DLL Injection
DLL Injection is a technique used to run code within the address space of another process by forcing it to load a dynamic-link library.
Creating a DLL project:
First things first, we need to have a dll to inject into a running process.
Create header file to the DLL
We'll start by creating a header file to declare the functions our DLL exports. We'll call it Inject.h.
Create Source File
In our header file, we defined the preprocessor macro INJECT_API that we want our dll to export. We'll create a source file that implements our "printHello" functionality. We'll create a new source file: "Inject.cpp".
DLL Implementation / Functionality
When we attach the DLL to a process we will call sayHello() in dllmain.cpp.
DLL Injection
To inject a DLL into a remote process we need to do the following things with their respective Windows API functions:
Find LoadLibraryW Address (GetProcAddress)
Open a handle to the remote process (OpenProcess)
Allocate Memory to the remote process (VirtualAllocEx)
Write data to the remote process. In this case the DLL's path. (WriteProcessMemory)
Create a thread in the remote process. (CreateRemoteThread)
Find Load Library Address:
IMPORTANT: Since we are injecting into a remote process, there is no way for us to call LoadLibraryW directly within the confines of our running process. Instead we have to find the address of LoadLibraryW and pass the function as reference along with the path to our DLL (lpBuffer) as the parameter in CreateRemoteThreadEx. (As demonstrated below).
Allocating & Writing To Memory In Remote Process (win32calc.exe):
Execution Via New Thread:
Last updated