Code injection

Joe support at microsoft.com
Wed Sep 30 23:29:30 PDT 2009 

Can anybody tell, what i`m doing wrong?
I ported it from c, where it works well.

code:
private {
import tango.sys.win32.Types;
import tango.sys.win32.UserGdi;
import tango.sys.win32.Macros;

import tango.stdc.stringz : fromString16z;
import tango.stdc.stringz : toStringz;
import tango.text.convert.Integer : toString;
import tango.text.convert.Utf : toString;


import tango.stdc.stringz : toString16z;
import tango.text.convert.Integer : toString16;
import tango.text.convert.Utf : toString16;

extern(Windows) LPVOID VirtualAllocEx(HANDLE, LPVOID, DWORD, DWORD, DWORD);
}

void main() {
	try
	{
		injSelfDelete(0);
	}
	catch(Exception x)
	{
		Report(x);
	}
}

void Report(Exception x) {
	wchar[] msg;
	msg.length = 256;
	int errcode = GetLastError();

	FormatMessageW(FORMAT_MESSAGE_FROM_SYSTEM, null, errcode, 0, msg.ptr, msg.length, null);

	wchar[] rep =	toString16(x.toString) ~
			"\nline: " ~ toString16(x.line) ~
			"\nlast err: [" ~ toString16(errcode) ~ "] " ~ msg ~ "\0";

	MessageBoxW(null, toString16z(rep), null, 0);
}

alias bool (*DeleteFileT)(char*);
alias void (*ExitProcessT)(uint);
alias void (*BeepT)(uint, uint);
alias void (*MessageBoxT)(void*, char*, char*, uint);

struct DeleteInjectData
{
	DeleteFileT	DeleteFile;
	ExitProcessT	ExitProcess;
	char szFileName [MAX_PATH];
};


static void DeleteInjectProc (DeleteInjectData *id) {
	//~ id.DeleteFile(id.szFileName.ptr);
	id.ExitProcess(0);

	//~ asm
	//~ {
		//~ push id.szFileName.ptr;
		//~ call id.DeleteFile;
		//~ push 0;
		//~ call id.ExitProcess;
	//~ }
}

static void DeleteInjectProc_End () { }

void injSelfDelete (int exitCode) {
	DeleteInjectData id;
	int threadSize = cast(void*)&DeleteInjectProc_End - cast(void*)&DeleteInjectProc;

	HMODULE hKernel32 = LoadLibraryA("Kernel32.dll");
	assert(hKernel32 != null);
	id.DeleteFile = cast(DeleteFileT) GetProcAddress(hKernel32, "DeleteFileA");
	id.ExitProcess = cast(ExitProcessT) GetProcAddress(hKernel32, "ExitProcess");
	assert(id.DeleteFile != null);
	assert(id.ExitProcess != null);

	id.szFileName[0..$] = 0;
	GetModuleFileNameA(GetModuleHandleA(null), id.szFileName.ptr, id.szFileName.length);

	injectNew(cast(void*)&DeleteInjectProc, threadSize, cast(void*)&id, id.sizeof);

	ExitProcess(exitCode);
}

bool injectNew(void* threadProc, uint codeLength, void* data, uint dataSize) {
	PROCESS_INFORMATION pi;
	STARTUPINFO si;
	ZeroMemory(&pi, pi.sizeof);
	ZeroMemory(&si, si.sizeof);
	si.cb = si.sizeof;

	char[] cmdExe;
	cmdExe.length = MAX_PATH;
	cmdExe.length = GetSystemDirectoryA(cmdExe.ptr, cmdExe.length);
	cmdExe ~= "\\cmd.exe\0";

	assert(CreateProcessA(cmdExe.ptr, null, null, null, false, CREATE_SUSPENDED /*CREATE_NO_WINDOW */,
null, null, &si, &pi));

	void *lpDataMem = VirtualAllocEx(pi.hProcess, null, dataSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
	assert(lpDataMem != null);

	void *lpThreadMem = VirtualAllocEx(pi.hProcess, null, codeLength, MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
	assert(lpThreadMem != null);

	DWORD bytesWritten = 0;
	assert(WriteProcessMemory(pi.hProcess, lpThreadMem, threadProc, codeLength, &bytesWritten));

	assert(WriteProcessMemory(pi.hProcess, lpDataMem, data, dataSize, &bytesWritten));

	DWORD dwThreadId = 0;
	HANDLE hRemote = CreateRemoteThread(pi.hProcess, null, codeLength, lpThreadMem, lpDataMem, 0,
&dwThreadId);
	assert(hRemote != INVALID_HANDLE_VALUE);

	ResumeThread(pi.hThread);

	return true;
}

void injRedExitProcess (int exitCode) {
}

void injRedUse(wchar[] rcName, wchar[] rcType) {
}

void[] injRedGet() {
	return null;
}

void injRedSet(void[] data) {
}

More information about the Digitalmars-d mailing list