Member Avatar for PoZHx

Ok i've created basic DLL and DLL Injector/Loader which the DLL calls on a function called CreateRemoteThread inside the target process i was wondering how
to code DLL to read/write to memory

so e.g. lets say my target process is:

int main() 
{ 
    int mytest = 2; 
    
    system("PAUSE"); 
    return EXIT_SUCCESS; 
}

How would i code a DLL to read ''mytest'' variable and display it and also write to it e.g. changing it to lets say 10


Thanks for taking your time reading
Any tips/help would be much appreciated

/PoZ

  • 2 Contributors
  • 5 Replies
  • 791 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by PoZHx
Member Avatar for PoZHx

Read this article

Thanks for reply but didnt quite understand 1/2 of it >.<

I've injected the process with the DLL which works fine...
I would like to read/write variables in the injected process (so il be needing to code the DLL to read/write) any chance you could show me abit of code on how it would be done?

Thanks,
PoZ

Member Avatar for Ancient Dragon

>>any chance you could show me abit of code on how it would be done?

Nope --but possibly the windows debug api might be useful

Member Avatar for PoZHx

>>any chance you could show me abit of code on how it would be done?

Nope --but possibly the windows debug api might be useful

DLL Injector/Loader Code (Coded in C):

#include <windows.h> 
#include <tlhelp32.h> 
#include <shlwapi.h> 
#include <conio.h> 
#include <stdio.h> 

#define WIN32_LEAN_AND_MEAN 
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ) 

BOOL Inject(DWORD pID, const char * DLL_NAME); 
DWORD GetTargetThreadIDFromProcName(const char * ProcName); 

int main(int argc, char * argv[]) 
{ 
   // Retrieve process ID 
   DWORD pID = GetTargetThreadIDFromProcName("notepad.exe"); 
    
   // Get the dll's full path name 
   char buf[MAX_PATH] = {0}; 
   GetFullPathName("Project1.dll", MAX_PATH, buf, NULL); 
   printf(buf); 
   printf("\n"); 
    
   // Inject our main dll 
   if(!Inject(pID, buf)) 
   { 
        printf("DLL Not Loaded!"); 
    }else{ 
        printf("DLL Loaded!"); 
    } 

    _getch(); 
   return 0; 
} 

BOOL Inject(DWORD pID, const char * DLL_NAME) 
{ 
   HANDLE Proc; 
   HMODULE hLib; 
   char buf[50] = {0}; 
   LPVOID RemoteString, LoadLibAddy; 

   if(!pID) 
      return false; 

   Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID); 
   if(!Proc) 
   { 
      sprintf(buf, "OpenProcess() failed: %d", GetLastError()); 
      //MessageBox(NULL, buf, "Loader", MB_OK); 
      printf(buf); 
      return false; 
   } 
    
   LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); 

   // Allocate space in the process for our DLL 
   RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); 

   // Write the string name of our DLL in the memory allocated 
   WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL); 

   // Load our DLL 
   CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL); 

   CloseHandle(Proc); 
   return true; 
} 

DWORD GetTargetThreadIDFromProcName(const char * ProcName) 
{ 
   PROCESSENTRY32 pe; 
   HANDLE thSnapShot; 
   BOOL retval, ProcFound = false; 

   thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 
   if(thSnapShot == INVALID_HANDLE_VALUE) 
   { 
      //MessageBox(NULL, "Error: Unable to create toolhelp snapshot!", "2MLoader", MB_OK); 
      printf("Error: Unable to create toolhelp snapshot!"); 
      return false; 
   } 

   pe.dwSize = sizeof(PROCESSENTRY32); 
    
   retval = Process32First(thSnapShot, &pe); 
   while(retval) 
   { 
      if(StrStrI(pe.szExeFile, ProcName)) 
      { 
         return pe.th32ProcessID; 
      } 
      retval = Process32Next(thSnapShot, &pe); 
   } 
   return 0; 
}

DLL code (Coded in C++): its at home im currently at college >.< il post that later basically what it does it CreateRemoteThread in the process and produces a messagebox saying that remotethread is sucessfull

Going to read that link you send me ^.^ thank you for your help again

/PoZ

Member Avatar for PoZHx

Also read that link you send me Ancient Dragon ... it didn't cover what i was needing (well i don't think) >.< but thanks alot for trying mate

DLL Code:

Dllmain.cpp:

/* Replace "dll.h" with the name of your header */
#include "dll.h"
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>

DWORD WINAPI MyFunction1(LPVOID pData) 
{ 

int temp = 10, *test;

	
	MessageBox(NULL,"Remote Thread was created!", "Successful Injection" ,NULL);


  return 1; 
} 


BOOL APIENTRY DllMain (HINSTANCE hInst     /* Library instance handle. */ ,
                       DWORD reason        /* Reason this function is being called. */ ,
                       LPVOID reserved     /* Not used. */ )
{
switch (reason)
    {
      case DLL_PROCESS_ATTACH:
    
      HANDLE hThread;         // Thread handle 
	  DWORD nThread;        // Thread ID 


      //Try to create a new thread (which will run my function()) 
      if((hThread = CreateThread(NULL, 0, MyFunction1, NULL, 0, &nThread)) != NULL) 
      { 

         // Close handle 
         CloseHandle(hThread); 
      } 
        
	 break;



      case DLL_PROCESS_DETACH:
  MessageBox(NULL,"Project1.dll detached to Process!", "Successful Injection" ,NULL);
        break;

      case DLL_THREAD_ATTACH:
        break;

      case DLL_THREAD_DETACH:
        break;
    }  

    /* Returns TRUE on success, FALSE on failure */
    return TRUE;
}

All these code work fine... just wanting to read/write process memory from injected process so e.g.

DLL Loader: Injector.exe
DLL: Project1.dll
Target: Test.exe

i want the Project1.dll to able to read variables from Test.exe so lets say Test.exe has variable such as int tcode = 10;

i want the DLL to be able to read/write to the variable "tcode".

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.