Results 1 to 7 of 7

Thread: What's wrong with this code?

  1. #1

    Thread Starter
    Member
    Join Date
    Aug 2009
    Posts
    47

    What's wrong with this code?

    Hi, I'm trying to create a DLL injector (merely for 3rd party option-toggling), but for some reason this code doesn't work.
    It will always return "Failed to create thread!"
    Here are the contents of the code: (Form1.vb)
    Code:
    Public Class Form1
        Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
        Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
        Private Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
        Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As IntPtr, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal fAllocType As Long, ByVal flProtect As Long) As Long
        Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As IntPtr, ByVal lpBaseAddress As Long, ByVal lpBuffer As String, ByVal nSize As Long, ByVal lpNumberOfBytesWritten As Long) As Long
        Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal ProcessHandle As IntPtr, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, ByVal lpThreadID As Long) As Long
        Public Declare Function FreeLibrary Lib "kernel32" (ByVal hLibModule As Long) As Long
    
        Public ProsH As Long
        Public Verify As Integer
    
        'The Injection Function
        Public Function InjectDll(ByVal DllPath As String, ByVal ProsH As IntPtr)
            Dim DLLVirtLoc As Long, Inject As Long, LibAddress As Long
            Dim CreateThread As Long, ThreadID As Long
            Dim DllLength As Long
    
            'STEP 1 -  The easy part...Putting the it in the process' memory
    
            Me.Label7.Text = "Injecting......"
            'Find a nice spot for your DLL to chill using VirtualAllocEx
            DllLength = Len(DllPath)
            MsgBox(DllLength)
            DLLVirtLoc = VirtualAllocEx(ProsH, 0, DllLength, &H1000, &H4)
            If DLLVirtLoc = 0 Then Me.Label7.Text = "VirtualAllocEx API failed!" : Return ("") : Exit Function
            'Inject the Dll into that spot
            Inject = WriteProcessMemory(ProsH, DLLVirtLoc, DllPath, DllLength, vbNull)
            If Inject = 0 Then Me.Label7.Text = "Failed to Write DLL to Process!" : Return ("") : Exit Function
            Me.Label7.Text = "Dll Injected...Creating Thread....."
    
    
            'STEP 2 - Loading it in the process
            'This is where it gets a little interesting....
            'Just throwing our Dll into the process isnt going to do nothing unless you
            'Load it into the precess address using LoadLibrary.  The LoadLibrary function
            'maps the specified executable module into the address space of the
            'calling process.  You call LoadLibrary by using CreateRemoteThread to
            'create a thread(no ____) that runs in the address space of another process.
            'First we find the LoadLibrary function in kernel32.dll
            LibAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
            If LibAddress = 0 Then Me.Label7.Text = "Can't find LoadLibrary API from kernel32.dll" : Return ("") : Exit Function
            'Next, the part the took me damn near 2 hours to figure out - using CreateRemoteThread
            'We set a pointer to LoadLibrary(LibAddress) in our process, LoadLibrary then puts
            'our Dll(DLLVirtLoc) into the process address.  Easy enough right?
    
    
            CreateThread = CreateRemoteThread(ProsH, vbNull, 0, LibAddress, DLLVirtLoc, 0, ThreadID)
            If ThreadID = 0 Then Me.Label7.Text = "Failed to Create Thead!" : Return ("") : Exit Function
            Verify = 0
            Me.Label7.Text = "Injection Successful...Verifying......"
            Return ""
        End Function
    
        Public Function EjectDll(ByVal ProcessHandle As IntPtr, ByVal DllHandle As Long)
            Dim LibFreeAddress As Long, CreateEjectThread As Long, EjectThreadId As Long
    
            'DllHandle = m(ModSrch(DllName)).hModule if u want to go by dll name
            If DllHandle = 0 Then Me.Label7.Text = "Can't find Dll in process!" : Return ("") : Exit Function
            Me.Label7.Text = "Ejecting....."
            LibFreeAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "FreeLibrary")
    
            CreateEjectThread = CreateRemoteThread(ProcessHandle, vbNull, 0, LibFreeAddress, DllHandle, 0, EjectThreadId)
            If EjectThreadId = 0 Then Me.Label7.Text = "Failed to Create Eject Thead!" : Return ("") : Exit Function
            Me.Label7.Text = "Ejection Successful!"
            Return ""
        End Function
    
        Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
            'InjectDll("./wizhacks.dll", "haloce.exe")
        End Sub
    
        Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
            Using MyReader As New  _
            Microsoft.VisualBasic.FileIO.TextFieldParser("./config.txt")
                MyReader.TextFieldType = FileIO.FieldType.Delimited
                MyReader.SetDelimiters(";")
                Dim currentRow As String()
                While Not MyReader.EndOfData
                    Try
                        currentRow = MyReader.ReadFields()
                        Dim currentField As String
                        For Each currentField In currentRow
                            If currentField.StartsWith("#") Then
                                ' Ignore comment
                            Else
                                Dim p As Process() = Process.GetProcessesByName("haloce")
                                For Each Process In p
                                    Dim hWnd = CType(p(0).MainWindowHandle, Integer)
                                    InjectDll(currentField, hWnd)
                                Next
                            End If
                        Next
                    Catch ex As Microsoft.VisualBasic.FileIO.MalformedLineException
                        MsgBox("Line " & ex.Message & _
                        "is not valid and will be skipped.")
                    End Try
                End While
            End Using
        End Sub
    End Class
    Config.txt file contents:

    Code:
    C:\Program Files\Microsoft Games\Halo Custom Edition\EvilAimv1 for CE\EvilAimv1 for CE\EvilAimv1.dll;
    (EvilAimv1 isn't the DLL I'm going to inject when I'm done with this, that's just a test DLL because I haven't made the option-toggler yet.)

    Please help, and tell me what's wrong.
    Thanks,
    -Arightwizard

    PS: I just use [ code ] and [ /code ] in case anyone wants to copy and paste it (maybe to test, I don't know). With the vbcode button, the line numbers get in.
    Last edited by Arightwizard; Oct 15th, 2009 at 04:16 PM.
    The following statements are true. The following statement is false. The first statement is true.

  2. #2
    PowerPoster 2.0 Negative0's Avatar
    Join Date
    Jun 2000
    Location
    Southeastern MI
    Posts
    4,367

    Re: What's wrong with this code?

    I don't know that you can inject a .net process into a non-.Net application. I am think that could cause all sorts of issues.

  3. #3

    Thread Starter
    Member
    Join Date
    Aug 2009
    Posts
    47

    Re: What's wrong with this code?

    Negative0, It's been done many times before. But if you happen to see a flaw in the code, one that would make it return "Failed to create thread!" every time, then please tell me.
    Thanks,
    -Arightwizard
    The following statements are true. The following statement is false. The first statement is true.

  4. #4
    Pro Grammar chris128's Avatar
    Join Date
    Jun 2007
    Location
    England
    Posts
    7,604

    Re: What's wrong with this code?

    Quote Originally Posted by Negative0 View Post
    I don't know that you can inject a .net process into a non-.Net application. I am think that could cause all sorts of issues.
    Yeah you definitely can, I dont think it is very straight forward though...
    My free .NET Windows API library (Version 2.2 Released 12/06/2011)

    Blog: cjwdev.wordpress.com
    Web: www.cjwdev.co.uk


  5. #5

    Thread Starter
    Member
    Join Date
    Aug 2009
    Posts
    47

    Re: What's wrong with this code?

    I still cannot find any way to make this code work, even after declaring "ThreadID = 1" right before it injects...
    I'd really appreciate an answer.
    Thanks,
    -Arightwizard
    The following statements are true. The following statement is false. The first statement is true.

  6. #6
    Addicted Member
    Join Date
    Oct 2009
    Posts
    212

    Re: What's wrong with this code?

    I think:

    If ThreadID = 0 Then Form1.Label7.Text = "Failed to Create Thead!" : Exit Function

    Should be:

    If CreateThread = 0 Then Form1.Label7.Text = "Failed to Create Thead!" : Exit Function

    Could be other problems in the code as well, though...

  7. #7

    Thread Starter
    Member
    Join Date
    Aug 2009
    Posts
    47

    Re: What's wrong with this code?

    7777, Now it says that it has Injected it successfully, and yet the DLL has not loaded onto the application I told it to inject into.
    Thanks, though..
    -Arightwizard
    The following statements are true. The following statement is false. The first statement is true.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width