Quote:
Originally Posted by -Shunsui-
Do you happen to know what's causing it ? or what fixes it in the injector? Because i already got a "working injector" but noticed no difference from mines.
|
I suggest you use this way of injecting your DLL:
1. CreateProcess with the CREATE_SUSPENDED flag.
2. Get the main thread's context by using GetThreadContext and the hThread of the PROCESS_INFORMATION structure.
3. Get the address of Kernel32.LoadLibraryA (or LoadLibraryW, whatever)
4. Allocate memory in the target process using VirtualAllocEx and write the path of the DLL you want to inject to the allocated memory
5. Create your custom DLL loading asm code inside the process using VirtualAllocEx + WriteProcessMemory. The custom DLL injecting code should look something like
Code:
push entryPoint // Get this using GetThreadContext - the CONTEXT structure contains the value of the EIP register
pushfd // To preserve the flags
pushad // To preserve the registers
push dllPathAddress // The one you allocated and wrote into memory earlier in step 4
mov eax, loadLibraryAddress // LoadLibraryA/W address from step 3
call eax // Loads the LoadLibrary function -> Your DLL
popad // Restore registers
popfd // Restore flags
ret // Return to the entry point (the first thing you pushed on to the stack)
6. Wait for the injection to be done (I usually just wait 5 seconds, but you could have a variable set inside the target program that you set to a specific value or whatever when done loading)
7. Clean up - Close handles, free the memory you allocated, etc.
Edit:
I forgot step 8. Obviously you'd need to resume the main thread again after everything is done using ResumeThread on the hThread you got from the PROCESS_INFORMATION returned by the CreateProcess function
