Qbasicnews.com

Qbasicnews.com > General > General/Misc > Trying to do win32 process injection, need psapi inports.
Full Version: Trying to do win32 process injection, need psapi inports.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

1000101

07-01-2005, 12:31 AM
Any make an import lib for psapi.dll? I need to use it to spy on other processes and see what they are up to. When I made it, half the functions got undefined references.

ps: v1c, freeimage is still broken, the gamma function still doesn't work anymore. What did you do? I used to work in the import I made for it.

DrV

07-01-2005, 12:48 AM
Did you try using Nek's make.a (available at fbtk.net, iirc)? It dumps the exports from a PE with pexports to a .DEF and then generates the implib with dlltool.

1000101

07-05-2005, 11:26 AM
Yeah, but I still get FAKE errors :\

ShadowWolf

07-05-2005, 02:03 PM
i tryed to play around with dll injection but didn't get very far.
here what i have anyways.


Code:
option explicit

#include "win\kernel32.bi"
#define PROCESS_CREATE_THREAD &h2
#define PROCESS_QUERY_INFORMATION &h400
#define PROCESS_VM_OPERATION &h8
#define PROCESS_VM_WRITE &h20
#define PROCESS_VM_READ &h10
#define TRUE 1
#define FALSE 0
dim hthread as integer
dim szlibpath as string
dim plibremote as any ptr
dim hlibmodule as integer
dim hkernal32 as integer
dim Hprocess as integer
dim pid as integer
dim anycaster as any ptr
hkernal32 = GetModuleHandle("Kernel32")



input "PID" ; PID


szlibpath = "C:\Freebasic\examples\dll\mydll.dll"
hprocess = OpenProcess(PROCESS_CREATE_THREAD OR PROCESS_QUERY_INFORMATION OR PROCESS_VM_OPERATION OR PROCESS_VM_WRITE OR PROCESS_VM_READ,FALSE, PID)



plibRemote = VirtualAllocEX(hProcess,0,len(szlibpath)+1,&H1000,&H04)
anycaster = Sadd(szlibpath)

WriteProcessMemory(Hprocess,pLibRemote,anycaster,len(szlibpath),0)


hthread = CreateRemoteThread(hprocess,0,0,GetProcAddress(hkernal32,"LoadLibraryA"),pLibRemote,0,0)

WaitForSingleObject(hThread,INFINITE)

GetExitCodeThread(hThread,@hlibModule)

CloseHandle (hThread)
VirtualFreeEx (hprocess,plibRemote,len(szlibpath)+1,&h8000)

anycaster = @hlibModule
hThread = CreateRemoteThread(hProcess,0,0,GetProcAddress(hkernal32,"FreeLibrary"),anycaster,0,0)

WaitForSingleObject(hThread,INFINITE)
closeHandle (hThread)
CloseHandle (hProcess)


i think it's injecting the dll since i some time crash the proc but i can't confirm it.
Qbasicnews.com > General > General/Misc > Trying to do win32 process injection, need psapi inports.