Put a structure to a DLL file Topic is solved

Get help with using AutoHotkey and its commands and hotkeys
a1987zz
Posts: 3
Joined: 16 Jan 2021, 16:05

Put a structure to a DLL file

Post by a1987zz » 16 Jan 2021, 17:02

Hello! I am writing my injector on ahk. For this i need to send the structure to dll file: https://github.com/Broihon/GH-Injector-Library. Works in C ++, it also works in Autoit. I transfer to ahk, and does not inject. Ahk script:

Code: Select all

File := "test_.dll"

hModule := DllCall("LoadLibrary", "Str", "gh_injector.dll")
funcA := DllCall("GetProcAddress","Ptr", hModule, "Astr","InjectA")
;msgbox % funcA

StructLen := 12 + StrLen(File) + 1
VarSetCapacity(ParamStruct, StructLen, 0)

INJ_ERASE_HEADER := 0x0001
INJ_SHIFT_MODULE := 0x0008
INJ_UNLINK_FROM_PEB := 0x0004

uFlags := INJ_ERASE_HEADER | INJ_SHIFT_MODULE | INJ_UNLINK_FROM_PEB

NumPut(2, ParamStruct, 0, "Uint") ; 2 - ManualMap injection method
NumPut(0, ParamStruct, 4, "Uint") ; 0 - NtCreateThreadEx
NumPut(uFlags, ParamStruct, 8, "UInt") ; In C ++ injected without flags
NumPut(6304, ParamStruct, 9, "Uint") ; Id where to inject test.exe


StrPutt(File, &ParamStruct+4)
;msgbox % StrGett(&ParamStruct+4, "cp0")

Ptr := A_PtrSize ? "Ptr" : "UInt"
DllCall(funcA, Ptr, &ParamStruct)

StrPutt(Str, @) {
Return DllCall("RtlMoveMemory", UInt,@, UInt,&Str, UInt,StrLen(Str))
}

StrGett(@) {
Return DllCall("MulDiv", int,@, int,1, int,1, "Str")
}
С++ source.

Code: Select all

#define _CRT_SECURE_NO_WARNINGS

#include "GH Injector.h"

#include <iostream>
#include <cstring>
#include <fstream>
#include <Windows.h>
#include <TlHelp32.h>

using namespace std;

const char szFilePath[] = "test_.dll";


DWORD FindProcessId(const char* szProcessName)
{
	HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	PROCESSENTRY32 pe32;
	pe32.dwSize = sizeof(PROCESSENTRY32);
	DWORD FoundProcessId = 0;

	while (Process32Next(hSnapshot, &pe32))
	{
		if (!strcmp(szProcessName, pe32.szExeFile))
		{
			FoundProcessId = pe32.th32ProcessID;
			break;
		}
	}

	CloseHandle(hSnapshot);
	return FoundProcessId;
}


int main()
{
	HMODULE hGHInjector = LoadLibraryA("gh_injector.dll");
	fnInject Inject;
	Inject = (fnInject)GetProcAddress(hGHInjector, "InjectA");

	INJECTIONDATA data;
	ZeroMemory(&data, sizeof(INJECTIONDATA));
	data.Mode = 2;
	data.Method = 0;
	data.Flags = INJ_ERASE_HEADER | INJ_SHIFT_MODULE | INJ_UNLINK_FROM_PEB;
	data.ProcessID = FindProcessId("test.exe");
	
	/*strcpy(data.szDllPath, szFilePath);*/
	/*memcpy(data.szDllPath, szFilePath, strlen(szFilePath) + 1);*/
	RtlMoveMemory(data.szDllPath, szFilePath, strlen(szFilePath) + 1);

	Inject(&data);
	FreeLibrary(hGHInjector);

	/*Sleep(5000);*/

	return 0;
}
GH Injector.h:

Code: Select all

#pragma once

#include <windows.h>

#define INJ_ERASE_HEADER				0x0001
#define INJ_FAKE_HEADER					0x0002
#define INJ_UNLINK_FROM_PEB				0x0004
#define INJ_SHIFT_MODULE				0x0008
#define INJ_CLEAN_DATA_DIR				0x0010
#define INJ_THREAD_CREATE_CLOAKED		0x0020
#define INJ_SCRAMBLE_DLL_NAME			0x0040
#define INJ_LOAD_DLL_COPY				0x0080
#define INJ_HIJACK_HANDLE				0x0100

#define INJ_MAX_FLAGS 0x01FF

typedef struct INJECTIONDATA
{
	DWORD			LastErrorCode;
	char			szDllPath[MAX_PATH * 2];
	DWORD			ProcessID;
	DWORD          	Mode;
	DWORD	        Method;
	DWORD			Flags;
	//DWORD			hHandleValue;
	//HINSTANCE		hDllOut;
};

typedef DWORD(__stdcall* fnInject)(INJECTIONDATA*);
Last edited by a1987zz on 04 Feb 2021, 00:17, edited 10 times in total.

swagfag
Posts: 4130
Joined: 11 Jan 2017, 17:59

Re: Put a structure to a DLL file  Topic is solved

Post by swagfag » 16 Jan 2021, 19:33

ur struct size and layout(offsets) are all wrong

Code: Select all

StructLen := 12 + StrLen(File) + 1
VarSetCapacity(ParamStruct, StructLen, 0)

...

NumPut(2, ParamStruct, 0, "Uint") ; 2 - ManualMap injection method
NumPut(0, ParamStruct, 4, "Uint") ; 0 - NtCreateThreadEx
NumPut(uFlags, ParamStruct, 8, "UInt") ; In C ++ injected without flags
NumPut(6304, ParamStruct, 9, "Uint") ; Id where to inject test.exe

Code: Select all

typedef struct INJECTIONDATA
{
	DWORD			LastErrorCode;
	char			szDllPath[MAX_PATH * 2];
	DWORD			ProcessID;
	DWORD          	Mode;
	DWORD	        Method;
	DWORD			Flags;
	//DWORD			hHandleValue;
	//HINSTANCE		hDllOut;
};
  • at offset 0 u have a UInt
  • at offset 4 u have a 520 long char array
  • at offset 524 u have a UInt
  • at offset 528 u have a UInt
  • at offset 532 u have a UInt
  • at offset 536 u have a UInt
and the total size should therefore come out to 540 bytes

a1987zz
Posts: 3
Joined: 16 Jan 2021, 16:05

Re: Put a structure to a DLL file

Post by a1987zz » 17 Jan 2021, 02:48

Thanks. I know they're wrong. How hard not I try to change the offsets by following this example: https://autohotkey.com/board/topic/6806-dllcall-and-structure-with-strings/. It didn't work for me. Anyway, I don't even know how to send a string char szDllPath[MAX_PATH * 2] to a structure correctly.
Last edited by a1987zz on 24 Jan 2021, 19:57, edited 1 time in total.

just me
Posts: 7741
Joined: 02 Oct 2013, 08:51
Location: Germany

Re: Put a structure to a DLL file

Post by just me » 17 Jan 2021, 04:41

Code: Select all

StrPut(File, &ParamStruct + 4, "CP0")

a1987zz
Posts: 3
Joined: 16 Jan 2021, 16:05

Re: Put a structure to a DLL file

Post by a1987zz » 17 Jan 2021, 05:57

Thanks it worked.
test_32bit.rar
(33.05 KiB) Downloaded 2 times

Post Reply

Return to “Ask For Help”