.:: Bots United ::. - View Single Post - CreateRemoteThread

Lazy · *Last edited by Lazy; 18-09-2004 at 21:36..*

Note: This has nothing to do with Half-Life at all.
BUGBUGBUG: Code sections are not accepting newlines? All my code appeared on a single line.

For some reason using CreateRemoteThread to inject a dll into a remote process causes it to either not load or behave strangely.

Notepad: Dll injected, DllMain Callled and exits after DllMain returns
Solitaire: Dll injected, DllMain Called, loads but about menu doesn't work aswell as the options menu refreshes the deck instead.

This is really strange, does anyone have an idea as to why this is happening?

HMODULE RemoteLoadModule( HANDLE hProcess, LPSTR lpModulepath ) {
HANDLE hThread = INVALID_HANDLE_VALUE;
DWORD dwLoadLibraryA = 0;
LPVOID lpMemory = NULL;
DWORD dwResult = 0;
DWORD dwBytes = 0;
int nPathlen = 0;

nPathlen = strlen( lpModulepath );

lpMemory = VirtualAllocEx( hProcess, 0, nPathlen, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
dwLoadLibraryA = ( DWORD ) GetProcAddress( GetModuleHandle( "kernel32.dll" ), "LoadLibraryA" );

if ( lpMemory ) {
if ( WriteProcessMemory( hProcess, lpMemory, lpModulepath, nPathlen, &dwBytes ) ) {
hThread = CreateRemoteThread( hProcess, NULL, 0, ( LPTHREAD_START_ROUTINE ) dwLoadLibraryA, lpMemory, 0, NULL );

if ( hThread != INVALID_HANDLE_VALUE ) {
WaitForSingleObject( hThread, INFINITE );
GetExitCodeThread( hThread, &dwResult );

CloseHandle( hThread );
}
}

VirtualFreeEx( hProcess, lpMemory, nPathlen, MEM_RELEASE );
}

return ( HMODULE ) dwResult;
}

BOOL CreateWithInject( LPCTSTR lpApplicationpath, LPCTSTR lpCurrentdirectory, LPTSTR lpCommandline, LPCTSTR lpInjectmodulepath, HMODULE* pRemoteModule ) {
PROCESS_INFORMATION procInfo;
STARTUPINFO startupInfo;
HMODULE hRemote = NULL;
DWORD dwEntrypoint = 0;
BOOL bResult = FALSE;

ZeroMemory( &procInfo, sizeof( PROCESS_INFORMATION ) );
ZeroMemory( &startupInfo, sizeof( STARTUPINFO ) );

if ( CreateProcess( lpApplicationpath, lpCommandline, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, lpCurrentdirectory, &startupInfo, &procInfo ) ) {
hRemote = RemoteLoadModule( procInfo.hProcess, lpInjectmodulepath );

if ( hRemote != NULL )
bResult = TRUE;

// TODO:
// The function exists, free the remote ya lazy bastard

ResumeThread( procInfo.hThread );
WaitForSingleObject( procInfo.hThread, INFINITE );

CloseHandle( procInfo.hProcess );
CloseHandle( procInfo.hThread );
}

return bResult;
}

	(#1)
Lazy Member Status: Offline Posts: 236 Join Date: Jan 2004 Location: Toronto, Ontario, Canada	CreateRemoteThread - Strange behaviour - 18-09-2004 Note: This has nothing to do with Half-Life at all. BUGBUGBUG: Code sections are not accepting newlines? All my code appeared on a single line. For some reason using CreateRemoteThread to inject a dll into a remote process causes it to either not load or behave strangely. Notepad: Dll injected, DllMain Callled and exits after DllMain returns Solitaire: Dll injected, DllMain Called, loads but about menu doesn't work aswell as the options menu refreshes the deck instead. This is really strange, does anyone have an idea as to why this is happening? HMODULE RemoteLoadModule( HANDLE hProcess, LPSTR lpModulepath ) { HANDLE hThread = INVALID_HANDLE_VALUE; DWORD dwLoadLibraryA = 0; LPVOID lpMemory = NULL; DWORD dwResult = 0; DWORD dwBytes = 0; int nPathlen = 0; nPathlen = strlen( lpModulepath ); lpMemory = VirtualAllocEx( hProcess, 0, nPathlen, MEM_COMMIT, PAGE_EXECUTE_READWRITE ); dwLoadLibraryA = ( DWORD ) GetProcAddress( GetModuleHandle( "kernel32.dll" ), "LoadLibraryA" ); if ( lpMemory ) { if ( WriteProcessMemory( hProcess, lpMemory, lpModulepath, nPathlen, &dwBytes ) ) { hThread = CreateRemoteThread( hProcess, NULL, 0, ( LPTHREAD_START_ROUTINE ) dwLoadLibraryA, lpMemory, 0, NULL ); if ( hThread != INVALID_HANDLE_VALUE ) { WaitForSingleObject( hThread, INFINITE ); GetExitCodeThread( hThread, &dwResult ); CloseHandle( hThread ); } } VirtualFreeEx( hProcess, lpMemory, nPathlen, MEM_RELEASE ); } return ( HMODULE ) dwResult; } BOOL CreateWithInject( LPCTSTR lpApplicationpath, LPCTSTR lpCurrentdirectory, LPTSTR lpCommandline, LPCTSTR lpInjectmodulepath, HMODULE* pRemoteModule ) { PROCESS_INFORMATION procInfo; STARTUPINFO startupInfo; HMODULE hRemote = NULL; DWORD dwEntrypoint = 0; BOOL bResult = FALSE; ZeroMemory( &procInfo, sizeof( PROCESS_INFORMATION ) ); ZeroMemory( &startupInfo, sizeof( STARTUPINFO ) ); if ( CreateProcess( lpApplicationpath, lpCommandline, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, lpCurrentdirectory, &startupInfo, &procInfo ) ) { hRemote = RemoteLoadModule( procInfo.hProcess, lpInjectmodulepath ); if ( hRemote != NULL ) bResult = TRUE; // TODO: // The function exists, free the remote ya lazy bastard ResumeThread( procInfo.hThread ); WaitForSingleObject( procInfo.hThread, INFINITE ); CloseHandle( procInfo.hProcess ); CloseHandle( procInfo.hThread ); } return bResult; } Last edited by Lazy; 18-09-2004 at 21:36..