Solved

DLL Injection - beginner, but nice problem !

Posted on 2013-05-31
2
1,520 Views
Last Modified: 2013-06-01
Hi Experts

I need to inject my code into another process's address space somehow, because I want to detect when a process wants to create a new window and to quickly grab the handle of that window be4 it is created !

Now I know there are 2 methods : Dll injecting ( creating a DLL and injecting it ?) and CreateRemoteThread & WriteProcessMemory ( which doesn't requires any DLL? )

I don't know too good whats all about all of this, atleast I know how to use APIs and Im coding in AutoIt :)

Could someone forward me on a good way - write some summary steps by steps I need to do, or atleast to tell me whether is hard to do what I want? Thankyou soo much experts !!
0
Comment
Question by:AlexMert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39212468
in general for dll injection, the dll is your remote sensor to listen in and signal when to act on certain trigger. This is one nice article - http://newgre.net/node/4

Typically it is creating the process in suspend mode, or enumerate running process and stop at the targeted process id or szExeFile. The key part is as you stated, based on targeted  process (in control), in its address memory space you inject the DLL, as follow
(1) get the location of the loadlibrary (LoadLibPTR),
(2) allocate sufficient memory space for your DLL (return youDLLaddressPtr),
(3) write in your DLL into the memory space allocated
(4) trigger your DLL loading using CreateRemoteThread with param LoadLibPTR and youDLLaddressPtr

http://resources.infosecinstitute.com/using-createremotethread-for-dll-injection-on-windows/
http://www.codeproject.com/Articles/20084/A-More-Complete-DLL-Injection-Solution-Using-Creat

There are other method like AppInit_DLLs and SetWindowsHookEx. Microsoft Detour library is another - primarily API hooking

I am not into AutoIT but this seems to suggest some code working ( By Shaggi)
http://www.autoitscript.com/forum/topic/137521-injecting-a-dll/

I suspect "CreateWindow" function (inside "user32.dll")  is the one of interest and probaby going simply for SetWindowsHookEx suffice. belos is an old old article describing overall and may be useful...
http://www.codeproject.com/Articles/2082/API-hooking-revealed
0
 

Author Comment

by:AlexMert
ID: 39213088
Could I pay someone to code this ? Thankyou
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This is about my first experience with programming Arduino.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question