Dll injection and hooking
-
Hello once again,I have been working on some project for a while now and I needed to hook a creation of processes,I have that code(hook/detour)
BOOL WINAPI CreateProcH::CreateProcessInternalW ( HANDLE hToken,
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
PHANDLE hNewToken
)
clogf("start %x ref: %x",realCreateProcessInternalW,&realCreateProcessInternalW);
BOOL res = FALSE;
res = realCreateProcessInternalW(hToken,lpApplicationName,lpCommandLine,lpProcessAttributes,lpThreadAttributes,bInheritHandles,dwCreationFlags,lpEnvironment,lpCurrentDirectory,lpStartupInfo,lpProcessInformation,hNewToken);
if(res == FALSE)
return res;Sleep(100);//let it load vector ::iterator it; for(it = pubvPaths.begin(); it < pubvPaths.end(); it++) { if(!CDetour::InjectDll(lpProcessInformation->hProcess,\*it)) clogf("InjectDll(lpProcessInformation->hProcess,\*it) FAILED!"); clogf("Strlen %d Injecting dll: %ls",lstrlenW(\*it),\*it); } clogf("hThread: %d hProcess: %d dwThreadId: %d dwProcessId: %d",lpProcessInformation->hThread,lpProcessInformation->hProcess,lpProcessInformation->dwThreadId,lpProcessInformation->dwProcessId); return res;};
LOG:
[Fri Nov 30 20:22:20 2012] CreateProcH::CreateProcessInternalW reported: start 7d843e8 ref: 741285ac
[Fri Nov 30 20:22:20 2012] CreateProcH::CreateProcessInternalW reported: Strlen 103 Injecting dll: C:/Users/JEAN/SplitPLayGUI-build-desktop-Qt_4_8_1_for_Desktop_-_MSVC2010__Qt_SDK__Debug/CreateProcH.dll
[Fri Nov 30 20:22:20 2012] CreateProcH::CreateProcessInternalW reported: hThread: 5360 hProcess: 5376 dwThreadId: 8376 dwProcessId: 1388but the process fails to create or crashes not sure what is wrong, So I just commented out
if(!CDetour::InjectDll(lpProcessInformation->hProcess,*it))
clogf("InjectDll(lpProcessInformation->hProcess,*it) FAILED!");and everything logged the same way but the process actually created and ran, here is CDetour::InjectDll
bool CDetour::InjectDll(HANDLE hProcess ,wchar_t * pwstrDll)
{
LPVOID Remo -
Hello once again,I have been working on some project for a while now and I needed to hook a creation of processes,I have that code(hook/detour)
BOOL WINAPI CreateProcH::CreateProcessInternalW ( HANDLE hToken,
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
PHANDLE hNewToken
)
clogf("start %x ref: %x",realCreateProcessInternalW,&realCreateProcessInternalW);
BOOL res = FALSE;
res = realCreateProcessInternalW(hToken,lpApplicationName,lpCommandLine,lpProcessAttributes,lpThreadAttributes,bInheritHandles,dwCreationFlags,lpEnvironment,lpCurrentDirectory,lpStartupInfo,lpProcessInformation,hNewToken);
if(res == FALSE)
return res;Sleep(100);//let it load vector ::iterator it; for(it = pubvPaths.begin(); it < pubvPaths.end(); it++) { if(!CDetour::InjectDll(lpProcessInformation->hProcess,\*it)) clogf("InjectDll(lpProcessInformation->hProcess,\*it) FAILED!"); clogf("Strlen %d Injecting dll: %ls",lstrlenW(\*it),\*it); } clogf("hThread: %d hProcess: %d dwThreadId: %d dwProcessId: %d",lpProcessInformation->hThread,lpProcessInformation->hProcess,lpProcessInformation->dwThreadId,lpProcessInformation->dwProcessId); return res;};
LOG:
[Fri Nov 30 20:22:20 2012] CreateProcH::CreateProcessInternalW reported: start 7d843e8 ref: 741285ac
[Fri Nov 30 20:22:20 2012] CreateProcH::CreateProcessInternalW reported: Strlen 103 Injecting dll: C:/Users/JEAN/SplitPLayGUI-build-desktop-Qt_4_8_1_for_Desktop_-_MSVC2010__Qt_SDK__Debug/CreateProcH.dll
[Fri Nov 30 20:22:20 2012] CreateProcH::CreateProcessInternalW reported: hThread: 5360 hProcess: 5376 dwThreadId: 8376 dwProcessId: 1388but the process fails to create or crashes not sure what is wrong, So I just commented out
if(!CDetour::InjectDll(lpProcessInformation->hProcess,*it))
clogf("InjectDll(lpProcessInformation->hProcess,*it) FAILED!");and everything logged the same way but the process actually created and ran, here is CDetour::InjectDll
bool CDetour::InjectDll(HANDLE hProcess ,wchar_t * pwstrDll)
{
LPVOID Remo