Qbasicnews.com General General/Misc v
Trying to do win32 process injection, need psapi inports.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
Trying to do win32 process injection, need psapi inports.
1000101 Offline
Senior Member
****
Posts: 451
Threads: 16
Joined: Feb 2003
#1
07-01-2005, 12:31 AM
Any make an import lib for psapi.dll? I need to use it to spy on other processes and see what they are up to. When I made it, half the functions got undefined references.

ps: v1c, freeimage is still broken, the gamma function still doesn't work anymore. What did you do? I used to work in the import I made for it.
Life is like a box of chocolates', hrm, WTF, no it isn't, more like, 'life is like a steaming pile of horse crap.'
Website Find
Reply
DrV Offline
Posting Freak
*****
Posts: 1,439
Threads: 15
Joined: Apr 2003
#2
07-01-2005, 12:48 AM
Did you try using Nek's make.a (available at fbtk.net, iirc)? It dumps the exports from a PE with pexports to a .DEF and then generates the implib with dlltool.
Website Find
Reply
1000101 Offline
Senior Member
****
Posts: 451
Threads: 16
Joined: Feb 2003
#3
07-05-2005, 11:26 AM
Yeah, but I still get FAKE errors :\
Life is like a box of chocolates', hrm, WTF, no it isn't, more like, 'life is like a steaming pile of horse crap.'
Website Find
Reply
ShadowWolf Offline
Senior Member
****
Posts: 336
Threads: 4
Joined: Nov 2004
#4
07-05-2005, 02:03 PM
i tryed to play around with dll injection but didn't get very far.
here what i have anyways.


Code:
option explicit

#include "win\kernel32.bi"
#define PROCESS_CREATE_THREAD &h2
#define PROCESS_QUERY_INFORMATION &h400
#define PROCESS_VM_OPERATION &h8
#define PROCESS_VM_WRITE &h20
#define PROCESS_VM_READ &h10
#define TRUE 1
#define FALSE 0
dim hthread as integer
dim szlibpath as string
dim plibremote as any ptr
dim hlibmodule as integer
dim hkernal32 as integer
dim Hprocess as integer
dim pid as integer
dim anycaster as any ptr
hkernal32 = GetModuleHandle("Kernel32")



input "PID" ; PID


szlibpath = "C:\Freebasic\examples\dll\mydll.dll"
hprocess = OpenProcess(PROCESS_CREATE_THREAD OR PROCESS_QUERY_INFORMATION OR PROCESS_VM_OPERATION OR PROCESS_VM_WRITE OR PROCESS_VM_READ,FALSE, PID)



plibRemote = VirtualAllocEX(hProcess,0,len(szlibpath)+1,&H1000,&H04)
anycaster = Sadd(szlibpath)

WriteProcessMemory(Hprocess,pLibRemote,anycaster,len(szlibpath),0)


hthread = CreateRemoteThread(hprocess,0,0,GetProcAddress(hkernal32,"LoadLibraryA"),pLibRemote,0,0)

WaitForSingleObject(hThread,INFINITE)

GetExitCodeThread(hThread,@hlibModule)

CloseHandle (hThread)
VirtualFreeEx (hprocess,plibRemote,len(szlibpath)+1,&h8000)

anycaster = @hlibModule
hThread = CreateRemoteThread(hProcess,0,0,GetProcAddress(hkernal32,"FreeLibrary"),anycaster,0,0)

WaitForSingleObject(hThread,INFINITE)
closeHandle (hThread)
CloseHandle (hProcess)


i think it's injecting the dll since i some time crash the proc but i can't confirm it.
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)