Menu
  • HOME
  • TAGS

Controlling the order of dllmain() calls while being injected to another process

c++,windows,dll,dll-injection

I don't think you can safely call shell functions in DllMain. There is a long list of things you can't do due to the way process initialization is done in Windows. You should never perform the following tasks from within DllMain: Call LoadLibrary or LoadLibraryEx (either directly or indirectly). This...

Can Java inject DLL in another process?

java,jna,dll-injection

I don't know of a way to do it natively in Java. Since you've found a working solution in .NET and your task is Windows-specific, I suggest the following: Build dotnet-dll-injector as a DLL and call it from your Java app. How to call into .NET dll from Java Edit:...

How to find the entry point(or base address) of a process - take care of ASLR

dll-injection

You are creating the process suspended. While the key kernel data structures will be created, no modules will be loaded (that would involve executing code in module entry points (dllmain)). Thus the error makes sense: the data structures to track modules loaded will be empty, and quite possibly not allocated...

How to load dll's during debug in VS2013

c#,visual-studio,dll,dllimport,dll-injection

Although heavy, you can of course use reflection to load the assembly for that test. The following would not work: var obj = new Newtonsoft.Json.Linq.JObject(); since the assembly isn't yet present. However, if I explicitly load it first via reflection and an absolute path to my bin, I can instantiate...

How to generate 0xE8 (call) opcode with C++

code-injection,dll-injection

An e8 instruction is a relative call instruction, not absolute. So the next 4 bytes need to be the difference between the pc when processing this instruction and your target function. So what you want is: *(BYTE *)dwPatchAddr = 0xE8; *(DWORD *)(dwPatchAddr + 1) = (DWORD)((char *)myFunc - (char *)(dwPatchAddr...

Injecting a hook DLL into a process before its imports get called?

c++,process,hook,dll-injection,detours

You can create the target process suspended and use CreateRemoteThread() for injection, but mind the following limitations: You should copy the thread main routine for the remote thread to the address space of the target process. This code cannot contain any external references (e.g. CRTL or direct WinApi calls). I...

Windows privileges, getting handle of .dll when not admin, not sure

windows,winapi,dll,privileges,dll-injection

I can see the following problems: In the call to WriteProcessMemory you pass the wrong length. You need to pass strlen(...)+1 in order to write the null-terminator. There is no need to use the undocumented NtCreateThreadEx. Using CreateRemoteThread works perfectly well for injection. You have only checked for errors on...

Injected DLL not correct HMODULE

c++,module,loadlibrary,dll-injection

Got it working with help from: RectangleEquals -> Answer...

Reading and writing with a DLL injection C++

c++,memory,dll,dll-injection

I've got it working. The things I had been trying before were happening because I had an incorrect base address. My solution can be seen below. Defining addresses #define BASE_ADDR 0x00400000 #define AMMO_ADDR 0x00109B74 #define AMMO_OFS1 0x00000384 #define AMMO_OFS2 0x00000014 Get address function DWORD getAddress(DWORD baseAddress, DWORD offsets[], int offsetCount)...

Delphi - Get Msg type of button on another process

delphi,dll-injection

The correct way to simulate a button click with a WM_COMMAND message is like this: PostMessage(GetParent(hButton), WM_COMMAND, MAKEWPARAM(GetDlgCtrlID(hButton), BN_CLICKED), hButton); However, that is no guarantee that the button's click handler will be called if the button window is actually disabled. For a VCL TButton component, it will be called. But...

Hiding the process name to avoid DLL injection. How feasible is it?

windows,dll-injection,windows-security

Its probably not worth the trouble. An attacker just needs a handle to the process, and if you rename the exe you just make it a tiny bit more difficult, but not that much. For example simply monitoring the processes that open the firefox history database or any process that...