How to inject code into a process?

[jonwil]

I am looking for a way to inject code into an already running process and have it run (it would read memory space of the process, call code of the process etc)

Or if that cant be done, is theree a way to get the process to load my DLL instead of some system dll so that my DLL can sit there and wait for a signal (e.g. external signal sent to say that it can

Note that changing the on-disk representation of the process is not an option (i.e. I cant modify the process exe file on disk).

This is for a program that would load into the memory space of a running Trymedia app and (by calling the trymedia functions in the exe file) decrypt protected resource files. You would change parameters in the code or in a config file (e.g. filename of protected resource file, output filename, size, location within the memory space of the protected exe file for redirected CreateFileA/ReadFile and so on) and then build the dumper.
Then you load the target and wait untill you get to a point where it has to have read the desired data file (i.e. let it get into the game)
Then you would run or trigger the code that was loaded into the process memory space which would read in the protected resource file via the trymedia hooks and write it out to disk in unencrypted form.

With this, you wouldnt need a debugger or debugger-hider. Or any messing about with breakpoints or runtime patching. All you would need to do is to find the location within the .bss segment of the needed AM functions for the AM version you are cracking, it would really only need CreateFileA and ReadFile redirects I think. It could even be run by someone who has an unlocked copy of the program in question (someone who doesnt have any reverse engineering skills)

In fact, if one was to build up a database linking AM version to location of needed hooks, one could make it even easier to use

hm, I've written small app to inject my dll into a running process... maybe it will help you
Specify dll, then choose running process from the list and in context menu - > 'Inject dll'
P.S. Executable to inj... just to start process simultaneously with injecting

[FEARHQ]

Well, there are a couple of ways you can inject code into a foreign process. One of them is to get the process ID of the target, however you may wish to do that, OpenProcess, find a 'cave' where you can write a bit of code to, GetClassLong to get WinProc's address, WriteProcessMemory some code that will load your dll into the process address space into the cave, save the bytes at the begining of WinProc and replace them with a jump to your cave, then restore them after you're done loading the dll. Mind you instead of stealing WinProc for a second, you can also just write the cave and use CreateRemoteThread (not sure of exact name) to start a remote thread you have written into a cave, or you can emulate one of the dll's the process uses, making sure to provide ALL the imports the process needs with the proper ordinals and simply jam it into the executable root directory. The first method described was used by D2hackit, whose source is freely available. You might also want to check out code injection at the old fravia mirror at woodmann's site and ofcourse microsoft Detours.

[nikola]

jonwil, i think you should read about some APIs.
ReadProcessMemory, WriteProcessMemory, VirtualAllocEx, CreateRemoteThread Tho CreateRemoteThread exists only on NT systems.

[Shub-Nigurrath]

there's also a thread here where a number of alternative methods, working also on Win9x system, has been proposed..MaRKuS-DJM were the thread starter..

http://www.exetools.com/forum/showthread.php?t=7211

read posts you-ll find some useful links I think.

[NeOXOeN]

jonwil i know you are VIP member but i think you should you search option avalible on this forum more often!Like Shub-Nigurrath suggested that link above was one of my first hits i got using the same words as you used in topic..



bye NeO

[JMI]

Oh NO! Not SEARCHING! Who'd a thunk it?

Regards,

Quote:

Originally Posted by jonwil

I am looking for a way to inject code into an already running process [...]

Here some article that should help you. Hopefully you can code in C(++)!

Take a look at this article, it's one of the best I found...
Three Ways to Inject Your Code into Another Process
http://www.codeproject.com/threads/winspy.asp

Also interesting (not read)
Extending Task Manager with DLL Injection
http://www.codeproject.com/threads/taskex.asp

Good luck...