[QUESTION] Code injection

A while back I made a dll injector
Yesterday I opened this project again to see if I could improve it with things I have learnt the past 6 months

Looking at my code (and testing it) 2 questions came up:

1. Can I use commands other than: LoadLibrary and FreeLibrary ?
If I can, can someone provide me with an working example, I have not been able to call any other functions than the before mentioned (I tried some api's from user32.dll to, but those didn't work either)

I have seen a few examples of people that have been able to do it
The only problem is that the code was written in: C, and since FARPROC is defined differently in C++ I can't reproduce/test the code to learn from it
(also I can't find the page where the code is anymore, the only thing I know is that it came from: governmentsecurity.org)

2. Why can't I start a remote process in notepad??
While I was testing my improved injector I wasn't able to load a DLL inside notepad.exe, CreateRemoteThread returned 5 (access denied)
I was running in administrator mode so how can my access be denied?

-SCHiM

the format of functions you can call with CreateRemoteThread have to be 'int (_stdcall *)(int)' I believe.

Starting a remote thread in notepad works fine for me :S

If you want to get really advanced, have a look at 'Manual Mapping', it's a method of loading Dll's without calling LoadLibrary(thus bypassing some basic anticheats).
It's done by writing the entire Dll into the target aplication, then fixing up the RVA and starting it.

Originally Posted by Hell_Demon

Thank you, finnaly got an answer...

EDIT:
Do you have any links to tutorials about Manual Mapping, I can't seem to find any tutorials on google...

[QUESTION] Code injection

Post a Reply

Similar Threads

Tags for this Thread