-
Oct 15th, 2009, 04:11 PM
#1
Thread Starter
Member
What's wrong with this code?
Hi, I'm trying to create a DLL injector (merely for 3rd party option-toggling), but for some reason this code doesn't work.
It will always return "Failed to create thread!"
Here are the contents of the code: (Form1.vb)
Code:
Public Class Form1
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As IntPtr, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal fAllocType As Long, ByVal flProtect As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As IntPtr, ByVal lpBaseAddress As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal lpNumberOfBytesWritten As Long) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal ProcessHandle As IntPtr, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, ByVal lpThreadID As Long) As Long
Public Declare Function FreeLibrary Lib "kernel32" (ByVal hLibModule As Long) As Long
Public ProsH As Long
Public Verify As Integer
'The Injection Function
Public Function InjectDll(ByVal DllPath As String, ByVal ProsH As IntPtr)
Dim DLLVirtLoc As Long, Inject As Long, LibAddress As Long
Dim CreateThread As Long, ThreadID As Long
Dim DllLength As Long
'STEP 1 - The easy part...Putting the it in the process' memory
Me.Label7.Text = "Injecting......"
'Find a nice spot for your DLL to chill using VirtualAllocEx
DllLength = Len(DllPath)
MsgBox(DllLength)
DLLVirtLoc = VirtualAllocEx(ProsH, 0, DllLength, &H1000, &H4)
If DLLVirtLoc = 0 Then Me.Label7.Text = "VirtualAllocEx API failed!" : Return ("") : Exit Function
'Inject the Dll into that spot
Inject = WriteProcessMemory(ProsH, DLLVirtLoc, DllPath, DllLength, vbNull)
If Inject = 0 Then Me.Label7.Text = "Failed to Write DLL to Process!" : Return ("") : Exit Function
Me.Label7.Text = "Dll Injected...Creating Thread....."
'STEP 2 - Loading it in the process
'This is where it gets a little interesting....
'Just throwing our Dll into the process isnt going to do nothing unless you
'Load it into the precess address using LoadLibrary. The LoadLibrary function
'maps the specified executable module into the address space of the
'calling process. You call LoadLibrary by using CreateRemoteThread to
'create a thread(no ____) that runs in the address space of another process.
'First we find the LoadLibrary function in kernel32.dll
LibAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
If LibAddress = 0 Then Me.Label7.Text = "Can't find LoadLibrary API from kernel32.dll" : Return ("") : Exit Function
'Next, the part the took me damn near 2 hours to figure out - using CreateRemoteThread
'We set a pointer to LoadLibrary(LibAddress) in our process, LoadLibrary then puts
'our Dll(DLLVirtLoc) into the process address. Easy enough right?
CreateThread = CreateRemoteThread(ProsH, vbNull, 0, LibAddress, DLLVirtLoc, 0, ThreadID)
If ThreadID = 0 Then Me.Label7.Text = "Failed to Create Thead!" : Return ("") : Exit Function
Verify = 0
Me.Label7.Text = "Injection Successful...Verifying......"
Return ""
End Function
Public Function EjectDll(ByVal ProcessHandle As IntPtr, ByVal DllHandle As Long)
Dim LibFreeAddress As Long, CreateEjectThread As Long, EjectThreadId As Long
'DllHandle = m(ModSrch(DllName)).hModule if u want to go by dll name
If DllHandle = 0 Then Me.Label7.Text = "Can't find Dll in process!" : Return ("") : Exit Function
Me.Label7.Text = "Ejecting....."
LibFreeAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "FreeLibrary")
CreateEjectThread = CreateRemoteThread(ProcessHandle, vbNull, 0, LibFreeAddress, DllHandle, 0, EjectThreadId)
If EjectThreadId = 0 Then Me.Label7.Text = "Failed to Create Eject Thead!" : Return ("") : Exit Function
Me.Label7.Text = "Ejection Successful!"
Return ""
End Function
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'InjectDll("./wizhacks.dll", "haloce.exe")
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Using MyReader As New _
Microsoft.VisualBasic.FileIO.TextFieldParser("./config.txt")
MyReader.TextFieldType = FileIO.FieldType.Delimited
MyReader.SetDelimiters(";")
Dim currentRow As String()
While Not MyReader.EndOfData
Try
currentRow = MyReader.ReadFields()
Dim currentField As String
For Each currentField In currentRow
If currentField.StartsWith("#") Then
' Ignore comment
Else
Dim p As Process() = Process.GetProcessesByName("haloce")
For Each Process In p
Dim hWnd = CType(p(0).MainWindowHandle, Integer)
InjectDll(currentField, hWnd)
Next
End If
Next
Catch ex As Microsoft.VisualBasic.FileIO.MalformedLineException
MsgBox("Line " & ex.Message & _
"is not valid and will be skipped.")
End Try
End While
End Using
End Sub
End Class
Config.txt file contents:
Code:
C:\Program Files\Microsoft Games\Halo Custom Edition\EvilAimv1 for CE\EvilAimv1 for CE\EvilAimv1.dll;
(EvilAimv1 isn't the DLL I'm going to inject when I'm done with this, that's just a test DLL because I haven't made the option-toggler yet.)
Please help, and tell me what's wrong.
Thanks,
-Arightwizard
PS: I just use [ code ] and [ /code ] in case anyone wants to copy and paste it (maybe to test, I don't know). With the vbcode button, the line numbers get in.
Last edited by Arightwizard; Oct 15th, 2009 at 04:16 PM.
The following statements are true. The following statement is false. The first statement is true.
-
Oct 15th, 2009, 04:21 PM
#2
Re: What's wrong with this code?
I don't know that you can inject a .net process into a non-.Net application. I am think that could cause all sorts of issues.
-
Oct 15th, 2009, 04:32 PM
#3
Thread Starter
Member
Re: What's wrong with this code?
Negative0, It's been done many times before. But if you happen to see a flaw in the code, one that would make it return "Failed to create thread!" every time, then please tell me.
Thanks,
-Arightwizard
The following statements are true. The following statement is false. The first statement is true.
-
Oct 15th, 2009, 04:35 PM
#4
Re: What's wrong with this code?
Originally Posted by Negative0
I don't know that you can inject a .net process into a non-.Net application. I am think that could cause all sorts of issues.
Yeah you definitely can, I dont think it is very straight forward though...
-
Oct 15th, 2009, 05:26 PM
#5
Thread Starter
Member
Re: What's wrong with this code?
I still cannot find any way to make this code work, even after declaring "ThreadID = 1" right before it injects...
I'd really appreciate an answer.
Thanks,
-Arightwizard
The following statements are true. The following statement is false. The first statement is true.
-
Oct 15th, 2009, 07:14 PM
#6
Addicted Member
Re: What's wrong with this code?
I think:
If ThreadID = 0 Then Form1.Label7.Text = "Failed to Create Thead!" : Exit Function
Should be:
If CreateThread = 0 Then Form1.Label7.Text = "Failed to Create Thead!" : Exit Function
Could be other problems in the code as well, though...
-
Oct 15th, 2009, 07:35 PM
#7
Thread Starter
Member
Re: What's wrong with this code?
7777, Now it says that it has Injected it successfully, and yet the DLL has not loaded onto the application I told it to inject into.
Thanks, though..
-Arightwizard
The following statements are true. The following statement is false. The first statement is true.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|