digitalmars.D - Code injection
- Joe (108/108) Sep 30 2009 Can anybody tell, what i`m doing wrong?
- Daniel Keep (6/7) Oct 01 2009 http://catb.org/~esr/faqs/smart-questions.html#forum (D.learn in this ca...
Can anybody tell, what i`m doing wrong?
I ported it from c, where it works well.
code:
private {
import tango.sys.win32.Types;
import tango.sys.win32.UserGdi;
import tango.sys.win32.Macros;
import tango.stdc.stringz : fromString16z;
import tango.stdc.stringz : toStringz;
import tango.text.convert.Integer : toString;
import tango.text.convert.Utf : toString;
import tango.stdc.stringz : toString16z;
import tango.text.convert.Integer : toString16;
import tango.text.convert.Utf : toString16;
extern(Windows) LPVOID VirtualAllocEx(HANDLE, LPVOID, DWORD, DWORD, DWORD);
}
void main() {
try
{
injSelfDelete(0);
}
catch(Exception x)
{
Report(x);
}
}
void Report(Exception x) {
wchar[] msg;
msg.length = 256;
int errcode = GetLastError();
FormatMessageW(FORMAT_MESSAGE_FROM_SYSTEM, null, errcode, 0, msg.ptr,
msg.length, null);
wchar[] rep = toString16(x.toString) ~
"\nline: " ~ toString16(x.line) ~
"\nlast err: [" ~ toString16(errcode) ~ "] " ~ msg ~ "\0";
MessageBoxW(null, toString16z(rep), null, 0);
}
alias bool (*DeleteFileT)(char*);
alias void (*ExitProcessT)(uint);
alias void (*BeepT)(uint, uint);
alias void (*MessageBoxT)(void*, char*, char*, uint);
struct DeleteInjectData
{
DeleteFileT DeleteFile;
ExitProcessT ExitProcess;
char szFileName [MAX_PATH];
};
static void DeleteInjectProc (DeleteInjectData *id) {
//~ id.DeleteFile(id.szFileName.ptr);
id.ExitProcess(0);
//~ asm
//~ {
//~ push id.szFileName.ptr;
//~ call id.DeleteFile;
//~ push 0;
//~ call id.ExitProcess;
//~ }
}
static void DeleteInjectProc_End () { }
void injSelfDelete (int exitCode) {
DeleteInjectData id;
int threadSize = cast(void*)&DeleteInjectProc_End -
cast(void*)&DeleteInjectProc;
HMODULE hKernel32 = LoadLibraryA("Kernel32.dll");
assert(hKernel32 != null);
id.DeleteFile = cast(DeleteFileT) GetProcAddress(hKernel32, "DeleteFileA");
id.ExitProcess = cast(ExitProcessT) GetProcAddress(hKernel32, "ExitProcess");
assert(id.DeleteFile != null);
assert(id.ExitProcess != null);
id.szFileName[0..$] = 0;
GetModuleFileNameA(GetModuleHandleA(null), id.szFileName.ptr,
id.szFileName.length);
injectNew(cast(void*)&DeleteInjectProc, threadSize, cast(void*)&id, id.sizeof);
ExitProcess(exitCode);
}
bool injectNew(void* threadProc, uint codeLength, void* data, uint dataSize) {
PROCESS_INFORMATION pi;
STARTUPINFO si;
ZeroMemory(&pi, pi.sizeof);
ZeroMemory(&si, si.sizeof);
si.cb = si.sizeof;
char[] cmdExe;
cmdExe.length = MAX_PATH;
cmdExe.length = GetSystemDirectoryA(cmdExe.ptr, cmdExe.length);
cmdExe ~= "\\cmd.exe\0";
assert(CreateProcessA(cmdExe.ptr, null, null, null, false, CREATE_SUSPENDED
/*CREATE_NO_WINDOW */,
null, null, &si, &pi));
void *lpDataMem = VirtualAllocEx(pi.hProcess, null, dataSize, MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
assert(lpDataMem != null);
void *lpThreadMem = VirtualAllocEx(pi.hProcess, null, codeLength, MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
assert(lpThreadMem != null);
DWORD bytesWritten = 0;
assert(WriteProcessMemory(pi.hProcess, lpThreadMem, threadProc, codeLength,
&bytesWritten));
assert(WriteProcessMemory(pi.hProcess, lpDataMem, data, dataSize,
&bytesWritten));
DWORD dwThreadId = 0;
HANDLE hRemote = CreateRemoteThread(pi.hProcess, null, codeLength,
lpThreadMem, lpDataMem, 0,
&dwThreadId);
assert(hRemote != INVALID_HANDLE_VALUE);
ResumeThread(pi.hThread);
return true;
}
void injRedExitProcess (int exitCode) {
}
void injRedUse(wchar[] rcName, wchar[] rcType) {
}
void[] injRedGet() {
return null;
}
void injRedSet(void[] data) {
}
Sep 30 2009
Daniel Keep <daniel.keep.lists gmail.com> Joe wrote:Can anybody tell, what i`m doing wrong?http://catb.org/~esr/faqs/smart-questions.html#forum (D.learn in this case) http://catb.org/~esr/faqs/smart-questions.html#beprecise http://catb.org/~esr/faqs/smart-questions.html#goal http://catb.org/~esr/faqs/smart-questions.html#explicit http://catb.org/~esr/faqs/smart-questions.html#code
Oct 01 2009