Results 1 to 3 of 3

Threaded View

  1. 08-15-2012 #1
    PHREAK76
    PHREAK76 is offline
    Member
    PHREAK76's Avatar
    Join Date
    Aug 2012
    Gender
    male
    Posts
    2
    Reputation
    10
    Thanks
    0
    Send a message via Birdie™ to PHREAK76 United Kingdom

    FASM DLL Injector

    Hope this part of the forum isn't dead as I only just joined, hopefully this thread can revive it a bit .
    I've included code for a dll injector I've written using Flat Assembler, hopefully it's useful to someone. You can get fasm here fasm.
    (You will need to make a bitmap file called LOGO.BMP located inside the same folder as the asm when assembling, my dimensions were 341x68, alternatively you can modify the resource section)



    Here's the injector code:

    Code:
    format PE GUI 4.0

include 'win32a.inc'

entry start

logo_main = 2001
IDB_LOGO = 2000
IDD_MAIN = 1000
IDE_FILE = 101
IDB_OPEN = 102
IDB_INJECT = 103
IDB_REFRESH = 104
IDL_PROCLIST = 105

struct PROCESSENTRY32
  dwSize dd ?
  cntUsage dd ?
  th32ProcessID dd ?
  th32DefaultHeapID dd ?
  th32ModuleID dd ?
  cntThreads dd ?
  th32ParentProcessID dd ?
  pcPriClassBase dd ?
  dwFlags dd ?
  szExeFile rb 1000h
ends

section '.idata' import data readable

	library kernel,'KERNEL32.DLL',\
		user,'USER32.DLL',\
		comdlg,'COMDLG32.DLL'

	import	kernel,\
		ExitProcess,'ExitProcess',\
		GetModuleHandle,'GetModuleHandleA',\
		CreateToolhelp32Snapshot,'CreateToolhelp32Snapshot',\
		Process32First,'Process32First',\
		Process32Next,'Process32Next',\
		OpenProcess,'OpenProcess',\
		WriteProcessMemory,'WriteProcessMemory',\
		VirtualAllocEx,'VirtualAllocEx',\
		CreateRemoteThread,'CreateRemoteThread',\
		GetProcAddress,'GetProcAddress',\
		GetLastError,'GetLastError',\
		FormatMessage,'FormatMessageA',\
		Module32First,'Module32First',\
		Module32Next,'Module32Next'


	import	user,\
		MessageBox,'MessageBoxA',\
		DialogBoxParam,'DialogBoxParamA',\
		EndDialog,'EndDialog',\
		SetDlgItemText,'SetDlgItemTextA',\
		GetDlgItem,'GetDlgItem',\
		SendMessage,'SendMessageA',\
		GetDlgItemText,'GetDlgItemTextA',\
		LoadBitmap,'LoadBitmapA',\
		SendDlgItemMessage,'SendDlgItemMessageA'

	import	comdlg,\
		GetOpenFileName,'GetOpenFileNameA'




section '.rsrc' resource data readable

	directory RT_DIALOG,dialogs,\
		  RT_BITMAP,bitmaps

	resource dialogs,\
	   IDD_MAIN,LANG_ENGLISH+SUBLANG_DEFAULT,DLLINJECTORDIALOG

	  resource bitmaps,\
	   logo_main,LANG_NEUTRAL,LOGO

	dialog DLLINJECTORDIALOG,'DLL Injector',0,0,248,197,WS_CAPTION+WS_VISIBLE+WS_SYSMENU+WS_MINIMIZEBOX+DS_CENTER
	       dialogitem 'EDIT','',IDE_FILE,21,66,157,14,WS_VISIBLE+WS_BORDER+ES_READONLY+ES_AUTOHSCROLL
	       dialogitem 'BUTTON','Browse',IDB_OPEN,185,66,43,14,WS_VISIBLE
	       dialogitem 'LISTBOX','',IDL_PROCLIST,19,96,208,66,WS_VISIBLE+WS_VSCROLL+WS_BORDER
	       dialogitem 'BUTTON','Injector',-1,11,49,227,142,WS_VISIBLE+BS_GROUPBOX
	       dialogitem 'BUTTON','Inject',IDB_INJECT,97,166,50,14,WS_VISIBLE
	       dialogitem 'BUTTON','Refresh',IDB_REFRESH,180,166,47,14,WS_VISIBLE
	       dialogitem 'STATIC','',IDB_LOGO,11,7,227,42,WS_VISIBLE+SS_BITMAP
	enddialog

	bitmap LOGO,'LOGO.BMP'




section '.text' code readable writeable executable

start:

	mov	[pe32.dwSize],sizeof.PROCESSENTRY32
	invoke	CreateToolhelp32Snapshot,dword 2,0
	mov	[hlpsnap],eax

	invoke	GetModuleHandle,0

	mov	[hInstance],eax
	mov	[ofn.lStructSize], sizeof.OPENFILENAME
	mov	[ofn.hInstance],eax
	mov	[ofn.nMaxFile],1000h
	mov	[ofn.lpstrFile],path_buffer
	mov	[ofn.lpstrFilter],openfilter

	invoke	DialogBoxParam,eax,IDD_MAIN,NULL,MainDialogProc,0
	invoke	ExitProcess,0



proc	EnumProcesses snapshotpe,listbox

local currlbindex:DWORD

	mov	[currlbindex],0
	invoke	SendMessage,[listbox],LB_RESETCONTENT,0,0
	invoke	Process32First,[snapshotpe],pe32
	invoke	OpenProcess,PROCESS_ALL_ACCESS,FALSE,[pe32.th32ProcessID]
	test	eax,eax
	jnz	 .processnap
	.processnext:
	invoke	Process32Next,[snapshotpe],pe32
	test	eax,eax
	jz	endenum
	;invoke  OpenProcess,PROCESS_ALL_ACCESS,FALSE,[pe32.th32ProcessID]
	;test    eax,eax                                                     ;will only work for top level
	;jz      .processnext
	.processnap:
	invoke	SendMessage,[listbox],LB_ADDSTRING,0,pe32.szExeFile
	invoke	SendMessage,[listbox],LB_SETITEMDATA,[currlbindex],[pe32.th32ProcessID]
	inc	[currlbindex]
	jmp	.processnext

endenum:
ret

endp





proc	MainDialogProc hwnd,msg,wparam,lparam
	push	ebx esi edi
	cmp	[msg],WM_INITDIALOG
	je	.init
	cmp	[msg],WM_COMMAND
	je	.wmcommand
	cmp	[msg],WM_CLOSE
	je	.close
	xor	eax,eax
	jmp	.finish

  .init:
	push	[hwnd]
	pop	[ofn.hwndOwner]
	invoke	LoadBitmap,[hInstance],logo_main
	invoke	SendDlgItemMessage,[hwnd],IDB_LOGO,STM_SETIMAGE,IMAGE_BITMAP,eax
	invoke	GetDlgItem,[hwnd],IDL_PROCLIST
	stdcall EnumProcesses,[hlpsnap],eax
	jmp .processed

  .wmcommand:
	mov	eax,[wparam]
	and	eax,0FFFFh
	cmp	eax,IDB_OPEN
	je	.open
	cmp	eax,IDB_INJECT
	je	.inject
	cmp	eax,IDB_REFRESH
	je	.refresh
	jmp	.processed

  .open:
	invoke	GetOpenFileName,ofn
	test	eax,eax
	jz	.processed
	invoke	SetDlgItemText,[hwnd],IDE_FILE,path_buffer
	jmp	.processed

  .inject:
	invoke	GetDlgItemText,[hwnd],IDE_FILE,path_buffer,1000h
	test	eax,eax
	jz	.nofilename
	mov	[path_length],eax
	invoke	GetDlgItem,[hwnd],IDL_PROCLIST
	mov	[proclisthwnd],eax
	invoke	SendMessage,eax,LB_GETCURSEL,0,0
	invoke	SendMessage,[proclisthwnd],LB_GETITEMDATA,eax,0

	stdcall InjectDLL,eax,path_buffer,[path_length],[hwnd]
	jmp	.processed


  .refresh:
	invoke	CreateToolhelp32Snapshot,dword 2,0
	mov	[hlpsnap],eax
	invoke	GetDlgItem,[hwnd],IDL_PROCLIST
	stdcall EnumProcesses,[hlpsnap],eax
	jmp	.processed

  .nofilename:
	invoke	MessageBox,[hwnd],_nofile,_error,MB_ICONERROR
	jmp	.processed



  .close:
	invoke	EndDialog,[hwnd],0
	jmp	.processed

  .processed:
  mov	eax,TRUE
  .finish:
 pop	edi esi ebx
 ret

endp



proc InjectDLL procid,dllpath,ledllpath,hwnd

local	ProcAddress:DWORD,Alloc:DWORD

	invoke	GetModuleHandle,kernel32dll
	invoke	GetProcAddress,eax,LoadLibFunc
	mov	[ProcAddress],eax
	invoke	OpenProcess,PROCESS_ALL_ACCESS,FALSE,[procid]
	mov	[procid],eax
	invoke	VirtualAllocEx,eax,0,[ledllpath],MEM_RESERVE+MEM_COMMIT,PAGE_EXECUTE_READWRITE
	test	eax,eax
	jz	.error
	mov	[Alloc],eax
	invoke	WriteProcessMemory,[procid],eax,[dllpath],[ledllpath],0
	test	eax,eax
	jz	.error
	invoke	CreateRemoteThread,[procid],0,0,[ProcAddress],[Alloc],0,threadId
	test	eax,eax
	jz	.error
	invoke	MessageBox,0,_dllsuccess,_dlloadtitle,0
	jmp	.endofproc
.error:
	invoke GetLastError,0
	invoke FormatMessage,FORMAT_MESSAGE_FROM_SYSTEM+FORMAT_MESSAGE_ALLOCATE_BUFFER,0,eax,0,error_buffer,0,0
	invoke MessageBox,[hwnd],[error_buffer],_error,MB_OK+MB_ICONERROR

.endofproc:
ret

endp



;section '.data' data readable writeable
kernel32dll TCHAR 'KERNEL32.DLL',0
LoadLibFunc TCHAR 'LoadLibraryA',0
_nofile TCHAR 'No dll to inject',0
_error	TCHAR 'ERROR',0
_dllsuccess TCHAR 'DLL LOADED',0
_dlloadtitle TCHAR 'Successfully loaded',0
openfilter db 'DLL FILES',0,'*.dll',0
	   db 0
error_buffer dd ?
threadId     dd ?


proclisthwnd dd ?
hInstance   dd ?
hlpsnap     dd ?
hlsnapme    dd ?
path_length dd ?
exe_length  dd ?
path_buffer rb 1000h
ofn OPENFILENAME
pe32 PROCESSENTRY32
    Attached Thumbnails Attached Thumbnails
    dllinject.png  

    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. .dll injector
    By EleMentX in forum Gunz General
    Replies: 31
    Last Post: 07-08-2010, 10:44 AM
  2. ~ DLL Injector Source Code ~
    By Silk[H4x] in forum Visual Basic Programming
    Replies: 32
    Last Post: 12-16-2009, 11:18 PM
  3. How to create a DLL Injector in VB6 ?
    By SteeL in forum Visual Basic Programming
    Replies: 1
    Last Post: 12-12-2008, 05:03 PM
  4. Need a .dll Injector
    By ItsMeBrad in forum Suggestions, Requests & General Help
    Replies: 0
    Last Post: 08-27-2008, 06:14 PM
  5. dll injector
    By ZeaS in forum Visual Basic Programming
    Replies: 18
    Last Post: 10-03-2007, 07:05 AM