Page 1 of 4 123 ... LastLast
Results 1 to 15 of 57
  1. #1
    Jason's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Location
    /dev/null
    Posts
    5,704
    Reputation
    918
    Thanks
    7,676
    My Mood
    Mellow

    Simple Injection. An in-depth look.


    Injection Tutorial
    By Chooka/Jason

    Alright, hey guys. I'm bored as shit tonight and I've been looking for pretty much any way to dodge doing my uni assignment so I figured why not. A few people have been asking for a proper injection tutorial (not just delicious copy-pasta which the original poster doesn't actual understand). I'm not going to walk you through creating a whole injector and shit, I'm too lazy, but I'll cover the actual injection function in as much detail as I can be bothered giving.

    I'm relatively new to injection and those that know me know I'm a tad memtarded, so this is much a learning exercise for me as it is for you. I figure actually having to write out and explain each step in the process in detail will also strengthen my own knowledge on the subject. In this tutorial I'm only going to cover the most basic injection method; LoadLibrary Injection. For those of you that don't know what that is, don't worry, it will all be explained.

    Before I begin there are some definite shoutouts that must be made, I wouldn't have ever bothered learning this crap without them.

    @Void - Originally attempted to explain the process to me, I was completely memtarded then and ragequit
    @Hell_Demon - Second guy to explain it to me (yes, I'm a bit slow, shut the fuck up ) Much more successful than my first attempt, understood it all.
    @Hassan - Chill guy, for a religious fucker.
    @Blubb1337 - Resident db expert (or he likes to think so), has no relevance to this thread but he's 1337 so it's .
    ...I could go on and on but then this would just turn into a "who i'm friends with" list rather than an actual credits list.

    The Tutorial

    Here's how it's going to go down. I'm going to run through the theory on its own first, then I'll start writing it out in code and explain each step as it appears.

    What is LoadLibrary Injection?
    This is the very first thing you need to know; What are we attempting to do?
    Well, for starters, LoadLibrary (as you may or may not know) is a function in the kernel32.dll. Here's its actual method signature according to MSDN:
    Code:
    HMODULE WINAPI LoadLibrary(__in  LPCTSTR lpFileName );
    Despite the C++, that's not that scary right? It's just a function that takes a single string argument which then tells LoadLibrary where to load the file from. It then loads that library into the process and -in the case of dlls- calls the DllMain function. Simple enough to grasp I hope (you don't have to know how LoadLibrary works, just understand what it does)

    Why is this useful to us?
    Well, I'll tell you. kernel32.dll is loaded into almost, if not all (there, protected against your nitpicking @freedompeace) windows processes. This means that all it's functions are ALSO loaded into the process, in particular, LoadLibrary. Due to some trickery, we can call LoadLibrary in an external process and tell it to load our designated dll. More on that to come.

    Okay, so we have to somehow call LoadLibrary in the external process...how the?
    Okay, first things first, you need to open a handle to your process so we can access it. Next you'll need to write the dll location to that processes memory (in bytes, of course). We need to do this because when calling the LoadLibrary function, we'll need to pass the parameter as an address for it to find the dll location. After we've called the LoadLibrary function, and everything has worked successfully, we just do some cleaning up, close all the handles and shit.

    That's it! Simple eh? Now we just need to translate that simple process into code.

    First, we'll need some API declarations so we can do what we need. Here they are.

    Code:
        Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As Integer
        Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Integer, ByVal lpAddress As Integer, ByVal dwSize As Integer, ByVal flAllocationType As Integer, ByVal flProtect As Integer) As Integer
        Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByVal lpBuffer() As Byte, ByVal nSize As Integer, ByVal lpNumberOfBytesWritten As UInteger) As Boolean
        Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Integer, ByVal lpProcName As String) As Integer
        Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Integer
        Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Integer, ByVal lpThreadAttributes As Integer, ByVal dwStackSize As Integer, ByVal lpStartAddress As Integer, ByVal lpParameter As Integer, ByVal dwCreationFlags As Integer, ByVal lpThreadId As Integer) As Integer
        Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Integer, ByVal dwMilliseconds As Integer) As Integer
        Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Integer) As Integer
    And here's what we'll use them for:
    OpenProcess This function returns the handle to the process specified by the dwProcessId parameter, we need this when accessing the process externally.

    VirtualAllocEx Allows us to allocate memory in an external process specified by the hProcess handle. This is needed to allocate the memory to write our dll location to.

    WriteProcessMemory Write memory to an external process specified by the hProcess handle. We'll use this simple function to write our dll location to the memory allocated by VirtualAllocEx

    GetModuleHandle Gets the handle to a specified module within our program (THIS IS NOT EXTERNAL), we'll use this to get the handle to the kernel32.dll module.

    GetProcAddress Find the address of a function within a module, given the module handle. We'll find the address of the LoadLibrary function within kernel32 with this.

    CreateRemoteThread Creates a thread in the remote process. We'll use this as the final step: Calling the LoadLibrary function and giving the dll its own thread so it doesn't conflict with the process's main thread.

    WaitForSingleObject Waits for an object to return. In particular we'll wait for the LoadLibrary function to finish its work, then close the handle to it.

    CloseHandle Very simple function. Closes an open handle.

    That's it for APIs. All we need

    First up, I just wanna code a tiny little cleanup routine for when we get further into the function and want to abort. Basically just cleans up input handles and returns false. You'll see it in action later.
    Code:
    Private Function Die(Optional ByVal hProc As Integer = Nothing, Optional ByVal libThread As Integer = Nothing) As Boolean
        If Not hProc = Nothing Then CloseHandle(hProc)
        If Not libThread = Nothing Then CloseHandle(libThread)
        Return False
    End Function
    Now that moment is finally here, coding our function.to inject a process. First comes the method signature.
    Code:
    Private Function InjectDll(ByVal processID As Integer, ByVal dllLocation As String) As Boolean
    Simple method singature, we'll take in a process id and a dll location and do our injection. If everything goes okay, we'll return true, otherwise false.

    Now we're going to start with some simple error checking so that our function doesn't assrape itself.
    Code:
    If Not IO.File.Exists(dllLocation) Then Return False 'if the dll doesn't exist, no point in continuing. So we return false.
    If IntPtr.Size = 8 Then Return False 'If the size of an IntPtr is 8, then is program was compiled as x64. x64 processes can't access x86 processes properly, so we just return false. You need to compile this program as x86.
    Time to open up that process!
    Code:
    Dim hProcess As Integer = OpenProcess(&H1F0FFF, 1, processID) 'We'll open the process specified by the input process ID. With PROCESS_ALL_ACCESS access, seeing as we only need to write.
    If hProcess = 0 Then Return Die() 'If we didn't get the handle, we exit and return false. No cleanup so no params for die()
    Next we've gotta allocate some memory for the dll location, and then write it.
    Code:
    Dim dllBytes As Byte() = System.Text.Encoding.ASCII.GetBytes(dllLocation + ControlChars.NullChar) 'As I mentioned earlier, we have to write the dll location as bytes to the process memory, so we take the bytes of the string using the standard encoding, adding a null byte at the end.
    Dim pathLocation As Integer = VirtualAllocEx(hProcess, 0, dllBytes.Length, &H1000, &H4) 'Allocate memory the size of the string we need to write to memory. pathLocation now holds the address of where the memory was allocated.
    If pathLocation = Nothing Then Return Die(hProcess) 'VirtualAllocEx returns Nothing when it fails, so we check for that and return false if we find it. We've opened a process handle so we have to pass that to Die to clean it up.
    So hopefully you could see in that step that we just converted the dll location to bytes, and then allocated some memory (the size of the dll location bytes) in the target process. Now we need to write to it.

    Code:
    Dim wpm As Integer = WriteProcessMemory(hProcess, pathLocation, dllBytes, dllBytes.Length, 0) 'write the contents of dllBytes to the memory allocated at pathLocation.
    If wpm = 0 Then Return Die(hProcess) ' WriteProcessMemory returns 0 if it fails.
    Alright we're getting there, so far we have written the location of our dll to the other processes memory, and we have the address where we wrote that. That's part one complete, the next part is actually finding and calling LoadLibrary

    in that process and passing in the variable we wrote to memory. We'll get the address of LoadLibrary first.

    Here's how:
    Code:
    Dim kernelMod As Integer = GetModuleHandle("kernel32.dll") 'Remember what I was saying about kernel32 being loaded into the same address space for every normal process? This means we don't have to do any fancy crap to find its location in our target process, we can get the location in our own process and safely assume it will be the same for all process. This means we can use GetModuleHandle, which only works internally.
    Dim loadLibAddr As Integer = GetProcAddress(kernelMod, "LoadLibraryA") ' GetProcAddress gives us the address of the specified function within the module.
    If loadLibAddr = 0 Then Return Die(hProcess) 'If GetProcAddress failed it'll return 0.
    Yay, we finally have the address of the LoadLibrary function. NOW WE CAN CALL IT AND LOAD THIS FUCKER.
    Code:
    Dim procThread As Integer = CreateRemoteThread(hProcess, 0, 0, loadLibAddr, pathLocation, 0, 0) 'Okay, this is the thread creation. We pass our process handle to tell what process to create the thread on. the third param is the handle of the function to call. In this case we choose the LoadLibrary function. The next param is the arguments to pass to the function (omg remember we wrote that to memory? NOW WE PASS THE ADDRESS BACK!)
    If procThread = 0 Then Return Die(hProcess) 'unable to create the thread. Return false
    Dim waitVal As Integer = WaitForSingleObject(procThread, 5000) 'allow the LoadLibrary function 5 seconds to process.
    If Not waitVal = &H0UI Then Return Die(hProcess, procThread) 'Function didn't signal completion. Fuck that shit abort ABORT
    CloseHandle(procThread) 'close the handle to the LoadLibrary function
    CloseHandle(hProcess) 'close the handle to the process
    Return True 'made it, yay.
    And that's it, you have successfully located the LoadLibrary function and called it, passing our dll location as the param. The dll should now load successfully.

    I hope someone actually reads the tutorial, it's pretty lengthy for such a short function but there's a lot of shit going on if you're new to it.

    EDIT: Oh yeah, if you're having trouble finding how to compile to x86. Check out this MSDN article.
    Compile options VS Express Editions - SocialMSDN

    Any questions, criticisms (if their constructive, haters can just fuck off) or suggestions... feel free to post

    Cheers.
    Chooka/Jason

    UPDATE
    UPDATE:

    Okay, modified the injection code slightly. After starting to learn C the importance of memory management has become apparent. So, I've now added VirtualFreeEx to free the allocated memory.

    Also, I discovered the GetExitCodeThread function, which allows you to get the return value of a specific thread, thereby allowing us to actually return whatever the LoadLibrary function returned (the handle to the module if successful). I've now written a new function "LoadLibraryEx" to tie in with the injection, but also be re-usable.

    Here's the updated code:
    Imports:
    Code:
    Imports System.Runtime.InteropServices 'for marshaling unmanaged return types.
    API Declarations (Note VirtualFreeEx and GetExitCodeThread)
    Code:
        Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Boolean, ByVal dwProcessId As Integer) As Integer
        Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Integer, ByVal lpAddress As Integer, ByVal dwSize As Integer, ByVal flAllocationType As Integer, ByVal flProtect As Integer) As Integer
        Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Integer, ByVal lpAddress As Integer, ByVal dwSize As Integer, ByVal dwFreeType As Integer) As <MarshalAs(UnmanagedType.Bool)> Boolean
        Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByVal lpBuffer() As Byte, ByVal nSize As Integer, ByVal lpNumberOfBytesWritten As UInteger) As Boolean
        Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Integer, ByVal lpProcName As String) As Integer
        Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Integer
        Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Integer, ByVal lpThreadAttributes As Integer, ByVal dwStackSize As Integer, ByVal lpStartAddress As Integer, ByVal lpParameter As Integer, ByVal dwCreationFlags As Integer, ByVal lpThreadId As Integer) As Integer
        Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Integer, ByVal dwMilliseconds As Integer) As Integer
        Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Integer) As Integer
        Private Declare Function GetExitCodeThread Lib "kernel32" (ByVal hThread As Integer, <Out()> ByRef lpExitCode As UInt32) As <MarshalAs(UnmanagedType.Bool)> Boolean
    I've already said what all these API functions do pretty much. VirtualFreeEx is basically the opposite of VirtualAllocEx, except there is a catch with its "dwSize" param:
    Quote Originally Posted by msdn
    dwSize [in]

    The size of the region of memory to free, in bytes.

    If the dwFreeType parameter is MEM_RELEASE, dwSize must be 0 (zero). The function frees the entire region that is reserved in the initial allocation call to VirtualAllocEx.
    So basically if we're freeing memory completely (releasing it), you don't put a value for dwSize despite what you might think, leave it at 0 for mem_release. Also, you no longer need the "Die" function at all.

    Okay, the LoadLibraryEx function (commented, as usual).

    This function is quite long now:
    Code:
        Public Shared Function LoadLibraryEx(ByVal hProcess As Integer, ByVal lpFileName As String) As UInt32
            If Not IO.File.Exists(lpFileName) OrElse IntPtr.Size = 8 Then Return 0 'first thing: Make sure the file exists, and we're compiled in x86
    
            Dim bFileName As Byte() = System.Text.Encoding.ASCII.GetBytes(lpFileName + ControlChars.NullChar) 'convert the string to chars (add a nullbyte)
            Dim lpFileAddress As Integer = VirtualAllocEx(hProcess, 0, bFileName.Length, &H1000, &H4) 'allocate the memory to put our char array in.
            If lpFileAddress = 0 Then Return 0
    
            Dim writeSuccess As Integer = WriteProcessMemory(hProcess, lpFileAddress, bFileName, bFileName.Length, 0) 'write our chars to the process.
            If writeSuccess = 0 Then Return 0
    
            Dim lpLoadLibrary As Integer = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA") 'find where LoadLibrary is located
            If lpLoadLibrary = 0 Then Return 0 'if for some reason we couldn't get it.
    
            Dim libThread As Integer = CreateRemoteThread(hProcess, 0, 0, lpLoadLibrary, lpFileAddress, 0, 0) 'execute loadlibrary in the remote process.
            If libThread = 0 Then Return False
            Dim waitVal As Integer = WaitForSingleObject(libThread, 10000) 'wait up to 10 seconds for the thread to return. 
            '(be warned, if the target DLL puts a messagebox in DllMain and the user doesn't click it in 10 seconds, this function will return 0 so edit the wait time if you want.
            If Not waitVal = &H0UI Then Return CloseHandle(libThread) < Int32.MinValue 'simple trick to close the handle and simultaneously return 0.
    
            Dim hModule As UInt32 = 0 'prepare our hModule holder.
            If Not GetExitCodeThread(libThread, hModule) Then Return CloseHandle(libThread) < Int32.MinValue 'try to get the thread return value
            VirtualFreeEx(hProcess, lpFileAddress, 0, &H8000) 'dont bother checking the return value of VF, we've successfully injected and if the memory fails to free there's nothing we can do.
    
            CloseHandle(libThread) 'dispose our thread handle, we're done with it.
            Return hModule
        End Function
    Okay, so now we need to refactor our Inject code to work with LoadLibraryEx.
    Code:
    Public Shared Function InjectDll(ByVal dwProcID As Integer, ByVal lpFileName As String) As Uint32
        Dim hProc As Integer = OpenProcess(&H42A, True, dwProcID) 'open the process with a combination of PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_WRITE and PROCESS_QUERY_INFORMATION.
        If hProc = 0 Then Return 0 'if unable to obtain a handle, quit.
        Dim hModule As UInt32 = LoadLibraryEx(hProc, lpFileName) 'try and load the library
        CloseHandle(hProc) 'finished our use with the handle, dispose of it.
        Return hModule
    End Function
    And that's it!

    For extra curricular activities, here's my FreeLibraryEx. It functions very much the same as LoadLibraryEx, but those of you who are actually paying attention will notice we didn't write the hModule value to memory! Why not you may ask? The difference is in the param types for LoadLibrary and FreeLibrary.

    LoadLibrary = LPCSTR (pointer to C-string)
    FreeLibrary = HMODULE (essentially a typedef of unsigned int, which is a value type not a reference!)

    So for LoadLibrary, we are required to pass a POINTER to it, rather than a literal value, LoadLibrary then reads from where the pointer points to. For this reason, we had to generate a pointer by allocating some memory, writing a string there and then keeping the pointer to that memory address.

    On the other hand, FreeLibrary just takes an unsigned int, which isn't a reference type (i.e, you dont have to pass a pointer to it), so you can simply call CreateRemoteThread and pass the hModule value as the param)

    Here's the code:
    Code:
        Public Shared Function FreeLibraryEx(ByVal hProcess As Integer, ByVal hModule As UInt32) As Boolean
            Dim freeLibAddress As Integer = GetProcAddress(GetModuleHandle("kernel32"), "FreeLibrary")
            If freeLibAddress = 0 Then Return False
    
            Dim flThread As Integer = CreateRemoteThread(hProcess, 0, 0, freeLibAddress, hModule, 0, 0)
            If flThread = 0 Then Return 0
            Dim waitVal As Integer = WaitForSingleObject(flThread, 10000)
            If Not waitVal = &H0UI Then Return CloseHandle(flThread) < Int32.MinValue
    
            CloseHandle(flThread)
            Return True
        End Function
    Now you just pass the value returned by LoadLibraryEx to FreeLibraryEx to unload the DLL.

    Enjoy
    Last edited by Hassan; 02-10-2012 at 11:04 AM.

    Quote Originally Posted by Jeremy S. Anderson
    There are only two things to come out of Berkley, Unix and LSD,
    and I donít think this is a coincidence
    You can win the rat race,
    But you're still nothing but a fucking RAT.


    ++Latest Projects++
    [Open Source] Injection Library
    Simple PE Cipher
    FilthyHooker - Simple Hooking Class
    CLR Injector - Inject .NET dlls with ease
    Simple Injection - An in-depth look
    MPGH's .NET SDK
    eJect - Simple Injector
    Basic PE Explorer (BETA)

  2. The Following 27 Users Say Thank You to Jason For This Useful Post:

    ♪~ ᕕ(ᐛ)ᕗ (05-22-2011),*VGT* (09-12-2012),-iFaDy..* (03-25-2012),-MAJ (08-20-2012),Blubb1337 (05-19-2011),Codemunkie (05-19-2011),Colt'45 (09-25-2011),dani-pro2 (03-23-2018),DyftRapid (04-20-2012),hack2learn (05-21-2011),Hassan (05-19-2011),Hell_Demon (05-19-2011),jdslashv2 (07-26-2011),look3006 (08-31-2012),Lyoto Machida (05-19-2011),[MPGH]master131 (05-20-2011),Matreix (05-07-2017),MrDutchTutorial (07-16-2011),Neechan' (09-01-2011),NOOB (05-25-2011),shaggsdope (03-12-2014),Sketchy (05-27-2011),St4rShoot3r (05-22-2015),SuperRussian (06-01-2016),T0P-CENT (05-19-2011),unspeakable (10-04-2012),Void (05-20-2011)

  3. #2
    Blubb1337's Avatar
    Join Date
    Sep 2009
    Gender
    male
    Location
    Germany
    Posts
    5,915
    Reputation
    161
    Thanks
    3,108
    Very good job bro. Finally a tutorial that does not only handle the code but also explains it in-depth(ly?).

    @Chooka



  4. #3
    Jason's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Location
    /dev/null
    Posts
    5,704
    Reputation
    918
    Thanks
    7,676
    My Mood
    Mellow
    Quote Originally Posted by Blubb1337 View Post
    Very good job bro. Finally a tutorial that does not only handle the code but also explains it in-depth(ly?).

    @Chooka
    Thanks babycakes.

    Quote Originally Posted by Jeremy S. Anderson
    There are only two things to come out of Berkley, Unix and LSD,
    and I donít think this is a coincidence
    You can win the rat race,
    But you're still nothing but a fucking RAT.


    ++Latest Projects++
    [Open Source] Injection Library
    Simple PE Cipher
    FilthyHooker - Simple Hooking Class
    CLR Injector - Inject .NET dlls with ease
    Simple Injection - An in-depth look
    MPGH's .NET SDK
    eJect - Simple Injector
    Basic PE Explorer (BETA)

  5. #4
    Nathan's Avatar
    Join Date
    Mar 2011
    Gender
    male
    Location
    In a magical place
    Posts
    6,113
    Reputation
    394
    Thanks
    363
    Looks nice.
    I'll read it when I get back home.

  6. #5
    Lyoto Machida's Avatar
    Join Date
    Jan 2011
    Gender
    male
    Location
    Far away with girls
    Posts
    3,734
    Reputation
    133
    Thanks
    1,621
    My Mood
    Aggressive
    Dude this is very useful!
    Maybe will stop leccherrrrrs!

  7. #6
    Hell_Demon's Avatar
    Join Date
    Mar 2008
    Gender
    male
    Location
    I love causing havoc
    Posts
    3,976
    Reputation
    343
    Thanks
    4,320
    My Mood
    Cheeky
    You still suck dick for doing it in VB <:
    Ah we-a blaze the fyah, make it bun dem!

  8. The Following 6 Users Say Thank You to Hell_Demon For This Useful Post:

    Geometrical (12-22-2012),Jason (05-19-2011),[MPGH]master131 (05-20-2011),megamandos (04-01-2012),t7ancients (01-15-2012),whit (05-19-2011)

  9. #7
    T0P-CENT's Avatar
    Join Date
    Mar 2010
    Gender
    male
    Posts
    88
    Reputation
    14
    Thanks
    17
    My Mood
    Stressed
    After reading it twice still didn't understand the most ... maah i fail

  10. #8
    Hassan's Avatar
    Join Date
    May 2010
    Gender
    male
    Location
    System.Threading.Tasks
    Posts
    4,764
    Reputation
    495
    Thanks
    2,133
    My Mood
    Dead
    Great Job Jason. Finally got some idea of injection shit. Very well explained. Thanks ;]

  11. #9
    cgallagher21's Avatar
    Join Date
    Jun 2010
    Gender
    male
    Posts
    1,627
    Reputation
    11
    Thanks
    325
    My Mood
    Angelic
    Nice Jason/Chooka Nice TuT

  12. #10
    TheBest-1337's Avatar
    Join Date
    Sep 2010
    Gender
    male
    Posts
    35
    Reputation
    15
    Thanks
    38
    My Mood
    Goofy
    Nice job. What is the vbnet forum code? I don't wanna use [code]

  13. #11
    Hassan's Avatar
    Join Date
    May 2010
    Gender
    male
    Location
    System.Threading.Tasks
    Posts
    4,764
    Reputation
    495
    Thanks
    2,133
    My Mood
    Dead
    Quote Originally Posted by TheBest-1337 View Post
    Nice job. What is the vbnet forum code? I don't wanna use [code]
    [highlight=vbnet]code here...[/high light]

    Remove space in "high light"

  14. #12
    Jason's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Location
    /dev/null
    Posts
    5,704
    Reputation
    918
    Thanks
    7,676
    My Mood
    Mellow
    Quote Originally Posted by Hell_Demon View Post
    You still suck dick for doing it in VB <:
    Was going to do the example in C#, but no-one would ever find it there

    Thanks everyone else.

    Quote Originally Posted by Jeremy S. Anderson
    There are only two things to come out of Berkley, Unix and LSD,
    and I donít think this is a coincidence
    You can win the rat race,
    But you're still nothing but a fucking RAT.


    ++Latest Projects++
    [Open Source] Injection Library
    Simple PE Cipher
    FilthyHooker - Simple Hooking Class
    CLR Injector - Inject .NET dlls with ease
    Simple Injection - An in-depth look
    MPGH's .NET SDK
    eJect - Simple Injector
    Basic PE Explorer (BETA)

  15. #13
    Lyoto Machida's Avatar
    Join Date
    Jan 2011
    Gender
    male
    Location
    Far away with girls
    Posts
    3,734
    Reputation
    133
    Thanks
    1,621
    My Mood
    Aggressive
    This must be stickied!

  16. #14
    Stephen's Avatar
    Join Date
    Jun 2009
    Gender
    male
    Location
    Engine.exe
    Posts
    4,689
    Reputation
    184
    Thanks
    1,149
    My Mood
    Aggressive
    Just Wondering, it it x64 compatible?

  17. #15
    Jason's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Location
    /dev/null
    Posts
    5,704
    Reputation
    918
    Thanks
    7,676
    My Mood
    Mellow
    Quote Originally Posted by Stephen View Post
    Just Wondering, it it x64 compatible?
    Read the thread? This needs to be compiled as x86 application. It works on 64 bit computers then. My PC is a x64 and it injects fine as long as the project is compiled as x86.

    Quote Originally Posted by Jeremy S. Anderson
    There are only two things to come out of Berkley, Unix and LSD,
    and I donít think this is a coincidence
    You can win the rat race,
    But you're still nothing but a fucking RAT.


    ++Latest Projects++
    [Open Source] Injection Library
    Simple PE Cipher
    FilthyHooker - Simple Hooking Class
    CLR Injector - Inject .NET dlls with ease
    Simple Injection - An in-depth look
    MPGH's .NET SDK
    eJect - Simple Injector
    Basic PE Explorer (BETA)

Page 1 of 4 123 ... LastLast

Similar Threads

  1. [Release] eJect - Simple Injection.
    By Jason in forum CrossFire Spammers, Injectors and Multi Tools
    Replies: 74
    Last Post: 09-15-2012, 01:52 PM
  2. [Release] Simple Inject
    By HaxPro in forum CrossFire Spammers, Injectors and Multi Tools
    Replies: 7
    Last Post: 06-06-2011, 02:19 PM
  3. [Release] Cf Simple Inject 0,1
    By HaxPro in forum CrossFire Spammers, Injectors and Multi Tools
    Replies: 6
    Last Post: 11-13-2010, 11:44 AM
  4. [SUGGESTIONS] Simple Inject
    By 2vivi in forum Visual Basic Programming
    Replies: 6
    Last Post: 01-24-2010, 02:28 PM
  5. [Release] Simple Inject
    By 2vivi in forum Combat Arms Hacks & Cheats
    Replies: 20
    Last Post: 01-19-2010, 05:08 PM