flat assembler
Message board for the users of flat assembler.

Index > Windows > Fails to inject a dll in a specific process

Author
Thread Post new topic Reply to topic
ASM.JR



Joined: 17 Jul 2016
Posts: 6
ASM.JR 18 Jul 2016, 18:03
Hello,

i'm new with ASM and i have difficulties in capture id number of a determinate process and show it in a MessageBox, only comes with strangers characters.

i' m needing, for know if is getting correct pid of target process for make a successful dll inject. And until now, without success on dll injection.

Somone can help me please?

Here was my last attempt:

Code:
format PE GUI 

    include 'win32ax.inc' 

    entry start 

    section '.idata' import data readable writeable 

    library kernel32,'KERNEL32.DLL' ,\ 
            user32,'USER32.DLL',\ 
            advapi32,'ADVAPI32.DLL',\ 
            shell32,'SHELL32.DLL' 

    include '\fasmw17002\include\api\kernel32.inc' 
    include '\fasmw17002\include\api\user32.inc' 
    include '\fasmw17002\include\api\advapi32.inc' 
    include '\fasmw17002\include\api\shell32.inc' 

    struct PROCESSENTRY32 

    dwSize                     dd ?  
    cntUsage                   dd ?  
    th32ProcessID              dd ?  
    th32DefaultHeapID          dd ?  
    th32ModuleID               dd ?  
    cntThreads                 dd ?  
    th32ParentProcessID        dd ?  
    pcPriClassBase             dd ?  
    dwFlags                    dd ?  
    szExeFile db MAX_PATH dup(?) 

    ends 

    target db 'notepad.exe',0 ; notepad as example
    szDLLName   db "Project1.dll", 0
    sizeof.szDLLName = $ - szDLLName - 1
    dwThreadID  dd ?
    threadHandle dd 0
    pentry32 PROCESSENTRY32 
    TH32CS_SNAPPROCESS = 2 
    snap dd 0 
    id  dd 0 
    kernel32dll TCHAR 'KERNEL32.DLL',0
    LoadLibFunc TCHAR 'LoadLibraryA',0

    section '.code' code readable executable 

proc InjectDll,Pid:dword

local   ProcAddress:DWORD,Alloc:DWORD,Open:DWORD

    invoke  GetModuleHandle,kernel32dll
    invoke  GetProcAddress,eax,LoadLibFunc
    mov [ProcAddress],eax

  invoke OpenProcess,PROCESS_CREATE_THREAD+PROCESS_VM_OPERATION+PROCESS_VM_READ+PROCESS_VM_WRITE+PROCESS_QUERY_INFORMATION,0,dword[Pid]
   mov [Open],eax
  test eax,eax
  je InjectDll_exit

    invoke VirtualAllocEx,eax,0,dword[sizeof.szDLLName],MEM_COMMIT,PAGE_READWRITE
    mov [Alloc],eax
    invoke WriteProcessMemory,,dword[Pid],eax,szDLLName,dword[sizeof.szDLLName], NULL
    invoke CreateRemoteThread,dword[Pid],0,0,dword[ProcAddress],dword[Alloc],0,dwThreadID
     mov     [threadHandle],eax
    invoke WaitForSingleObject,dword[threadHandle],0xFFFFFFFF
    invoke CloseHandle,dword[threadHandle]
    invoke CloseHandle,dword[Open]
    invoke VirtualFree,dword[Alloc], 0, MEM_RELEASE
    je InjectDll_exit
  InjectDll_exit:
  ret
endp

    start: 

    mov    [pentry32.dwSize],sizeof.PROCESSENTRY32 
            invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS, 0 
    mov    [snap], eax 
            invoke Process32First,[snap],pentry32 
    .loop: 
            mov    edi,target 
            invoke StrStrI,pentry32.szExeFile, edi 
            cmp    eax,0 
            je     .next 
            call   .pid 
    .next: 
            invoke Process32Next,[snap],pentry32 
            cmp    eax,0 
            jne    .loop 
    .pid: 

    mov dword[id],pentry32.th32ProcessID 

    invoke MessageBox, NULL,id,0,0 
    stdcall InjectDll,id

    jne .bye 

    .bye: 

    invoke ExitProcess,NULL
    
Post 18 Jul 2016, 18:03
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1178
Location: Unknown
HaHaAnonymous 18 Jul 2016, 18:31
According to "Microsoft", second parameter must be a pointer to a null terminated string. "id" probably is not, since it was returned as an ordinary integer by other functions.

You will have to make a string out of "id" first, pick the pointer to it and then pass it as a parameter to "MessageBox". On Windows, you can do it by calling "wsprintf", I think.
Post 18 Jul 2016, 18:31
View user's profile Send private message Reply with quote
ASM.JR



Joined: 17 Jul 2016
Posts: 6
ASM.JR 18 Jul 2016, 19:07
HaHaAnonymous wrote:
According to "Microsoft", second parameter must be a pointer to a null terminated string. "id" probably is not, since it was returned as an ordinary integer by other functions.

You will have to make a string out of "id" first, pick the pointer to it and then pass it as a parameter to "MessageBox". On Windows, you can do it by calling "wsprintf", I think.


So, my trouble is exactly this:

- How convert a DWORD in a string using ASM language Question
Post 18 Jul 2016, 19:07
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1150
Location: Russian Federation
comrade 30 Jul 2016, 04:48
Post 30 Jul 2016, 04:48
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.