PyroStrex: DLL Injection in PureBasic

API Injection will never going to be fun without the way on how to insert it in a DLL and then inject the DLL into the process you wanna try. So, here is an example of code which you can use it to inject your DLL in PureBasic. It's fun! You should try it out!.

Only the injection method:

Procedure.i InjectLibrary(ProcessID.l, DLLPath.s)
  Define ProcessHandle.l
  Define StartAddress.l
  Define BufferSize.i
  Define ParamAddress.l
  Define ThreadHandle.l
  
  ProcessHandle = OpenProcess_(#PROCESS_ALL_ACCESS,#False,processID)
  
  If ProcessHandle = 0
    ProcedureReturn -1
  EndIf
  
  StartAddress = GetProcAddress_(GetModuleHandle_("kernel32.dll"), "LoadLibraryA")
  
  If StartAddress = 0
    ProcedureReturn -1
  EndIf
  
  BufferSize = Len(DLLPath) + 1
  
  ParamAddress = VirtualAllocEx_(ProcessHandle, 0, BufferSize, #MEM_COMMIT, #PAGE_READWRITE)
  
  If ParamAddress = 0
    ProcedureReturn -1
  EndIf
  
  If Not WriteProcessMemory_(ProcessHandle, ParamAddress, DLLPath, BufferSize, 0)
    ProcedureReturn -1
  EndIf
  
  ThreadHandle = CreateRemoteThread_(ProcessHandle, 0, 0, StartAddress, ParamAddress, 0, 0)
  
  WaitForSingleObject_(ThreadHandle, #INFINITE)
  
  If ParamAddress <> 0
    VirtualFreeEx_(ProcessHandle, ParamAddress, 0, #MEM_RELEASE)
  Else
    ProcedureReturn -1
  EndIf
  
  CloseHandle_(ProcessHandle)
  
  ProcedureReturn 0
EndProcedure

Complete with Example:
injector.pb

Procedure.i InjectLibrary(ProcessID.l, DLLPath.s)
  Define ProcessHandle.l
  Define StartAddress.l
  Define BufferSize.i
  Define ParamAddress.l
  Define ThreadHandle.l
  
  ProcessHandle = OpenProcess_(#PROCESS_ALL_ACCESS,#False,processID)
  
  If ProcessHandle = 0
    ProcedureReturn -1
  EndIf
  
  StartAddress = GetProcAddress_(GetModuleHandle_("kernel32.dll"), "LoadLibraryA")
  
  If StartAddress = 0
    ProcedureReturn -1
  EndIf
  
  BufferSize = Len(DLLPath) + 1
  
  ParamAddress = VirtualAllocEx_(ProcessHandle, 0, BufferSize, #MEM_COMMIT, #PAGE_READWRITE)
  
  If ParamAddress = 0
    ProcedureReturn -1
  EndIf
  
  If Not WriteProcessMemory_(ProcessHandle, ParamAddress, DLLPath, BufferSize, 0)
    ProcedureReturn -1
  EndIf
  
  ThreadHandle = CreateRemoteThread_(ProcessHandle, 0, 0, StartAddress, ParamAddress, 0, 0)
  
  WaitForSingleObject_(ThreadHandle, #INFINITE)
  
  If ParamAddress <> 0
    VirtualFreeEx_(ProcessHandle, ParamAddress, 0, #MEM_RELEASE)
  Else
    ProcedureReturn -1
  EndIf
  
  CloseHandle_(ProcessHandle)
  
  ProcedureReturn 0
EndProcedure

NotePad = RunProgram("notepad", "", "", #PB_Program_Open|#PB_Program_Read)

Debug(NotePad)

If NotePad
  ProcessID = ProgramID(NotePad)
  
  If ProcessID
    InjectLibrary(ProcessID, "dll01.dll")
  EndIf
EndIf

dll.pb

ProcedureDLL AttachProcess(Instance)
  MessageRequester("", "This is the first DLL")  
EndProcedure

3 comments:

dynoJanuary 26, 2011 at 7:19 AM
PyroStrex, do you have a function for signature scanning? Thank you.
PyroStrexJanuary 26, 2011 at 12:32 PM
Hmm. Sorry, signature scanning. I never though of experiencing something like that. :). So, no, I don't.
AnonymousNovember 2, 2013 at 10:56 PM
Please, update you tutorial because its not working I tried that on Windows 8 and can't inject. :(

PyroStrex

Pages

Tuesday, September 28, 2010

DLL Injection in PureBasic

3 comments: