Solved

CreateRemoteThread without DLL (inject function)

Posted on 2008-10-28
9
4,135 Views
Last Modified: 2013-12-14
Hi

I have reviewed some articles in internet and they are talking about DLL injection into another process, I also saw some articles about function injection with CreateRemoteThreadEx that injects a function into another process.

I want a piece of example code which will inject a thread function into notepad.exe and that thread shows messagebox each X second.

Please advice about it.

Thanks from now!
0
Comment
Question by:CSecurity
  • 4
  • 3
  • 2
9 Comments
 
LVL 86

Expert Comment

by:jkr
Comment Utility
See http://www.codeproject.com/KB/threads/winspy.aspx#section_3 ("III. The CreateRemoteThread & WriteProcessMemory Technique") which uses the latter API to avoid the creation of a separate DLL. The article comes with full source code and demo apps.
0
 
LVL 17

Author Comment

by:CSecurity
Comment Utility
I checked that, that is too complicated with a lot of things, I need just a MessageBox sample demo which injects a thread which only shows messagebox into notepad.exe, if possible please just show me a simple code
0
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
Comment Utility
I am afraid it won't be any easier that described in these 10 steps from that article:

   1. Retrieve a HANDLE to the remote process (OpenProces).
   2. Allocate memory in the remote process's address space for injected data (VirtualAllocEx).
   3. Write a copy of the initialised INJDATA structure to the allocated memory (WriteProcessMemory).
   4. Allocate memory in the remote process's address space for injected code.
   5. Write a copy of ThreadFunc to the allocated memory.
   6. Start the remote copy of ThreadFunc via CreateRemoteThread.
   7. Wait until the remote thread terminates (WaitForSingleObject).
   8. Retrieve the result from the remote process (ReadProcessMemory or GetExitCodeThread).
   9. Free the memory allocated in Steps #2 and #4 (VirtualFreeEx).
  10. Close the handles retrieved in Steps #6 and #1 (CloseHandle).
0
 
LVL 6

Expert Comment

by:RishadanPort
Comment Utility
I found this article, which shows an indepth look at DLL Injection. It also shows some sample code. I am not sure if it will help you.

http://bluenotch.com/files/Shewmaker-DLL-Injection.pdf
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 6

Expert Comment

by:RishadanPort
Comment Utility
p8 shows it using a MessageBox
0
 
LVL 17

Author Comment

by:CSecurity
Comment Utility
I injected my function but I get exception when my thread exits
Rishadan, I don't want DLL Injection, I want thread/function injection
0
 
LVL 17

Author Comment

by:CSecurity
Comment Utility


I attached my code, just replace PID manually with notepad.exe 's PID in this line:

hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, false, 3728);

Please rename test.txt to Test.cpp, open it in MS VC++ 6.

Please tell me what's wrong in the code
Test.txt
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
May I ask why you graded that as a 'C'?
0
 
LVL 17

Author Comment

by:CSecurity
Comment Utility
No solution, just a comment provided, I solved task and problem myself
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

IntroductionThis article is the second in a three part article series on the Visual Studio 2008 Debugger.  It provides tips in setting and using breakpoints. If not familiar with this debugger, you can find a basic introduction in the EE article loc…
This is a short and sweet, but (hopefully) to the point article. There seems to be some fundamental misunderstanding about the function prototype for the "main" function in C and C++, more specifically what type this function should return. I see so…
The goal of this video is to provide viewers with basic examples to understand and use conditional statements in the C programming language.
The viewer will learn how to use and create new code templates in NetBeans IDE 8.0 for Windows.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now