Dll injection code

Question

i am trying to create a dll injection code the test process is notepad and the process id is hardcoded

the code is:

.386 
.model flat, stdcall 
option casemap:none 
include \masm32\include\windows.inc 
include \masm32\include\kernel32.inc 
includelib \masm32\lib\kernel32.lib 
include \masm32\include\masm32.inc
includelib \masm32\lib\masm32.lib
include \masm32\include\masm32rt.inc


.data
hand db "Kernel32.dll",0
band db "LoadLibraryA",0
dll db "C:\masm32\kntillusion.dll",0
msg db "failed",0
pd dd 840

.data?
var dd ?
handle dd ?
base dd ?
written dd ?
pr dword ?
dr dword ?
thd dword ?
.code 
start: 
invoke OpenProcess,PROCESS_ALL_ACCESS,TRUE,pd
TEST EAX, EAX
JE CodeFail
mov handle,eax
invoke VirtualAllocEx,handle,NULL,sizeof dll,MEM_COMMIT,PAGE_READWRITE
TEST EAX, EAX
JE CodeFail
mov base,eax
invoke WriteProcessMemory,handle,base,addr dll,sizeof dll,offset written
TEST EAX, EAX
JE CodeFail
invoke GetModuleHandle,hand
TEST EAX, EAX
JE CodeFail
mov dr,eax
invoke GetProcAddress,dr,band
TEST EAX, EAX
JE CodeFail
mov pr,eax
invoke CreateRemoteThread,handle,0,0,pr,addr dll,0,addr thd
invoke ExitProcess,0
CodeFail:
invoke StdOut, addr msg
invoke ExitProcess,0
end start

when i run it i got the following error

kinject.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

so and advice the plaftrom is windows xp sp3

Answer 1

It's a bit more complicated than what you have here. You can't just pass the address of a DLL name in your current process as the lpStartAddress argument to CreateRemoteThread in another process. You must inject code in the other process to have it make a LoadLibrary call to bring your custom DLL into that process and then your load logic can transfer control to a function in that DLL. That function must also be discovered by GetProcAddress in the remote process since the address may be different from what it is in your injection process.