InjectDLL
Every now and then I need to inject some code into a running program on Windows. This can be tricky but the easiest way to do it is to produce a DLL and then inject that DLL into the running process using OpenProcess(), VirtualAllocEx(), WriteProcessMemory(), CreateRemoteThread(), etc.
Here is a command line utility (and here's an x64 version) to inject a DLL into a running process, and here is the source. You need to know the PID of the running process, which is easily obtainable by using Sysinternals PsList or Process Explorer.
Also, you may find that sticking code in DllMain of your DLL is not a very good way to go.. for example, just doing a simple MessageBox() is not guarenteed to work in DllMain. Instead, use a global constructor, like this:
class CMakeNoise
{
public:
CMakeNoise() {
MessageBoxA(NULL, "hello", "hellodll", MB_OK);
}
};
CMakeNoise noisy;
That way you let the C runtime take care of running your code on DLL startup and you can be sure that everything is setup for you. Here's a compiled DLL (and x64 version) which uses this code, and here's the source.
QuantumG
<< back to my home page
Alan David says:
hi i need what your me give how make or do compile a DLL that is ready to inject,
Or a injectoy With DLL loaded in Memory..
Tanks My Msn is jurel199@hotmail.com, And Sorry for Bug in languaje, My languaje is Spanish ...
QuantumG says:
added source for dll to page.
To build it, from the command line you can do: cl /LD hello.cpp user32.lib
Assuming you have visual studio installed, otherwise, yeah, make your dll however you normally do that.
Daniel says:
Hi,
I've been trying out this code with not much success. I can build it fine but neither my build nor your supplied binary complete successfully. I get one of two things happening (and I'm not sure what distinguishes the two, some processes do one, some the other):
"LoadLibrary return NULL, GetLastError() is 0"
or
"LoadLibrary return NULL, GetLastError() is 127" (the process does exist I promise =)
The command I am running is "C:\\>injectdll.exe 668 hellodll.dll" where 668 happens to be the windows calculator application.
Could you shed any light on this?
OS: Win2k
thirdwheel says:
Hey all,
you can compile this stuff in MinGW/MSYS pretty easily:
For the utility, just put the injectdll.cpp file in any directory, cd to that directory and type `make injectdll' (without the quotes).
For the DLL file, type `g++ -luser32 -shared -o hello.dll hello.o' to compile.
thirdwheel says:
Daniel,
You have to specify the full path to the DLL. So it hellodll.dll is in C:\\dev, you type `injectdll 668 c:\\dev\\hellodll.dll'
thirdwheel says:
Daniel,
You have to specify the full path to the DLL. So it hellodll.dll is in C:\\dev, you type `injectdll 668 c:\\dev\\hellodll.dll'
betas are cool says:
whenever i use that injectdll.exe thing, it says that it cannot allocate memory for that pid that i put by searching in task mgr.. using the compiled hellodll
betas are cool says:
update: it works fine with the compiled injectdll.exe, but not with the compiled src.. any idea?
Paul says:
Works great, thanks. However, the Windows API has this to say about VirtualFreeEx: "If the dwFreeType parameter is MEM_RELEASE, dwSize must be 0 (zero)." Your call to VirtualFreeEx fails, and you have a memory leak. The call should be: "VirtualFreeEx(hProcess, mem, 0, MEM_RELEASE);"
Paul says:
Works great, thanks. However, the Windows API has this to say about VirtualFreeEx: "If the dwFreeType parameter is MEM_RELEASE, dwSize must be 0 (zero)." Your call to VirtualFreeEx fails, and you have a memory leak. The call should be: "VirtualFreeEx(hProcess, mem, 0, MEM_RELEASE);"
Gabe says:
I'm also getting a "can't allocate memory in that pid" when using the compiled from source injectdll.exe Downloaded one works fine. My compiled one is about 9KB using VS2008. Not sure what the difference is. Maybe a different way to build it?