C++

Forum

 
[Help]Dll injector

PsychicSymphony (4)
Im making a program somewhat like the program winject, just a simple dll injector.
This is the first time I have done stuff with WriteProcessMemory, VirtualAllocEx and CreateRemoteThread.

I have my inject code which comes back with no errors what so ever but does not inject my dll, I have the dll write a text file to c:\ to make sure it injected.

I have no idea why this is not working heres my code
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
BOOL Inject(string dll) {
	DWORD ProcessID;
	HWND wnd = FindWindow(0, "Minecraft");
	GetWindowThreadProcessId(wnd, &ProcessID);
   HANDLE Proc;
   char buf[50]={0};
   LPVOID RemoteString, LoadLibAddy;

   if(!ProcessID)
      return false;

   Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessID);

   if(!Proc) {
      sprintf(buf, "failed: %d", GetLastError());
      MessageBox(NULL, buf, "Maple Injector", NULL);
      return false;
   }

   LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");

   RemoteString = VirtualAllocEx(Proc, NULL, dll.size(), MEM_COMMIT, PAGE_READWRITE);
   DWORD numBytesWritten;
   WriteProcessMemory(Proc, RemoteString, dll.c_str(), dll.size(), &numBytesWritten);
   CreateRemoteThread(Proc, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibAddy, RemoteString, 0, NULL);   
   
	ErrorExit("VirtualAllocEx");
	ErrorExit("WriteProcessMemory");
	ErrorExit("CreateRemoteThread");


   CloseHandle(Proc);

   return true;
}


btw when I inject the dll with winject it writes the dll just like it should.
ultifinitus (1446)
Hmm, I'll look into this.

Maple Injector
== maplestory?

However, with your particular code, do you know how to step through/debug code?
closed account (zwA4jE8b)
so your code gets the address of the LoadLibraryA function in kernel32.dll and uses that function to load your custom dll? is that correct?

Also, it seems like in RemoteString = VirtualAllocEx(Proc, NULL, dll.size(), MEM_COMMIT, PAGE_READWRITE); you are allocating only the size of the string 'dll' not how many bytes your actual dll file is.
Last edited on
closed account (zwA4jE8b)
from msdn

PAGE_READWRITE
0x04
Enables read-only or read/write access to the committed region of pages. If Data Execution Prevention is enabled, attempting to execute code in the committed region results in an access violation.


maybe try using

PAGE_EXECUTE_READWRITE
0x40

just a guess.
Topic archived. No new replies allowed.