-1

So I've made a DLL it involves a lot of code and I know it has worked before. I have since formatted my computer and updated my DLL. Using extreme injector the DLL will only inject using Manual Mapping. Which is fine but I would like to know what I need to change in order for it to be able to inject with the standard method.

bool Inject(DWORD pId, char *dllName)
{
 HANDLE h = OpenProcess(PROCESS_ALL_ACCESS, false, pId);
 if (h)
 {
  LPVOID LoadLibAddr = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
  LPVOID dereercomp = VirtualAllocEx(h, NULL, strlen(dllName), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
  WriteProcessMemory(h, dereercomp, dllName, strlen(dllName), NULL);
  HANDLE asdc = CreateRemoteThread(h, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddr, dereercomp, 0, NULL);
  if (!asdc)
  {
   printf(to_string(GetLastError()).c_str());
  }
  WaitForSingleObject(asdc, INFINITE);
  VirtualFreeEx(h, dereercomp, strlen(dllName), MEM_RELEASE);
  CloseHandle(asdc);
  CloseHandle(h);
  return true;
 }
 return false;
}
Luke Mitchell
  • 41
  • 7
  • Maybe it's the application you're injecting to that is blocking it from injecting with `CreateRemoteThread` – Brandon Nov 20 '19 at 14:33
  • @Brandon I have tested the other injection methods with a simple hello world message box. That DLL works fine. – Luke Mitchell Nov 20 '19 at 14:34
  • 2
    With no code or anything, it will be impossible for us to understand what is wrong – Brandon Nov 20 '19 at 17:12
  • You need to provide information about the failure of DLL injection, such as the return value of `CreateRemoteThread`. And there are many causes for injection failure, such as version inconsistency, refer [this].(https://stackoverflow.com/questions/13980270/createremotethread-failing-with-error-access-denied) – Strive Sun Nov 21 '19 at 08:52
  • @StriveSun-MSFT Note that I have got this code form an online source. This injector has worked for me many many times. From what I can see though my injector does not return any error codes. From what I can see though the DLL is obviously not being injected. I have added the injected code in the thread. – Luke Mitchell Nov 22 '19 at 23:48
  • I tried your code and it can be injected successfully. The only problem is that the injected process will lead to injection failure, such as Notepad. What is the process you are trying to inject? – Strive Sun Nov 27 '19 at 10:13
  • @StriveSun-MSFT I re-wrote my whole DLL out and now it can inject. I wasn't able to pinpoint the reason I wouldn't inject before. I would assume it had something to do with how it was being complied. – Luke Mitchell Dec 01 '19 at 19:20

1 Answers1

-1

I am probably too late, but this doesn't work because you are copying all characters of the DLL name into the process WITHOUT the null-termination character at the end of the string. To fix that simply replace everywhere you use strlen(dllName) with strlen(dllName) + 1. When LoadLibraryA is called inside the target process, it reads beyond the end of the DLL path because the null-terminator is missing, thus trying to injecting a DLL that doesn't exist on disk.

You also should pass 0 as the size parameter when calling VirtualFreeEx, otherwise it won't be actually deallocated.

SimpleY
  • 68
  • 5