Why is the app with the embedded DLL "crashes"?

0 like 0 dislike
3 views
Good day

I decided to write my first injector with the library, the library is injected through CreateRemoteThread and pass as input the address of LoadLibraryW and transmission of address pre-allocated memory argument to the function:

//The injector LPTHREAD_START_ROUTINE lpThreadSR = (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("kernel32")),"LoadLibraryW"); HWND hwnd = FindWindow(NULL, TEXT("cpp")); DWORD pID; GetWindowThreadProcessId(hwnd, &pID); HANDLE hProcess = OpenProcess( PROCESS_CREATE_THREAD | // for CreateRemoteTnread PROCESS_VM_OPERATION | // for VirtualAllocEx/VirtualFreeEx PROCESS_VM_WRITE, // for WriteProcessMemory FALSE, pID); LPCWSTR path = L"C:\\\\cpp\\\\dll\\\\mydll"; DWORD sizeP = (lstrlenW(path)+1)*sizeof(wchar_t); PVOID addr_VP = VirtualAllocEx(hProcess, NULL, sizeP, MEM_COMMIT, PAGE_READWRITE); SIZE_T t; if(WriteProcessMemory(hProcess, addr_VP, (LPCVOID)path, sizeP, &t)){ cout<


Itself DLL:

BOOL WINAPI DllMain(HINSTANCE hH, DWORD fdwReason, PVOID){ if(fdwReason==DLL_PROCESS_ATTACH){ HWND hwnd = FindWindow(NULL, TEXT("cpp")); MessageBoxW(hwnd, L"e", L"e?", MB_OK); } return TRUE; }


In my case I open in Explorer the folder "cpp" and launch the app. The injection is successful - looking through ProcessHacker. Some versions even gets to show a pop-up window, right after closing it again, either "dropped out" app, or pop-UPS endlessly appeared (after clicking on "OK" pop up new)
by | 3 views

1 Answer

0 like 0 dislike
-- GetProcAddress returns the address of the current process injector.
And the structure you must have an address in injectionm process, respectively, as a variant, a calculated offset from the beginning of the image in the injector and then add this offset to the base address injectisome process.
by

Related questions

0 like 0 dislike
3 answers
0 like 0 dislike
2 answers
0 like 0 dislike
2 answers
asked Mar 24, 2019 by Adam_Ether
0 like 0 dislike
2 answers
0 like 0 dislike
4 answers
110,608 questions
257,186 answers
0 comments
33,966 users