Injection
Hallo Leute, ich möchte in eine ganz normal EXE(z. B.: notepad.exe) eine Dll injectieren. Das funkt bis jetzt wunderbar mit diesem Code:
Private Declare Function GetWindowThreadProcessId Lib "user32.dll" (ByVal hwnd As Long, ByRef lpdwProcessId As Long) As Long
Private Declare Function FindWindow Lib "user32.dll" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function GetModuleHandle Lib "kernel32.dll" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32.dll" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lPAddress As Any, ByRef dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal ProcessHandle As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Any, ByVal lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadID As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lPAddress As Any, ByRef dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As Long) As Long
Private Declare Function LoadLibrary Lib "kernel32.dll" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Private Const MEM_COMMIT As Long = &H1000
Private Const PAGE_READWRITE As Long = &H4
Private Const WAIT_TIMEOUT As Long = 258&
Private Const INFINITE = &HFFFF
Private Const MEM_RELEASE As Long = &H8000
Dim pID As Long, nhWnd As Long, nThreadID As Long, DllPath As String, hRemoteMem As Long, numBytesWritten As Long, hRemoteThread As Long, SubClassed As Long
Dim lLoadLibrary As Long, Inject As Long
Private Sub Command1_Click()
Dim lPAddress As Long, lexecute As Long, secLibrary As Long
lLoadLibrary = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
nhWnd = FindWindow(vbNullString, "Unbenannt - Editor")
If nhWnd <> 0 Then
GetWindowThreadProcessId nhWnd, nThreadID
pID = OpenProcess(PROCESS_ALL_ACCESS, False, nThreadID)
DllPath = App.Path & "\Test.dll"
hRemoteMem = VirtualAllocEx(pID, ByVal 0, Len(DllPath), MEM_COMMIT, ByVal PAGE_READWRITE)
Inject = WriteProcessMemory(pID, ByVal hRemoteMem, ByVal DllPath, Len(DllPath), vbNull)
DoEvents
hRemoteThread = CreateRemoteThread(pID, vbNull, 0, lLoadLibrary, hRemoteMem, 0, 0)
If hRemoteThread Then MsgBox "K Do It!"
VirtualFreeEx pID, ByVal hRemoteMem, Len(DllPath), MEM_RELEASE
CloseHandle pID
End If
End Sub
Und so sieht meine Test.dll aus:
Das Klassenmodul heißt: Testi
Inhalt:
Private Declare Function GetWindowsDirectory Lib "KERNEL32" _
Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, _
ByVal nSize As Long) As Long
Public Function WinDir() As String
Dim sDirBuf As String * 255
StrLen = GetWindowsDirectory(sDirBuf, 255)
WinDir = Left$(sDirBuf, StrLen)
End Function
So, die Dll wird injectiert. Nur wie führe ich die Funktion aus??
Bis dort hin bin ich gekommen. Mehr aber auch nicht. Ich denke mal das man die infizierte EXE wie eine Dll oder so behandeln muss...
mfg
Crunk
Private Declare Function GetWindowThreadProcessId Lib "user32.dll" (ByVal hwnd As Long, ByRef lpdwProcessId As Long) As Long
Private Declare Function FindWindow Lib "user32.dll" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function GetModuleHandle Lib "kernel32.dll" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32.dll" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lPAddress As Any, ByRef dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal ProcessHandle As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Any, ByVal lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadID As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lPAddress As Any, ByRef dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As Long) As Long
Private Declare Function LoadLibrary Lib "kernel32.dll" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Private Const MEM_COMMIT As Long = &H1000
Private Const PAGE_READWRITE As Long = &H4
Private Const WAIT_TIMEOUT As Long = 258&
Private Const INFINITE = &HFFFF
Private Const MEM_RELEASE As Long = &H8000
Dim pID As Long, nhWnd As Long, nThreadID As Long, DllPath As String, hRemoteMem As Long, numBytesWritten As Long, hRemoteThread As Long, SubClassed As Long
Dim lLoadLibrary As Long, Inject As Long
Private Sub Command1_Click()
Dim lPAddress As Long, lexecute As Long, secLibrary As Long
lLoadLibrary = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
nhWnd = FindWindow(vbNullString, "Unbenannt - Editor")
If nhWnd <> 0 Then
GetWindowThreadProcessId nhWnd, nThreadID
pID = OpenProcess(PROCESS_ALL_ACCESS, False, nThreadID)
DllPath = App.Path & "\Test.dll"
hRemoteMem = VirtualAllocEx(pID, ByVal 0, Len(DllPath), MEM_COMMIT, ByVal PAGE_READWRITE)
Inject = WriteProcessMemory(pID, ByVal hRemoteMem, ByVal DllPath, Len(DllPath), vbNull)
DoEvents
hRemoteThread = CreateRemoteThread(pID, vbNull, 0, lLoadLibrary, hRemoteMem, 0, 0)
If hRemoteThread Then MsgBox "K Do It!"
VirtualFreeEx pID, ByVal hRemoteMem, Len(DllPath), MEM_RELEASE
CloseHandle pID
End If
End Sub
Und so sieht meine Test.dll aus:
Das Klassenmodul heißt: Testi
Inhalt:
Private Declare Function GetWindowsDirectory Lib "KERNEL32" _
Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, _
ByVal nSize As Long) As Long
Public Function WinDir() As String
Dim sDirBuf As String * 255
StrLen = GetWindowsDirectory(sDirBuf, 255)
WinDir = Left$(sDirBuf, StrLen)
End Function
So, die Dll wird injectiert. Nur wie führe ich die Funktion aus??
Bis dort hin bin ich gekommen. Mehr aber auch nicht. Ich denke mal das man die infizierte EXE wie eine Dll oder so behandeln muss...
mfg
Crunk
Bitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 104755
Url: https://administrator.de/contentid/104755
Ausgedruckt am: 24.11.2024 um 16:11 Uhr
4 Kommentare
Neuester Kommentar
Hi,
Man weiß zwar nicht was du vorhast, und warum du nicht c++ verwendest aber egal.
Um eine injizierte Bibliothek auch zu nutzen, muss sie entweder perfekt in den Quelltext des Programms eingefügt sein, oder von außen bedient werden.
Bei c++ könnte man zum Beispiel eine Debug Konsole öffnen: AllocConsole()
Sag was du vorhast, dann kann man dir auch besser helfen.
Man weiß zwar nicht was du vorhast, und warum du nicht c++ verwendest aber egal.
Um eine injizierte Bibliothek auch zu nutzen, muss sie entweder perfekt in den Quelltext des Programms eingefügt sein, oder von außen bedient werden.
Bei c++ könnte man zum Beispiel eine Debug Konsole öffnen: AllocConsole()
Sag was du vorhast, dann kann man dir auch besser helfen.
Hi,
Genau das habe ich mir bereits gedacht.
Solche Themen gehören wohl eher nicht in dieses Forum :P
Such dir besser ne Game-hacking Community.
Nur um dir für den Moment zu helfen:
Um einfach Werte zu ändern musst du nicht erst umständlich ne DLL injecten, kannst auch einen Memory Browser nehmen
(Cheat Engine)
DLL Injection ergibt erst dann Sinn wenn du wirklich eigene Funktionen hinzufügen willst. z.B. Internet Kommunikation des Spiels sniffen und manipulieren...
Nunja, für solche Dinge solltest du C/C++ lernen und dir ASM Basics aneignen.
Mfg
Nippie
Genau das habe ich mir bereits gedacht.
Solche Themen gehören wohl eher nicht in dieses Forum :P
Such dir besser ne Game-hacking Community.
Nur um dir für den Moment zu helfen:
Um einfach Werte zu ändern musst du nicht erst umständlich ne DLL injecten, kannst auch einen Memory Browser nehmen
(Cheat Engine)
DLL Injection ergibt erst dann Sinn wenn du wirklich eigene Funktionen hinzufügen willst. z.B. Internet Kommunikation des Spiels sniffen und manipulieren...
Nunja, für solche Dinge solltest du C/C++ lernen und dir ASM Basics aneignen.
Mfg
Nippie