Hey
I am making a program right now that loads a process and then closes it (just as a test for now). The program that is being loaded "injects" a DLL into a specified program (I didn't make it). When I double-click it from windows, all is well and it attaches the DLL perfectly to the other program. When I load it from the program I am making, the process doesn't load it's config file (which holds the window and class name) and reports an error. Is there something that I have to pass as a command line? I have no idea what to do.
Posted on 2004-10-02 19:59:38 by yo|dude|mon
please post ur code so that its easier to debug and give u a soln.
Posted on 2004-10-03 00:10:00 by nickdigital
for example if u wanna inject setwindowtexta from user32.dll then u gota know from whre is loadlibrary is loaded u can get tht by breakpointing loadlibrary api in the target file(whos process u wanna patch).
then u should know from where is getprocaddress is called.
knowing these two we can now call setwindowtexta.
now suppose u wanna show the text in one of any editboxes.then u require the edithandle where u wanna inject setwindowtext.and then u can easily do it with all above infos.
Posted on 2004-10-03 00:28:13 by nickdigital
As nickdigital said you should give more detailled infos about your program and the one you use (!?)...
Besides there is a nice article at codeproject that describes several ways to inject code into another process. In my opinion the CreateRemoteThread&LoadLibrary-Solution fits best...
http://www.codeproject.com/threads/winspy.asp?df=100&forumid=16291&exp=0&select=851913#section_3

Dominik
Posted on 2004-10-03 05:39:49 by Dom
You have to specify the directory where the program resides as the working directory. Otherwise, it will be the current directory of your program.
Posted on 2004-10-03 08:05:20 by Sephiroth3
hi sephiroth3
i am new to all this, still i think... snz its a process patcher he is talking about it doesnt really matter wat directory he is in..or does it ????
plz satisfy my querry.
thank you in advance
nickdigital
Posted on 2004-10-03 08:14:18 by nickdigital
Ok I will try to give you more detail. The program I am trying to run is called "Damnation". It loads a DLL and attaches it to games, because it is basically a game hack loader. Before you tell me that this is against the forum rules, let me explain. It does stuff for Starcraft like lets you stay in a game after you die and other things. It is not a password stealer or anything of the such. When I double click it from Windows, it loads the config file specifying what DLLs to load and attaches them to Starcraft fine. When I create it as a process, Damnation says that no DLL or window name was specified, which leads me to believe that it is not loading the config file correctly or something. I did not make Damnation so I cannot find out if it is taking command lines from Windows or something to load the config file. Anyway, the program I am making is very simple and involves no windows or dialogs. I know there are tons of spots for things to go tragically wrong, but I don't plan on changing them so you don't have to worry about helping me with that. Source:


; ###########################

.386
.model flat, stdcall
option casemap :none ; case sensitive

; ###########################

include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc

includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib

; ###########################

.data
DamnPath db "C:\Program Files\Starcraft\Stuff\Damnation.exe",0
StartInfo STARTUPINFO <>
DamnProcInfo PROCESS_INFORMATION <>
;StarProcInfo PROCESS_INFORMATION <>
DamnTitle db "Damnation",0
ListClass db "LISTBOX",0
;Success db "extended.dll injected.",0

.data?
hWnd dd ?
hList dd ?
Buffer db 255 dup (?)

.code

start:

invoke GetStartupInfo,ADDR StartInfo
invoke CreateProcess,NULL,ADDR DamnPath,NULL,NULL,FALSE,NORMAL_PRIORITY_CLASS,NULL,NULL,ADDR StartInfo,ADDR DamnProcInfo
invoke CloseHandle,DamnProcInfo.hThread

WndFind:
invoke FindWindow,0,ADDR DamnTitle
or eax,eax
jz WndFind
mov hWnd,eax

invoke FindWindowEx,hWnd,0,ADDR ListClass,0
mov hList,eax

GetTextLoop:
invoke SendMessage,hList,LB_GETTEXT,3,ADDR Buffer ; When there is a success loading the DLL, the 4th line says something about the DLL loaded. If not, the 3rd line reports the error.
cmp eax,LB_ERR
je GetTextLoop

invoke MessageBox,0,ADDR Buffer,0,0 ;I put this here to see if this app gets the Listbox text.

Quit:
push 0
call ExitProcess

end start

You're probably wondering why I have all those loops in there. I put them in there for speed. If you have a faster computer, than Damnation will load the DLL quickly. If you have a slow one, than it will take longer. I don't want my app to steep as low as the slow computer by calling Sleep for 3 seconds to wait for Damnation to load. I'll attach Damnation and a sample DLL. Edit the window name and class in the config file to something that you have running (notepad, perhaps) just as a test. Then compile my code with the your path to Damnation and you will see that Damnation doesn't attach the DLLs. You're probably still confused but this is about the best I can describe it to you without a video camera. Reply if you can figure out why.
Posted on 2004-10-03 21:28:49 by yo|dude|mon
I know about that space in the "NULL", that just happened when I copy/pasted it. Be sure to take that out if you compile it.
Posted on 2004-10-03 21:32:34 by yo|dude|mon
hey yo|dude|mon
i just tried ur code and i guess i have fixed it.
just try it and see if it works.
Instead of this CODE try the code suggested below.
this is ur orignal code.


invoke FindWindow,0,ADDR DamnTitle
or eax,eax
jz WndFind
mov hWnd,eax

invoke FindWindowEx,hWnd,0,ADDR ListClass,0
mov hList,eax

GetTextLoop:
invoke SendMessage,hList,LB_GETTEXT,3,ADDR Buffer ; When there is a success loading the DLL, the 4th line says something about the DLL loaded. If not, the 3rd line reports the error.
cmp eax,LB_ERR
je GetTextLoop


try this one.


invoke FindWindowEx,hWnd,ADDR DamnTitle,ADDR ListClass,0
mov hList,eax

GetTextLoop:
invoke SendMessage,hList,LB_GETTEXT,3,ADDR Buffer
cmp eax,LB_ERR
je GetTextLoop


i think it ll work.however, if it does'nt or i made some mistake just lemme
know. i ll love to rectify myself.ALL THE BEST.
nickdigital
Posted on 2004-10-05 10:53:35 by nickdigital
Actually the problem isn't with getting the window and listbox handles, it's getting Damnation to open correctly.
Posted on 2004-10-06 16:04:42 by yo|dude|mon