.net - Injecting c++ dll into an exe using c# -

-

why c# code didn't inject dll exe program show me message box "injected!" ? .dll self coded c++ , , exe coded c++ , i'm trying inject c# code, how not working ? injector method

[dllimport("kernel32")] public static extern intptr createremotethread(   intptr hprocess,   intptr lpthreadattributes,   uint dwstacksize,   uintptr lpstartaddress, // raw pointer remote process   intptr lpparameter,   uint dwcreationflags,   out intptr lpthreadid );  [dllimport("kernel32.dll")] public static extern intptr openprocess(     uint32 dwdesiredaccess,     int32 binherithandle,     int32 dwprocessid     );  [dllimport("kernel32.dll")] public static extern int32 closehandle( intptr hobject );  [dllimport("kernel32.dll", setlasterror = true, exactspelling = true)] static extern bool virtualfreeex(     intptr hprocess,     intptr lpaddress,     uintptr dwsize,     uint dwfreetype     );  [dllimport("kernel32.dll", charset = charset.ansi, exactspelling = true)] public static extern uintptr getprocaddress(     intptr hmodule,     string procname     );  [dllimport("kernel32.dll", setlasterror = true, exactspelling = true)] static extern intptr virtualallocex(     intptr hprocess,     intptr lpaddress,     uint dwsize,     uint flallocationtype,     uint flprotect     );  [dllimport("kernel32.dll")] static extern bool writeprocessmemory(     intptr hprocess,     intptr lpbaseaddress,     string lpbuffer,     uintptr nsize,     out intptr lpnumberofbyteswritten );  [dllimport("kernel32.dll", charset = charset.auto)] public static extern intptr getmodulehandle(     string lpmodulename     );  [dllimport("kernel32", setlasterror = true, exactspelling = true)] internal static extern int32 waitforsingleobject(     intptr handle,     int32 milliseconds     );  public int32 getprocessid(string proc) {     process[] proclist;     proclist = process.getprocessesbyname(proc);     return proclist[0].id; }  public void injectdll(intptr hprocess, string strdllname) {     intptr bytesout;      // length of string containing dll file name +1 byte padding     int32 lenwrite = strdllname.length + 1;     // allocate memory within virtual address space of target process     intptr allocmem = (intptr)virtualallocex(hprocess, (intptr)null, (uint)lenwrite, 0x1000, 0x40); //allocation pour writeprocessmemory      // write dll file name allocated memory in target process     writeprocessmemory(hprocess, allocmem, strdllname, (uintptr)lenwrite, out bytesout);     // function pointer "injector"     uintptr injector = (uintptr)getprocaddress(getmodulehandle("kernel32.dll"), "loadlibrarya");      if (injector == null)     {         messagebox.show(" injector error! \n ");         // return failed         return;     }      // create thread in target process, , store handle in hthread     intptr hthread = (intptr)createremotethread(hprocess, (intptr)null, 0, injector, allocmem, 0, out bytesout);     // make sure thread handle valid     if (hthread == null)     {         //incorrect thread handle ... return failed         messagebox.show(" hthread [ 1 ] error! \n ");         return;     }     // time-out 10 seconds...     int result = waitforsingleobject(hthread, 10 * 1000);     // check whether thread timed out...     if (result == 0x00000080l || result == 0x00000102l || result == 0xffffffff)     {         /* thread timed out... */         messagebox.show(" hthread [ 2 ] error! \n ");         // make sure thread handle valid before closing... prevents crashes.         if (hthread != null)         {             //close thread in target process             closehandle(hthread);         }         return;     }     // sleep thread 1 second     thread.sleep(1000);     // clear allocated space ( allocmem )     virtualfreeex(hprocess, allocmem, (uintptr)0, 0x8000);     // make sure thread handle valid before closing... prevents crashes.     if (hthread != null)     {         //close thread in target process         closehandle(hthread);     }     // return succeeded     return; }

and try running program , inject dll

private void metrobutton2_click(object sender, eventargs e) {     string strdllname = @"spd.dll";     string strprocessname = "app";     system.diagnostics.process.start("app.exe", "!#@$$$!");                                        int32 procid = getprocessid(strprocessname);     if (procid >= 0)     {         intptr hprocess = (intptr)openprocess(0x1f0fff, 1, procid);         if (hprocess == null)         {             messagebox.show("openprocess() failed!");             return;         }         else         {             injectdll(hprocess, strdllname);             messagebox.show("injected!");           }      }  }

it show me output : "injected!" on .exe .dll not injected should ? giving more thread.sleep before inject / after running .exe ? appreciated!

take note c++'snull(0) not same c#'s null. equivalent looking intptr.zero.

take getprocaddress function example :

return value

if function succeeds, return value address of exported function or variable.

if function fails, return value null. extended error information, call getlasterror.

source: https://msdn.microsoft.com/en-us/library/windows/desktop/ms683212(v=vs.85).aspx

this null here c++ macro defined :

#define null 0

null not equal intptr.zero, (intptr)null equal intptr.zero.


Comments

Post a Comment

Popular posts from this blog

Django REST Framework perform_create: You cannot call `.save()` after accessing `serializer.data` -

-
i have following viewset: class artistprofileviewset(viewsets.modelviewset): queryset = artistprofile.objects.all() serializer_class = artistprofileserializer def perform_create(self, serializer): if serializer.is_valid(): serializer.save() with following serializers: class simpleartisttrackserializer(serializers.hyperlinkedmodelserializer): class meta: model = artisttrack fields = (...my fields...) class artistprofileserializer(serializers.hyperlinkedmodelserializer): owners = userserializer(many=true, required=false) tracks = simpleartisttrackserializer(many=true, required=false) class meta: model = artistprofile fields = (...my fields...) i getting following error: assertionerror: cannot call `.save()` after accessing `serializer.data`.if need access data before committing database inspect 'serializer.validated_data' instead. i don't see editing serializer.data object. th...
Read more

Why does Go error when trying to marshal this JSON? -

-
i'm trying rather simple example of trying decode json file structs using golang. however, when attempting error that json: cannot unmarshal object go value of type []main.track which don't understand. here's code in question, , json can found here . package main import ( "encoding/json" "fmt" "net/http" "os" ) // tracks group of track types type tracks struct { tracks []track } // track represents singular track type track struct { name string url string artist artist } // artist represents single artist type artist struct { name string mbid string url string } func main() { url := "http://ws.audioscrobbler.com/2.0/?method=geo.gettoptracks&api_key=c1572082105bd40d247836b5c1819623&format=json&country=netherlands" response, err := http.get(url) if err != nil { fmt.printf("%s\n", err) os.exit(1) } de...
Read more