ROFL made a woeful mistake in there, closed a completely irrelevant handle. Glad noone spotted it
oh boy... to bad my english are not so good to understand much of those words... but i'd thanks very much for Chooka/Jason... my motivations up...
ROFL made a woeful mistake in there, closed a completely irrelevant handle. Glad noone spotted it
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
ummmmmmmm what ? i dont under stand this at all >.<
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
megamandos (04-01-2012)
Edit:
I am a tool, Jason is better than me in everything including arts & crafts and the guitar. I have no friends.
Last edited by Void; 05-30-2011 at 10:20 AM.
Jason (05-30-2011),megamandos (04-01-2012)
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
megamandos (04-01-2012)
Jason can you say the steps like this:?
FindWindow()
OpenProcess()
...
WriteProcessMemory()
CloseHandle()
...
?
Im going to make it in C++
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
I was about to ask that question but I found my answer thank you,
I also had a read of the thread I really like how you actually explained everything in detail
I still get confused on stuff like:
"ByVal flProtect As Integer"
From
Code:Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Integer, ByVal lpAddress As Integer, ByVal dwSize As Integer, ByVal flAllocationType As Integer, ByVal flProtect As Integer) As Integer
What does "flProtect" actually do?
Reason why I ask about this is because if I had to code example a injector like this I wouldn't know wat that means yet to even put it in
Cheers Jazza (:
Last edited by Jàzzà_; 06-01-2011 at 05:25 PM. Reason: Code font size
Minion doesn't make me your little bitch you know.
@Jàzzà_ flProtect specifies the protection on the committed region of memory allocated by VirtualAllocEx. We need Read/Write access to the memory so we specify 0x04 (&H4)
For more info see the VirtualAllocEx MSDN page:
https://msdn.microsof*****m/en-us/libr...=vs.85%29.aspx
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
Temp stickied 'cos I'm a vain bastard.
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
willrulz188 (06-25-2011)
In reading this, your putting a Byte array into the process to call LoadLibrary with.. Thats not gonna work
I just like programming, that is all.
Current Stuff:
- GPU Programmer (Cuda)
- Client/Server (Cloud Server)
- Mobile App Development
Sigh, please read the tutorial. Strings are NOT stored as alphanumerics in memory, everything is written into bytes (bits if you go even further down, obviously, but writeprocessmemory just writes chunks of bytes) so to write directly to process memory you don't just say: "Put this string into memory", you convert the string to it's byte representation and then write it into allocated memory.
CreateRemoteThread calls a specified function and is capable of providing a single parameter to the called function, this works nicely with LoadLibrary seeing as LoadLibrary only accepts a single parameter anyway so we don't need to get messy working with stubs and shit. The parameter is a string, you point the CreateRemoteThread param to wherever you wrote your string to memory and LoadLibrary will re-interpret the bytes as a string. To understand this you've got to understand how variables work. They are stored in memory.
All this is doing it writing you DLL location to the processes memory, then calling LoadLibrary and telling it what file to be loading (by pointing it where you just wrote your DLL's location)
If you don't understand that, I dunno how else to explain it.
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)