flat assembler
Message board for the users of flat assembler.
Index
> Windows > DLL Injection - Need help translating from MASM32 |
Author |
|
revolution 08 Apr 2008, 00:22
A few simple changes to just the part you posted. You will have to translate the rest yourself following this suggestion
Code: szDll db 'example.dll', 0 sizeof.szDLLName = $ - szDll - 1 invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, [ProcessEntry.th32ProcessID] mov [hProcess], eax invoke VirtualAllocEx, [hProcess], 0, 11, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE mov [hModule], eax invoke WriteProcessMemory, [hProcess], [hModule], szDLLName, sizeof.szDLLName, dwBytes invoke GetModuleHandle, "kernel32.dll" invoke GetProcAddress, eax, "LoadLibrary" Last edited by revolution on 08 Apr 2008, 01:32; edited 1 time in total |
|||
08 Apr 2008, 00:22 |
|
Remy Vincent 08 Apr 2008, 01:27
It is not very funny to have a program working exactly as needed, BUT WITH messages like :
- "no error found ". - "zero errors found ". - "Program loaded correctly ". - "All needed DLLs founded ". - "No debugger needed ". |
|||
08 Apr 2008, 01:27 |
|
revolution 08 Apr 2008, 01:33
Remy Vincent wrote: It is not very funny to have a program working exactly as needed, BUT WITH messages like : |
|||
08 Apr 2008, 01:33 |
|
CFJ0 08 Apr 2008, 13:59
Thanks for your help.
I just can't get it to work :S This is what I have: (szDLLName is "C:\example.dll") Code: Inject: invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, ProcessID mov [hProcess], eax invoke VirtualAllocEx, [hProcess], 0, sizeof.szDLLName, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE mov [hModule], eax invoke WriteProcessMemory, [hProcess], [hModule], szDLLName, sizeof.szDLLName, dwBytes invoke GetModuleHandle, "kernel32.dll" invoke GetProcAddress, eax, "LoadLibrary" invoke CreateRemoteThread, hProcess, 0, 0, eax, hModule, 0, dwThreadID invoke MessageBox, 0, "DLL Injected!", ProcessEntry.szExeFile, MB_ICONQUESTION invoke Sleep, 1000 jmp Exit It injects something since Kaspersky goes off but even when I click "Skip" my DLL is not injected :S |
|||
08 Apr 2008, 13:59 |
|
revolution 08 Apr 2008, 15:26
CFJ0: You have to make sure you use the square brackets [] correctly. Without the square brackets you are using the address of the variable, with the square brackets you are sending the value of the variable.
|
|||
08 Apr 2008, 15:26 |
|
CFJ0 08 Apr 2008, 15:30
Thanks, I didn't know that.
Makes alot more sense now. Working code: Code: Inject: invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, [ProcessEntry.th32ProcessID] mov [hProcess], eax invoke VirtualAllocEx, [hProcess], 0, sizeof.szDLLName, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE mov [hModule], eax invoke WriteProcessMemory, [hProcess], [hModule], szDLLName, sizeof.szDLLName, dwBytes invoke GetModuleHandle, "kernel32.dll" invoke GetProcAddress, eax, "LoadLibrary" invoke CreateRemoteThread, [hProcess], 0, 0, eax, [hModule], 0, dwThreadID invoke MessageBox, 0, "DLL Injected!", ProcessEntry.szExeFile, MB_ICONQUESTION Last edited by CFJ0 on 08 Apr 2008, 15:42; edited 1 time in total |
|||
08 Apr 2008, 15:30 |
|
revolution 08 Apr 2008, 15:37
CFJ0 wrote: So when do I have to use the addresses and when do I have to use the values :S? |
|||
08 Apr 2008, 15:37 |
|
CFJ0 08 Apr 2008, 15:42
Thanks alot, got it semi-working
|
|||
08 Apr 2008, 15:42 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.