DLL Injection - Getting started

**xKarma** · 05-31-2012

What is DLL injection?

DLL injection is a powerful technique where we inject a DLL inside another process in order to execute our own code from within that process.

For example, if we injected a DLL with this code...

Code:

MessageBox(NULL, L"Message Text", L"Message Title", MB_OK);

...into notepad, it would make notepad call that code, thus show the messagebox. And this is exactly what we're going to do in this tutorial.

Heed my words...

...DLL injection is anything but a safe method, and not knowing what you're doing could very easily result into a system wide disaster. Therefore it is highly recommended that you have at least a basic understanding of the Windows operating system and the c++ programming language before you continue.

Setup

With that out of the way, we can finally get started! Download our DLL injector here.

You will also need a c++ compiler to create the DLL to inject. I use Microsoft's Visual C++ IDE in this tutorial, but are free to use any compiler you like.

Create a new Win32 project and name it 'InjectDLL'.

For type, select 'DLL' and click 'Finish'.

A new project is created. Tap 'dllmain.cpp' open.

You should now see this piece of code:

Code:

// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                                         )
{
        switch (ul_reason_for_call)
        {
        case DLL_PROCESS_ATTACH:
        case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
                break;
        }
        return TRUE;
}

As you can see, the compiler has generated the DllMain function for you. This is the very function that first gets called by a process when your DLL is injected into it. More precisely, the

Code:

case DLL_PROCESS_ATTACH:

part. So let's write the code for our MessageBox there.

Code:

case DLL_PROCESS_ATTACH:
        MessageBox(NULL, L"Hello from notepad!", L"notepad", MB_OK);

Build the project.

Fire up notepad and the DLL injector. Hit the browse button of 'DLL Path' and find your "InjectDLL.dll". Click OK.

Now we're all set to inject, so click "Inject". This is what should happen:

Notepad shows a MessageBox 'Hello from notepad!'. Notepad's UI is frozen until you click "OK", just like any other application that shows a MessageBox. InjectDLL.dll is added to the injector's list of injected DLLs. From that list you can eject the DLL by selecting it and clicking the "Uninject" button. When you uninject a DLL, the 'case DLL_PROCESS_DETACH:' part of your DLL's code gets called. That's where you do all the required cleanup. In this case, we don't need any.

Conclusion

You now have successfully injected a DLL with your own code into an external process to manipulate it's behavior, forcing the poor notepad to create a MessageBox of your your liking.

But you have just scratched the surface here. Think outside the box. Like I said, with this technique you can wreak unlimited havoc inside a process. When you think about what you can/can't do with DLL injection, think about what you can/can't do with creating a function inside your own program and callintg it. There is no limits. You can, for example, call or intercept the functions that already exist(this is called hooking).

Remember to take great care when you use this technique. Like I said earlier, doing it wrong can cause unexpected, disastrous behavior.

Tutorial from:
UGSoft - Game Hacking Tutorials

**Darkzz12** · 08-15-2012

Ill try It...

**ObeA** · 08-19-2012

Lol.
Idk why but it doesn't work ._.

**Reflex-** · 08-19-2012

Originally Posted by ObeA

Lol.
Idk why but it doesn't work ._.

What did you try doing?

**MarkHC** · 08-19-2012

Originally Posted by ObeA

Lol.
Idk why but it doesn't work ._.

you obviously did something wrong then...

**ObeA** · 08-20-2012

Code:

// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
        MessageBox(NULL, L"Hello from notepad!", L"notepad", MB_OK);
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

== my code.

**PopupsAndRegistrationSuck** · 05-13-2013

Originally Posted by ObeA

Code:

// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
        MessageBox(NULL, L"Hello from notepad!", L"notepad", MB_OK);
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

== my code.

Same, doesn't work for me either:/

**Olevnik** · 07-10-2013

You've got some kind of error guys?
It's probably because you're trying to inject it to 64bit notepad, try injecting it into 32bit application, Notepad++ for example.