Solved

About MadShi's InjectLibrarySession

Posted on 2003-12-06
28
446 Views
Last Modified: 2010-04-05
// same as InjectLibrary(CURRENT_SESSION), but you can specify the target session
function InjectLibrarySession (session         : dword;
                               systemProcesses : bool;
                               libFileName     : string;
                               timeOut         : dword = 7000) : boolean;

How to get an other process's session?
I want inject a dll into an other process(not system wide, just inject that specific process)
Please give me an sample code...thanks~~
0
Comment
Question by:xmichen
  • 15
  • 13
28 Comments
 

Author Comment

by:xmichen
ID: 9888650
This is my code,But don't work:(

CreateProcess(nil, PChar(OpenDialog.FileName),
                  nil, nil, False, CREATE_SUSPENDED, nil,
                  Pchar(ExtractFileDir(OpenDialog.FileName)),
                  si, pi);

InjectLibrarySession(pi.hProcess, False, 'NCoolHOOK.dll');

ResumeThread(pi.hThread);
0
 
LVL 20

Expert Comment

by:Madshi
ID: 9891714
Forget about InjectLibrarySession. It's for injecting into different *terminal server sessions*. That's not what you want to do. Simply call:

InjectLibrary(pi.hProcess, 'NCoolHOOK.dll');

Or when you've started the process yourself, you can replace the CreateProcess + InjectLibrary call by using CreateProcessEx instead.
0
 

Author Comment

by:xmichen
ID: 9891837
I have change my code to

  CreateProcessEx(nil, PChar(OpenDialog.FileName),
                  nil, nil, False, CREATE_SUSPENDED, nil,
                  Pchar(ExtractFileDir(OpenDialog.FileName)),
                  si, pi, 'NCoolHOOK.dll');
  ResumeThread(pi.hThread);

but still don't work:(

I use
InjectLibrary((ALL_SESSIONS or SYSTEM_PROCESSES), 'NCoolHOOK.dll');
it works fine...
But I only want inject my dll to specific process
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:xmichen
ID: 9891846
I have tried InjectLibrary(pi.hProcess, 'NCoolHOOK.dll'); still don't work....
0
 
LVL 20

Expert Comment

by:Madshi
ID: 9892858
About which OS are we talking?
0
 

Author Comment

by:xmichen
ID: 9894722
My OS is Windows XP
0
 
LVL 20

Accepted Solution

by:
Madshi earned 20 total points
ID: 9902830
Could you please do the following test?

(1) Create an empty file "c:\madCodeHook.txt".
(2) Download and extract http://madshi.net/SoffChen.zip
(3) Start the executable.
(4) Post what the message box sais here.
(5) Post the content of the "c:\madCodeHook.txt" file here.

Thanks!
0
 

Author Comment

by:xmichen
ID: 9910226
The message box said:"success!"

c:\madCodeHook.txt
=========================================================

14:42:43-566 $000003a8 TestCreateProcessEx.exe initialization begin
14:42:43-566 $000003a8 TestCreateProcessEx.exe initialization end
14:42:43-566 $000003a8 TestCreateProcessEx.exe CreateProcessEx (lib: empty.dll)
14:42:43-606 $000003a8 TestCreateProcessEx.exe GetCallingModule
14:42:43-616 $000003a8 TestCreateProcessEx.exe GetCallingModule -> $400000
14:42:43-616 $000003a8 TestCreateProcessEx.exe InjectLibraryX (process: ph:$44;pid:notepad.exe; lib: empty.dll; timeOut: 4294967295)
14:42:43-686 $000003a8 TestCreateProcessEx.exe CheckLibFilePath (lib: empty.dll)
14:42:43-686 $000003a8 TestCreateProcessEx.exe CheckLibFilePath (lib -> D:\SoffChen\empty.dll) -> +
14:42:43-706 $000003a8 TestCreateProcessEx.exe DoInject (process: ph:$44;pid:notepad.exe)
14:42:43-716 $000003a8 TestCreateProcessEx.exe InjectLibraryPatch (process: ph:$44;pid:notepad.exe)
14:42:43-716 $000003a8 TestCreateProcessEx.exe NotInitializedYet (1) +
14:42:43-726 $000003a8 TestCreateProcessEx.exe GetExeModuleInfos +
14:42:43-736 $000003a8 TestCreateProcessEx.exe FindLdrLoadStub: $77f55418
14:42:43-736 $000003a8 TestCreateProcessEx.exe InjectMagic +
14:42:43-746 $000003a8 TestCreateProcessEx.exe llh.proc: $5e000000
14:42:43-756 $000003a8 TestCreateProcessEx.exe InjectLibraryPatch (process: ph:$44;pid:notepad.exe) -> 2
14:42:43-766 $000003a8 TestCreateProcessEx.exe DoInject (process: ph:$44;pid:notepad.exe) -> +
14:42:43-776 $000003a8 TestCreateProcessEx.exe InjectLibraryX (process: ph:$44;pid:notepad.exe; lib: empty.dll; timeOut: 4294967295) -> +
14:42:43-786 $000003a8 TestCreateProcessEx.exe CreateProcessEx (lib: empty.dll) -> +
14:43:51-605 $000003a8 TestCreateProcessEx.exe finalization begin
14:43:51-625 $000003a8 TestCreateProcessEx.exe AutoUnhook (module: $ffffffff; wait: -)
14:43:51-625 $000003a8 TestCreateProcessEx.exe AutoUnhook (module: $ffffffff; wait: -) -> +
14:43:51-635 $000003a8 TestCreateProcessEx.exe finalization end
0
 
LVL 20

Expert Comment

by:Madshi
ID: 9910320
Oh. So could you please check out the source code of the "TestCreateProcessEx" and compare it to your own? Why does my source code work and yours not? There must be a difference somewhere.

Thanks!
0
 

Author Comment

by:xmichen
ID: 9910605
Oh,,Thank you Madshi
That looks need add full path before 'NCoolHOOK.dll'
Yes,Now every thing is ok~
thank you~:)
0
 
LVL 20

Expert Comment

by:Madshi
ID: 9910649
You should not need to put the full path there, if the dll is in the same folder as your application. Is it not?
0
 

Author Comment

by:xmichen
ID: 9911578
Yeah, The dll is in the same folder as my application
But I define the path in the createprocess
So, I copy my dll to that path,It load dll success!
But I can't use full path in the createprocess like this

CreateProcessEx(nil, PChar(OpenDialog.FileName),
                  nil, nil, False, 0, nil,
                  Pchar(ExtractFileDir(OpenDialog.FileName)),
                  si, pi, ExtractFileDir(Application.exename) + 'NCoolHOOK.dll');
0
 
LVL 20

Expert Comment

by:Madshi
ID: 9911624
In what path is your application stored? Maybe the path can't be represented properly with an ansi string? Try to copy your application+dll to "c:\test". Does it work then?
0
 

Author Comment

by:xmichen
ID: 9912804
Yeah,That's my problem
My application stored in a path with ansi string....
What can I do?
Newbie question...shy...
0
 
LVL 20

Expert Comment

by:Madshi
ID: 9912846
Can you please describe again what the problem is in detail? I'm a bit confused. If I read through your comments I'm not sure what works and what fails and in what kind of path your files are stored... Thanks.
0
 

Author Comment

by:xmichen
ID: 9913314
I am so sorry...

First, I want inject a dll into an other process
and now, My problem is how to add the dll files full path in CreateProcessEx
(With ansi string path)...
0
 
LVL 20

Expert Comment

by:Madshi
ID: 9913355
I'm sorry, but you're not very clear. How does the full path look like? Please post it here. And please tell me, which files are in which folders.
0
 

Author Comment

by:xmichen
ID: 9914383
Oh, It's my mistake...

My application has two file
aaa.exe and bbb.dll
the full path is: G:\oldh\vc.net\中文目录名\Naide\bin

and I the file I want hook is in  f:\testexe\ccc.exe

中文目录名  is a chinese name...
0
 
LVL 20

Expert Comment

by:Madshi
ID: 9914815
I've checked my code again. You might have found a bug. Could you please try the latest version?

http://madshi.net/madCollectionBeta.exe

Does it work with the new version?
0
 

Author Comment

by:xmichen
ID: 9914917
I have download that version,and rebuild my application
It still don't work....
0
 
LVL 20

Expert Comment

by:Madshi
ID: 9915240
Strange thing. Can you please download this:

http://madshi.net/test.zip

Please copy it into your chinese folder and start it there. It should show the path of the dll including all the chinese characters. Does that work? Does calc appear?
0
 

Author Comment

by:xmichen
ID: 9915276
Yes, That works fine, Show my full chinese path...and execute the calc...
0
 
LVL 20

Expert Comment

by:Madshi
ID: 9915392
Are you sure that you downloaded the new version of my collection correctly? Please check the file "madCollection\madCodeHook\Dll\madCHook.dll". What date/time does it have? It should be:

10. december 2003, 19:46:20 (that's 7:46:20 in the evening)
0
 

Author Comment

by:xmichen
ID: 9915417
The datetime is
2003-12-10, 19:46:20
0
 
LVL 20

Expert Comment

by:Madshi
ID: 9915450
Can you please post your code which does not work?
0
 

Author Comment

by:xmichen
ID: 9915499
 if not CreateProcessEx(nil, PChar(OpenDialog.FileName + ' -chinese),
                  nil, nil, False, 0, nil,
                  PChar(ExtractFileDir(OpenDialog.FileName)),
                  si, pi,
                  ExtractFilePath(Application.ExeName) + 'NCoolHOOK.dll') then
  begin
    if messagebox(0, 'error msg!',
                'error', MB_OK + MB_ICONERROR) = IDOK then
    begin
      // TerminateProcess(pi.hProcess, 0);
      Application.Terminate;  // 终止程序
      exit;
    end;
  end;

==============================================
Then I put m application(exe and dll) in the path:
G:\oldh\vc.net\中文目录\Naide\bin

Then run it,will give me that error msg....
0
 
LVL 20

Expert Comment

by:Madshi
ID: 9915611
ExtractFilePath(Application.ExeName) doesn't work in that case. Try this:

ShowMessage(ExtractFilePath(Application.ExeName));

Then you'll see why it doesn't work. This is not the guilt of madCodeHook. Just give in the name of the dll *without* the path. That should work with the new version. Or if you want to give in the full path, you can do that, but then you have to use CreateProcessExW and full wide strings.
0
 

Author Comment

by:xmichen
ID: 9915738
Oh yeah... It works fine now...
Thank you Madshi~~~~
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question