Injector source help

[qsc]

Hey, this question is mostly aimed at the Toymaker. i found this source in your "Tutorial Requests" thread and tried compiling it - it compiled without errors but when i run it, it just flashes on and then quits in less than 1 second.

I changed the window name to "Notepad" and put the compiled exe in a folder with my messagebox dll (which ive tested with PERX and i know that this dll does work) but the injector just flashed again and the dll wasnt injected? any help?
heres the code :

Code:

#include <windows.h>
#include <TLHELP32.H>
#include <stdio.h>
#pragma warning(disable : 4996)

bool Done;

//Modified by Jetamay for Toymaker

PROCESSENTRY32 PE32;

char szTarget[] = "Game Name Here";
char szPath[256], szDllToInject[256];

void EnableDebugPriv( void )
{
	HANDLE hToken;
	LUID sedebugnameValue;
	TOKEN_PRIVILEGES tkp;

	 OpenProcessToken( GetCurrentProcess(),
		TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken );


	LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue );

	tkp.PrivilegeCount = 1;
	tkp.Privileges[0].Luid = sedebugnameValue;
	tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL );

	CloseHandle( hToken );
}

int main(int argc, char* argv[], char* envp[])
{
	GetModuleFileName( 0, szPath, sizeof(szPath) );
	if(!argv[1]) {
	        printf("Invalid usuagen t [Library path]");
	        return -1;
         }
    else
            printf("Loading library %s.n", argv[1]);
    strcpy(szDllToInject, argv[1]);
	WIN32_FIND_DATA fnd;
	HANDLE DllHnd = FindFirstFile(szDllToInject, &fnd);
	if( DllHnd == INVALID_HANDLE_VALUE )
	{
	printf("                                   n");
	printf("       No correct dll-library.     n");
	printf("                                   n");
	system("pause");
	return 0;
	}

	printf("                                   n");
	printf("        Window Not Found           n");

	EnableDebugPriv();

	HANDLE hSnapshot, hModule, hProcess;
	PE32.dwSize = sizeof(PROCESSENTRY32);

	while(!Done)
	{
		hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
		Process32First(hSnapshot, &PE32);
		while(Process32Next(hSnapshot, &PE32))
		{
			if(strcmp(PE32.szExeFile, szTarget) == 0)
			{
				if(!Done)
				{
					hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, PE32.th32ProcessID);
					hModule = VirtualAllocEx(hProcess, 0, sizeof(szDllToInject), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
					WriteProcessMemory(hProcess, hModule, (LPVOID)szDllToInject, sizeof(szDllToInject), NULL);
					CreateRemoteThread(hProcess, NULL, 0, (unsigned long(__stdcall *)(void *))GetProcAddress(GetModuleHandle("kernel32"), "LoadLibraryA"), hModule, 0, NULL );
					CloseHandle(hProcess);

					printf("                                   n");
					printf("     Loaded !     n");
					printf("                                   n");
					Sleep(200);
					printf("           Now exiting");
					Sleep(75);printf(".");Sleep(75);printf(".");Sleep(75);printf(".");
					Sleep(50);
					return true;
				}
			}
		}
		CloseHandle(hSnapshot);
		Sleep(0);
	}
return true;
}

[Toymaker]

This is the fully dll hook that me and jetamay fixed up together in my 'Ask Toymaker' thread, you should try using it and just be super careful with whatever modifications you try to make, I think they are why it's not working in your example.

Code:

#include <windows.h>
#include <TLHELP32.H>
#include <stdio.h>
#pragma warning(disable : 4996)

bool Done;

//Modified by Jetamay for Toymaker

PROCESSENTRY32 PE32;

char szTarget[] = "Game Name Here";
char szPath[256], szDllToInject[256];

void EnableDebugPriv( void )
{
	HANDLE hToken;
	LUID sedebugnameValue;
	TOKEN_PRIVILEGES tkp;

	 OpenProcessToken( GetCurrentProcess(),
		TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken );


	LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue );

	tkp.PrivilegeCount = 1;
	tkp.Privileges[0].Luid = sedebugnameValue;
	tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL );

	CloseHandle( hToken );
}

int main(int argc, char* argv[], char* envp[])
{
	GetModuleFileName( 0, szPath, sizeof(szPath) );
	if(!argv[1]) {
	        printf("Invalid usuagen t [Library path]");
	        return -1;
         }
    else
            printf("Loading library %s.n", argv[1]);
    strcpy(szDllToInject, argv[1]);
	WIN32_FIND_DATA fnd;
	HANDLE DllHnd = FindFirstFile(szDllToInject, &fnd);
	if( DllHnd == INVALID_HANDLE_VALUE )
	{
	printf("                                   n");
	printf("       No correct dll-library.     n");
	printf("                                   n");
	system("pause");
	return 0;
	}

	printf("                                   n");
	printf("        Window Not Found           n");

	EnableDebugPriv();

	HANDLE hSnapshot, hModule, hProcess;
	PE32.dwSize = sizeof(PROCESSENTRY32);

	while(!Done)
	{
		hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
		Process32First(hSnapshot, &PE32);
		while(Process32Next(hSnapshot, &PE32))
		{
			if(strcmp(PE32.szExeFile, szTarget) == 0)
			{
				if(!Done)
				{
					hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, PE32.th32ProcessID);
					hModule = VirtualAllocEx(hProcess, 0, sizeof(szDllToInject), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
					WriteProcessMemory(hProcess, hModule, (LPVOID)szDllToInject, sizeof(szDllToInject), NULL);
					CreateRemoteThread(hProcess, NULL, 0, (unsigned long(__stdcall *)(void *))GetProcAddress(GetModuleHandle("kernel32"), "LoadLibraryA"), hModule, 0, NULL );
					CloseHandle(hProcess);

					printf("                                   n");
					printf("     Loaded !     n");
					printf("                                   n");
					Sleep(200);
					printf("           Now exiting");
					Sleep(75);printf(".");Sleep(75);printf(".");Sleep(75);printf(".");
					Sleep(50);
					return true;
				}
			}
		}
		CloseHandle(hSnapshot);
		Sleep(0);
	}
return true;
}

[qsc]

i just compiled ur code without any modding and still get the flash on/off thing ?

[Toymaker]

Oh, yes but, it should also work. =p I simply have to pause before execution termination.

[qsc]

Oh, yes but, it should also work. =p I simply have to pause before execution termination.

I added a system("PAUSE"); before each of the returns and the injector does run now, but when i put the compiled exe and my messagebox dll in their own folder and run the injector i get this : Invalid usuagen t [Library path] . I also set the gamename to "Notepad"

heres the code im using:

Code:

#include <windows.h>
#include <TLHELP32.H>
#include <stdio.h>
#pragma warning(disable : 4996)

bool Done;

//Modified by Jetamay for Toymaker

PROCESSENTRY32 PE32;

char szTarget[] = "Notepad";
char szPath[256], szDllToInject[256];

void EnableDebugPriv( void )
{
	HANDLE hToken;
	LUID sedebugnameValue;
	TOKEN_PRIVILEGES tkp;

	 OpenProcessToken( GetCurrentProcess(),
		TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken );


	LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue );

	tkp.PrivilegeCount = 1;
	tkp.Privileges[0].Luid = sedebugnameValue;
	tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL );

	CloseHandle( hToken );
}

int main(int argc, char* argv[], char* envp[])
{
	GetModuleFileName( 0, szPath, sizeof(szPath) );
	if(!argv[1]) {
	        printf("Invalid usuagen t [Library path]");
	        system("PAUSE");
            return -1;
         }
    else
            printf("Loading library %s.n", argv[1]);
    strcpy(szDllToInject, argv[1]);
	WIN32_FIND_DATA fnd;
	HANDLE DllHnd = FindFirstFile(szDllToInject, &fnd);
	if( DllHnd == INVALID_HANDLE_VALUE )
	{
	printf("                                   n");
	printf("       No correct dll-library.     n");
	printf("                                   n");
	system("PAUSE");
	return 0;
	}

	printf("                                   n");
	printf("        Window Not Found           n");

	EnableDebugPriv();

	HANDLE hSnapshot, hModule, hProcess;
	PE32.dwSize = sizeof(PROCESSENTRY32);

	while(!Done)
	{
		hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
		Process32First(hSnapshot, &PE32);
		while(Process32Next(hSnapshot, &PE32))
		{
			if(strcmp(PE32.szExeFile, szTarget) == 0)
			{
				if(!Done)
				{
					hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, PE32.th32ProcessID);
					hModule = VirtualAllocEx(hProcess, 0, sizeof(szDllToInject), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
					WriteProcessMemory(hProcess, hModule, (LPVOID)szDllToInject, sizeof(szDllToInject), NULL);
					CreateRemoteThread(hProcess, NULL, 0, (unsigned long(__stdcall *)(void *))GetProcAddress(GetModuleHandle("kernel32"), "LoadLibraryA"), hModule, 0, NULL );
					CloseHandle(hProcess);

					printf("                                   n");
					printf("     Loaded !     n");
					printf("                                   n");
					Sleep(200);
					printf("           Now exiting");
					Sleep(75);printf(".");Sleep(75);printf(".");Sleep(75);printf(".");
					Sleep(50);
					system("PAUSE");
					return true;
				}
			}
		}
		CloseHandle(hSnapshot);
		Sleep(0);
	}
	system("PAUSE");
return true;
}

[Toymaker]

Notepad might need to be Notepad.exe beings it's a process targeting setup. Also, it should automatically detect and inject the only .dll in your folder besides this application itself. It's pretty nifty, really.

[qsc]

Notepad might need to be Notepad.exe beings it's a process targeting setup. Also, it should automatically detect and inject the only .dll in your folder besides this application itself. It's pretty nifty, really.

sorry, nut htis still wont work? ive tried my dll injecting into notepad with PERX and it works perfectly but when i try with this code :
it just doesnt happen?
ive got my dll in a folder with this and these are the only two files in that folder and i also renamed them both to injector.dll and injector.exe ??

Code:

#include <windows.h>
#include <TLHELP32.H>
#include <stdio.h>
#pragma warning(disable : 4996)

bool Done;

//Modified by Jetamay for Toymaker

PROCESSENTRY32 PE32;

char szTarget[] = "notepad.exe";

//also tried
//char szTarget[] = "notepad";
//char szTarget[] = "Notepad.exe";
//char szTarget[] = "Notepad";

char szPath[256], szDllToInject[256];

void EnableDebugPriv( void )
{
	HANDLE hToken;
	LUID sedebugnameValue;
	TOKEN_PRIVILEGES tkp;

	 OpenProcessToken( GetCurrentProcess(),
		TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken );


	LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue );

	tkp.PrivilegeCount = 1;
	tkp.Privileges[0].Luid = sedebugnameValue;
	tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL );

	CloseHandle( hToken );
}

int main(int argc, char* argv[], char* envp[])
{
	GetModuleFileName( 0, szPath, sizeof(szPath) );
	if(!argv[1]) {
	        printf("Invalid usuagen t [Library path]");
	        return -1;
         }
    else
            printf("Loading library %s.n", argv[1]);
    strcpy(szDllToInject, argv[1]);
	WIN32_FIND_DATA fnd;
	HANDLE DllHnd = FindFirstFile(szDllToInject, &fnd);
	if( DllHnd == INVALID_HANDLE_VALUE )
	{
	printf("                                   n");
	printf("       No correct dll-library.     n");
	printf("                                   n");
	system("pause");
	return 0;
	}

	printf("                                   n");
	printf("        Window Not Found           n");

	EnableDebugPriv();

	HANDLE hSnapshot, hModule, hProcess;
	PE32.dwSize = sizeof(PROCESSENTRY32);

	while(!Done)
	{
		hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
		Process32First(hSnapshot, &PE32);
		while(Process32Next(hSnapshot, &PE32))
		{
			if(strcmp(PE32.szExeFile, szTarget) == 0)
			{
				if(!Done)
				{
					hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, PE32.th32ProcessID);
					hModule = VirtualAllocEx(hProcess, 0, sizeof(szDllToInject), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
					WriteProcessMemory(hProcess, hModule, (LPVOID)szDllToInject, sizeof(szDllToInject), NULL);
					CreateRemoteThread(hProcess, NULL, 0, (unsigned long(__stdcall *)(void *))GetProcAddress(GetModuleHandle("kernel32"), "LoadLibraryA"), hModule, 0, NULL );
					CloseHandle(hProcess);

					printf("                                   n");
					printf("     Loaded !     n");
					printf("                                   n");
					Sleep(200);
					printf("           Now exiting");
					Sleep(75);printf(".");Sleep(75);printf(".");Sleep(75);printf(".");
					Sleep(50);
					return true;
				}
			}
		}
		CloseHandle(hSnapshot);
		Sleep(0);
	}
return true;
}

???

[Toymaker]

This might be a bad example for your level, then. Try to find another .dll injector and I can help you fix it instead if you have problems. Also, if you're just going to use WriteProcessMemory from you're .dll, you may as well just use a .exe and not a .dll at all, or it'd be redundant.