Can I use this function to block WINDOWS API's?

Pages: 123
Still no useful reply after 1 day!
Hi,

Because using Sizeof() gives us few instructions which are not needed such as
 
mov edx, esp


and few other instructions this is basically better to reduce the allocation size thus reducing the memory footprint on all processes.
So look at this code:
https://rstforums.com/forum/43070-c-direct-code-injection-examples-no-dll-injection.rst
Here they are not giving the size of thread func as parameter but sizeof(RemoteData) will it work?
And my computer is broke can you please check and find out if it works...:), please?
EDIT: How can this code work with dev c++???
Can you download it and test it?
Help...
Last edited on
Hi,

I am sorry but test it when your computer gets fixed, as I am not going to download additional softwares for a single thread with Araavind (I know it's You).
Okay anyway is sizeof(RemoteData) good enough, rather than stub-function?
or can I give a guess value for size such as 10 or 200 or 5000 something...?
I would say stub-function is a better as we are allocating minimum bytes. Next Question.

No keep in mind VS optimizes code therefore a single guess can be smaller than actual thread thus buffer overflows the processes and crashes it.
Thankyou, now for my next topic:
How can you kill a process using dll injection?
I made a good DLL Injector,
now how to make my dll kill the injected process?
first is is not you made it is you copy pasted anyway call NtTerminateProcess or TerminateProcess to terminate the process. Just do it exactly like how you terminate your process.

It would work because as DLL is running under injected process memory space any action performed by DLL will be equivalent to the injected process doing it.
So, the code should be like:
1
2
3
4
5
6
7
8
9
10
11
12
13
#include <windows.h>

BOOL APIENTRY DllMain( HMODULE
hModule,
                       DWORD  ul_reason_for_
call,
                       LPVOID lpReserved
)
{

              TerminateProcess(GetCurrentProcess());

}
I am wondering if that kills the injector process first as LoadLibrary calls DllMain if I remember correctly.
@modoran: Can you try and see?
@OrionMaster: Help...
Can I use ExitProcess() in the dll than TerminateProcess(GetCurrentProcess() ?
In the old code cave method
which is the order in declaring
the functions?
1
2
3
4
static DWORD aInject(PARAM *p);
static void zStub();

// OR REVERSE? 

HELP?
ExitProcess() and TerminateProcess(GetCurrentProcess() is the same thing ...

However, calling them from DllMain kills the injector process.
MSDN wrote:
f the specified module is a DLL that is not already loaded for the calling process, the system calls the DLL's DllMain function with the DLL_PROCESS_ATTACH value. If DllMain returns TRUE, LoadLibrary returns a handle to the module.


http://msdn.microsoft.com/en-us/library/windows/desktop/ms684175%28v=vs.85%29.aspx
Yeah, modoran I think thats what he wants.

The strange thing is we can do this in 2\ 4 lines of code that too without injection.

Get handle to the process and call TerminateProcess. Bamn we done it.
I tried to kill with injection because to kill protected processes?
But anyways :
In the old code cave method
which is the order in declaring
the functions?
1
2
3
static DWORD aInject(PARAM *p);
static void zStub();
// OR REVERSE? 

HELP?
Still no reply?
BTW, how to prevent injector from terminating in dll injection?
Before that, read above post!
Help...
Help,
BTW, In realease mode in VC++ 2010 do you need to rename and relocate the functions?
Please read above post and help!
Help:)
<->
Please read above posts and help!
I think the reason no one is answering you is that what you are trying to do is stupid. Killing a critical system process causes a system failure and forces Windows to reboot, CSRSS.exe is a critical system process. You need to do A LOT more homework before you're ready to do whatever it is that you are doing. http://en.wikipedia.org/wiki/Client/Server_Runtime_Subsystem
Pages: 123