I would really appreciate your help in this.
I have been trying to get a Dll injected into a remote process and do a few changes inside it, the problem I'm encountering right now is i don't know how to get this going.
So first, here is my piece of code that I have developed so far:
dllmain.cpp
#include <windows.h>
#include <stdio.h>
BOOL APIENTRY DllMain (HINSTANCE hInst /* Library instance handle. */ ,
DWORD reason /* Reason this function is being called. */ ,
LPVOID reserved /* Not used. */ )
{
switch (reason)
{
case DLL_PROCESS_ATTACH:
MessageBox (0, "From DLL\n", "Process Attach", MB_ICONINFORMATION);
break;
case DLL_PROCESS_DETACH:
MessageBox (0, "From DLL\n", "Process Detach", MB_ICONINFORMATION);
break;
case DLL_THREAD_ATTACH:
MessageBox (0, "From DLL\n", "Thread Attach", MB_ICONINFORMATION);
break;
case DLL_THREAD_DETACH:
MessageBox (0, "From DLL\n", "Thread Detach", MB_ICONINFORMATION);
break;
}
return TRUE;
}
It simply displays a message box depending on the conditions it meets. Now what I would like my Dll to do is, after being injected into the remote process, I would like it to write a memory location and change it's value.
Data type: Unsigned Short Int
Memory location: 0041D090
I hope everything is clear, Thank you for your patience, help is appreciated.
You don't have to write a DLL to change another process's memory at a fixed address. You can use WriteProcessMemory()
.
However... The way to inject a DLL into another process is the following...
Use VirtualAllocEx()
to allocate the length of the file path to the DLL inside the target process's memory... This is like remotely doing a malloc
.
Use WriteProcessMemory()
to copy the file path to the DLL into what was returned from the previous step. This is like remotely doing a strcpy
.
Use CreateRemoteThread()
. You can point it at LoadLibrary()
as the entry point and the file path from steps 1 and 2 as the argument. That's a bit hacky, to be honest, but if you are injecting a DLL you're already being quite hacky. Another technique would be to use steps 1 & 2 to load some machine code into the remote proceess and point it at that.
Keep in mind that this technique is a great way to destabilize the target process. In particular, this isn't something I'd do in a product that ends up getting shipped to others.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.