It is currently Thu Nov 21, 2019 1:56 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 67 posts ]  Go to page Previous  1, 2, 3, 4, 5
Author Message
 Post subject:
PostPosted: Tue Sep 06, 2005 11:30 pm 
Offline
Enthusiast
Enthusiast

Joined: Wed Apr 27, 2005 9:41 pm
Posts: 150
Location: Finland
Found out that it really depends where you inject that what api's you can use... eg. when injecting to notepad.exe this wasnt possible:

Code:
Procedure RemoteThread()
   MessageRequester("Success","Injection worked.")
   If URLDownloadToFile_(#Null,"http://www.google.fi/images/hp0.gif","c:\g00gle.gif",#Null,#Null) = #S_OK

      MessageRequester("works!","yay!")
   Else
      MessageRequester("error","doesnt work :(")
   EndIf
   MessageRequester("Injection","End...")
EndProcedure


but while injecting to eg. explorer.exe it worked. im pretty sure its about what does process it injects loads by default. havent had yet time to try out if i can load dll's in injected thread :D

edit:
i injected this to notepad.exe and it worked...
Code:
Procedure RemoteThread()
   MessageRequester("Success","Injection worked.")
   hLibrary.l = LoadLibrary_("URLMON.DLL")
   If URLDownloadToFile_(#Null, "http://forums.purebasic.com/english/templates/subSilver/images/logo_phpBB.gif", "c:\logo_phpBB.gif", #Null, #Null) = #S_OK
      MessageRequester("works!","yay!")
   Else
      MessageRequester("error","doesnt work :(")
   EndIf
   MessageRequester("Injection","End...")
EndProcedure


and this would work also:
Code:
Procedure bleh()
   MessageRequester("Success","Injection worked.")
   hLibrary.l = LoadLibrary_("URLMON.DLL")
   If URLDownloadToFile_(#Null, "http://forums.purebasic.com/english/templates/subSilver/images/logo_phpBB.gif", "c:\logo_phpBB.gif", #Null, #Null) = #S_OK
      MessageRequester("works!","yay!")
   Else
      MessageRequester("error","doesnt work :(")
   EndIf
   MessageRequester("Injection","End...")
EndProcedure

Procedure RemoteThread()
   bleh()
EndProcedure


so you can call other procedures within your remotethread (havent tested yet how they work with procedures returning something)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Sep 07, 2005 5:46 am 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sat Aug 02, 2003 11:22 pm
Posts: 759
Location: OR, USA
I was reading an artical and it said that the only libary (for api) that is constant in all programs is kernal32.dll and with that you can load other libaries
and thats why some code will crash in one program but not in another its becasue it doesn't have a required libary loaded

i suggest is put the code you want to execute inside a dll and then inject a procedure that will load and execute commands from the dll that way you wan't have to worry about the whats loaded or not

either that or load the libaries you need for execution

which is harder than it sounds

EDIT: i saw that you can call a procedure from the injected code
this might be a good workaround i dunno if this is executing on the host or the client program (host being the program injected)

_________________
~Dreglor


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Sep 07, 2005 7:40 am 
Offline
Addict
Addict
User avatar

Joined: Wed Apr 30, 2003 8:15 am
Posts: 989
Location: Germany
The best article about this topic: http://www.phrack.org/show.php?p=62&a=13

have fun!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Sep 07, 2005 12:42 pm 
Offline
User
User

Joined: Mon Jul 18, 2005 10:28 am
Posts: 54
I believe the call to getmodulehandle(0) is an irrelevant in both cases it gives back the calling process module handle , to get the targeted module handle ,you should call EnumProcessModules with hprocess.

regards.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Dec 27, 2005 4:04 pm 
Offline
User
User

Joined: Fri May 16, 2003 7:17 pm
Posts: 83
Hello,

This code doesn't work with all executables. It works fine with notepad.exe but i tried, for example, "putty.exe" (a windows ssh client) and it fails :shock:

Can someone explain me why ?
Here it is my package (Injector.exe, Injector.pb and putty.exe) : http://www.phlos.com/ovh/Injector.zip

Thank you. :wink:


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Dec 27, 2005 10:47 pm 
Offline
Enthusiast
Enthusiast

Joined: Wed Apr 27, 2005 9:41 pm
Posts: 150
Location: Finland
Phlos wrote:
Hello,

This code doesn't work with all executables. It works fine with notepad.exe but i tried, for example, "putty.exe" (a windows ssh client) and it fails :shock:

Can someone explain me why ?
Here it is my package (Injector.exe, Injector.pb and putty.exe) : http://www.phlos.com/ovh/Injector.zip

Thank you. :wink:



ill test it asap.


edit: so far i havent found why it isnt working as same code works for notepad... ill look into it later...


Top
 Profile  
Reply with quote  
 Post subject: Re: Injecting Procedure to another process
PostPosted: Fri Jun 28, 2019 3:21 pm 
Offline
Moderator
Moderator
User avatar

Joined: Thu Dec 31, 2009 11:05 pm
Posts: 1106
Location: Germany::Berlin()
Hello

I tested both codes without debugger. With and without admin rights. I only get the message "Injection failed".

The problem is here:
Code:
hThread = CreateRemoteThread_(hProcess, #Null, 0, *lpCodeToInject, pbModule, #Null, #Null)

hThread is 0.

Anybody got an idea?

Testet with PB 5.70 LTS x86 and Windows 10 and Notepad.

\\Edit:
With x64 and Notepad works.
But x64 with PureBasic it doesn't work.

_________________
ImageImageImageImage Image


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 67 posts ]  Go to page Previous  1, 2, 3, 4, 5

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye