Solved

CreateRemoteThread without DLL (inject function)

Posted on 2008-10-28
9
4,348 Views
Last Modified: 2013-12-14
Hi

I have reviewed some articles in internet and they are talking about DLL injection into another process, I also saw some articles about function injection with CreateRemoteThreadEx that injects a function into another process.

I want a piece of example code which will inject a thread function into notepad.exe and that thread shows messagebox each X second.

Please advice about it.

Thanks from now!
0
Comment
Question by:CSecurity
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 86

Expert Comment

by:jkr
ID: 22826928
See http://www.codeproject.com/KB/threads/winspy.aspx#section_3 ("III. The CreateRemoteThread & WriteProcessMemory Technique") which uses the latter API to avoid the creation of a separate DLL. The article comes with full source code and demo apps.
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22826944
I checked that, that is too complicated with a lot of things, I need just a MessageBox sample demo which injects a thread which only shows messagebox into notepad.exe, if possible please just show me a simple code
0
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 22826969
I am afraid it won't be any easier that described in these 10 steps from that article:

   1. Retrieve a HANDLE to the remote process (OpenProces).
   2. Allocate memory in the remote process's address space for injected data (VirtualAllocEx).
   3. Write a copy of the initialised INJDATA structure to the allocated memory (WriteProcessMemory).
   4. Allocate memory in the remote process's address space for injected code.
   5. Write a copy of ThreadFunc to the allocated memory.
   6. Start the remote copy of ThreadFunc via CreateRemoteThread.
   7. Wait until the remote thread terminates (WaitForSingleObject).
   8. Retrieve the result from the remote process (ReadProcessMemory or GetExitCodeThread).
   9. Free the memory allocated in Steps #2 and #4 (VirtualFreeEx).
  10. Close the handles retrieved in Steps #6 and #1 (CloseHandle).
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Expert Comment

by:RishadanPort
ID: 22826994
I found this article, which shows an indepth look at DLL Injection. It also shows some sample code. I am not sure if it will help you.

http://bluenotch.com/files/Shewmaker-DLL-Injection.pdf
0
 
LVL 6

Expert Comment

by:RishadanPort
ID: 22826997
p8 shows it using a MessageBox
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22827330
I injected my function but I get exception when my thread exits
Rishadan, I don't want DLL Injection, I want thread/function injection
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22827378


I attached my code, just replace PID manually with notepad.exe 's PID in this line:

hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, false, 3728);

Please rename test.txt to Test.cpp, open it in MS VC++ 6.

Please tell me what's wrong in the code
Test.txt
0
 
LVL 86

Expert Comment

by:jkr
ID: 22871974
May I ask why you graded that as a 'C'?
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22873644
No solution, just a comment provided, I solved task and problem myself
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many modern programming languages support the concept of a property -- a class member that combines characteristics of both a data member and a method.  These are sometimes called "smart fields" because you can add logic that is applied automaticall‚Ķ
This is a short and sweet, but (hopefully) to the point article. There seems to be some fundamental misunderstanding about the function prototype for the "main" function in C and C++, more specifically what type this function should return. I see so…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question