It is currently Wed Nov 13, 2019 10:20 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 67 posts ]  Go to page 1, 2, 3, 4, 5  Next
Author Message
 Post subject: Injecting Procedure to another process
PostPosted: Sun Sep 04, 2005 1:17 am 
Offline
Enthusiast
Enthusiast

Joined: Wed Apr 27, 2005 9:41 pm
Posts: 150
Location: Finland
Code updated for 5.20+

Injects Procedure(RemoteThread()) into another process(notepad.exe)...
alot of the code is now coded by DarkDragon so I hope he is fine with me putting it here

createremotethread not supported within windows 9x
uses latest droopylib

Method without create process as suspended
Code:
;thanks for everyone who have helped with this
DisableDebugger ;DISABLES DEBUGGER! This is needed.
Procedure RemoteThread()
   MessageRequester("Success","Injection worked.")
EndProcedure

Procedure InjectCode(Process.s, *lpCodeToInject)
   RunProgram(Process)
   dwPID = GetPidProcess(GetFilePart(Process))
   hProcess = OpenProcess_(#PROCESS_ALL_ACCESS, #False, dwPID)   
   dwWritten.l = #Null
   pbModule.l = GetModuleHandle_(#Null)
 DwSize.l=PeekL(pbmodule+PeekW(pbmodule+$3c)+$50)
   VirtualFreeEx_(hProcess, pbModule, 0, #MEM_RELEASE)
   lpBuffer.l = VirtualAllocEx_(hProcess, pbModule, dwSize, #MEM_COMMIT | #MEM_RESERVE, #PAGE_EXECUTE_READWRITE)
   If lpBuffer = #Null :   ProcedureReturn #False : EndIf
   If WriteProcessMemory_(hProcess, pbModule, pbModule, dwSize, dwWritten) = 0
      ProcedureReturn #False
   EndIf
   hThread.l = CreateRemoteThread_(hProcess, #Null, 0, *lpCodeToInject, pbModule, #Null, #Null)
   If hThread=#Null : ProcedureReturn #False : EndIf
   CloseHandle_(hThread) : CloseHandle_(hProcess) : ProcedureReturn #True
EndProcedure

If InjectCode("notepad.exe", @RemoteThread()) = #False
   MessageRequester("Error!", "Injection failed!")
EndIf
End


alternative method:

Code:
;whole idea to use create process as suspended is by DarkDragon
;thanks for everyone who have helped with this
DisableDebugger ;DISABLES DEBUGGER! This is needed.
Procedure RemoteThread()
   MessageRequester("Success", "Injection successed!")
EndProcedure
Procedure InjectCode(Process.s, *lpCodeToInject)
   CreateProcess_(0,Process.s,0,0,0,#CREATE_SUSPENDED,0,0,@sinfo.STARTUPINFO,@pinfo.PROCESS_INFORMATION)
   dwPID = pinfo\dwProcessId
   hProcess = pinfo\hProcess
   dwWritten = #Null : pbModule = GetModuleHandle_(0) : DwSize = PeekL(pbmodule+PeekW(pbmodule+$3c)+$50)
   VirtualFreeEx_(hProcess, pbModule, 0, #MEM_RELEASE)
   lpBuffer = VirtualAllocEx_(hProcess, pbModule, dwSize, #MEM_COMMIT | #MEM_RESERVE, #PAGE_EXECUTE_READWRITE)
   If lpBuffer = #Null : While ResumeThread_(pinfo\hThread)>1 : Wend : CloseHandle_(hProcess)  :   ProcedureReturn #False : EndIf
   If WriteProcessMemory_(hProcess, lpBuffer, pbModule, dwSize, dwWritten) = 0
      While ResumeThread_(pinfo\hThread)>1 : Wend : CloseHandle_(hProcess)
      ProcedureReturn #False
   EndIf
   hThread = CreateRemoteThread_(hProcess, #Null, 0, *lpCodeToInject, pbModule, #Null, #Null)
 
   If hThread=#Null : CloseHandle_(hProcess) : ProcedureReturn #False : EndIf
   While ResumeThread_(pinfo\hThread)>1 : Wend
   CloseHandle_(hThread)
   ProcedureReturn #True
EndProcedure
 
If InjectCode("notepad.exe", @RemoteThread()) = #False
   MessageRequester("Error!", "Injection failed!")
EndIf
End


Last edited by okasvi on Tue Sep 06, 2005 8:07 pm, edited 11 times in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: Injecting Procedure to another process
PostPosted: Sun Sep 04, 2005 1:59 am 
Offline
PureBasic Expert
PureBasic Expert

Joined: Fri Apr 25, 2003 5:24 pm
Posts: 7581
> for Pupil being only one who replied my thread

:roll:

_________________
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.


Top
 Profile  
Reply with quote  
 Post subject: Re: Injecting Procedure to another process
PostPosted: Sun Sep 04, 2005 2:01 am 
Offline
Enthusiast
Enthusiast

Joined: Wed Apr 27, 2005 9:41 pm
Posts: 150
Location: Finland
PB wrote:
> for Pupil being only one who replied my thread

:roll:



well he was only one who replied and even posted something that was useful for me...

anyway you mind posting some comments about this?


Top
 Profile  
Reply with quote  
 Post subject: Re: Injecting Procedure to another process
PostPosted: Sun Sep 04, 2005 2:18 am 
Offline
PureBasic Expert
PureBasic Expert

Joined: Fri Apr 25, 2003 5:24 pm
Posts: 7581
> he was only one who replied and even posted something that was useful for me

So what? He was obviously the only person who knew how to help. I'm sick
of people bitching here about "no help" as though we're expected to jump at
a moment's notice; as if we're personal tech support for people on call 24
hours a day. If nobody replies, too bad. Don't post evil faces and make
smart-ass comments that insult the rest of us. If I could have helped, then
I would have. I don't need to come here and be directly insulted with a
comment of "being only one who replied". Think about it!

_________________
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.


Top
 Profile  
Reply with quote  
 Post subject: Re: Injecting Procedure to another process
PostPosted: Sun Sep 04, 2005 2:21 am 
Offline
Enthusiast
Enthusiast

Joined: Wed Apr 27, 2005 9:41 pm
Posts: 150
Location: Finland
PB wrote:
> he was only one who replied and even posted something that was useful for me

So what? He was obviously the only person who knew how to help. I'm sick
of people bitching here about "no help" as though we're expected to jump at
a moment's notice; as if we're personal tech support for people on call 24
hours a day. If nobody replies, too bad. Don't post evil faces and make
smart-ass comments that insult the rest of us. If I could have helped, then
I would have. I don't need to come here and be directly insulted with a
comment of "being only one who replied". Think about it!


sorry :roll:


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 2:31 am 
Offline
Moderator
Moderator

Joined: Sat Dec 27, 2003 3:55 am
Posts: 3321
Location: Great Southern Land
Hi okasvi.

What exactly does it do? :?



BTW:

I installed droopylib.
Ran in debug mode with JaPBe - PB v3.94 on XP.
Got the microsoft message "Notepad encountered an error .... [send] [don't send]

_________________
@}--`--,-- A rose by any other name ..


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 2:53 am 
Offline
Enthusiast
Enthusiast

Joined: Wed Apr 27, 2005 9:41 pm
Posts: 150
Location: Finland
try running without debug... works fine here and im on XP SP2+latest updates... to tell you the thruth i havent tried it with debugging but works when i create executable out of it (i tried calc.exe too and it worked)...

ill test some things with it...


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 3:28 am 
Offline
Moderator
Moderator

Joined: Sat Dec 27, 2003 3:55 am
Posts: 3321
Location: Great Southern Land
Okay, will try that a bit later on (uninstalled droopylib and too lazy to find/reinstall just at mo).

Still clueless about what it does. What is the purpose/functionality of this? :)

_________________
@}--`--,-- A rose by any other name ..


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 3:36 am 
Offline
Enthusiast
Enthusiast

Joined: Wed Apr 27, 2005 9:41 pm
Posts: 150
Location: Finland
well this example only injects RemoteThread procedure to notepad :D
so it opens up notepad and then injects messagerequester into it...


ill edit this so it wont need droopylib soon...


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 4:48 am 
Offline
Addict
Addict
User avatar

Joined: Sat Feb 19, 2005 5:05 pm
Posts: 1769
Location: Norway
Actualy, this is like a process/function hook,
only it discards notepad's own code
and replace it with your own procedure.

I don't see much use for this though, other than prevent certain programs from functioning, and *Ugh* viruses or spyware etc.

Unless I'm misaken, what actualy happen is that notepads memory is dumped (or enough memory to "fit" the current program.
Then around 32KB is allocated to replace the freed memory.
Yeah not the prettiest allocations but.

Basicaly it's the same as taking a car, ripping out the insides,
replacing it with something else, and then turning on the radio.
It looks like the same car, but now the radio will automaticaly turn on
and it's no longer a radio. *laughs*

I'm surprised doing something like this is so easy though!
(no wonder Windows is full of so many holes)

I'm curious on the allocation though, I kinda haf guess that it only works
with administrator priviledges, so on a Guest or non admin priviledge user
this may fail.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 5:10 am 
Offline
Moderator
Moderator

Joined: Sat Dec 27, 2003 3:55 am
Posts: 3321
Location: Great Southern Land
Okay, created an exe and ran it.
Notepad opened.
A message requester showed success.

So I guess it worked. :)

However I am still not sure how this could be useful, or used. Even after reading Rescator's post, none the wiser. Not saying it isn't ...

The change is not permanent (is it?) so it needs to have a prog running to do this sort of thing. The "resident virus" or "admin tool", as it were. :)

So .. what would be a practical use for injecting something into something else?

_________________
@}--`--,-- A rose by any other name ..


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 5:29 am 
Offline
Enthusiast
Enthusiast

Joined: Wed Apr 27, 2005 9:41 pm
Posts: 150
Location: Finland
Change is not permanent and infact it doesnt effect process it is injected to at all(If I'm wrong here please correct me :D).

And for use of this, you could eg.:
- inject procedure to hook any thing within another executable.
- inject procedure to any running process just to remove/modify your own exe (useful with autoupdates).
- etc. :D be creative


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 5:44 am 
Offline
Addict
Addict
User avatar

Joined: Fri Apr 25, 2003 7:06 pm
Posts: 2244
Location: Argentina
okasvi wrote:
Change is not permanent and infact it doesnt effect process it is injected to at all(If I'm wrong here please correct me :D).

And for use of this, you could eg.:
- inject procedure to hook any thing within another executable.
- inject procedure to any running process just to remove/modify your own exe (useful with autoupdates).
- etc. :D be creative


Can you give us an example with notepad.exe (the one you are using) of some usefull usage, just to understand what are you doing.

If you exe closes... the code you injected still runs in the injected app?

Show us an example.

Thanks


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 6:39 am 
Offline
Enthusiast
Enthusiast

Joined: Wed Apr 27, 2005 9:41 pm
Posts: 150
Location: Finland
yes, code injected will stay there and as you can see from my code that right after it have successfully injected it will quit:

If InjectCode("notepad.exe", @RemoteThread()) = #False
MessageRequester("Error!", "Injection failed!")
EndIf
End

and i dont have any examples since i just got this today working...


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 7:04 am 
Offline
Addict
Addict
User avatar

Joined: Fri Apr 25, 2003 7:06 pm
Posts: 2244
Location: Argentina
dwSize is the size of the procedure you are going to inject.
As far as i can understand, is the size of memory you need to allocate for injecting your code.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 67 posts ]  Go to page 1, 2, 3, 4, 5  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye