inject into only one process ???

c++ / delphi package - dll injection and api hooking
Post Reply
Spart64
Posts: 7
Joined: Wed May 12, 2004 8:31 pm

inject into only one process ???

Post by Spart64 »

hello , this is certainly a beginner question :wink:
but is it possible to inject dll into only one process ? like winlogon.exe

i tryed this but without success

Code: Select all

var     PROCE:DWORD;
begin
  PROCE := 1328; // the PID of the process 
  InjectLibrary(PROCE,'dll_IE.dll');
end.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

It is possible, but you need to use a process *handle*, not a process ID. Use OpenProcess to get a process handle from a process ID. Don't forget to close the handle later, when you don't need it anymore. Btw, you need admin rights to open a system process.
Spart64
Posts: 7
Joined: Wed May 12, 2004 8:31 pm

Post by Spart64 »

thx it works :wink:

Code: Select all

var 
    PROCE:DWORD;
begin
  PROCE := openprocess(PROCESS_ALL_ACCESS, false,3432);

  InjectLibrary(PROCE,'dll.dll');
    closehandle(PROCE);
Spart64
Posts: 7
Joined: Wed May 12, 2004 8:31 pm

Post by Spart64 »

Why does it freeze the executable??

when injecting in winlogon.exe , the shutdowns functions are not avaible, in winamp , the display freeze ect... until the dll code is killed. :?
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Well, seemingly you're doing bad things in the dll! :(

You must be careful what you do in other processes.
Spart64
Posts: 7
Joined: Wed May 12, 2004 8:31 pm

Post by Spart64 »

i dont think so , the following code do the same thing: :sorry:

Whats the troubles?

Code: Select all

begin
showmessage('test 1');
      sleep(20000);
showmessage('test 2);
end.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

The trouble is that you shouldn't use the VCL in a hook DLL. Look at the size of your hook dll. It should not get much bigger than 100kb. I bet yours is *much* bigger. It must be, because ShowMessage uses the VCL. The VCL is not thread safe, it's a resource hog and was never intended to be used inside of a hook dll.

Also when talking about WinLogon.exe - that is a system process! You shouldn't show any windows in system processes! Most system processes are non interactive, they are not connected to any visible desktop. So even if you succeed in showing a window, nobody would see it. But some system processes will directly blue screen your OS if you show a window inside of them. You must not even use FindWindow and such GUI APIs in some system processes. Have a look here:

http://help.madshi.net/HookingRules.htm

Especially look at rule 3.

Things are a bit different if you inject your dll into applications only (and not into any system processes). In that case you may use GUI.
Spart64
Posts: 7
Joined: Wed May 12, 2004 8:31 pm

Post by Spart64 »

ok but , same thing with only a sleep(20000);
winamp freeze while 20s :wink: and the dll is only 14k.
sleep cmd is not allowed too? maybe i do something wrong :o

i put the code in case there are some mistakes

Code: Select all

// injector

program injekt_IE;

uses Windows, madCodeHook;

    var
    PROCE,pid:DWORD;
    dll:string;
begin
 dll:= 'dll_IE.dll' ;
    PROCE := openprocess(PROCESS_ALL_ACCESS, false,2812); //winamp's PID
  InjectLibrary(PROCE,dll);
    closehandle(PROCE);
end.



// Dll

library dll_IE;

uses Windows;

begin
      sleep(20000);
      end.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Everytime a DLL gets loaded, this is a special moment for the process. During that moment some things may not work. So if you do a Sleep(20000) in the DLL's initialization, this might freeze the target process.

Why do you want to put a Sleep in your DLL's initialization? That doesn't make much sense to me... :confused:
Spart64
Posts: 7
Joined: Wed May 12, 2004 8:31 pm

Post by Spart64 »

the sleep function is just a test with the most basic dll , to be sure the trouble is not the dll like you said. i just try with this dll to understand why it freeze.

the dll i want to inject is just an irc bot with little functions . (~100ko)
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Well, your freeze test should teach you one thing (so it was a good test), namely: In the initialization of your dll only do what is necessary. Try to do the main work outside of the initialization phase. If you just want to hook some APIs, that is no problem, because installing the hooks is quite fast. If you want to create windows and such stuff, you need to create your own private thread for that.
Spart64
Posts: 7
Joined: Wed May 12, 2004 8:31 pm

Post by Spart64 »

ok , so that is my error :D
i m noob in prog , and im not familiar with the difference between the initialization part and outside this part .
So i will looking for how to make a dll proprely
Post Reply