dll-injection

LoadLibraryW doesn't work while LoadLibraryA does the job

I have written some sample program and DLL to learn the concept of DLL injection. My injection code to inject the DLL to the sample program is as follows (error handling omitted): std::wstring dll(L"D:\\Path\\to\\my\\DLL.dll"); LPTHREAD_START_ROUTINE pLoadLibraryW = (LPTHREAD_START_ROUTINE)GetProcAddress(hKernel32, "LoadLibraryW")...

Grabbing memory from another process

in Windows, lets say I have used DLL Injection to get into another process. I have also done some screencaptures of the memory on the process I have injected into and know the location of the data I want to pull out. Lets say there is data in the other process at 0xaaaaaaaa that contains a certain value. How do I grab this value from tha...

Getting a handle to the processes main thread

I have created an additional thread in some small testing app and want to suspend the main thread from this additional thread. The additional thread is created via CreateRemoteThread from an external process. Since SuspendThread needs a HANDLE to the thread which should be suspended, I want to know how to get this HANDLE from code runni...

Hooking DirectX EndScene from an injected DLL

I want to detour EndScene from an arbitrary DirectX 9 application to create a small overlay. As an example, you could take the frame counter overlay of FRAPS, which is shown in games when activated. I know the following methods to do this: Creating a new d3d9.dll, which is then copied to the games path. Since the current folder is sea...

Change the address of a member function in C++

Hello, in C++, I can easily create a function pointer by taking the address of a member function. However, is it possible to change the address of that local function? I.e. say I have funcA() and funcB() in the same class, defined differently. I'm looking to change the address of funcA() to that of funcB(), such that at run time callin...

Hooking extTextOut problems

Hi, I am working on a dll injection soft in c#, the injected dll is also in c# and i'am using pinvoke for certain system functions. When using extTextOut i get the string scrambled and the lines get mixed together What am i doing wrong? I hooked extTextOut using EasyHook from codeplex.com like this: try { ...

Are dll injection,ring0,ring3... all windows specific conceptions?

Do they exist on linux platforms? ...

In a remote thread, how do I call functions whose parameters contain pointers?

I want to call SHFileOperation using code injection. My code works fine while calling simple functions like MessageBox from user32.dll, but won't while calling ShFileOperation from shell32.dll. I'll post the part of the code that I think has the problem. I know the problem is in the struct implementation. Here is the image of RemoteInf...

Using undocumented classes in C++

I'm in the process of reverse-engineering a Windows executable. I found a class that I want to use from some code that I inject into the executable (different thread, own stack). How would I go about declaring such a class, given method addresses and member variables structure? For instance, let's say I found a class called foo, with it...

Direct 3D low level API calls

I have an application that makes use of Direct 3D to draw several things onto the screen. I'm looking to inject a DLL and hook a low level direct 3d function so I can record the screen and eventually convert it to a video file. My question really is; what should I be hooking into? I suppose I need to do it where Direct 3D writes to the ...

Injecting DLL from .NET into WordPad

I am facing a issue of 'weirdness' in relation to using .NET's run-time to inject a DLL into WordPad. The objective is simple, to be able to obtain the EM_STREAMOUT, pass the data back to the .NET C# code via way of WM_COPYDATASTRUCT message in which the .NET form intercepts and spits out the message into the console. For DLL injection ...

Is it possible in Delphi to get the address of a function/procedure in another process?

I use Madshi's madCodeHook components to Inject a DLL in a process, and then hook a procedure/function. The problem is each time a new version of the EXE comes out the address of the functions may change. Currently the way I do it is to use Ollydbg and then hard code the address in the DLL that I inject into the process, this is very u...

Add custom toolbar button to application at runtime

Hi, I use an application compiled in either Visuall C++ or Visual Basic (not sure which) and do not have access to source code. I would like to add a button to the existing toolbar at runtime. Can I code a program that uses something like sendmessage to add a button and set an onclick event? I would like for the button to rename a file o...

hook application procedure and change target file name

Hi I have an application written in visual c++ or visual basic (not sure, sorry) that I do not have source code access to. One of the toolbar options it offers generates an HTML report from a template that has bookmarks or space-holders that are filled by variables calculated in the program before it renders the HTML report. I would like...

Dll Injection - What is possible with it?

I was browsing the internet lately, when I stumbled upon Dll Injection. I think its an interesting subject but, I have no clue what the purpose of it is? I have read that it can be used for cracking/hacking games and software but is it also possible to do something positive with it? if so, what can it be used for? And what languages ...

when we need inject dll

hi i learn some way to inject dll into another process ok when we will use it or why use it and please give me some roadmap ...