code you want to execute inside a dll and then inject a procedure that will load and execute commands from the dll that way you wan't have to worry about the whats loaded or not

either that or load the libaries you need for execution

which is harder than it sounds

EDIT: i saw that you can call a procedure from the injected code
this might be a good workaround i dunno if this is executing on the host or the client program (host being the program injected)
~Dreglor
dige
Addict
Addict
Posts: 1247
Joined: Wed Apr 30, 2003 8:15 am
Location: Germany
Contact:

Post by dige »

The best article about this topic: http://www.phrack.org/show.php?p=62&a=13

have fun!
FreeThought
User
User
Posts: 54
Joined: Mon Jul 18, 2005 10:28 am

Post by FreeThought »

I believe the call to getmodulehandle(0) is an irrelevant in both cases it gives back the calling process module handle , to get the targeted module handle ,you should call EnumProcessModules with hprocess.

regards.
Phlos
User
User
Posts: 85
Joined: Fri May 16, 2003 7:17 pm

Post by Phlos »

Hello,

This code doesn't work with all executables. It works fine with notepad.exe but i tried, for example, "putty.exe" (a windows ssh client) and it fails :shock:

Can someone explain me why ?
Here it is my package (Injector.exe, Injector.pb and putty.exe) : http://www.phlos.com/ovh/Injector.zip

Thank you. :wink:
okasvi
Enthusiast
Enthusiast
Posts: 150
Joined: Wed Apr 27, 2005 9:41 pm
Location: Finland

Post by okasvi »

Phlos wrote:Hello,

This code doesn't work with all executables. It works fine with notepad.exe but i tried, for example, "putty.exe" (a windows ssh client) and it fails :shock:

Can someone explain me why ?
Here it is my package (Injector.exe, Injector.pb and putty.exe) : http://www.phlos.com/ovh/Injector.zip

Thank you. :wink:

ill test it asap.


edit: so far i havent found why it isnt working as same code works for notepad... ill look into it later...
User avatar
RSBasic
Moderator
Moderator
Posts: 1218
Joined: Thu Dec 31, 2009 11:05 pm
Location: Gernsbach (Germany)
Contact:

Re: Injecting Procedure to another process

Post by RSBasic »

Hello

I tested both codes without debugger. With and without admin rights. I only get the message "Injection failed".

The problem is here:

Code: Select all

hThread = CreateRemoteThread_(hProcess, #Null, 0, *lpCodeToInject, pbModule, #Null, #Null)
hThread is 0.

Anybody got an idea?

Testet with PB 5.70 LTS x86 and Windows 10 and Notepad.

\\Edit:
With x64 and Notepad works.
But x64 with PureBasic it doesn't work.
Image
Image
Post Reply