HELP] How do i load mutliple dlls into textbox [HELP]

[XGelite]

Heres the link to my Module. To add to your project add a new module and post that code in it. Than use InjectMultipleDlls() pass it your processname with out .exe and the paths to all your dll's as a string array.

Code:

https://www.mpgh.net/forum/33-visual-basics/91071-module-dll-injection.html

thanks, but im trying to get it to work with the code i alreayd have. dont feel like changing it all right now.

[wtfiwantthatname]

What OS are you on Vista? If your on vista you probably need to set debug privileges and run as administrator.

Call the function loadPrivilege(SE_Debug_Name)
Module for setting debugPriv

Code:

Module SetDebugPrivileges
    Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, ByRef lpLuid As LUID) As Int32
    Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Int32, ByVal DisableAllPrivileges As Int32, ByRef NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Int32, ByRef PreviousState As TOKEN_PRIVILEGES, ByRef ReturnLength As Int32) As Int32
    Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Int32, ByVal DesiredAccess As Int32, ByRef TokenHandle As Int32) As Int32
    Private Declare Function GetCurrentProcess Lib "kernel32.dll" () As Int32

    Private Const SE_DEBUG_NAME As String = "SeDebugPrivilege"
    Private Const TOKEN_ADJUST_PRIVILEGES As Int32 = &H20
    Private Const TOKEN_QUERY As Int32 = &H8
    Private Const SE_PRIVILEGE_ENABLED As Int32 = &H2


    Private Structure LUID
        Dim LowPart As Int32
        Dim HighPart As Int32
    End Structure

    Private Structure LUID_AND_ATTRIBUTES
        Dim pLuid As LUID
        Dim Attributes As Int32
    End Structure

    Private Structure TOKEN_PRIVILEGES
        Dim PrivilegeCount As Int32
        Dim TheLuid As LUID
        Dim Attributes As Int32
    End Structure


    Public Function LoadPrivilege(ByVal Privilege As String) As Boolean
        On Error GoTo ErrHandler
        Dim ProcHandle As Int32
        Dim htoken As Int32
        Dim tokenPrivileges As TOKEN_PRIVILEGES
        Dim SEDebugNameValue As LUID
        Dim tkpNewButIgnored As TOKEN_PRIVILEGES

        ProcHandle = GetCurrentProcess()
        OpenProcessToken(ProcHandle, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, htoken)
        LookupPrivilegeValue("", Privilege, SEDebugNameValue)
        With tokenPrivileges
            .PrivilegeCount = 1
            .TheLuid = SEDebugNameValue
            .Attributes = SE_PRIVILEGE_ENABLED
        End With
        AdjustTokenPrivileges(htoken, False, tokenPrivileges, Len(tokenPrivileges), tkpNewButIgnored, Nothing)
        Return True
        Exit Function
ErrHandler:
        Return False
    End Function

End Module

[XGelite]

What OS are you on Vista? If your on vista you probably need to set debug privileges and run as administrator.

Call the function loadPrivilege(SE_Debug_Name)
Module for setting debugPriv

Code:

Module SetDebugPrivileges
    Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, ByRef lpLuid As LUID) As Int32
    Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Int32, ByVal DisableAllPrivileges As Int32, ByRef NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Int32, ByRef PreviousState As TOKEN_PRIVILEGES, ByRef ReturnLength As Int32) As Int32
    Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Int32, ByVal DesiredAccess As Int32, ByRef TokenHandle As Int32) As Int32
    Private Declare Function GetCurrentProcess Lib "kernel32.dll" () As Int32

    Private Const SE_DEBUG_NAME As String = "SeDebugPrivilege"
    Private Const TOKEN_ADJUST_PRIVILEGES As Int32 = &H20
    Private Const TOKEN_QUERY As Int32 = &H8
    Private Const SE_PRIVILEGE_ENABLED As Int32 = &H2


    Private Structure LUID
        Dim LowPart As Int32
        Dim HighPart As Int32
    End Structure

    Private Structure LUID_AND_ATTRIBUTES
        Dim pLuid As LUID
        Dim Attributes As Int32
    End Structure

    Private Structure TOKEN_PRIVILEGES
        Dim PrivilegeCount As Int32
        Dim TheLuid As LUID
        Dim Attributes As Int32
    End Structure


    Public Function LoadPrivilege(ByVal Privilege As String) As Boolean
        On Error GoTo ErrHandler
        Dim ProcHandle As Int32
        Dim htoken As Int32
        Dim tokenPrivileges As TOKEN_PRIVILEGES
        Dim SEDebugNameValue As LUID
        Dim tkpNewButIgnored As TOKEN_PRIVILEGES

        ProcHandle = GetCurrentProcess()
        OpenProcessToken(ProcHandle, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, htoken)
        LookupPrivilegeValue("", Privilege, SEDebugNameValue)
        With tokenPrivileges
            .PrivilegeCount = 1
            .TheLuid = SEDebugNameValue
            .Attributes = SE_PRIVILEGE_ENABLED
        End With
        AdjustTokenPrivileges(htoken, False, tokenPrivileges, Len(tokenPrivileges), tkpNewButIgnored, Nothing)
        Return True
        Exit Function
ErrHandler:
        Return False
    End Function

End Module

naw im on windows xp 32bit

[wtfiwantthatname]

Post your code than we cant help you if we cant see whats wrong.

[XGelite]

Post your code than we cant help you if we cant see whats wrong.

Code:

    Private Sub Inject()
        On Error Resume Next
        Timer1.Stop()




        Dim TargetProcess As Process() = Process.GetProcessesByName(TextBox3.Text)
        TargetProcessHandle1 = OpenProcess(PROCESS_CREATE_THREAD Or PROCESS_VM_OPERATION Or PROCESS_VM_WRITE, False, TargetProcess(0).Id)

        pszLibFileRemote2 = OpenFileDialog2.FileName
        pfnStartAddr1 = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
        TargetBufferSize1 = 1 + Len(pszLibFileRemote2)



        Dim Rtn2 As Integer
        Dim Listbox1item As String
        Dim LoadLibParamAdr1 As Integer
        LoadLibParamAdr1 = VirtualAllocEx(TargetProcessHandle1, 0, TargetBufferSize1, MEM_COMMIT, PAGE_READWRITE)

        Listbox1item = ListBox1.SelectedIndex

        Rtn2 = WriteProcessMemory(TargetProcessHandle1, LoadLibParamAdr1, pszLibFileRemote2, TargetBufferSize1, 0)
        CreateRemoteThread(TargetProcessHandle1, 0, 0, pfnStartAddr1, LoadLibParamAdr1, 0, 0)
        CloseHandle(TargetProcessHandle1)

        If CheckBox1.Checked Then Me.Close() Else 


    End Sub

thats the inject function. im trying to turn it into multi dll

[wtfiwantthatname]

Ok first off whats this for?

Code:

pszLibFileRemote2 = OpenFileDialog2.FileName

Use a for loop and declare the things like dllpath and buffer as well as loadlibParam address in the loop. Than call all functions but closehandle. And when the fore loop is done call closehandle to all open handles not just the handle to the process you want to inject to.

[XGelite]

Ok first off whats this for?

Code:

pszLibFileRemote2 = OpenFileDialog2.FileName

it loads the OpenFileDialog2 file stored in the listbox

[wtfiwantthatname]

Why not just use the listbox for that. Listbox1.items.item(i) ? Is your openfiledialog declared globaly?

[XGelite]

Why not just use the listbox for that. Listbox1.items.item(i) ? Is your openfiledialog declared globaly?

yeah it is declared globally. because when i do Listbox1.items.item() it doesnt inject, thats why.

[wtfiwantthatname]

try using listbox1.items.item(i).text. And your going to need a loop for all items in the list box. And for each one you will need to do everything after openprocess to before closehandle(prochandle). Like

Code:

 for i = 0 to listbox1.items.count -1 
dim pszLibFileremote2 as string
pszLibFileRemote2 = listbox1.items.item(i).text
 TargetBufferSize1 = 1 + Len(pszLibFileRemote2)



        Dim Rtn2 As Integer
        Dim Listbox1item As String
        Dim LoadLibParamAdr1 As Integer
        LoadLibParamAdr1 = VirtualAllocEx(TargetProcessHandle1, 0, TargetBufferSize1, MEM_COMMIT, PAGE_READWRITE)


        Rtn2 = WriteProcessMemory(TargetProcessHandle1, LoadLibParamAdr1, pszLibFileRemote2, TargetBufferSize1, 0)
        CreateRemoteThread(TargetProcessHandle1, 0, 0, GetProcAddress(GetModuleHandle("Kernel32.dll"), "LoadLibraryA"), LoadLibParamAdr1, 0, 0)
next  i
closehandle(targetprocesshandle1)

[XGelite]

try using listbox1.items.item(i).text. And your going to need a loop for all items in the list box. And for each one you will need to do everything after openprocess to before closehandle(prochandle). Like

Code:

 for i = 0 to listbox1.items.count -1 
dim pszLibFileremote2 as string
pszLibFileRemote2 = listbox1.items.item(i).text
 TargetBufferSize1 = 1 + Len(pszLibFileRemote2)



        Dim Rtn2 As Integer
        Dim Listbox1item As String
        Dim LoadLibParamAdr1 As Integer
        LoadLibParamAdr1 = VirtualAllocEx(TargetProcessHandle1, 0, TargetBufferSize1, MEM_COMMIT, PAGE_READWRITE)


        Rtn2 = WriteProcessMemory(TargetProcessHandle1, LoadLibParamAdr1, pszLibFileRemote2, TargetBufferSize1, 0)
        CreateRemoteThread(TargetProcessHandle1, 0, 0, GetProcAddress(GetModuleHandle("Kernel32.dll"), "LoadLibraryA"), LoadLibParamAdr1, 0, 0)
next  i
closehandle(targetprocesshandle1)

hmm...i think it works..

[wtfiwantthatname]

If you need anything else just IM me on aim xen248.

[XGelite]

If you need anything else just IM me on aim xen248.

k thanks a lot

well...i just discovered that the file doesnt inject with that code..hmm..

[Pixie]

k thanks a lot

well...i just discovered that the file doesnt inject with that code..hmm..

Next time, don't double post

[wtfiwantthatname]

PM me your all of your code. And ill take a look.