Solved

About MadShi's InjectLibrarySession

Posted on 2003-12-06
28
434 Views
Last Modified: 2010-04-05
// same as InjectLibrary(CURRENT_SESSION), but you can specify the target session
function InjectLibrarySession (session         : dword;
                               systemProcesses : bool;
                               libFileName     : string;
                               timeOut         : dword = 7000) : boolean;

How to get an other process's session?
I want inject a dll into an other process(not system wide, just inject that specific process)
Please give me an sample code...thanks~~
0
Comment
Question by:xmichen
  • 15
  • 13
28 Comments
 

Author Comment

by:xmichen
Comment Utility
This is my code,But don't work:(

CreateProcess(nil, PChar(OpenDialog.FileName),
                  nil, nil, False, CREATE_SUSPENDED, nil,
                  Pchar(ExtractFileDir(OpenDialog.FileName)),
                  si, pi);

InjectLibrarySession(pi.hProcess, False, 'NCoolHOOK.dll');

ResumeThread(pi.hThread);
0
 
LVL 20

Expert Comment

by:Madshi
Comment Utility
Forget about InjectLibrarySession. It's for injecting into different *terminal server sessions*. That's not what you want to do. Simply call:

InjectLibrary(pi.hProcess, 'NCoolHOOK.dll');

Or when you've started the process yourself, you can replace the CreateProcess + InjectLibrary call by using CreateProcessEx instead.
0
 

Author Comment

by:xmichen
Comment Utility
I have change my code to

  CreateProcessEx(nil, PChar(OpenDialog.FileName),
                  nil, nil, False, CREATE_SUSPENDED, nil,
                  Pchar(ExtractFileDir(OpenDialog.FileName)),
                  si, pi, 'NCoolHOOK.dll');
  ResumeThread(pi.hThread);

but still don't work:(

I use
InjectLibrary((ALL_SESSIONS or SYSTEM_PROCESSES), 'NCoolHOOK.dll');
it works fine...
But I only want inject my dll to specific process
0
 

Author Comment

by:xmichen
Comment Utility
I have tried InjectLibrary(pi.hProcess, 'NCoolHOOK.dll'); still don't work....
0
 
LVL 20

Expert Comment

by:Madshi
Comment Utility
About which OS are we talking?
0
 

Author Comment

by:xmichen
Comment Utility
My OS is Windows XP
0
 
LVL 20

Accepted Solution

by:
Madshi earned 20 total points
Comment Utility
Could you please do the following test?

(1) Create an empty file "c:\madCodeHook.txt".
(2) Download and extract http://madshi.net/SoffChen.zip
(3) Start the executable.
(4) Post what the message box sais here.
(5) Post the content of the "c:\madCodeHook.txt" file here.

Thanks!
0
 

Author Comment

by:xmichen
Comment Utility
The message box said:"success!"

c:\madCodeHook.txt
=========================================================

14:42:43-566 $000003a8 TestCreateProcessEx.exe initialization begin
14:42:43-566 $000003a8 TestCreateProcessEx.exe initialization end
14:42:43-566 $000003a8 TestCreateProcessEx.exe CreateProcessEx (lib: empty.dll)
14:42:43-606 $000003a8 TestCreateProcessEx.exe GetCallingModule
14:42:43-616 $000003a8 TestCreateProcessEx.exe GetCallingModule -> $400000
14:42:43-616 $000003a8 TestCreateProcessEx.exe InjectLibraryX (process: ph:$44;pid:notepad.exe; lib: empty.dll; timeOut: 4294967295)
14:42:43-686 $000003a8 TestCreateProcessEx.exe CheckLibFilePath (lib: empty.dll)
14:42:43-686 $000003a8 TestCreateProcessEx.exe CheckLibFilePath (lib -> D:\SoffChen\empty.dll) -> +
14:42:43-706 $000003a8 TestCreateProcessEx.exe DoInject (process: ph:$44;pid:notepad.exe)
14:42:43-716 $000003a8 TestCreateProcessEx.exe InjectLibraryPatch (process: ph:$44;pid:notepad.exe)
14:42:43-716 $000003a8 TestCreateProcessEx.exe NotInitializedYet (1) +
14:42:43-726 $000003a8 TestCreateProcessEx.exe GetExeModuleInfos +
14:42:43-736 $000003a8 TestCreateProcessEx.exe FindLdrLoadStub: $77f55418
14:42:43-736 $000003a8 TestCreateProcessEx.exe InjectMagic +
14:42:43-746 $000003a8 TestCreateProcessEx.exe llh.proc: $5e000000
14:42:43-756 $000003a8 TestCreateProcessEx.exe InjectLibraryPatch (process: ph:$44;pid:notepad.exe) -> 2
14:42:43-766 $000003a8 TestCreateProcessEx.exe DoInject (process: ph:$44;pid:notepad.exe) -> +
14:42:43-776 $000003a8 TestCreateProcessEx.exe InjectLibraryX (process: ph:$44;pid:notepad.exe; lib: empty.dll; timeOut: 4294967295) -> +
14:42:43-786 $000003a8 TestCreateProcessEx.exe CreateProcessEx (lib: empty.dll) -> +
14:43:51-605 $000003a8 TestCreateProcessEx.exe finalization begin
14:43:51-625 $000003a8 TestCreateProcessEx.exe AutoUnhook (module: $ffffffff; wait: -)
14:43:51-625 $000003a8 TestCreateProcessEx.exe AutoUnhook (module: $ffffffff; wait: -) -> +
14:43:51-635 $000003a8 TestCreateProcessEx.exe finalization end
0
 
LVL 20

Expert Comment

by:Madshi
Comment Utility
Oh. So could you please check out the source code of the "TestCreateProcessEx" and compare it to your own? Why does my source code work and yours not? There must be a difference somewhere.

Thanks!
0
 

Author Comment

by:xmichen
Comment Utility
Oh,,Thank you Madshi
That looks need add full path before 'NCoolHOOK.dll'
Yes,Now every thing is ok~
thank you~:)
0
 
LVL 20

Expert Comment

by:Madshi
Comment Utility
You should not need to put the full path there, if the dll is in the same folder as your application. Is it not?
0
 

Author Comment

by:xmichen
Comment Utility
Yeah, The dll is in the same folder as my application
But I define the path in the createprocess
So, I copy my dll to that path,It load dll success!
But I can't use full path in the createprocess like this

CreateProcessEx(nil, PChar(OpenDialog.FileName),
                  nil, nil, False, 0, nil,
                  Pchar(ExtractFileDir(OpenDialog.FileName)),
                  si, pi, ExtractFileDir(Application.exename) + 'NCoolHOOK.dll');
0
 
LVL 20

Expert Comment

by:Madshi
Comment Utility
In what path is your application stored? Maybe the path can't be represented properly with an ansi string? Try to copy your application+dll to "c:\test". Does it work then?
0
 

Author Comment

by:xmichen
Comment Utility
Yeah,That's my problem
My application stored in a path with ansi string....
What can I do?
Newbie question...shy...
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 20

Expert Comment

by:Madshi
Comment Utility
Can you please describe again what the problem is in detail? I'm a bit confused. If I read through your comments I'm not sure what works and what fails and in what kind of path your files are stored... Thanks.
0
 

Author Comment

by:xmichen
Comment Utility
I am so sorry...

First, I want inject a dll into an other process
and now, My problem is how to add the dll files full path in CreateProcessEx
(With ansi string path)...
0
 
LVL 20

Expert Comment

by:Madshi
Comment Utility
I'm sorry, but you're not very clear. How does the full path look like? Please post it here. And please tell me, which files are in which folders.
0
 

Author Comment

by:xmichen
Comment Utility
Oh, It's my mistake...

My application has two file
aaa.exe and bbb.dll
the full path is: G:\oldh\vc.net\中文目录名\Naide\bin

and I the file I want hook is in  f:\testexe\ccc.exe

中文目录名  is a chinese name...
0
 
LVL 20

Expert Comment

by:Madshi
Comment Utility
I've checked my code again. You might have found a bug. Could you please try the latest version?

http://madshi.net/madCollectionBeta.exe

Does it work with the new version?
0
 

Author Comment

by:xmichen
Comment Utility
I have download that version,and rebuild my application
It still don't work....
0
 
LVL 20

Expert Comment

by:Madshi
Comment Utility
Strange thing. Can you please download this:

http://madshi.net/test.zip

Please copy it into your chinese folder and start it there. It should show the path of the dll including all the chinese characters. Does that work? Does calc appear?
0
 

Author Comment

by:xmichen
Comment Utility
Yes, That works fine, Show my full chinese path...and execute the calc...
0
 
LVL 20

Expert Comment

by:Madshi
Comment Utility
Are you sure that you downloaded the new version of my collection correctly? Please check the file "madCollection\madCodeHook\Dll\madCHook.dll". What date/time does it have? It should be:

10. december 2003, 19:46:20 (that's 7:46:20 in the evening)
0
 

Author Comment

by:xmichen
Comment Utility
The datetime is
2003-12-10, 19:46:20
0
 
LVL 20

Expert Comment

by:Madshi
Comment Utility
Can you please post your code which does not work?
0
 

Author Comment

by:xmichen
Comment Utility
 if not CreateProcessEx(nil, PChar(OpenDialog.FileName + ' -chinese),
                  nil, nil, False, 0, nil,
                  PChar(ExtractFileDir(OpenDialog.FileName)),
                  si, pi,
                  ExtractFilePath(Application.ExeName) + 'NCoolHOOK.dll') then
  begin
    if messagebox(0, 'error msg!',
                'error', MB_OK + MB_ICONERROR) = IDOK then
    begin
      // TerminateProcess(pi.hProcess, 0);
      Application.Terminate;  // 终止程序
      exit;
    end;
  end;

==============================================
Then I put m application(exe and dll) in the path:
G:\oldh\vc.net\中文目录\Naide\bin

Then run it,will give me that error msg....
0
 
LVL 20

Expert Comment

by:Madshi
Comment Utility
ExtractFilePath(Application.ExeName) doesn't work in that case. Try this:

ShowMessage(ExtractFilePath(Application.ExeName));

Then you'll see why it doesn't work. This is not the guilt of madCodeHook. Just give in the name of the dll *without* the path. That should work with the new version. Or if you want to give in the full path, you can do that, but then you have to use CreateProcessExW and full wide strings.
0
 

Author Comment

by:xmichen
Comment Utility
Oh yeah... It works fine now...
Thank you Madshi~~~~
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
Introduction Raise your hands if you were as upset with FireMonkey as I was when I discovered that there was no TListview.  I use TListView in almost all of my applications I've written, and I was not going to compromise by resorting to TStringGrid…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now