Hallo ich versuche n programm zu schreiben, dass beliebige dlls in beliebige prozesse injected. Die theorie ist mir klar und so weiter aber beim injecten der dll stürzt der betreffenden Prozess ab. Ich weiß auch an welcher Stelle das passiert, habe das im quellcode mal markiert. Die dll enthält nichts besonderes, lediglich eine message box.
Quellcode:
Quellcode:
Code:
#include <windows.h>
#include <cstdio>
#include <tlhelp32.h>
#include <iostream>
using namespace std;
typedef HINSTANCE (*fpLoadLibrary)(char*);
typedef LPVOID (*fpGetProcAddress)(HINSTANCE, char*);
typedef void (*fpFunktion)(void);
struct INJECTSTRUCT
{
fpLoadLibrary LoadLibrary;
fpGetProcAddress GetProcAddress;
char path[255];
char func[255];
};
DWORD WINAPI threadstart(LPVOID addr)
{
HINSTANCE hDll;
fpFunktion funktion;
INJECTSTRUCT * is = (INJECTSTRUCT*)addr;
hDll = is->LoadLibrary(is->path);
funktion = (fpFunktion)is->GetProcAddress(hDll, is->func);
funktion();
return 0;
}
void threadend()
{
}
bool EnableDebugPrivilege()
{
TOKEN_PRIVILEGES priv;
HANDLE hThis, hToken;
LUID luid;
hThis = GetCurrentProcess();
OpenProcessToken(hThis, TOKEN_ADJUST_PRIVILEGES, &hToken);
LookupPrivilegeValue(0, "seDebugPrivilege", &luid);
priv.PrivilegeCount = 1;
priv.Privileges[0].Luid = luid;
priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, false, &priv, 0, 0, 0);
CloseHandle(hToken);
CloseHandle(hThis);
return true;
}
void listproc()
{
HANDLE hSnap, hTemp;
PROCESSENTRY32 pe;
pe.dwSize = sizeof(PROCESSENTRY32);
//EnableDebugPrivilege();
hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(Process32First(hSnap, &pe))
{
do
{
hTemp = OpenProcess(PROCESS_ALL_ACCESS, 0, pe.th32ProcessID);
if(hTemp)
{
printf("%4d\t%s\n", pe.th32ProcessID, pe.szExeFile);
CloseHandle(hTemp);
}
}
while(Process32Next(hSnap, &pe));
}
}
int main()
{
HANDLE hProc;
LPVOID start, thread;
DWORD funcsize, written;
HINSTANCE hDll;
INJECTSTRUCT is;
DWORD id;
bool suc;
EnableDebugPrivilege();
listproc();
printf("\n\nThe dll that shall be injected needs to be in the same directory as \nDLL_Injector.exe and has to be called DLL.dll\n\n");
hDll = LoadLibrary("KERNEL32");
is.LoadLibrary = (fpLoadLibrary)GetProcAddress(hDll, "LoadLibraryA");
is.GetProcAddress = (fpGetProcAddress)GetProcAddress(hDll, "GetProcAddress");
strcpy(is.path, "DLL.dll");
strcpy(is.func, "Funktion");
funcsize = (DWORD)threadend-(DWORD)threadstart;
printf("Process ID: ");
scanf("%d", &id);
hProc = OpenProcess(PROCESS_ALL_ACCESS, false, id);
printf("Prozess Handle: %x", hProc);
start = VirtualAllocEx(hProc, 0, funcsize+sizeof(INJECTSTRUCT), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
printf("Memory: %x\n", start);
suc = WriteProcessMemory(hProc, start, (LPVOID)&is, sizeof(INJECTSTRUCT), NULL);
if(!suc)
MessageBox ( NULL, "WriteProcessMemory(hProc, start, (LPVOID)&is, sizeof(INJECTSTRUCT), NULL) failed", "DLL Injector", MB_OK);
thread = (LPVOID)((DWORD)start+sizeof(INJECTSTRUCT));
suc = WriteProcessMemory(hProc, thread, (LPVOID)threadstart, funcsize, NULL);//Hier ist wohl das Problem
if(!suc)
MessageBox ( NULL, "WriteProcessMemory(hProc, thread, (LPVOID)threadstart, funcsize, NULL) failed", "DLL Injector", MB_OK);
CreateRemoteThread(hProc, 0, 0, (LPTHREAD_START_ROUTINE)thread, start, 0, 0);
CloseHandle(hProc);
return 0;
}