Solved

DLL Injection - beginner, but nice problem !

Posted on 2013-05-31
2
1,485 Views
Last Modified: 2013-06-01
Hi Experts

I need to inject my code into another process's address space somehow, because I want to detect when a process wants to create a new window and to quickly grab the handle of that window be4 it is created !

Now I know there are 2 methods : Dll injecting ( creating a DLL and injecting it ?) and CreateRemoteThread & WriteProcessMemory ( which doesn't requires any DLL? )

I don't know too good whats all about all of this, atleast I know how to use APIs and Im coding in AutoIt :)

Could someone forward me on a good way - write some summary steps by steps I need to do, or atleast to tell me whether is hard to do what I want? Thankyou soo much experts !!
0
Comment
Question by:AlexMert
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39212468
in general for dll injection, the dll is your remote sensor to listen in and signal when to act on certain trigger. This is one nice article - http://newgre.net/node/4

Typically it is creating the process in suspend mode, or enumerate running process and stop at the targeted process id or szExeFile. The key part is as you stated, based on targeted  process (in control), in its address memory space you inject the DLL, as follow
(1) get the location of the loadlibrary (LoadLibPTR),
(2) allocate sufficient memory space for your DLL (return youDLLaddressPtr),
(3) write in your DLL into the memory space allocated
(4) trigger your DLL loading using CreateRemoteThread with param LoadLibPTR and youDLLaddressPtr

http://resources.infosecinstitute.com/using-createremotethread-for-dll-injection-on-windows/
http://www.codeproject.com/Articles/20084/A-More-Complete-DLL-Injection-Solution-Using-Creat

There are other method like AppInit_DLLs and SetWindowsHookEx. Microsoft Detour library is another - primarily API hooking

I am not into AutoIT but this seems to suggest some code working ( By Shaggi)
http://www.autoitscript.com/forum/topic/137521-injecting-a-dll/

I suspect "CreateWindow" function (inside "user32.dll")  is the one of interest and probaby going simply for SetWindowsHookEx suffice. belos is an old old article describing overall and may be useful...
http://www.codeproject.com/Articles/2082/API-hooking-revealed
0
 

Author Comment

by:AlexMert
ID: 39213088
Could I pay someone to code this ? Thankyou
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Is there any way to copy all SSRS reports/datasets/data sources  to new server? 3 62
Advice in Xamarin 21 79
Android development question 2 37
Help Required 3 97
A short article about a problem I had getting the GPS LocationListener working.
Computer science students often experience many of the same frustrations when going through their engineering courses. This article presents seven tips I found useful when completing a bachelors and masters degree in computing which I believe may he…
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question