Module For Dll Injection

[wtfiwantthatname]

I put together a module for injecting Dll's in Vb.net for creating dll injectors in vb.net.

Code:

Module InjLib

    'CreateRemoteThread for calling loadlibrary in the target process address space to load our Dll
    Private Declare Function CreateRemoteThread Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpThreadAttributes As Int32, ByVal dwStackSize As Int32, ByVal lpStartAddress As Int32, ByVal lpParameter As Int32, ByVal dwCreationFlags As Int32, ByRef lpThreadId As Int32) As Int32
    'VirtualAllocEx to allocate space in our target process so that we can write the path to our Dll
    Private Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpAddress As Int32, ByVal dwSize As Int32, ByVal flAllocationType As Int32, ByVal flProtect As Int32) As Int32
    'WriteProcessMemory to write the path to our Dll in the target process address space
    Private Declare Function WriteProcessMemory Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpBaseAddress As Int32, ByVal lpBuffer As String, ByVal nSize As Int32, ByRef lpNumberOfBytesWritten As Int32) As Int32
    'VirtualFreeEx to clean up when done
    Private Declare Function VirtualFreeEx Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpAddress As Int32, ByRef dwSize As Int32, ByVal dwFreeType As Int32) As Int32
    'Get ModuleHandle to get a handle to LoadLibrary so we can use the Handle to get its Address in the target Process' space
    Private Declare Function GetModuleHandle Lib "kernel32.dll" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Int32
    'GetProcAddress to get the address that LoadLibraryA resides at
    Private Declare Function GetProcAddress Lib "kernel32.dll" (ByVal hModule As Int32, ByVal lpProcName As String) As Int32
    'OpenProcess to get a handle to our target process and open it with the rights we require
    Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Int32, ByVal bInheritHandle As Int32, ByVal dwProcessId As Int32) As Int32
    'CloseHandle to Close all open handles we needed
    Private Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As Int32) As Int32


    Private Const Create_Suspended As Int32 = &H4 ' 
    Private Const process_vm_operation As Int32 = &H8
    Private Const process_create_thread As Int32 = &H2
    Private Const process_suspend_resume As Int32 = &H800
    Private Const process_vm_write As Int32 = &H20
    Private Const process_vm_read As Int32 = &H10
    Private Const mem_commit As Int32 = &H1000
    Private Const mem_release As Int32 = &H8000
    Private Const page_readwrite As Int32 = &H4


    Private Pac As Int32 = process_vm_read Or process_vm_write Or process_vm_operation

    Public Function InjectSingleDll(ByVal ProcessName As String, ByVal DllPath As String) As Int32
        Dim ProcHandle As Int32  ' Handle to our Process
        Dim DllVirtLoc As Int32  ' The Location we will end up writing out Dll's Path to
        Dim Inject As Int32      ' For Error Checking
        Dim CreateThread As Int32 ' For Error Cheacking
        Dim ThreadID As Int32    ' The ThreadID our created thread
        Dim MHandle As Int32     ' Handle to LoadLibrary
        Dim TargetProc As Process() = Process.GetProcessesByName(ProcessName) ' Get Our Proccess info 

        MHandle = GetModuleHandle("Kernel32.dll") 'Handle to Kernel32.dll
        If MHandle = Nothing Then
            MessageBox.Show("Could not retrieve handle to Kernel32.dll", "Error", MessageBoxButtons.OK)
            Return 0
            Exit Function
        Else
            ProcHandle = OpenProcess(Pac, 0, TargetProc(0).Id) 'Gets Handle to Target process with required rights
            If ProcHandle = 0 Then
                MessageBox.Show("Could not get a handle to the target process", "Error", MessageBoxButtons.OK)
                CloseHandle(MHandle) ' Closes our Handle to Kernel32.dll because we could not open Target Process
                Return 0
                Exit Function
            Else
                System.Threading.Thread.Sleep(100) ' Our Delay before injecting.
                DllVirtLoc = VirtualAllocEx(ProcHandle, 0, DllPath.Length + 1, mem_commit, page_readwrite) ' Returns the Address of our Dll's Path in the target Process
                If DllVirtLoc = 0 Then
                    MessageBox.Show("Could not allocate space in target process for Dll's path", "Error", MessageBoxButtons.OK)
                    CloseHandle(MHandle) ' Closes Handle to Kernel32.dll because we could not allocate space in Target Process
                    CloseHandle(ProcHandle) ' Closes Handle to Target Process because we could not allocate space in Target Process
                    Return 0
                    Exit Function
                Else
                    Inject = WriteProcessMemory(ProcHandle, DllVirtLoc, DllPath, DllPath + 1, Nothing) ' Writes Our Dll's Path to our allocated Space
                    If Inject = 0 Then
                        MessageBox.Show("Could not write to target process' memory", "Error", MessageBoxButtons.OK)
                        VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) ' Frees Allocated Space in Target Process because we could not write our Dll's Path
                        CloseHandle(MHandle) ' Closes Handle to Kernel32.dll because we could not write our Dll's Path to Target Process
                        CloseHandle(ProcHandle) ' Closes Handle to Target Process because we could not write our Dll's Path to it
                        Return 0
                        Exit Function
                    Else
                        CreateThread = CreateRemoteThread(ProcHandle, 0, 0, GetProcAddress(MHandle, "LoadLibraryA"), DllVirtLoc, 0, ThreadID) ' Calls LoadLibraryA in Target Process to load our Dll
                        If CreateThread = 0 Then
                            MessageBox.Show("Could not create remote thread", "Error", MessageBoxButtons.OK)
                            VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) ' Frees Allocated Space in Target Process because we could not create our remote thread
                            CloseHandle(MHandle) ' Closes handle to Kernel32.dll because we could not create our remote thread
                            CloseHandle(ProcHandle) ' Closes handle to Target Process because we could not create our remote thread
                            Return 0
                            Exit Function
                        End If
                    End If
                End If
            End If
        End If
        VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) 'Frees Allocated space because we are done
        CloseHandle(MHandle) ' Closes handle to Kernel32.dll because we are done
        CloseHandle(ProcHandle) ' Closes handle to Target Process because we are done
        Return 1
    End Function

    Public Function InjectMultipleDlls(ByVal ProcessName As String, ByVal DllPaths() As String) As int32
        Dim ProcHandle As Int32 ' Handle to Target Process
        Dim DllVirtLoc As Int32 ' Address of Dll Path
        Dim Inject As Int32     ' Error Checking
        Dim CreateThread As Int32 ' Error Checking
        Dim ThreadID As Int32   ' Handle to our Created Thread
        Dim MHandle As Int32    ' Handle to Kernel32.dll
        Dim i As Int32          ' Counter
        Dim TargetProc As Process() = Process.GetProcessesByName(ProcessName) ' Gets Process info

        MHandle = GetModuleHandle("Kernel32.dll") ' Gets Handle to Kernel32.dll
        If MHandle = 0 Then
            MessageBox.Show("Could not get a handle to Kernel32.dll", "Error", MessageBoxButtons.OK)
            Return 0
            Exit Function
        Else
            ProcHandle = OpenProcess(Pac, 0, TargetProc(0).Id) ' Gets Handle to Process and opens with our desired rights
            If ProcHandle = 0 Then
                MessageBox.Show("Could not get a handle to Target process", "Error", MessageBoxButtons.OK)
                CloseHandle(MHandle) ' Closes handle to kernel32.dll because we could not open our target process
                Return 0
                Exit Function
            Else
                For i = 0 To UBound(DllPaths) - 1
                    System.Threading.Thread.Sleep(100) ' Our Delay for initial Injection and subsequent injection
                    DllVirtLoc = VirtualAllocEx(ProcHandle, 0, DllPaths(i), mem_commit, page_readwrite) ' Allocates Space in Target Address Space
                    If DllVirtLoc = 0 Then
                        MessageBox.Show("Could not allocate space in target process", "Error", MessageBoxButtons.OK)
                        CloseHandle(MHandle) ' Closes Handle to Kernel32.dll because we could not allocate space
                        CloseHandle(ProcHandle) ' Closes Handle to Process becausewe could not allocate the space
                    Else
                        Inject = WriteProcessMemory(ProcHandle, DllVirtLoc, DllPaths(i), DllPaths(i).Length + 1, Nothing) ' Writes our Dll's path to Targets Address Space
                        If Inject = 0 Then
                            MessageBox.Show("Could not write to process' address space", "Error", MessageBoxButtons.OK)
                            VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) ' Free Allocated Space because writing failed
                            CloseHandle(MHandle) ' Close handle to kernel32.dll because writing failed
                            CloseHandle(ProcHandle) ' Close Handle to Process because writing failed
                        Else
                            CreateThread = CreateRemoteThread(ProcHandle, 0, 0, GetProcAddress(MHandle, "LoadLibraryA"), DllVirtLoc, 0, ThreadID)
                            If CreateThread = 0 Then
                                MessageBox.Show("Could not create remote thread", "Error", MessageBoxButtons.OK)
                                VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) ' Frees Allocated space because we could not create our remote thread
                                CloseHandle(MHandle) ' Closes Handle to Kernel32.dll because we could not create our remote thread
                                CloseHandle(ProcHandle) ' Closes Handle to Target Process because we could not create our remote thread
                                Return 0
                                Exit Function
                            Else
                                VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) ' Frees Allocated Space because we are done
                            End If
                        End If
                    End If
                    Return 1 ' Returns 1 for Success 0 for failure declare recieving variable as array
                Next i
                CloseHandle(MHandle) ' Close Handle to Kernel32.dll because we are done
                CloseHandle(ProcHandle) ' Close Handle to Target Process because we are done
            End If
        End If
    End Function


End Module

If You use this just give credits to Linky(Me). Its free to use for non commerical use. Any questions, suggestions or feed back just post.

[Zoom]

Aren´t this alredy posted?

[wtfiwantthatname]

No i wrote this one myself. But i believe there is sources going around.

[wtfiwantthatname]

No i wrote this one myself. But i believe there is sources going around.

edit: This is for vb.net because i couldnt find one working right out of the box. and i committed it so people could learn.

[asdf12345678]

vb.net is the same as vb2008? nice where do u place the code?

[wtfiwantthatname]

Add a new module to your program. Put the code in there and than just use the functions.

[Houston]

nice...! work

[guza44_44]

very nice i wonder if this one will actually work, so far im dissapointed in most people just coping and pasting things without trying them and they dont work -.- Thumbs Up