Estou usando um injetor de DLL, aqui a função:
BOOL Inject(DWORD pID, const char * DLL_NAME) { HANDLE Proc; HMODULE hLib; char buf[50] = {0}; LPVOID RemoteString, LoadLibAddy; if(!pID) return false; Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID); if(!Proc) return false; LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); // Allocate space in the process for our DLL RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); // Write the string name of our DLL in the memory allocated WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL); // Load our DLL CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL); CloseHandle(Proc); }
Dai queria fazer uma dll pra impedir que o injetor funcione (anti dll injection), mas não tá funcionando , ja tentei mudar o nome da dll, função etc mas nada funciona:
// ANTI DLL INJECTION by _FIL73R_ #include <windows.h> BOOLEAN BlockAPI (HANDLE,CHAR *,CHAR *); void AntiInject (); /****************/ main() { CreateThread (0,0, (LPTHREAD_START_ROUTINE)AntiInject, 0, 0, 0); while (TRUE); // loop forever... now to try and inject } /****************/ void AntiInject () { HANDLE hProc = GetCurrentProcess(); while (TRUE) { BlockAPI(hProc, "KERNEL32.DLL", "ReadFile"); Sleep (100); } } BOOLEAN BlockAPI (HANDLE hProcess, CHAR *libName, CHAR *apiName) { CHAR pRet[]={0xC3}; HINSTANCE hLib = NULL; VOID *pAddr = NULL; BOOL bRet = FALSE; DWORD dwRet = 0; hLib = LoadLibrary (libName); if (hLib) { pAddr = (VOID*)GetProcAddress (hLib, apiName); if (pAddr) { if (WriteProcessMemory (hProcess, (LPVOID)pAddr, (LPCVOID)pRet, sizeof (pRet), &dwRet )) { if (dwRet) { bRet = TRUE; } } } FreeLibrary (hLib); } return bRet; }
Se alguém puder dar alguma dica, ou fixar o programa, agradeço...