Olá galera,
estou aprendendo dll injection e por algum motivo meu código retorna com sucesso. mesmo se a dll não existir. alguém consegue me ajudar? segue o código:
Se eu deletar o DLL.dll do c:// ele continua dando como sucesso
/*
how to do dll inject
1 - abrimos o processo com OpenProcess() passando o id do processo
2 - se sucesso, então pegamos o endereço do processo com a função (LPVOID) getProcAddress(getModuleHandleA("Kernel32.dll"), "LoadLibraryA")
3 - Alocamos memória virtual com a função VirtualAllocEx()
4 - criamos um remote thread com CreateRemoteThread()
5 - wait for the operation complete com WaitForSingleObject()
6 - liberamso memoria com vitualFreeEx()
CloseHandle() - remote thread
CloseHandle() - hTargetProcess - processo aberto
*/
#include <cstdio>
#include <iostream>
#include <windows.h>
#include <tlhelp32.h>
#include <string>
#include <cstdlib>
#include <vector>
using namespace std;
DWORD find_process_id(wstring processName) {
PROCESSENTRY32 entry;
entry.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (Process32First(snapshot, &entry) == TRUE)
{
while (Process32Next(snapshot, &entry) == TRUE)
{
if (stricmp(entry.szExeFile, "Tibia.exe") == 0)
{
return entry.th32ProcessID;
}
}
}
CloseHandle(snapshot);
}
bool InjectDynamicLibrary(DWORD processId, char* dllPath)
{
// Open a new handle to the target process
HANDLE hTargetProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, processId);
if (hTargetProcess != NULL) // if the handle is valid
{
cout << "Processo aberto.......ok" << endl;
cout << "Tentaremos injetar a LIB :" << dllPath << endl;
// Kernel32.dll is always mapped to the same address in each process
// So we can just copy the address of it & LoadLibraryA in OUR process and
// expect it to be same in the remote process too.
LPVOID LoadLibAddr = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
if(LoadLibAddr != NULL) {
cout << "LoadLibAddr.......OK" << endl;
// We must allocate more memory in the target process to hold the path for our dll in it's addresspace.
LPVOID LoadPath = VirtualAllocEx(hTargetProcess, 0, strlen(dllPath), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if(LoadPath != NULL) {
//MessageBox(HWND_DESKTOP, "LoadPath Sucesso!", "MESSAGE", MB_OK);
cout << "LoadPath.......OK" << endl;
// Create a thread in the target process that will call LoadLibraryA() with the dllpath as a parameter
HANDLE RemoteThread = CreateRemoteThread(hTargetProcess, 0, 0,
(LPTHREAD_START_ROUTINE)LoadLibAddr, LoadPath, 0, 0);
if(RemoteThread) {
cout << "Remote Thread.......OK" << endl;
// Wait for the operation to complete, then continue.
WaitForSingleObject(RemoteThread, INFINITE);
// the path to the dll is no longer needed in the remote process, so we can just free the memory now.
VirtualFreeEx(hTargetProcess, LoadPath, strlen(dllPath), MEM_RELEASE);
CloseHandle(RemoteThread);
CloseHandle(hTargetProcess);
return true;
}else{
MessageBox(HWND_DESKTOP, "Remote Thread Error!", "MESSAGE", MB_OK);
}
}else{
MessageBox(HWND_DESKTOP, "LoadLibAddr ERROR", "MESSAGE", MB_OK);
}
}else{
MessageBox(HWND_DESKTOP, "LoadLibAddr Fail!", "MESSAGE", MB_OK);
}
}else{
MessageBox(HWND_DESKTOP, "problema ao abrir processo!", "MESSAGE", MB_OK); }
return false;
}
int main( int, char *[] )
{
DWORD processId = find_process_id(L"chrome");
if(processId) {
// MessageBox(0, "Processo localizado. fazendo inject","NOTICE", MB_OK);
cout << "Process ID finded : " << processId << endl;
const wchar_t* libName = L"c:/DLL.dll"; // or L"zß???"
char lib[11];
std::wcstombs(lib, libName, 11);
wcout << libName << endl;
InjectDynamicLibrary(processId, "c:/DLL.dll");
}
return 0;
}