Injecting Procedure to another process

Share your advanced PureBasic knowledge/code with the community.
User avatar
DoubleDutch
Addict
Addict
Posts: 3219
Joined: Thu Aug 07, 2003 7:01 pm
Location: United Kingdom
Contact:

Post by DoubleDutch »

Also one to try is injecting IE and then try to send commands via port 80 to a remote server.... this little trick may be quite evil. ;)
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system
thefool
Always Here
Always Here
Posts: 5881
Joined: Sat Aug 30, 2003 5:58 pm
Location: Denmark

Post by thefool »

yup it would probably work.

Another idea:

If you are a guest on an windows, or normal user, you can use a program running as admin, like antivirus or a service, then inject your code into that program, and boom your program can do whatever it want.
Henrik
Enthusiast
Enthusiast
Posts: 404
Joined: Sat Apr 26, 2003 5:08 pm
Location: Denmark

Post by Henrik »

Come on you 2, do you want this tread locked or what ? :shock:
you can do alot of bad things with a match and some shoelace too, but there is no reason to discuss it here, it could be very messy you know... :D

Best Regrads
Henrik
User avatar
DoubleDutch
Addict
Addict
Posts: 3219
Joined: Thu Aug 07, 2003 7:01 pm
Location: United Kingdom
Contact:

Post by DoubleDutch »

Sorry, I was getting carried away ;)

If you inject a looping process into notepad or something, then terminate the "injector", does the process keep running until notepad stops, or does it terminate with the injector? Is there any memory leakage or problem?
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system
xgp
Enthusiast
Enthusiast
Posts: 128
Joined: Mon Jun 13, 2005 6:03 pm

Post by xgp »

I've tried and it fails.
WinXP SP2.

just for notice :wink:

xgp
Dreglor
Enthusiast
Enthusiast
Posts: 759
Joined: Sat Aug 02, 2003 11:22 pm
Location: OR, USA

Post by Dreglor »

i think most firewalls work by looking what program is doing this well if your hooked maybe it will think its msn instead of your program well only one way to find out :\

btw

it fails on my machine XP SP2
~Dreglor
Dreglor
Enthusiast
Enthusiast
Posts: 759
Joined: Sat Aug 02, 2003 11:22 pm
Location: OR, USA

Post by Dreglor »

i looked into why it wasn't working and i found it does work but only rarely it is always stoping at VirtualAllocEx_() it returning null which msdn says is a error and says if you want more on the error use the GetLastError_(). well that returns zero which i look up and that code means it worked. so either there was a error to which there was no code to or VirtualAllocEx_() is lying to me :?

i figured it somthing with the code you wrote converted the original c++ code you found.
and guess what it did the same exact thing rarely working and when it didn't it stopped on VirtualAllocEx_()

is anyone having the same problem?
~Dreglor
okasvi
Enthusiast
Enthusiast
Posts: 150
Joined: Wed Apr 27, 2005 9:41 pm
Location: Finland

Post by okasvi »

hmm... weird since im on XP SP2 and works fine here...


Doubledutch, does your ideas have something to do with your remote administration tool? :lol:
thefool
Always Here
Always Here
Posts: 5881
Joined: Sat Aug 30, 2003 5:58 pm
Location: Denmark

Post by thefool »

No you need the allocations on my xp too! better put them back.

Henrik, can you tell me about that shoelace and matches?? :)

DoubleDutch, it should terminate with the app its injected too. Not the one that injects it!
okasvi
Enthusiast
Enthusiast
Posts: 150
Joined: Wed Apr 27, 2005 9:41 pm
Location: Finland

Post by okasvi »

thefool wrote:No you need the allocations on my xp too! better put them back.

:oops: i forgot to edit 1st post, anyway now its there with DarkDragons idea/code of creating process as suspended...
thefool
Always Here
Always Here
Posts: 5881
Joined: Sat Aug 30, 2003 5:58 pm
Location: Denmark

Post by thefool »

sorry, but why do you want to put it as suspended?
okasvi
Enthusiast
Enthusiast
Posts: 150
Joined: Wed Apr 27, 2005 9:41 pm
Location: Finland

Post by okasvi »

thefool wrote:sorry, but why do you want to put it as suspended?
:oops: it was because i thought my way didnt work for everyone... well i guess it was just because i left copypasted broken code there and darkdragon "fixed" it with another method and i thought it would be better :? well mistakes happen... now there is both methods on 1st post
thefool
Always Here
Always Here
Posts: 5881
Joined: Sat Aug 30, 2003 5:58 pm
Location: Denmark

Post by thefool »

hehe :)
ricardo
Addict
Addict
Posts: 2402
Joined: Fri Apr 25, 2003 7:06 pm
Location: Argentina

Post by ricardo »

Can anybody show something that the injected code can do without crashing?

I was only able to use delays and msgboxes, but not anymore. Any API call (per example) crashes for me.
ARGENTINA WORLD CHAMPION
LuCiFeR[SD]
666
666
Posts: 1033
Joined: Mon Sep 01, 2003 2:33 pm

Post by LuCiFeR[SD] »

interesting... very interesting :). Nice to see that Microsoft got something right with Windows XP SP2. I must remember to disable DEP for further testing :)

http://www.satanicdreams.com/error.jpg
Post Reply