I don't think you can safely call shell functions in DllMain. There is a long list of things you can't do due to the way process initialization is done in Windows. You should never perform the following tasks from within DllMain: Call LoadLibrary or LoadLibraryEx (either directly or indirectly). This...
I don't know of a way to do it natively in Java. Since you've found a working solution in .NET and your task is Windows-specific, I suggest the following: Build dotnet-dll-injector as a DLL and call it from your Java app. How to call into .NET dll from Java Edit:...
You are creating the process suspended. While the key kernel data structures will be created, no modules will be loaded (that would involve executing code in module entry points (dllmain)). Thus the error makes sense: the data structures to track modules loaded will be empty, and quite possibly not allocated...
c#,visual-studio,dll,dllimport,dll-injection
Although heavy, you can of course use reflection to load the assembly for that test. The following would not work: var obj = new Newtonsoft.Json.Linq.JObject(); since the assembly isn't yet present. However, if I explicitly load it first via reflection and an absolute path to my bin, I can instantiate...
An e8 instruction is a relative call instruction, not absolute. So the next 4 bytes need to be the difference between the pc when processing this instruction and your target function. So what you want is: *(BYTE *)dwPatchAddr = 0xE8; *(DWORD *)(dwPatchAddr + 1) = (DWORD)((char *)myFunc - (char *)(dwPatchAddr...
c++,process,hook,dll-injection,detours
You can create the target process suspended and use CreateRemoteThread() for injection, but mind the following limitations: You should copy the thread main routine for the remote thread to the address space of the target process. This code cannot contain any external references (e.g. CRTL or direct WinApi calls). I...
windows,winapi,dll,privileges,dll-injection
I can see the following problems: In the call to WriteProcessMemory you pass the wrong length. You need to pass strlen(...)+1 in order to write the null-terminator. There is no need to use the undocumented NtCreateThreadEx. Using CreateRemoteThread works perfectly well for injection. You have only checked for errors on...
c++,module,loadlibrary,dll-injection
Got it working with help from: RectangleEquals -> Answer...
I've got it working. The things I had been trying before were happening because I had an incorrect base address. My solution can be seen below. Defining addresses #define BASE_ADDR 0x00400000 #define AMMO_ADDR 0x00109B74 #define AMMO_OFS1 0x00000384 #define AMMO_OFS2 0x00000014 Get address function DWORD getAddress(DWORD baseAddress, DWORD offsets[], int offsetCount)...
The correct way to simulate a button click with a WM_COMMAND message is like this: PostMessage(GetParent(hButton), WM_COMMAND, MAKEWPARAM(GetDlgCtrlID(hButton), BN_CLICKED), hButton); However, that is no guarantee that the button's click handler will be called if the button window is actually disabled. For a VCL TButton component, it will be called. But...
windows,dll-injection,windows-security
Its probably not worth the trouble. An attacker just needs a handle to the process, and if you rename the exe you just make it a tiny bit more difficult, but not that much. For example simply monitoring the processes that open the firefox history database or any process that...