FASM DLL Injector

[PHREAK76]

Hope this part of the forum isn't dead as I only just joined, hopefully this thread can revive it a bit .
I've included code for a dll injector I've written using Flat Assembler, hopefully it's useful to someone. You can get fasm here fasm.
(You will need to make a bitmap file called LOGO.BMP located inside the same folder as the asm when assembling, my dimensions were 341x68, alternatively you can modify the resource section)



Here's the injector code:

Code:

format PE GUI 4.0

include 'win32a.inc'

entry start

logo_main = 2001
IDB_LOGO = 2000
IDD_MAIN = 1000
IDE_FILE = 101
IDB_OPEN = 102
IDB_INJECT = 103
IDB_REFRESH = 104
IDL_PROCLIST = 105

struct PROCESSENTRY32
  dwSize dd ?
  cntUsage dd ?
  th32ProcessID dd ?
  th32DefaultHeapID dd ?
  th32ModuleID dd ?
  cntThreads dd ?
  th32ParentProcessID dd ?
  pcPriClassBase dd ?
  dwFlags dd ?
  szExeFile rb 1000h
ends

section '.idata' import data readable

	library kernel,'KERNEL32.DLL',\
		user,'USER32.DLL',\
		comdlg,'COMDLG32.DLL'

	import	kernel,\
		ExitProcess,'ExitProcess',\
		GetModuleHandle,'GetModuleHandleA',\
		CreateToolhelp32Snapshot,'CreateToolhelp32Snapshot',\
		Process32First,'Process32First',\
		Process32Next,'Process32Next',\
		OpenProcess,'OpenProcess',\
		WriteProcessMemory,'WriteProcessMemory',\
		VirtualAllocEx,'VirtualAllocEx',\
		CreateRemoteThread,'CreateRemoteThread',\
		GetProcAddress,'GetProcAddress',\
		GetLastError,'GetLastError',\
		FormatMessage,'FormatMessageA',\
		Module32First,'Module32First',\
		Module32Next,'Module32Next'


	import	user,\
		MessageBox,'MessageBoxA',\
		DialogBoxParam,'DialogBoxParamA',\
		EndDialog,'EndDialog',\
		SetDlgItemText,'SetDlgItemTextA',\
		GetDlgItem,'GetDlgItem',\
		SendMessage,'SendMessageA',\
		GetDlgItemText,'GetDlgItemTextA',\
		LoadBitmap,'LoadBitmapA',\
		SendDlgItemMessage,'SendDlgItemMessageA'

	import	comdlg,\
		GetOpenFileName,'GetOpenFileNameA'




section '.rsrc' resource data readable

	directory RT_DIALOG,dialogs,\
		  RT_BITMAP,bitmaps

	resource dialogs,\
	   IDD_MAIN,LANG_ENGLISH+SUBLANG_DEFAULT,DLLINJECTORDIALOG

	  resource bitmaps,\
	   logo_main,LANG_NEUTRAL,LOGO

	dialog DLLINJECTORDIALOG,'DLL Injector',0,0,248,197,WS_CAPTION+WS_VISIBLE+WS_SYSMENU+WS_MINIMIZEBOX+DS_CENTER
	       dialogitem 'EDIT','',IDE_FILE,21,66,157,14,WS_VISIBLE+WS_BORDER+ES_READONLY+ES_AUTOHSCROLL
	       dialogitem 'BUTTON','Browse',IDB_OPEN,185,66,43,14,WS_VISIBLE
	       dialogitem 'LISTBOX','',IDL_PROCLIST,19,96,208,66,WS_VISIBLE+WS_VSCROLL+WS_BORDER
	       dialogitem 'BUTTON','Injector',-1,11,49,227,142,WS_VISIBLE+BS_GROUPBOX
	       dialogitem 'BUTTON','Inject',IDB_INJECT,97,166,50,14,WS_VISIBLE
	       dialogitem 'BUTTON','Refresh',IDB_REFRESH,180,166,47,14,WS_VISIBLE
	       dialogitem 'STATIC','',IDB_LOGO,11,7,227,42,WS_VISIBLE+SS_BITMAP
	enddialog

	bitmap LOGO,'LOGO.BMP'




section '.text' code readable writeable executable

start:

	mov	[pe32.dwSize],sizeof.PROCESSENTRY32
	invoke	CreateToolhelp32Snapshot,dword 2,0
	mov	[hlpsnap],eax

	invoke	GetModuleHandle,0

	mov	[hInstance],eax
	mov	[ofn.lStructSize], sizeof.OPENFILENAME
	mov	[ofn.hInstance],eax
	mov	[ofn.nMaxFile],1000h
	mov	[ofn.lpstrFile],path_buffer
	mov	[ofn.lpstrFilter],openfilter

	invoke	DialogBoxParam,eax,IDD_MAIN,NULL,MainDialogProc,0
	invoke	ExitProcess,0



proc	EnumProcesses snapshotpe,listbox

local currlbindex:DWORD

	mov	[currlbindex],0
	invoke	SendMessage,[listbox],LB_RESETCONTENT,0,0
	invoke	Process32First,[snapshotpe],pe32
	invoke	OpenProcess,PROCESS_ALL_ACCESS,FALSE,[pe32.th32ProcessID]
	test	eax,eax
	jnz	 .processnap
	.processnext:
	invoke	Process32Next,[snapshotpe],pe32
	test	eax,eax
	jz	endenum
	;invoke  OpenProcess,PROCESS_ALL_ACCESS,FALSE,[pe32.th32ProcessID]
	;test    eax,eax                                                     ;will only work for top level
	;jz      .processnext
	.processnap:
	invoke	SendMessage,[listbox],LB_ADDSTRING,0,pe32.szExeFile
	invoke	SendMessage,[listbox],LB_SETITEMDATA,[currlbindex],[pe32.th32ProcessID]
	inc	[currlbindex]
	jmp	.processnext

endenum:
ret

endp





proc	MainDialogProc hwnd,msg,wparam,lparam
	push	ebx esi edi
	cmp	[msg],WM_INITDIALOG
	je	.init
	cmp	[msg],WM_COMMAND
	je	.wmcommand
	cmp	[msg],WM_CLOSE
	je	.close
	xor	eax,eax
	jmp	.finish

  .init:
	push	[hwnd]
	pop	[ofn.hwndOwner]
	invoke	LoadBitmap,[hInstance],logo_main
	invoke	SendDlgItemMessage,[hwnd],IDB_LOGO,STM_SETIMAGE,IMAGE_BITMAP,eax
	invoke	GetDlgItem,[hwnd],IDL_PROCLIST
	stdcall EnumProcesses,[hlpsnap],eax
	jmp .processed

  .wmcommand:
	mov	eax,[wparam]
	and	eax,0FFFFh
	cmp	eax,IDB_OPEN
	je	.open
	cmp	eax,IDB_INJECT
	je	.inject
	cmp	eax,IDB_REFRESH
	je	.refresh
	jmp	.processed

  .open:
	invoke	GetOpenFileName,ofn
	test	eax,eax
	jz	.processed
	invoke	SetDlgItemText,[hwnd],IDE_FILE,path_buffer
	jmp	.processed

  .inject:
	invoke	GetDlgItemText,[hwnd],IDE_FILE,path_buffer,1000h
	test	eax,eax
	jz	.nofilename
	mov	[path_length],eax
	invoke	GetDlgItem,[hwnd],IDL_PROCLIST
	mov	[proclisthwnd],eax
	invoke	SendMessage,eax,LB_GETCURSEL,0,0
	invoke	SendMessage,[proclisthwnd],LB_GETITEMDATA,eax,0

	stdcall InjectDLL,eax,path_buffer,[path_length],[hwnd]
	jmp	.processed


  .refresh:
	invoke	CreateToolhelp32Snapshot,dword 2,0
	mov	[hlpsnap],eax
	invoke	GetDlgItem,[hwnd],IDL_PROCLIST
	stdcall EnumProcesses,[hlpsnap],eax
	jmp	.processed

  .nofilename:
	invoke	MessageBox,[hwnd],_nofile,_error,MB_ICONERROR
	jmp	.processed



  .close:
	invoke	EndDialog,[hwnd],0
	jmp	.processed

  .processed:
  mov	eax,TRUE
  .finish:
 pop	edi esi ebx
 ret

endp



proc InjectDLL procid,dllpath,ledllpath,hwnd

local	ProcAddress:DWORD,Alloc:DWORD

	invoke	GetModuleHandle,kernel32dll
	invoke	GetProcAddress,eax,LoadLibFunc
	mov	[ProcAddress],eax
	invoke	OpenProcess,PROCESS_ALL_ACCESS,FALSE,[procid]
	mov	[procid],eax
	invoke	VirtualAllocEx,eax,0,[ledllpath],MEM_RESERVE+MEM_COMMIT,PAGE_EXECUTE_READWRITE
	test	eax,eax
	jz	.error
	mov	[Alloc],eax
	invoke	WriteProcessMemory,[procid],eax,[dllpath],[ledllpath],0
	test	eax,eax
	jz	.error
	invoke	CreateRemoteThread,[procid],0,0,[ProcAddress],[Alloc],0,threadId
	test	eax,eax
	jz	.error
	invoke	MessageBox,0,_dllsuccess,_dlloadtitle,0
	jmp	.endofproc
.error:
	invoke GetLastError,0
	invoke FormatMessage,FORMAT_MESSAGE_FROM_SYSTEM+FORMAT_MESSAGE_ALLOCATE_BUFFER,0,eax,0,error_buffer,0,0
	invoke MessageBox,[hwnd],[error_buffer],_error,MB_OK+MB_ICONERROR

.endofproc:
ret

endp



;section '.data' data readable writeable
kernel32dll TCHAR 'KERNEL32.DLL',0
LoadLibFunc TCHAR 'LoadLibraryA',0
_nofile TCHAR 'No dll to inject',0
_error	TCHAR 'ERROR',0
_dllsuccess TCHAR 'DLL LOADED',0
_dlloadtitle TCHAR 'Successfully loaded',0
openfilter db 'DLL FILES',0,'*.dll',0
	   db 0
error_buffer dd ?
threadId     dd ?


proclisthwnd dd ?
hInstance   dd ?
hlpsnap     dd ?
hlsnapme    dd ?
path_length dd ?
exe_length  dd ?
path_buffer rb 1000h
ofn OPENFILENAME
pe32 PROCESSENTRY32

[seafunk]

Ha cool thanks man I just got here as well. The forums need more focus. I'm sure there's lots of people around really. Not too many ASM enthusiasts though I guess. I'm just getting started. Started coding this year in fact, making some impressive progress though! Then again... the doctor says my judgement is impaired


For now I'm really just playing around, creating bytecode, improving the speed of my software (got it to refresh a currently displayed pixel in 9microseconds lol). Theres a court order against me, or a piece of software and the developement on it. Since I also cant study anymore, this is what Im gonna do. Day and night. Whenever my daughters not with me.

Again thanks a lot!

['SmoLL]

I started studying ASM^
will be of great help