dll-injection

finding a loaded dll using a CreateToolHelp32Snapshot, finding a function within the dll and then calling it, GetProcAddress

为君一笑 提交于 2019-12-13 06:25:54
问题 I'm trying to get a handle to a function within a .dll. I am creating a CreateToolHelp32Snapshot and then enumerating over the modules until I find the one I want, from that .dll I want to find a particular function. How do I call GetProcAddress() correctly so that I get the function within 'that' .dll rather than another instance that may be running? The continuation from the above question would then be, ok so I have a handle to the function, how do I actually call it? EDIT: As has already

MSVC++ causing crash 0x80000003 on “Attach to Process”

谁说我不能喝 提交于 2019-12-12 10:19:14
问题 I'm injecting a dll into a third party program and debugging that dll with MSVC. I have been doing normally for some time until a recent update to the program now causes MSVC to crash each time I attach the debugger to the process while my dll is injected. My dll still runs normally, I just cannot debug it as attaching MSVC crashes the host program. Event view shows this: Faulting application name: SomeApp.exe, version: 1.0.1023.0, time stamp: 0x5109728a Faulting module name: MyDLL.dll,

Why LoadLibrary loads unrelated DLLs

纵饮孤独 提交于 2019-12-12 01:20:27
问题 This is about DLL injection. Let's say P.exe depends on A.dll, B.dll and C.dll (implicit linking), they're private modules of P.exe. Now I use CreateProcess with CREATE_SUSPENDED flag to launch P.exe, after that I use CreateRemoteThread to call LoadLibrary in target process to load Inject.dll, and in the same way call an initialize function of Inject.dll to do real work (things you can't do in DLLMain). It works. But I found that calling to LoadLibrary makes A.dll, B.dll and C.dll load too -

CreateRemoteThread - ERROR_ACCES_DENIED

时光怂恿深爱的人放手 提交于 2019-12-10 11:24:18
问题 I think my code is finally working now. Only problem is that for some reason, even though I've opened the process with PROCESS_ALL_ACCESS, CreateRemoteThread throws back an error: ERROR_ACCESS_DENIED. The error was retrieved with GetLastError and it spit out '5', which translates to ERROR_ACCESS_DENIED. #include <iostream> #include <windows.h> #include <TlHelp32.h> char* dllPath = "C:\\Users\\Kalist\\Desktop\\Projects\\DLL\\bin\\Debug\\DLL.dll"; char* ProcToInject = "calc.exe"; int main(){

FreeLibraryAndExitThread crashes program when unloading injected DLL

旧巷老猫 提交于 2019-12-10 10:48:56
问题 I am writing a DLL that gets injected into a game in order to play around with some reverse engineering. For a while I was able to successfully inject, eject and reinject as I made changes to the program. I'm using FreeLibraryAndExitThread to unload. After adding XInput to the program so I could catch user input, the game crashes with an access violation when I call FreeLibraryAndExitThread . Going from this post, I'm guessing that using XInput is leaving something 'live' in the program when

Preventing a DLL file from loading into my process via MS Detours

给你一囗甜甜゛ 提交于 2019-12-09 23:06:03
问题 I'd like to prevent a specific third-party DLL file from loading into my application's process at runtime. My initial attempt at this was using the MS Detours product. I have a 32-bit MFC application running on Windows 10 64-bit. I tested with the free MS Detours 3.0 version as a feasibility check. In my MFC application class constructor, I call Detours to intercept the "load library" APIs (LoadLibraryW, LoadLibraryExW, LoadLibraryA, and LoadLibraryExA). This lets me intercept library loading

RE - IDA finding function offset

孤者浪人 提交于 2019-12-08 01:49:08
问题 I am just starting out with Reverse Engineering. I've created a small C++ ConsoleApplication and I am trying to call the NewFunction via an injected DLL. void NewFunction() { DWORD dwImageBase = (DWORD)GetModuleHandle(NULL); std::cout << "ImageBase: " << ToHex(dwImageBase) << std::endl; std::cout << "NewFunction: " << ToHex((DWORD)&NewFunction) << std::endl; std::cout << "Offset: " << ToHex((DWORD)&NewFunction - dwImageBase) << std::endl; } Example Output: ImageBase: F90000 NewFunction:

How do I strongly name an Unmanaged C++ Dll?

安稳与你 提交于 2019-12-07 05:57:00
问题 I'm working on a C# application which uses the EasyHook library for DLL Injection. EasyHook requires that any application using it be strongly named. In order to strongly name the application I need to make sure that all the libraries I use are strongly named as well. This is easy to do for all of my managed libraries, but I also have an unmanaged c++ library which I need to strongly name. After some searching I can't seem to find a way to sign my unmanaged dll, even with the source code. Can

FreeLibraryAndExitThread crashes program when unloading injected DLL

孤者浪人 提交于 2019-12-06 06:17:46
I am writing a DLL that gets injected into a game in order to play around with some reverse engineering. For a while I was able to successfully inject, eject and reinject as I made changes to the program. I'm using FreeLibraryAndExitThread to unload. After adding XInput to the program so I could catch user input, the game crashes with an access violation when I call FreeLibraryAndExitThread . Going from this post , I'm guessing that using XInput is leaving something 'live' in the program when I go to unload, and that's what's causing the crash. I'm honestly at a loss as to how to fix this.

delphi xe3 dll injection for 64bit dll to 64bit process doesn't work

两盒软妹~` 提交于 2019-12-05 18:45:28
I'm using this code to inject my 64bit dll into a 64bit process on windows 7 64 bit,CreateRemoteThread return 200 but still the dll does not injected, I tested my dll with another source and it works fine, Process Explorer shows that my code does not work,What can be wrong with this code, I'm using delphi XE3 and i have compile the code on 64bit target platform. function InjectDLL(dwPID: DWORD; DLLPath: pwidechar): integer; var dwThreadID: Cardinal; hProc, hThread, hKernel: NativeUInt; BytesWritten: NativeUInt; pRemoteBuffer, pLoadLibrary: Pointer; begin try hProc := OpenProcess(PROCESS_ALL
订阅 dll-injection