|
You last visited: Today at 06:46
Advertisement
InjectDll UDF
Discussion on InjectDll UDF within the AutoIt forum part of the Coders Den category.
02/12/2011, 00:56
|
#1
|
elite*gold: 0
Join Date: Mar 2009
Posts: 7,260
Received Thanks: 33,147
|
InjectDll UDF
Code:
;=================================================================================================
; Function: _InjectDll($processId, $dllPath)
; Description: Injects a .dll into a running program.
; Return Value(s): On Success - Returns true
; On Failure - Returns false
; @Error - 0 = No error.
; 1 = Invalid ProcessId
; 2 = File does not exist
; 3 = File is not a .dll (invalid file)
; 4 = Failed to open 'Advapi32.dll'
; 5 = Failed to get the full path
; 6 = Failed to open the process
; 7 = Failed to call 'GetModuleHandle'
; 8 = Failed to call 'GetProcAddress'
; 9 = Failed to call 'VirtualAllocEx'
; 10 = Failed to write the memory
; 11 = Failed to create the 'RemoteThread'
; Author(s): KDeluxe
;=================================================================================================
Func _InjectDll($processId, $dllPath)
If ProcessExists($processId) == 0 Then Return SetError(1, "", False)
If Not FileExists($dllPath) Then Return SetError(2, "", False)
If Not StringRight($dllPath, 4) == ".dll" Then Return SetError(3, "", False)
$dllKernel32 = DllOpen("Kernel32.dll")
If @error Then Return SetError(4, "", False)
$dllPathStruct = DllStructCreate("char[255]")
DllCall($dllKernel32, "DWORD", "GetFullPathNameA", "str", $dllPath, "DWORD", 255, "ptr", DllStructGetPtr($dllPathStruct), "int", 0)
If @error Then Return SetError(5, "", False)
$PROCESS_ALL_ACCESS = 0x001F0FFF
If @OSBuild >= 6000 Then $PROCESS_ALL_ACCESS = BitOR($PROCESS_ALL_ACCESS, 0xF000)
$process = DllCall($dllKernel32, "DWORD", "OpenProcess", "DWORD", $PROCESS_ALL_ACCESS, "int", 0, "DWORD", $processId)
If @error Then Return SetError(6, "", False)
$module = DllCall($dllKernel32, "DWORD", "GetModuleHandleA", "str", "kernel32.dll")
If @error Then Return SetError(7, "", False)
$startAddress = DllCall($dllKernel32, "DWORD", "GetProcAddress", "DWORD", $module[0], "str", "LoadLibraryA")
If @error Then Return SetError(8, "", False)
$parameter = DllCall($dllKernel32, "DWORD", "VirtualAllocEx", "int", $process[0], "int", 0, "ULONG_PTR", DllStructGetSize($dllPathStruct), "DWORD", 0x3000, "int", 4)
If @error Then Return SetError(9, "", False)
DllCall($dllKernel32, "BOOL", "WriteProcessMemory", "int", $process[0], "DWORD", $parameter[0], "str", DllStructGetData($dllPathStruct, 1), "ULONG_PTR", DllStructGetSize($dllPathStruct), "int", 0)
If @error Then Return SetError(10, "", False)
DllCall($dllKernel32, "int", "CreateRemoteThread", "DWORD", $process[0], "int", 0, "int", 0, "DWORD", $startAddress[0], "DWORD", $parameter[0], "int", 0, "int", 0)
If @error Then Return SetError(11, "", False)
DllCall($dllKernel32, "BOOL", "CloseHandle", "DWORD", $process[0])
DllClose($dllKernel32)
Return SetError(0, "", True)
EndFunc
|
|
|
02/12/2011, 09:51
|
#2
|
elite*gold: 0
Join Date: Sep 2010
Posts: 487
Received Thanks: 196
|
nicht das ich jz nerve aber eine inject udf gibts schon in einem anderen autoit forum
aber trotzdem,nicht jeder findet sie und gut das das hier gepostet wird
ps. Download geht bei mir nicht.
|
|
|
02/12/2011, 11:57
|
#3
|
elite*gold: 0
Join Date: Mar 2009
Posts: 7,260
Received Thanks: 33,147
|
Quote:
Originally Posted by KillerDeluxe
Es gibt zwar schon UDFs für das injizieren von .dlls, aber ich kenne niemanden, bei dem diese auch funktionieren.
|
Mein Grund, weshalb ich diese UDF erstellt habe, steht schon in der 1. Zeile.
Die Datei wurde gelöscht, ich hab sie aber wie hoch geladen.
|
|
|
02/12/2011, 13:52
|
#4
|
elite*gold: 2
Join Date: Mar 2008
Posts: 1,778
Received Thanks: 1,222
|
Quote:
Es gibt zwar schon UDFs für das injizieren von .dlls, aber ich kenne niemanden, bei dem diese auch funktionieren.
|
Bei mir funktioniert diese:
Code:
#include-once
; #INDEX# =======================================================================================================================
; Title .........: Inject UDF library for AutoIt v3
; AutoIt Version : 3.3.4, Inject.au3 v 1.1 (1/2/2010)
; Language ......: English
; Description ...: Functions for getting process information and for in/ejecting a .dll file into/off a process
; Requirements ..: NomadMemory.au3, Memory.au3, WinAPI.au3, Kernel32.dll ;Script has to be compiled in x86 Mode ;#RequireAdmin
; Author(s) .....: Deathly Assassin (http://www.*************)
; ===============================================================================================================================
; #REQUIRED INCLUDES# ===========================================================================================================
#include <Memory.au3>
#include <WinAPI.au3>
#include <NomadMemory.au3>
; ===============================================================================================================================
; #CURRENT# =====================================================================================================================
;_InjectAttachDll
;_InjectDetachDllEx
;_InjectDetachDll
;_InjectModulInfo
; ===============================================================================================================================
; #FUNCTION# ====================================================================================================================
; Name...........: _InjectAttachDll
; Description ...: Injects a .dll file into a process
; Syntax.........: _InjectAttachDll($sPath, $PID)
; Parameters ....: $sPath - Path and filename of the .dll file to be injected
; $PID - A process identifier
; Return values .: Success - Returns hModule of the injected dll
; Failure - Returns @Error of the failed function and sets @Error:
; |@error = 1 - _MemoryOpen failed -> $PID might be wrong
; |@error = 2 - _MemoryWrite failed -> "SeDebugPrivilege" might not have been set. #RequireAdmin might solve this problem / $sPath might not have been found
; |@error = 3 - DllOpen failed -> kernel32.dll might not have been found
; |@error = 4 - GetExitCodeThread failed
; Author ........: Deathly Assassin (http://www.*************)
; Modified.......:
; Remarks .......:
; Related .......:
; Link ..........:
; Example .......: Yes
; ===============================================================================================================================
Func _InjectAttachDll($PID, $sPath)
Local $hRemote, $iLen = StringLen($sPath), $hProcess, $pAllocAdresse, $vError, $hOpen, $pLoadLibraryA, $vStruct
SetPrivilege("SeDebugPrivilege", 1)
SetError(0)
$hProcess = _MemoryOpen($PID)
$vError = @error
If $vError Then
SetError(1)
Return $vError
EndIf
$pAllocAdresse = _MemVirtualAllocEx($hProcess[1], 0, $iLen + 1, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)
_MemoryWrite($pAllocAdresse, $hProcess, $sPath, 'char[' & $iLen & ']')
$vError = @error
If $vError Then
SetError(2)
Return $vError
EndIf
$hOpen = DllOpen("Kernel32.dll")
$vError = @error
If $vError Then
SetError(3)
Return $vError
EndIf
$pLoadLibraryA = DllCall($hOpen, "HANDLE", "GetProcAddress", "HANDLE", _WinAPI_GetModuleHandle("kernel32.dll"), "str", "LoadLibraryA")
$hRemote = DllCall($hOpen, "HANDLE", "CreateRemoteThread", "HANDLE", $hProcess[1], "ptr", 0, "ptr", 0, "ptr", $pLoadLibraryA[0], "ptr", $pAllocAdresse, "DWORD", 0, "ptr", 0)
_WinAPI_WaitForSingleObject($hRemote[0])
$vStruct = DllStructCreate("HANDLE;")
DllCall($hOpen, "BOOL", "GetExitCodeThread", "HANDLE", $hRemote[0], "ptr", DllStructGetPtr($vStruct, 1))
$vError = DllStructGetData($vStruct, 1)
DllClose($hOpen)
_MemVirtualFreeEx($hProcess, $pAllocAdresse, $iLen, $MEM_DECOMMIT)
_MemoryClose($hProcess)
If $vError = False Then
SetError(4)
Return $vError
EndIf
Return $vError
EndFunc ;==>_InjectAttachDll
; #FUNCTION# ====================================================================================================================
; Name...........: _InjectDetachDllEx
; Description ...: Ejects a .dll file off a process
; Syntax.........: _InjectDetachDllEx($hModule, $PID)
; Parameters ....: $hModule - hModule of the dll to be ejected
; $PID - A process identifier
; Return values .: Success - Returns True
; Failure - Returns @Error of the failed function and sets @Error:
; |@error = 1 - _MemoryOpen failed -> $PID might be wrong
; |@error = 2 - DllOpen failed -> kernel32.dll might not have been found
; |@error = 3 - GetExitCodeThread failed -> "SeDebugPrivilege" might not have been set. #RequireAdmin might solve this problem
; Author ........: Deathly Assassin (http://www.*************)
; Modified.......:
; Remarks .......:
; Related .......:
; Link ..........:
; Example .......: Yes
; ===============================================================================================================================
Func _InjectDetachDllEx($PID, $hModule)
Local $hRemote, $hProcess, $vError, $hOpen, $pFreeLibrary, $vStruct
SetPrivilege("SeDebugPrivilege", 1)
SetError(0)
$hProcess = _MemoryOpen($PID)
$vError = @error
If $vError Then
SetError(1)
Return $vError
EndIf
$hOpen = DllOpen("Kernel32.dll")
$vError = @error
If $vError Then
SetError(2)
Return $vError
EndIf
$pFreeLibrary = DllCall($hOpen, "HANDLE", "GetProcAddress", "HANDLE", _WinAPI_GetModuleHandle("kernel32.dll"), "str", "FreeLibrary")
$hRemote = DllCall($hOpen, "HANDLE", "CreateRemoteThread", "HANDLE", $hProcess[1], "int", 0, "int", 0, "DWORD", $pFreeLibrary[0], "ptr", $hModule, "DWORD", 0, "DWORD*", 0)
_WinAPI_WaitForSingleObject($hRemote[0])
$vStruct = DllStructCreate("BOOL;")
$vError = DllCall($hOpen, "BOOL", "GetExitCodeThread", "HANDLE", $hRemote[0], "ptr", DllStructGetPtr($vStruct, 1))
$vError = DllStructGetData($vStruct, 1)
DllClose($hOpen)
_MemoryClose($hProcess)
If $vError = False Then
SetError(3)
Return $vError
EndIf
Return $vError
EndFunc ;==>_InjectDetachDllEx
; #FUNCTION# ====================================================================================================================
; Name...........: _InjectDetachDll
; Description ...: Ejects a .dll file off a process
; Syntax.........: _InjectDetachDll($sPath, $PID)
; Parameters ....: $sPath - Path of the dll to be ejected
; $PID - A process identifier
; Return values .: Success - Returns True
; Failure - Returns -1 and sets @Error or -1 / Returns the return of _InjectDetachDllEx and sets _InjectDetachDllEx's @Error
; |@error = -1 - _InjectModulInfo failed -> Return=1:Wrong PID; Return=2:DllOpen failed -> kernel32.dll might not have been found
; |@error = -2 - Modul wasn't found
; Author ........: Deathly Assassin (http://www.*************)
; Modified.......:
; Remarks .......:
; Related .......:
; Link ..........:
; Example .......: Yes
; ===============================================================================================================================
Func _InjectDetachDll($sPath, $PID)
Local $aArray, $i, $vError
$aArray = _InjectModulInfo($PID)
$vError = @error
If $vError Then
SetError(-1)
Return $vError
EndIf
For $i = 0 To UBound($aArray) - 1
If $aArray[$i][9] = $sPath Then
Return _InjectDetachDllEx($aArray[$i][7], $PID)
EndIf
Next
SetError(-2)
Return -1
EndFunc ;==>_InjectDetachDll
; #FUNCTION# ====================================================================================================================
; Name...........: _InjectModulInfo
; Description ...: Returns information about every modul in the specified process
; Syntax.........: _InjectModulInfo($PID)
; Parameters ....: $PID - A process identifier
; Return values .: Success - Returns an 2d array with the modules and there information
; Failure - Returns -1 and sets @Error:
; |@error = 1 - Wrong PID
; |@error = 2 - DllOpen failed -> kernel32.dll might not have been found
; Author ........: Deathly Assassin (http://www.*************)
; Modified.......:
; Remarks .......:
; Related .......:
; Link ..........:
; Example .......: Yes
; ===============================================================================================================================
Func _InjectModulInfo($PID)
Local $hModule, $hSnapshot, $hOpen, $iCount = 0, $aArray[1][10], $i, $vMODULEENTRY32, $vNext
If Not ProcessExists($PID) Then
SetError(1)
Return -1
EndIf
SetPrivilege("SeDebugPrivilege", 1)
$hOpen = DllOpen("Kernel32.dll")
If @error Then
SetError(2)
Return -1
EndIf
$vMODULEENTRY32 = DllStructCreate("DWORD dwSize; DWORD th32ModuleID; DWORD th32ProcessID; DWORD GlblcntUsage; DWORD ProccntUsage; ptr modBaseAddr; DWORD modBaseSize; HANDLE hModule; CHAR szModule[256]; CHAR szExePath[260];")
DllStructSetData($vMODULEENTRY32, 1, DllStructGetSize($vMODULEENTRY32))
$hSnapshot = DllCall($hOpen, "HANDLE", "CreateToolhelp32Snapshot", "DWORD", 8, "DWORD", $PID)
DllCall($hOpen, "BOOL", "Module32First", "HANDLE", $hSnapshot[0], "ptr", DllStructGetPtr($vMODULEENTRY32))
Do
ReDim $aArray[$iCount + 1][10]
For $i = 1 To 10
$aArray[$iCount][$i - 1] = DllStructGetData($vMODULEENTRY32, $i)
Next
$iCount += 1
$vNext = DllCall($hOpen, "BOOL", "Module32Next", "HANDLE", $hSnapshot[0], "ptr", DllStructGetPtr($vMODULEENTRY32))
Until Not $vNext[0]
DllClose($hOpen)
Return $aArray
EndFunc ;==>_InjectModulInfo
|
|
|
All times are GMT +2. The time now is 06:46.
|
|