inject into only one process ???

c++ / delphi package - dll injection and api hooking

inject into only one process ???

Postby Spart64 » Wed May 12, 2004 8:42 pm

hello , this is certainly a beginner question :wink:
but is it possible to inject dll into only one process ? like winlogon.exe

i tryed this but without success

Code: Select all
var     PROCE:DWORD;
begin
  PROCE := 1328; // the PID of the process
  InjectLibrary(PROCE,'dll_IE.dll');
end.
Spart64
 
Posts: 7
Joined: Wed May 12, 2004 8:31 pm

Postby madshi » Thu May 13, 2004 7:26 am

It is possible, but you need to use a process *handle*, not a process ID. Use OpenProcess to get a process handle from a process ID. Don't forget to close the handle later, when you don't need it anymore. Btw, you need admin rights to open a system process.
madshi
Site Admin
 
Posts: 9808
Joined: Sun Mar 21, 2004 5:25 pm

Postby Spart64 » Sun May 16, 2004 4:53 pm

thx it works :wink:

Code: Select all
var
    PROCE:DWORD;
begin
  PROCE := openprocess(PROCESS_ALL_ACCESS, false,3432);

  InjectLibrary(PROCE,'dll.dll');
    closehandle(PROCE);
Spart64
 
Posts: 7
Joined: Wed May 12, 2004 8:31 pm

Postby Spart64 » Mon May 17, 2004 6:58 pm

Why does it freeze the executable??

when injecting in winlogon.exe , the shutdowns functions are not avaible, in winamp , the display freeze ect... until the dll code is killed. :?
Spart64
 
Posts: 7
Joined: Wed May 12, 2004 8:31 pm

Postby madshi » Mon May 17, 2004 7:09 pm

Well, seemingly you're doing bad things in the dll! :(

You must be careful what you do in other processes.
madshi
Site Admin
 
Posts: 9808
Joined: Sun Mar 21, 2004 5:25 pm

Postby Spart64 » Mon May 17, 2004 8:09 pm

i dont think so , the following code do the same thing: :sorry:

Whats the troubles?


Code: Select all
begin
showmessage('test 1');
      sleep(20000);
showmessage('test 2);
end.
Spart64
 
Posts: 7
Joined: Wed May 12, 2004 8:31 pm

Postby madshi » Tue May 18, 2004 6:52 am

The trouble is that you shouldn't use the VCL in a hook DLL. Look at the size of your hook dll. It should not get much bigger than 100kb. I bet yours is *much* bigger. It must be, because ShowMessage uses the VCL. The VCL is not thread safe, it's a resource hog and was never intended to be used inside of a hook dll.

Also when talking about WinLogon.exe - that is a system process! You shouldn't show any windows in system processes! Most system processes are non interactive, they are not connected to any visible desktop. So even if you succeed in showing a window, nobody would see it. But some system processes will directly blue screen your OS if you show a window inside of them. You must not even use FindWindow and such GUI APIs in some system processes. Have a look here:

http://help.madshi.net/HookingRules.htm

Especially look at rule 3.

Things are a bit different if you inject your dll into applications only (and not into any system processes). In that case you may use GUI.
madshi
Site Admin
 
Posts: 9808
Joined: Sun Mar 21, 2004 5:25 pm

Postby Spart64 » Tue May 18, 2004 12:37 pm

ok but , same thing with only a sleep(20000);
winamp freeze while 20s :wink: and the dll is only 14k.
sleep cmd is not allowed too? maybe i do something wrong :o

i put the code in case there are some mistakes

Code: Select all
// injector

program injekt_IE;

uses Windows, madCodeHook;

    var
    PROCE,pid:DWORD;
    dll:string;
begin
 dll:= 'dll_IE.dll' ;
    PROCE := openprocess(PROCESS_ALL_ACCESS, false,2812); //winamp's PID
  InjectLibrary(PROCE,dll);
    closehandle(PROCE);
end.



// Dll

library dll_IE;

uses Windows;

begin
      sleep(20000);
      end.
Spart64
 
Posts: 7
Joined: Wed May 12, 2004 8:31 pm

Postby madshi » Tue May 18, 2004 3:11 pm

Everytime a DLL gets loaded, this is a special moment for the process. During that moment some things may not work. So if you do a Sleep(20000) in the DLL's initialization, this might freeze the target process.

Why do you want to put a Sleep in your DLL's initialization? That doesn't make much sense to me... :confused:
madshi
Site Admin
 
Posts: 9808
Joined: Sun Mar 21, 2004 5:25 pm

Postby Spart64 » Tue May 18, 2004 5:00 pm

the sleep function is just a test with the most basic dll , to be sure the trouble is not the dll like you said. i just try with this dll to understand why it freeze.

the dll i want to inject is just an irc bot with little functions . (~100ko)
Spart64
 
Posts: 7
Joined: Wed May 12, 2004 8:31 pm

Postby madshi » Wed May 19, 2004 6:55 am

Well, your freeze test should teach you one thing (so it was a good test), namely: In the initialization of your dll only do what is necessary. Try to do the main work outside of the initialization phase. If you just want to hook some APIs, that is no problem, because installing the hooks is quite fast. If you want to create windows and such stuff, you need to create your own private thread for that.
madshi
Site Admin
 
Posts: 9808
Joined: Sun Mar 21, 2004 5:25 pm

Postby Spart64 » Wed May 19, 2004 10:04 am

ok , so that is my error :D
i m noob in prog , and im not familiar with the difference between the initialization part and outside this part .
So i will looking for how to make a dll proprely
Spart64
 
Posts: 7
Joined: Wed May 12, 2004 8:31 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 9 guests

cron