Solved

DLL Injection - beginner, but nice problem !

Posted on 2013-05-31
2
1,459 Views
Last Modified: 2013-06-01
Hi Experts

I need to inject my code into another process's address space somehow, because I want to detect when a process wants to create a new window and to quickly grab the handle of that window be4 it is created !

Now I know there are 2 methods : Dll injecting ( creating a DLL and injecting it ?) and CreateRemoteThread & WriteProcessMemory ( which doesn't requires any DLL? )

I don't know too good whats all about all of this, atleast I know how to use APIs and Im coding in AutoIt :)

Could someone forward me on a good way - write some summary steps by steps I need to do, or atleast to tell me whether is hard to do what I want? Thankyou soo much experts !!
0
Comment
Question by:AlexMert
2 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 39212468
in general for dll injection, the dll is your remote sensor to listen in and signal when to act on certain trigger. This is one nice article - http://newgre.net/node/4

Typically it is creating the process in suspend mode, or enumerate running process and stop at the targeted process id or szExeFile. The key part is as you stated, based on targeted  process (in control), in its address memory space you inject the DLL, as follow
(1) get the location of the loadlibrary (LoadLibPTR),
(2) allocate sufficient memory space for your DLL (return youDLLaddressPtr),
(3) write in your DLL into the memory space allocated
(4) trigger your DLL loading using CreateRemoteThread with param LoadLibPTR and youDLLaddressPtr

http://resources.infosecinstitute.com/using-createremotethread-for-dll-injection-on-windows/
http://www.codeproject.com/Articles/20084/A-More-Complete-DLL-Injection-Solution-Using-Creat

There are other method like AppInit_DLLs and SetWindowsHookEx. Microsoft Detour library is another - primarily API hooking

I am not into AutoIT but this seems to suggest some code working ( By Shaggi)
http://www.autoitscript.com/forum/topic/137521-injecting-a-dll/

I suspect "CreateWindow" function (inside "user32.dll")  is the one of interest and probaby going simply for SetWindowsHookEx suffice. belos is an old old article describing overall and may be useful...
http://www.codeproject.com/Articles/2082/API-hooking-revealed
0
 

Author Comment

by:AlexMert
ID: 39213088
Could I pay someone to code this ? Thankyou
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

This article will show, step by step, how to integrate R code into a R Sweave document
This is an explanation of a simple data model to help parse a JSON feed
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now