Kernel32.dll
-
i have no more ideas, i lodge! Here's what i want to do: Every time the kernel32.dll is loaded, it should load a arbitrary dll, which then should create a log file to capture the name and the process id of the process which has loaded the kernel32.dll (and so the injected dll). Here's a brief summary of what my code does: It searches for the section which can be executed, copies my code to the end of this section and changes the entry point in order to jump to my code, and after my code has been executed (and the dll has been loaded - which only should happen if the dllmain retrieves DLL_PROCESS_DETACH) it jumps back to the original entry point (which has been saved before). The difference between a normal dll and the kernel32.dll is the calculation of the address of the LoadLibraryA function! I have tried this whole thing with Windows 98, and if someone now says that i am crazy and the stuff mentioned before won't work, even not if a miracle happens, i can say you are wrong. Windows 98 executes my infected kernel32.dll like it does with the original one, without a sinlge error. And YES, my code is executed too, BUT and that's my problem, the injected code doesn't load the DLL, and I DON'T KNOW WHY!!!!!!!!!!!! Can someone help me ? Thanks in advance!
-
i have no more ideas, i lodge! Here's what i want to do: Every time the kernel32.dll is loaded, it should load a arbitrary dll, which then should create a log file to capture the name and the process id of the process which has loaded the kernel32.dll (and so the injected dll). Here's a brief summary of what my code does: It searches for the section which can be executed, copies my code to the end of this section and changes the entry point in order to jump to my code, and after my code has been executed (and the dll has been loaded - which only should happen if the dllmain retrieves DLL_PROCESS_DETACH) it jumps back to the original entry point (which has been saved before). The difference between a normal dll and the kernel32.dll is the calculation of the address of the LoadLibraryA function! I have tried this whole thing with Windows 98, and if someone now says that i am crazy and the stuff mentioned before won't work, even not if a miracle happens, i can say you are wrong. Windows 98 executes my infected kernel32.dll like it does with the original one, without a sinlge error. And YES, my code is executed too, BUT and that's my problem, the injected code doesn't load the DLL, and I DON'T KNOW WHY!!!!!!!!!!!! Can someone help me ? Thanks in advance!
Sounds like a virus.
-
Sounds like a virus.
-
Welcome!
-
i have no more ideas, i lodge! Here's what i want to do: Every time the kernel32.dll is loaded, it should load a arbitrary dll, which then should create a log file to capture the name and the process id of the process which has loaded the kernel32.dll (and so the injected dll). Here's a brief summary of what my code does: It searches for the section which can be executed, copies my code to the end of this section and changes the entry point in order to jump to my code, and after my code has been executed (and the dll has been loaded - which only should happen if the dllmain retrieves DLL_PROCESS_DETACH) it jumps back to the original entry point (which has been saved before). The difference between a normal dll and the kernel32.dll is the calculation of the address of the LoadLibraryA function! I have tried this whole thing with Windows 98, and if someone now says that i am crazy and the stuff mentioned before won't work, even not if a miracle happens, i can say you are wrong. Windows 98 executes my infected kernel32.dll like it does with the original one, without a sinlge error. And YES, my code is executed too, BUT and that's my problem, the injected code doesn't load the DLL, and I DON'T KNOW WHY!!!!!!!!!!!! Can someone help me ? Thanks in advance!
I hope u have gone through article below: "Three Ways to Inject Your Code into Another Process" By Robert Kuster The chosen One :)
-
I hope u have gone through article below: "Three Ways to Inject Your Code into Another Process" By Robert Kuster The chosen One :)