flat assembler
Message board for the users of flat assembler.

Index > Windows > check kernel32 module

Author
Thread Post new topic Reply to topic
TheLord



Joined: 24 Oct 2006
Posts: 42
TheLord
Hi,

Is there any other way to find if a specific module is loaded than using EnumProcessModules() and GetModuleFileNameEx() ?

it seems that my CreateProcessW hook is randomly faling because of the LoadLibrary() I call in the target process remotethread.

So I need to be sure 100% that kernel32.dll is loaded.

If I sleep some time before, it works ...
Post 22 Apr 2008, 16:23
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17635
Location: In your JS exploiting you and your system
revolution
In WinXP and Win2K kernel32.dll is mandatory[1], apps can't run without it. It is guaranteed to be loaded at all times.

[1] In Win2K you can leave kernel32 out of the import table and the loader will still load the DLL. In WinXP you must include kernel32 in the import table else the app will fail to load.
Post 22 Apr 2008, 16:29
View user's profile Send private message Visit poster's website Reply with quote
TheLord



Joined: 24 Oct 2006
Posts: 42
TheLord
no no, I know this.

My dll is redirecting CreateProcessW() to MyCreateProcess() => in this new function, I inject the dll in the target process (see my previous topic to know why).

I randomly fails to inject because of the remotethread that is executing the LoadLibrary() in order to load the DLL. If I put a sleep it works correctly so I assume kernel32 is not loaded in the target process when I try to inject the DLL, I dont see any other issue !
Post 22 Apr 2008, 18:15
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17635
Location: In your JS exploiting you and your system
revolution
Try WaitForInputIdle

If you are the Lord, shouldn't we be asking you questions? hehe, just joking, no offense
Post 22 Apr 2008, 18:17
View user's profile Send private message Visit poster's website Reply with quote
Grom PE



Joined: 13 Mar 2008
Posts: 114
Location: i@grompe.org.ru
Grom PE
revolution wrote:
In Win2K you can leave kernel32 out of the import table and the loader will still load the DLL. In WinXP you must include kernel32 in the import table else the app will fail to load.

You reversed the facts about Win2k and WinXP.
Post 22 Apr 2008, 20:29
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17635
Location: In your JS exploiting you and your system
revolution
Grom PE wrote:
revolution wrote:
In Win2K you can leave kernel32 out of the import table and the loader will still load the DLL. In WinXP you must include kernel32 in the import table else the app will fail to load.

You reversed the facts about Win2k and WinXP.
Okay, thanks for spotting that. My bad.
Post 23 Apr 2008, 01:04
View user's profile Send private message Visit poster's website Reply with quote
TheLord



Joined: 24 Oct 2006
Posts: 42
TheLord
gonna try this one thanks
Post 23 Apr 2008, 07:27
View user's profile Send private message Reply with quote
TheLord



Joined: 24 Oct 2006
Posts: 42
TheLord
hi,

Just a quick up to confirm the WaitForInputIdle() works like a charm, thx revolution.
Post 27 Apr 2008, 20:48
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17635
Location: In your JS exploiting you and your system
revolution
Nice to know that function is useful for something.
Post 28 Apr 2008, 00:22
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.