Simple Injection. An in-depth look.

[hack2learn]

oh boy... to bad my english are not so good to understand much of those words... but i'd thanks very much for Chooka/Jason... my motivations up...

[Jason]

ROFL made a woeful mistake in there, closed a completely irrelevant handle. Glad noone spotted it

[akp123]

ummmmmmmm what ? i dont under stand this at all >.<

[Jason]

ummmmmmmm what ? i dont under stand this at all >.<

Cool story bro. Don't make an injector then.

[Void]

Edit:

I am a tool, Jason is better than me in everything including arts & crafts and the guitar. I have no friends.

[Jason]

Edit:

I am a tool, Jason is better than me in everything including arts & crafts and the guitar. I have no friends.

You get extra points for being honest. GG.

[Lyoto Machida]

Jason can you say the steps like this:?

FindWindow()
OpenProcess()
...
WriteProcessMemory()
CloseHandle()
...

?
Im going to make it in C++

[Jason]

Jason can you say the steps like this:?

FindWindow()
OpenProcess()
...
WriteProcessMemory()
CloseHandle()
...

?
Im going to make it in C++

Erm, can't you just read the steps yourself?

[Lyoto Machida]

Erm, can't you just read the steps yourself?

Ah you're the minion here

I tried to read but my english sucks too mutch to understand it right

[Jàzzà_]

Read the thread? This needs to be compiled as x86 application. It works on 64 bit computers then. My PC is a x64 and it injects fine as long as the project is compiled as x86.

I was about to ask that question but I found my answer thank you,
I also had a read of the thread I really like how you actually explained everything in detail
I still get confused on stuff like:
"ByVal flProtect As Integer"
From

Code:

Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Integer, ByVal lpAddress As Integer, ByVal dwSize As Integer, ByVal flAllocationType As Integer, ByVal flProtect As Integer) As Integer

What does "flProtect" actually do?
Reason why I ask about this is because if I had to code example a injector like this I wouldn't know wat that means yet to even put it in

Cheers Jazza (:

[Jason]

Ah you're the minion here

Minion doesn't make me your little bitch you know.

@Jàzzà_ flProtect specifies the protection on the committed region of memory allocated by VirtualAllocEx. We need Read/Write access to the memory so we specify 0x04 (&H4)
For more info see the VirtualAllocEx MSDN page:
https://msdn.microsof*****m/en-us/libr...=vs.85%29.aspx

[Jason]

Temp stickied 'cos I'm a vain bastard.

[topblast]

In reading this, your putting a Byte array into the process to call LoadLibrary with.. Thats not gonna work

[Lyoto Machida]

In reading this, your putting a Byte array into the process to call LoadLibrary with.. Thats not gonna work

Explain him

[Jason]

In reading this, your putting a Byte array into the process to call LoadLibrary with.. Thats not gonna work

Sigh, please read the tutorial. Strings are NOT stored as alphanumerics in memory, everything is written into bytes (bits if you go even further down, obviously, but writeprocessmemory just writes chunks of bytes) so to write directly to process memory you don't just say: "Put this string into memory", you convert the string to it's byte representation and then write it into allocated memory.

CreateRemoteThread calls a specified function and is capable of providing a single parameter to the called function, this works nicely with LoadLibrary seeing as LoadLibrary only accepts a single parameter anyway so we don't need to get messy working with stubs and shit. The parameter is a string, you point the CreateRemoteThread param to wherever you wrote your string to memory and LoadLibrary will re-interpret the bytes as a string. To understand this you've got to understand how variables work. They are stored in memory.

All this is doing it writing you DLL location to the processes memory, then calling LoadLibrary and telling it what file to be loading (by pointing it where you just wrote your DLL's location)

If you don't understand that, I dunno how else to explain it.