Inyectar una DLL en un proceso con vb

[001]

Hola, estube buscando y buscnado y buscando por dias hasta que encontre un codigo que funcione bien.
El tema es que el que consegui Ejecuta la aplicacion y le inyecta la DLL, lo que yo necesito es que inyecte la dll en un proceso, no que CREEE un proceso y le ineycte la dll, no se si se entiende.. El proceso ya esta corriendo no hay que crearlo. aca posteo el inyector, si alguien puede ayudarme mil gracias!

Código:
Todo en un form.

Código:

Private Declare Function ForceLibrary Lib "forcelibrary.dll" (ByVal szDll As String, lpProcessInformation As PROCESS_INFORMATION) As Long
Private Declare Function CreateProcess Lib "kernel32" Alias "CreateProcessA" _
(ByVal lpApplicationName As Long, ByVal lpCommandLine As String, _
ByVal lpProcessAttributes As Long, ByVal lpThreadAttributes As Long, _
ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, _
ByVal lpEnvironment As Long, ByVal lpCurrentDirectory As Long, _
lpStartupInfo As STARTUPINFO, _
lpProcessInformation As PROCESS_INFORMATION) As Long
Private Declare Function ResumeThread Lib "kernel32.dll" (ByVal hThread As Long) As Long

Private Type STARTUPINFO
cb As Long
lpReserved As String
lpDesktop As String
lpTitle As String
dwX As Long
dwY As Long
dwXSize As Long
dwYSize As Long
dwXCountChars As Long
dwYCountChars As Long
dwFillAttribute As Long
dwFlags As Long
wShowWindow As Integer
cbReserved2 As Integer
lpReserved2 As Long
hStdInput As Long
hStdOutput As Long
hStdError As Long
End Type

Private Type PROCESS_INFORMATION
hProcess As Long
hThread As Long
dwProcessID As Long
dwThreadID As Long
End Type


Private Sub Command4_Click()
Dim ret As Long
Dim inicio As STARTUPINFO
Dim proce As PROCESS_INFORMATION

inicio.cb = Len(inicio)
proce.hProcess = -1
proce.hThread = -1

ret& = CreateProcess(0&, "C:\Archivos de programa\Valve\hl.exe -nomaster -game cstrike", 0&, 0&, 0&, CREATE_SUSPENDED, 0&, 0, inicio, proce)
If ret = 0 Then
MsgBox ("Error en CreateProcess")
End If

ret = ForceLibrary(CurDir & "\hook.dll", proce)
If ret = 0 Then
MsgBox ("Error en ForceLibrary")
End If

ret = ResumeThread(proce.hThread)
End Sub

[ranefi]

Hola 001, buen día y bienvenido al foro. Emmmm sabes, he tenido muy poco tiempo por cuestiones de trabajo, es por eso mi tardanza en contestar, como sea, te recomiendo que leas los siguientes enlaces:


Para ver este enlace Registrate o Inicia Sesion

Papá Gates te dice cómo con el Registro de Windows

Para ver este enlace Registrate o Inicia Sesion

Métodos para inyectar procesos

Para ver este enlace Registrate o Inicia Sesion

Más información de un foro externo

Espero esto sea suficiente para que cumplas tu meta. Nos vemos.

[Punk-Rock]

lo ke no funciona no es el kode, es la DLL....para ke la DLL se pueda inyectar tiene ke estar creada o en C o en ASM...yo cree una en Delphi y tampoko me fue....

Yo tengo un kodigo para inyectar DLL's ke es diferente, pero komo te dije, la DLL no arranco...

Salu2

[001]

lo ke no funciona no es el kode, es la DLL....para ke la DLL se pueda inyectar tiene ke estar creada o en C o en ASM...yo cree una en Delphi y tampoko me fue....

Yo tengo un kodigo para inyectar DLL's ke es diferente, pero komo te dije, la DLL no arranco...

Salu2

la DLL que cree esta en C y funciona

PD: PorFavor si el code que tenes es en VB pasalo me serviria bastante.

[Punk-Rock]

Es el ke nos pusieron el elhacker.net.. ...te akuerdas???ke tu pediste si hiba en un modulo o en el form....es ese mismo.....

Salu2

[001]

si me acuerdo pero cuando pruebo con ese me dice "error" 

[N@5h]

disculpen pero ese codigo ami me da error tambien... cual es el que ablan no lo pueden poner ak asi lo uso pq me vendria de dies ya que ase mucho que estoy renegando y no me sale nada...

desde ya muchas grasias adios...

[001]

mm bueno, aca hice uno pero algo esta mal... cuando se ejecuta el hl.exe se inyecta la dll pero me dice esto
Para ver este enlace Registrate o Inicia Sesion

http://img368.imageshack.us/img368/1880/dibujolh1.jpg

el inyector funciona pero se ve que en algunas PC's, al cerrar y volver a abrir el juego rapidamente hace que se desconfigure el modo de video (“OpenGL, Direct3D or Software”).
lo probe en dos PC's y pasa lo mismo, las tarjetas de video son 100% compatibles con OpenGL


Form:

Código:

Private Declare Function ForceLibrary Lib "forcelibrary.dll" (ByVal szDll As String, lpProcessInformation As PROCESS_INFORMATION) As Long
Private Declare Function CreateProcess Lib "kernel32" Alias "CreateProcessA" _
                                      (ByVal lpApplicationName As Long, ByVal lpCommandLine As String, _
                                       ByVal lpProcessAttributes As Long, ByVal lpThreadAttributes As Long, _
                                       ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, _
                                       ByVal lpEnvironment As Long, ByVal lpCurrentDirectory As Long, _
                                       lpStartupInfo As STARTUPINFO, _
                                       lpProcessInformation As PROCESS_INFORMATION) As Long
Private Declare Function ResumeThread Lib "kernel32.dll" (ByVal hThread As Long) As Long

Private Type STARTUPINFO
    cb As Long
    lpReserved As String
    lpDesktop As String
    lpTitle As String
    dwX As Long
    dwY As Long
    dwXSize As Long
    dwYSize As Long
    dwXCountChars As Long
    dwYCountChars As Long
    dwFillAttribute As Long
    dwFlags As Long
    wShowWindow As Integer
    cbReserved2 As Integer
    lpReserved2 As Long
    hStdInput As Long
    hStdOutput As Long
    hStdError As Long
End Type

Private Type PROCESS_INFORMATION
    hProcess As Long
    hThread As Long
    dwProcessId As Long
    dwThreadID As Long
End Type


Dim handle
Dim pid

Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)

Private Sub Form_Load()
Timer1.Enabled = True
Timer1.Interval = 100
End Sub

Private Sub Timer1_Timer()
handle = FindWindow(vbNullString, "Counter-Strike")
handle = GetWindowThreadProcessId(handle, pid)

If pid > 0 Then
If pid = Label1.Caption Then
Else
KillProcess ("hl.exe")
Timer1.Enabled = False
End If
End If

End Sub

Public Sub KillProcess(ByVal processName As String)
On Error Resume Next
Dim oWMI
Dim ret
Dim sService
Dim oWMIServices
Dim oWMIService
Dim oServices
Dim oService
Dim servicename
Set oWMI = GetObject("winmgmts:")
Set oServices = oWMI.InstancesOf("win32_process")
For Each oService In oServices

servicename = LCase(Trim(CStr(oService.Name) & ""))

If InStr(1, servicename, LCase(processName), vbTextCompare) > 0 Then
ret = oService.Terminate
End If

Next

Set oServices = Nothing
Set oWMI = Nothing


ErrHandler:
Err.Clear

    Sleep (Text1.Text * 1000)
    injectar
    Timer2.Enabled = True
    Timer2.Interval = (Text1.Text * 5000)
End Sub

Private Sub injectar()
    Dim ret As Long
    Dim inicio As STARTUPINFO
    Dim proce As PROCESS_INFORMATION
   
    inicio.cb = Len(inicio)
    proce.hProcess = -1
    proce.hThread = -1

    ret& = CreateProcess(0&, "C:\Archivos de programa\Valve\hl.exe -nomaster -game cstrike", 0&, 0&, 0&, CREATE_SUSPENDED, 0&, 0, inicio, proce)
    Label1.Caption = proce.dwProcessId
    ret = ForceLibrary(CurDir & "\hook.dll", proce)
    ret = ForceLibrary("C:\WINDOWS\system32\opengl32.dll", proce)
    ret = ResumeThread(proce.hThread)


End Sub

Private Sub Timer2_Timer()
Timer1.Enabled = True
Timer2.Enabled = False
End Sub

Modulo:

Código:

Option Explicit

Public hModule          As Long
Public hProcess         As Long
Public dwSize           As Long
Public dwPid            As Long
Public dwBytesWritten   As Long
Public dwTid            As Long

Public SE               As SECURITY_ATTRIBUTES

Public Const PAGE_READONLY              As Long = &H2
Public Const PAGE_READWRITE             As Long = &H4
Public Const PAGE_EXECUTE               As Long = &H10
Public Const PAGE_EXECUTE_READ          As Long = &H20
Public Const PAGE_EXECUTE_READWRITE     As Long = &H40
Public Const MEM_RELEASE                As Long = &H8000
Public Const MEM_COMMIT                 As Long = &H1000
Public Const MEM_RESERVE                As Long = &H2000
Public Const MEM_RESET                  As Long = &H80000
Public Const STANDARD_RIGHTS_REQUIRED   As Long = &HF0000
Public Const SYNCHRONIZE                As Long = &H100000
Public Const PROCESS_ALL_ACCESS         As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Public Const INFINITE                   As Long = &HFFFFFF

Public Type SECURITY_ATTRIBUTES
       nLength                 As Long
       lpSecurityDescriptor    As Long
       bInheritHandle          As Long
End Type

Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Public Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As SECURITY_ATTRIBUTES, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Public Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Public Function Inject(szDll As String, szTargetWindowClassName) As Boolean
Dim hWnd        As Long
Dim k32LL       As Long
Dim Thread      As Long

   SE.nLength = Len(SE)
   SE.lpSecurityDescriptor = False
   
   'Encontrar la ventana y abrir el proceso
   'hWnd = FindWindow(szTargetWindowClassName, vbNullString)
   'GetWindowThreadProcessId hWnd, dwPid
   dwPid = szTargetWindowClassName
   hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, dwPid)
   If hProcess = 0 Then GoTo Inject_Error
   k32LL = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
   
   'Reservamos memoria
   hModule = VirtualAllocEx(hProcess, 0, LenB(szDll), MEM_COMMIT, PAGE_READWRITE)
   If hModule = 0 Then GoTo Inject_Error
   WriteProcessMemory hProcess, ByVal hModule, ByVal szDll, LenB(szDll), dwBytesWritten
   
   Thread = CreateRemoteThread(hProcess, SE, 0, ByVal k32LL, ByVal hModule, 0, dwTid)
   If Thread = 0 Then GoTo Inject_Error
   
   'Clean up a bit
   WaitForSingleObject Thread, 100
   VirtualFreeEx hProcess, hModule, 0&, MEM_RELEASE
   CloseHandle Thread

Exit Function

Inject_Error:
   Inject = False
   MsgBox "error"
   Exit Function
End Function