Jump to content
Fórum Script Brasil
  • 0




Olá galera,


estou aprendendo dll injection e por algum motivo meu código retorna com sucesso. mesmo se a dll não existir. alguém consegue me ajudar? segue o código:

Se eu deletar o DLL.dll do c:// ele continua dando como sucesso

	how to do dll inject
	1  - abrimos o processo com OpenProcess() passando o id do processo 
	2  - se sucesso, então pegamos o endereço do processo com a função (LPVOID) getProcAddress(getModuleHandleA("Kernel32.dll"), "LoadLibraryA")
	3  - Alocamos memória virtual com a função VirtualAllocEx()
	4  - criamos um remote thread com CreateRemoteThread()
	5  - wait for the operation complete com WaitForSingleObject()
	6 - liberamso memoria  com vitualFreeEx()
	CloseHandle() - remote thread
	CloseHandle() - hTargetProcess - processo aberto 
#include <cstdio>
#include <iostream>
#include <windows.h>
#include <tlhelp32.h>
#include <string>
#include <cstdlib>
#include <vector>

using namespace std;

DWORD find_process_id(wstring processName) {

    PROCESSENTRY32 entry;
    entry.dwSize = sizeof(PROCESSENTRY32);	
    HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);

    if (Process32First(snapshot, &entry) == TRUE)
        while (Process32Next(snapshot, &entry) == TRUE)
            if (stricmp(entry.szExeFile, "Tibia.exe") == 0)
                return entry.th32ProcessID;


bool InjectDynamicLibrary(DWORD processId, char* dllPath)
	// Open a new handle to the target process
	HANDLE hTargetProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, processId);
	if (hTargetProcess != NULL) // if the handle is valid
		cout << "Processo aberto.......ok" << endl;
		cout << "Tentaremos injetar a LIB :" << dllPath << endl;
		// Kernel32.dll is always mapped to the same address in each process
		// So we can just copy the address of it & LoadLibraryA in OUR process and
		// expect it to be same in the remote process too.
		LPVOID LoadLibAddr = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
		if(LoadLibAddr != NULL) {

			cout << "LoadLibAddr.......OK" << endl;
			// We must allocate more memory in the target process to hold the path for our dll in it's addresspace.
			LPVOID LoadPath = VirtualAllocEx(hTargetProcess, 0, strlen(dllPath), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
			if(LoadPath != NULL) {
					//MessageBox(HWND_DESKTOP, "LoadPath Sucesso!", "MESSAGE", MB_OK);
					cout << "LoadPath.......OK" << endl;
					// Create a thread in the target process that will call LoadLibraryA() with the dllpath as a parameter
					HANDLE RemoteThread = CreateRemoteThread(hTargetProcess, 0, 0,
						(LPTHREAD_START_ROUTINE)LoadLibAddr, LoadPath, 0, 0);
					if(RemoteThread) {
						cout << "Remote Thread.......OK" << endl;
						// Wait for the operation to complete, then continue.
						WaitForSingleObject(RemoteThread, INFINITE);
						// the path to the dll is no longer needed in the remote process, so we can just free the memory now.
						VirtualFreeEx(hTargetProcess, LoadPath, strlen(dllPath), MEM_RELEASE);
						return true;							
						MessageBox(HWND_DESKTOP, "Remote Thread Error!", "MESSAGE", MB_OK);

				MessageBox(HWND_DESKTOP, "LoadLibAddr ERROR", "MESSAGE", MB_OK);
			MessageBox(HWND_DESKTOP, "LoadLibAddr Fail!", "MESSAGE", MB_OK);
		MessageBox(HWND_DESKTOP, "problema ao abrir processo!", "MESSAGE", MB_OK);	}
	return false;

int main( int, char *[] )

	DWORD processId =  find_process_id(L"chrome");	
	if(processId)  {
//		MessageBox(0, "Processo localizado. fazendo inject","NOTICE", MB_OK);
		cout << "Process ID finded : " << processId << endl;
    	const wchar_t* libName = L"c:/DLL.dll"; // or L"zß???"
    	char lib[11];
    	std::wcstombs(lib, libName, 11);
		wcout  << libName << endl;
		InjectDynamicLibrary(processId, "c:/DLL.dll");		
    return 0;


Link to comment
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Forum Statistics

    • Total Topics
    • Total Posts
  • Create New...