Another Injection method using madCHook Library
Posted: Sun May 02, 2004 2:42 pm
I create another injection method that i read yesterday at Codeguru.com called Method 2
NOTE: pLibFileName = ABSOLUTE PATH!!! for example, if you execute MyDll.dll located at Current directory:
It's tested and run very well :greenBalloon::blueBalloon: :greenBalloon::redBalloon:
Im writting the uninjection methods
Code: Select all
BOOL RemoteLoadLibrary(DWORD dwIdProcess,LPCSTR pLibFileName,DWORD dwTimeOut)
{
HANDLE hTargetProc;
FARPROC fpLoadLibrary;
DWORD dwResult;
BOOL bResult;
//Open the process
hTargetProc = OpenProcess(PROCESS_ALL_ACCESS,TRUE,dwIdProcess);
if (hTargetProc == NULL) {
return FALSE;
}
//Get a pointer to LoadLibraryA
fpLoadLibrary = GetProcAddress(GetModuleHandle("kernel32.dll"),"LoadLibraryA");
if (fpLoadLibrary == NULL) {
CloseHandle(hTargetProc);
return FALSE;
}
//Run remotly LoadLibraryA(pLibFileName);
bResult = RemoteExecute(hTargetProc,(PREMOTE_EXECUTE_ROUTINE)fpLoadLibrary,&dwResult,
(LPVOID)pLibFileName,strlen(pLibFileName));
CloseHandle(hTargetProc);
return bResult;
}
Code: Select all
//Absolute path
char szPath[MAX_PATH];
GetCurrentDirectory(MAX_PATH,szPath);
strcat(szPath,"\\MyDll.dll");
RemoteLoadLibrary(dwIdTargetProc,szPath);
It's tested and run very well :greenBalloon::blueBalloon: :greenBalloon::redBalloon:
Im writting the uninjection methods