Lazarus
Programming => General => Topic started by: shonay on May 16, 2015, 12:51:49 pm
-
Been doing some practise about game hacking, injecting codes into a process, it really hasn't been easy with c/c++ so I decided to go with delphi/lazarus
Here is my problem, I been able to successfully call in the dll from my program, and it ran successfully, how about injecting it to another process,seen some dll injectors, but I would be grateful if I see a snippet for a functioning dll injector in delphi / lazarus.
Thank you.
-
You can try something like this:
uses JwaTlHelp32, Windows;
function InjectDLL(const DLLPath: string; const PID: DWORD): Boolean;
var
hProcess: THandle;
hThread: THandle;
BaseAddress: Pointer;
Size: Cardinal;
ThreadID: DWORD;
begin
Result := False;
//open the process object
hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
if (hProcess <> 0) then
begin
//allocate memory within the virtual address space of the specified process
BaseAddress := VirtualAllocEx(hProcess, nil, Length(DllPath) + 1, MEM_COMMIT, PAGE_READWRITE );
if BaseAddress <> nil then
begin
//write the data to process memory
WriteProcessMemory(hProcess, BaseAddress, PChar(DllPath), Length(DllPath) + 1, Size);
if Length(DLLPath) + 1 = Size then
begin
//create remote thread
hThread := CreateRemoteThread(hProcess, nil, 0, GetProcAddress(LoadLibrary('kernel32.dll'), 'LoadLibraryA' ), BaseAddress, 0, ThreadID);
Result := hThread <> 0;
WaitForSingleObject(hThread, INFINITE);
end
VirtualFreeEx(hProcess, BaseAddress, 0, MEM_RELEASE);
end;
CloseHandle(hProcess);
end;
end;
1. Download attachment
2. Open/Build project TestDll.lpi
3. Open/Build project InjectTest.lpi
4. Start notepad
5. Refresh process list, select notepad then click inject, you should see a message
PS: I tested on win7(32 bit)
-
I been Working on this as i got the source code
wanted to make a dll injector in console format,
i been able to debug until i got 4 errors , couldnt go further from there , as i been having some very little issues with this one, and since i dont have anyone to teach me, i decided to brin it on here for your assistance
Kindly help
where the errors are , i marked them, kindly help
program tryinject;
{$mode objfpc}{$H+}
uses
{$IFDEF UNIX}{$IFDEF UseCThreads}
cthreads,
{$ENDIF}{$ENDIF}
Classes , JwaTlHelp32, Windows
{ you can add units after this };
function InjectDLL (const DLLPath: string; const PID: DWORD): Boolean;
var
hProcess: THandle;
hThread: THandle;
BaseAddress: Pointer;
Size: Cardinal;
ThreadID: DWORD;
begin
Result := False;
OpenProcess(PROCESS_QUERY_INFORMATION or
PROCESS_CREATE_THREAD or
PROCESS_VM_OPERATION or
PROCESS_VM_WRITE,
false, PID);
if (hProcess <> 0) then
begin
BaseAddress := VirtualAllocEx(hProcess, nil, Length(DllPath) + 1, MEM_COMMIT, PAGE_READWRITE );
if BaseAddress <> nil then
begin
WriteProcessMemory(hProcess, BaseAddress, PChar(DllPath), Length(DllPath) + 1, Size);
if Length(DLLPath) + 1 = Size then
begin
hThread := CreateRemoteThread(hProcess, nil, 0, GetProcAddress(LoadLibrary('kernel32.dll'), 'LoadLibraryA' ), BaseAddress, 0, ThreadID);
Result := hThread <> 0;
WaitForSingleObject(hThread, INFINITE);
end;
end;
VirtualFreeEx(hProcess, BaseAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
end;
end;
function GetProcessIdByName(s : String) : Cardinal;
var
Proc: TPROCESSENTRY32;
hSnap: HWND;
Looper: BOOL;
PID : DWORD;
begin
Proc.dwSize := SizeOf(Proc);
hSnap := CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0);
Looper := Process32First(hSnap, Proc);
while Integer(Looper) <> 0 do
begin
Caption := Proc.szExeFile; //error here
SubItems.Add(IntToStr(Proc.th32ProcessID)); //error here
end;
Looper := Process32Next(hSnap,proc);
CloseHandle(hSnap);
end;
begin
GetProcessIdbyName('Odesk.exe');
if InjectDLL('flash.dll',PID) then //error here, says No PID
WriteLn('Injection SuccessFul!')
else
Writeln('Injection Failed!');
end.
-
Try this:
program tryinject;
{$mode objfpc}{$H+}
uses
{$IFDEF UNIX}{$IFDEF UseCThreads}
cthreads,
{$ENDIF}{$ENDIF}
Classes , JwaTlHelp32, Windows
{ you can add units after this };
function InjectDLL (const DLLPath: string; const PID: DWORD): Boolean;
var
hProcess: THandle;
hThread: THandle;
BaseAddress: Pointer;
Size: Cardinal;
ThreadID: DWORD;
begin
Result := False;
OpenProcess(PROCESS_QUERY_INFORMATION or
PROCESS_CREATE_THREAD or
PROCESS_VM_OPERATION or
PROCESS_VM_WRITE,
false, PID);
if (hProcess <> 0) then
begin
BaseAddress := VirtualAllocEx(hProcess, nil, Length(DllPath) + 1, MEM_COMMIT, PAGE_READWRITE );
if BaseAddress <> nil then
begin
WriteProcessMemory(hProcess, BaseAddress, PChar(DllPath), Length(DllPath) + 1, Size);
if Length(DLLPath) + 1 = Size then
begin
hThread := CreateRemoteThread(hProcess, nil, 0, GetProcAddress(LoadLibrary('kernel32.dll'), 'LoadLibraryA' ), BaseAddress, 0, ThreadID);
Result := hThread <> 0;
WaitForSingleObject(hThread, INFINITE);
end;
end;
VirtualFreeEx(hProcess, BaseAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
end;
end;
function GetProcessIdByName(s : String): DWORD;
var
Proc: TPROCESSENTRY32;
hSnap: HWND;
Looper: BOOL;
begin
Result := 0;
Proc.dwSize := SizeOf(Proc);
hSnap := CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0);
Looper := Process32First(hSnap, Proc);
while Integer(Looper) <> 0 do
begin
if Proc.szExeFile = s then
begin
Result := Proc.th32ProcessID;
Break;
end;
Looper := Process32Next(hSnap,proc);
end;
CloseHandle(hSnap);
end;
var
PID: DWord;
begin
PID := GetProcessIdbyName(''Odesk.exe');
if PID = 0 then
Writeln('Target process not found!')
else
begin
//give full path to dll
if InjectDLL('flash.dll', PID) then
WriteLn('Injection SuccessFul!')
else
Writeln('Injection Failed!');
end;
Readln;
end.
-
Full paths to Dll,
Say if my dll is in
C:\\Desktop\\minie\\flash.dll
I write it that way chief?
-
Full paths to Dll,
Say if my dll is in
C:\\Desktop\\minie\\flash.dll
No! That's c style path.
Pascal: C:\Desktop\minie\flash.dll
-
Okay and good evening
Here is what I got as error
'project tryinject raised exception class 'External:? ' at address 77e2c76c
But if I try running the program without the target process it runs without problems and says target process not found
I'm sensing this is a compiler error, ... lemme not speculate, pls what could the error be ,kindly help
-
'project tryinject raised exception class 'External:? ' at address 77e2c76c
Did you try to debug it? Which line give you that exception? First you should inject that demo dll(see my first reply) to notepad.exe just to make sure the injection method is working(It's working fine at my side).
Make sure:
1. You don't try to inject a 32 bit dll to a 64 bit exe(or vice versa)
2. TryInject has sufficient privileges
2. The target process is not protected or is not using some kind of mechanism to prevent memory injection(hooks the writeprocessmemory api for example)
-
No, here is what I made an application in c++, a normal application that just gets names and displays on the screen so I injected the dll for hello world in it and it prompted that error. When I use your own GUI injector, compiled it didn't pop up that error. But when I use this one for console, It showed me what I pasted on here
It's not a protected file, when you said has admin rights, do you mean setdebugpriviledge()? Is that necessary in this place too?
Doesn't show the particular line with the error
-
You replaced this line:
hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
if (hProcess <> 0) then
begin
// ...
end;
With this one:
OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_CREATE_THREAD or PROCESS_VM_OPERATION or PROCESS_VM_WRITE, false, PID);
if (hProcess <> 0) then
begin
//..
end;
You forgot to copy "hProcess := ". Why did you change that line? :) This way hProcess is always 0.
-
Still got the same error.
I been battling with it too, but the same error comes up, pls check in IDE and see for your self, don't be offended.
-
don't be offended.
I'm not. :)
but the same error comes up, pls check in IDE and see for your self,
I already did. It's working fine at my side(see attachment).
-
Here is what mine shows, still is making me raving mad this time, could it be compiler issues?
From what I see, you using a totally different IDE and that seems to be the problem, maybe I might consider upgrading my IDE looking for v. 1.5 I don't see it, I only see for v. 1.4
Kindly advise
-
I' m using the SVN version of lazarus. ( http://wiki.lazarus.freepascal.org/Getting_Lazarus --> See windows section).
In my opinion it has nothing to do with the IDE, probably win8 is the culprit. Unfortunately I don't have win8 so I cannot help you with this one.
-
Your codes inject on win 8. I see what to do tho
And get back to you in some hours
-
Thanks getmem,i fixed this. The error I saw was from me. Injector works now.
Thanks a lot, moderator can now close the thread