Lazarus

Programming => General => Topic started by: shonay on May 16, 2015, 12:51:49 pm

Title: Dll injection in delphi
Post by: shonay on May 16, 2015, 12:51:49 pm
Been doing some practise about game hacking, injecting codes into a process, it really hasn't been easy with c/c++ so I decided to go with delphi/lazarus
Here is my problem, I been able to successfully call in the dll from my program, and it ran successfully, how about injecting it to another process,seen some dll injectors, but I would be grateful if I see a snippet for a functioning dll injector in delphi / lazarus.

Thank you.
Title: Re: Dll injection in delphi
Post by: balazsszekely on May 16, 2015, 02:23:14 pm
You can try something like this:

Code: [Select]
uses JwaTlHelp32, Windows;

function InjectDLL(const DLLPath: string; const PID: DWORD): Boolean;
var
  hProcess: THandle;
  hThread: THandle;
  BaseAddress: Pointer;
  Size: Cardinal;
  ThreadID: DWORD;
begin
  Result := False;
  //open the process object
  hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
  if (hProcess <> 0) then
  begin
    //allocate memory within the virtual address space of the specified process
    BaseAddress := VirtualAllocEx(hProcess, nil, Length(DllPath) + 1, MEM_COMMIT, PAGE_READWRITE );
    if BaseAddress <> nil then
    begin
      //write the data to process memory
       WriteProcessMemory(hProcess, BaseAddress, PChar(DllPath), Length(DllPath) + 1, Size);
       if Length(DLLPath) + 1 = Size then
       begin
         //create remote thread
         hThread := CreateRemoteThread(hProcess, nil, 0, GetProcAddress(LoadLibrary('kernel32.dll'), 'LoadLibraryA' ), BaseAddress, 0, ThreadID);
         Result := hThread <> 0;
         WaitForSingleObject(hThread, INFINITE);
       end
       VirtualFreeEx(hProcess, BaseAddress, 0, MEM_RELEASE);
     end;     
     CloseHandle(hProcess);   
  end; 
end;               

1. Download attachment
2. Open/Build project TestDll.lpi
3. Open/Build project InjectTest.lpi
4. Start notepad
5. Refresh process list, select notepad then click inject, you should see a message

PS: I tested on win7(32 bit)
Title: Re: Dll injection in delphi
Post by: shonay on May 16, 2015, 06:32:11 pm
I been Working on this as i got the source code
wanted to make a dll injector in console format,
i been able to debug until i got 4 errors , couldnt go further from there , as i been having some very little issues with this one, and since i dont have anyone to teach me, i decided to brin it on here for your assistance

Kindly help

where the errors are , i marked them, kindly help

Code: [Select]
program tryinject;

{$mode objfpc}{$H+}

uses
  {$IFDEF UNIX}{$IFDEF UseCThreads}
  cthreads,
  {$ENDIF}{$ENDIF}
  Classes  , JwaTlHelp32, Windows
  { you can add units after this };

function InjectDLL (const DLLPath: string; const PID: DWORD): Boolean;
var
  hProcess: THandle;
  hThread: THandle;
  BaseAddress: Pointer;
  Size: Cardinal;
  ThreadID: DWORD;

  begin
    Result := False;
    OpenProcess(PROCESS_QUERY_INFORMATION or
                 PROCESS_CREATE_THREAD or
                 PROCESS_VM_OPERATION or
                 PROCESS_VM_WRITE,
                 false, PID);
    if (hProcess <> 0) then
    begin
      BaseAddress := VirtualAllocEx(hProcess, nil, Length(DllPath) + 1, MEM_COMMIT, PAGE_READWRITE );
      if BaseAddress <> nil then
      begin
        WriteProcessMemory(hProcess, BaseAddress, PChar(DllPath), Length(DllPath) + 1, Size);
        if Length(DLLPath) + 1 = Size then
        begin
          hThread := CreateRemoteThread(hProcess, nil, 0, GetProcAddress(LoadLibrary('kernel32.dll'), 'LoadLibraryA' ), BaseAddress, 0, ThreadID);
          Result := hThread <> 0;
          WaitForSingleObject(hThread, INFINITE);
        end;
      end;
     VirtualFreeEx(hProcess, BaseAddress, 0, MEM_RELEASE);
     CloseHandle(hProcess);
    end;
  end;

function GetProcessIdByName(s : String) : Cardinal;
var
  Proc: TPROCESSENTRY32;
  hSnap: HWND;
  Looper: BOOL;
  PID : DWORD;
  begin
    Proc.dwSize := SizeOf(Proc);
    hSnap := CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0);
      Looper := Process32First(hSnap, Proc);
      while Integer(Looper) <> 0 do
begin
  Caption := Proc.szExeFile;             //error here
  SubItems.Add(IntToStr(Proc.th32ProcessID)); //error here
    end;
      Looper := Process32Next(hSnap,proc);
      CloseHandle(hSnap);
    end;

begin
  GetProcessIdbyName('Odesk.exe');
  if InjectDLL('flash.dll',PID) then  //error here, says No PID
  WriteLn('Injection SuccessFul!')
  else
  Writeln('Injection Failed!');
end.

Title: Re: Dll injection in delphi
Post by: balazsszekely on May 16, 2015, 06:46:43 pm
Try this:
Code: [Select]
program tryinject;

{$mode objfpc}{$H+}

uses
  {$IFDEF UNIX}{$IFDEF UseCThreads}
  cthreads,
  {$ENDIF}{$ENDIF}
  Classes  , JwaTlHelp32, Windows
  { you can add units after this };

function InjectDLL (const DLLPath: string; const PID: DWORD): Boolean;
var
  hProcess: THandle;
  hThread: THandle;
  BaseAddress: Pointer;
  Size: Cardinal;
  ThreadID: DWORD;

  begin
    Result := False;
    OpenProcess(PROCESS_QUERY_INFORMATION or
                 PROCESS_CREATE_THREAD or
                 PROCESS_VM_OPERATION or
                 PROCESS_VM_WRITE,
                 false, PID);
    if (hProcess <> 0) then
    begin
      BaseAddress := VirtualAllocEx(hProcess, nil, Length(DllPath) + 1, MEM_COMMIT, PAGE_READWRITE );
      if BaseAddress <> nil then
      begin
        WriteProcessMemory(hProcess, BaseAddress, PChar(DllPath), Length(DllPath) + 1, Size);
        if Length(DLLPath) + 1 = Size then
        begin
          hThread := CreateRemoteThread(hProcess, nil, 0, GetProcAddress(LoadLibrary('kernel32.dll'), 'LoadLibraryA' ), BaseAddress, 0, ThreadID);
          Result := hThread <> 0;
          WaitForSingleObject(hThread, INFINITE);
        end;
      end;
     VirtualFreeEx(hProcess, BaseAddress, 0, MEM_RELEASE);
     CloseHandle(hProcess);
    end;
  end;

function GetProcessIdByName(s : String): DWORD;
var
  Proc: TPROCESSENTRY32;
  hSnap: HWND;
  Looper: BOOL;
begin
  Result := 0;
  Proc.dwSize := SizeOf(Proc);
  hSnap := CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0);
  Looper := Process32First(hSnap, Proc);
  while Integer(Looper) <> 0 do
  begin
    if Proc.szExeFile = s then
    begin
      Result := Proc.th32ProcessID;
      Break;
    end;
    Looper := Process32Next(hSnap,proc);
  end;
  CloseHandle(hSnap);
end;

var
  PID: DWord;
begin
  PID := GetProcessIdbyName(''Odesk.exe');
  if PID = 0 then
    Writeln('Target process not found!')
  else
  begin
    //give full path to dll
    if InjectDLL('flash.dll', PID) then
      WriteLn('Injection SuccessFul!')
    else
      Writeln('Injection Failed!');
  end;
  Readln;
end.
Title: Re: Dll injection in delphi
Post by: shonay on May 16, 2015, 06:52:08 pm
Full paths to Dll,
Say if my dll is in
C:\\Desktop\\minie\\flash.dll

I write it that way chief?
Title: Re: Dll injection in delphi
Post by: balazsszekely on May 16, 2015, 06:56:37 pm
Quote
Full paths to Dll,
Say if my dll is in
C:\\Desktop\\minie\\flash.dll

No! That's c style path.
Pascal: C:\Desktop\minie\flash.dll
Title: Re: Dll injection in delphi
Post by: shonay on May 16, 2015, 09:56:01 pm
Okay and good evening
Here is what I got as error

'project tryinject raised exception class 'External:? ' at address 77e2c76c

But if I try running the program without the target process it runs without problems and says target process not found

I'm sensing this is a compiler error, ... lemme not speculate, pls what could the error be ,kindly help
Title: Re: Dll injection in delphi
Post by: balazsszekely on May 16, 2015, 10:25:51 pm
Quote
'project tryinject raised exception class 'External:? ' at address 77e2c76c
Did you try to debug it? Which line give you that exception? First you should inject that demo dll(see my first reply) to notepad.exe just to make sure the injection method is working(It's working fine at my side).

Make sure:
1. You don't try to inject a 32 bit dll to a 64 bit exe(or vice versa)
2. TryInject has sufficient privileges
2. The target process is not protected or is not using some kind of mechanism to prevent memory injection(hooks the writeprocessmemory api for example)
Title: Re: Dll injection in delphi
Post by: shonay on May 16, 2015, 10:31:14 pm
No, here is what I made an application in c++, a normal application that just gets names and displays on the screen so I injected the dll for hello world in it and it prompted that error. When I use your own GUI injector, compiled it didn't pop up that error. But when I use this one for console, It showed me what I pasted on here
It's not a protected file, when you said has admin rights, do you mean setdebugpriviledge()? Is that necessary in this place too?

Doesn't show the particular line with the error
Title: Re: Dll injection in delphi
Post by: balazsszekely on May 16, 2015, 10:43:23 pm
You replaced this line:
Code: [Select]
hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
if (hProcess <> 0) then
begin   
//   ...
end;

With this one:
Code: [Select]
OpenProcess(PROCESS_QUERY_INFORMATION or  PROCESS_CREATE_THREAD or  PROCESS_VM_OPERATION or  PROCESS_VM_WRITE,   false, PID);
if (hProcess <> 0) then
begin
  //..
end;
You forgot to copy "hProcess := ". Why did you change that line? :) This way hProcess is always 0.

Title: Re: Dll injection in delphi
Post by: shonay on May 16, 2015, 10:51:48 pm
Still got the same error.
I been battling with it too, but the same error comes up, pls check in IDE and see for your self, don't be offended.
Title: Re: Dll injection in delphi
Post by: balazsszekely on May 16, 2015, 11:04:41 pm
Quote
don't be offended.

I'm not. :)

Quote
but the same error comes up, pls check in IDE and see for your self,
I already did. It's working fine at my side(see attachment).
 
Title: Re: Dll injection in delphi
Post by: shonay on May 16, 2015, 11:26:24 pm
Here is what mine shows, still is making me raving mad this time, could it be compiler issues?

From what I see, you using a totally different IDE and that seems to be the problem, maybe I might consider upgrading my IDE looking for v. 1.5 I don't see it, I only see for v. 1.4

Kindly advise
Title: Re: Dll injection in delphi
Post by: balazsszekely on May 17, 2015, 06:51:11 am
I' m using the SVN version of lazarus. ( http://wiki.lazarus.freepascal.org/Getting_Lazarus --> See windows section).
In my opinion it has nothing to do with the IDE, probably win8 is the culprit. Unfortunately I don't have win8 so I cannot help you with this one.


Title: Re: Dll injection in delphi
Post by: shonay on May 17, 2015, 09:08:38 am
Your codes inject on win 8. I see what to do tho
And get back to you in some hours
Title: Re: Dll injection in delphi
Post by: shonay on May 17, 2015, 12:18:18 pm
Thanks getmem,i fixed this. The error I saw was from me. Injector works now.

Thanks a lot, moderator can now close the thread
TinyPortal © 2005-2018