[DLL] DllEntryPoint Showing MessageBox on Process Attach

Index > Tutorials and Examples > [DLL] DllEntryPoint Showing MessageBox on Process Attach

Author

Thread

z7

Joined: 18 May 2025
Posts: 2

z7 18 May 2025, 17:45

This is my first DLL attach code using FASM. There are plenty of examples out there, but not many in quantity. I struggled a lot trying to inject a MessageBox into any process. I thought I was doing something wrong and maybe i still do with some of the instructions.

While browsing this board and searching for FASM resources, I couldn’t find a definitive fix for this issue. Then, I came across a mention (probably from Tomasz) about using a detour and checking inside the DLL folder for examples. When I looked at ERRORMSG.ASM file, I noticed something at the bottom about generating a dummy entry. I copied that part, and suddenly the struggle was gone.

But I know that once you "succeed" new problems come up. I heard from a friend that the best way to learn is to run into multiple problems and fix them. You don’t learn fast by doing everything perfectly the first time, you learn by making mistakes and then solving them.

Anyway, enough talk. Here are my instructions for that, mainly for archive purposes:

Code:

format PE GUI 5.0 DLL
entry DllEntryPoint

include 'C:\FASM\INCLUDE\win32a.inc'

section '.data' readable
        text_test db 'test', 0
        
section '.code' readable

proc DllEntryPoint uses ebx esi edi, hinstDLL, fdwReason, lpvReserved
        cmp [fdwReason], DLL_PROCESS_ATTACH
        jne .done
        push 0
        push text_test
        push text_test
        push 0
        call [MessageBox]
        .done:
        ret
endp    


section ".idata" import data readable writeable
library user,'user32.dll'
import user,\
                MessageBox, 'MessageBoxA'
                
section '.reloc' fixups data readable discardable

  if $=$$
    dd 0,8              ; if there are no fixups, generate dummy entry
  end if

18 May 2025, 17:45

Ali.Z

Joined: 08 Jan 2018
Posts: 822

Ali.Z 19 May 2025, 09:39

a DLL wont get injected by its own, you need to manually inject it into target address space.

there several ways, but common ones:
- DLL hijacking
- shell hooks
- manual injection
- registry

and more can be found even in msdn, you can play with processhacker2 it has good injector and i used a lot.

_________________
Asm For Wise Humans

19 May 2025, 09:39

z7

Joined: 18 May 2025
Posts: 2

z7 19 May 2025, 14:02

Ali.Z wrote:

a DLL wont get injected by its own, you need to manually inject it into target address space.

there several ways, but common ones:
- DLL hijacking
- shell hooks
- manual injection
- registry

and more can be found even in msdn, you can play with processhacker2 it has good injector and i used a lot.

Yea i know that DLL won't inject just by compile it, i had some problem while injecting the DLL, which i still don't know
But i just copied this line and the problem was gone probably with generating entry point for the dll but honestly i'm not familiar with that

Code:

  if $=$$
    dd 0,8              ; if there are no fixups, generate dummy entry
  end if

beside that i literally have low knowledge about instructions, maybe mov,add,sub and some float numbers like xmm0-7 thats all, i would like to get function inside some .dll and modify it the original behavior or add couple of new things to it, popular name as detour, im working on that, probably some old stuff/tools to be back, but for now is just idea because i'm figuring out the detour method, I'm trying now on Windows FASM, then Linux and last MacOS.

19 May 2025, 14:02

Jessé

Joined: 03 May 2025
Posts: 59
Location: Brazil

Jessé 19 May 2025, 20:42

I kind of remember that you should return eax with TRUE on every DLLEntry() callback if successfull; otherwise, system will unload your DLL.
Don't know what MessageBox() returns prior to ret (I suppose 0).

19 May 2025, 20:42

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum