- Forum
- Windows Programming
- dll injection returns error 87
dll injection returns error 87
Good morning,
Been playing around with dll injection with c/c++ lately, I wanted to do some injection using CreateRemoteThread() into 2 processes like Iexplore.exe and chrome.exe, Firefox responds well to this CreateRemoteThread() on win 64 bit from what I been able to do yesterday, but ie and chrome doesn't
Thus, this error 87.pls I do need help. What could be wrong?
Been playing around with dll injection with c/c++ lately, I wanted to do some injection using CreateRemoteThread() into 2 processes like Iexplore.exe and chrome.exe, Firefox responds well to this CreateRemoteThread() on win 64 bit from what I been able to do yesterday, but ie and chrome doesn't
Thus, this error 87.pls I do need help. What could be wrong?
closed account (13bSLyTq)
Hi,
It's been a long time since I posted last...
Google Chromium browser is a highly-protected process as it is protected by a sandbox which prevents unauthorized code from being executed inside the process. I encourage you to visit:
https://tools.google.com/dlpage/res/chrome/en-GB/more/security.html
https://www.youtube.com/watch?v=29e0CtgXZSI
At first it may look daunting task to execute such a task but it is possible here is a snapshot of Google Chromium browser being injected with a LSP detour (WSASend) and a Proof-Of-Concept message box, placed in the process. I've created using C++:
http://i.imgur.com/otvpfSG.png
Now, I can also ensure you can do such a feat however you must first provide some code of your own for me to run analysis and diagnostics upon.
Next, 87 system error code is a ERROR_INVALID_PARAMETER (The parameter is incorrect.) as a result I strongly recommend you post the code here or run a complete diagnostics and checks on all functions that you could have inputted with a invalid parameter. It would be also wise to check the whole program to scoop out all issues that could be interferring with the programs success.
Finally, DLL injections are very unlikely to work inside Google Chrome, especially after many of the more significant malware (ZeuS, SpyEye, Carberp) often use DLL injection to port it's code over, thus Google Chrome must be actively rejecting foreign DLLs.
It's been a long time since I posted last...
Google Chromium browser is a highly-protected process as it is protected by a sandbox which prevents unauthorized code from being executed inside the process. I encourage you to visit:
https://tools.google.com/dlpage/res/chrome/en-GB/more/security.html
https://www.youtube.com/watch?v=29e0CtgXZSI
At first it may look daunting task to execute such a task but it is possible here is a snapshot of Google Chromium browser being injected with a LSP detour (WSASend) and a Proof-Of-Concept message box, placed in the process. I've created using C++:
http://i.imgur.com/otvpfSG.png
Now, I can also ensure you can do such a feat however you must first provide some code of your own for me to run analysis and diagnostics upon.
Next, 87 system error code is a ERROR_INVALID_PARAMETER (The parameter is incorrect.) as a result I strongly recommend you post the code here or run a complete diagnostics and checks on all functions that you could have inputted with a invalid parameter. It would be also wise to check the whole program to scoop out all issues that could be interferring with the programs success.
Finally, DLL injections are very unlikely to work inside Google Chrome, especially after many of the more significant malware (ZeuS, SpyEye, Carberp) often use DLL injection to port it's code over, thus Google Chrome must be actively rejecting foreign DLLs.
That's serious
Maybe I haven't even thought of that.
I finally fought with the injector and managed to inject it into IE / FF, but Chrome... no way!
When I even inject to hook send() with that my hook function I pasted earlier, It did inject, but other than hooking, it crashed the browser,FF and IE respectively
Hence am switching to IAT hooks now
So I pasted this
http://www.rohitab.com/discuss/topic/37721-dll-injection-doesnt-work/
Do u think it's cool to do something like this with IAT hooks
Maybe I haven't even thought of that.
I finally fought with the injector and managed to inject it into IE / FF, but Chrome... no way!
When I even inject to hook send() with that my hook function I pasted earlier, It did inject, but other than hooking, it crashed the browser,FF and IE respectively
Hence am switching to IAT hooks now
So I pasted this
http://www.rohitab.com/discuss/topic/37721-dll-injection-doesnt-work/
Do u think it's cool to do something like this with IAT hooks
closed account (13bSLyTq)
Hi,
Great work with injection into Microsoft Internet Explorer and Mozilla Firefox!
Now, using IAT hooks for such a trivial task is a overkill. It is analogous to using a Atomic bomb to create a hole in the ground. The main message I am trying to get out of it is, there are far better methods to perform this task...
In reality it should not even be in your mind at this point, mainly because IAT hooks are far more complicated than the usual hooks we perform and since we both agree that you are not too strong on the topic. It's best not to walk into the complex subject without finding your-self very confused and losing interest in this process as a whole.
Next, could you supply us with the current settings your are generating the executable? Is it VS?
Finally, could you paste the hook function? I cannot seem to find it nor remember it.
Kind Regards,
OrionMaster
Great work with injection into Microsoft Internet Explorer and Mozilla Firefox!
Now, using IAT hooks for such a trivial task is a overkill. It is analogous to using a Atomic bomb to create a hole in the ground. The main message I am trying to get out of it is, there are far better methods to perform this task...
In reality it should not even be in your mind at this point, mainly because IAT hooks are far more complicated than the usual hooks we perform and since we both agree that you are not too strong on the topic. It's best not to walk into the complex subject without finding your-self very confused and losing interest in this process as a whole.
Next, could you supply us with the current settings your are generating the executable? Is it VS?
Finally, could you paste the hook function? I cannot seem to find it nor remember it.
Kind Regards,
OrionMaster
Uhhh, Ok, here is what, I am generating the executable from visual studio 2012.
Here is the link to the hook function http://www.cplusplus.com/forum/windows/140206/
I decided to use this particular hook function to detour it, but other than hook, it crashes the application indiscriminately, times without counting
That's what made me resolve to IAT hooks (Following the email I sent you on this site)
The method is jmp, to your own thinking do you think simple detours could be used for that kind of task?
Here is the link to the hook function http://www.cplusplus.com/forum/windows/140206/
I decided to use this particular hook function to detour it, but other than hook, it crashes the application indiscriminately, times without counting
That's what made me resolve to IAT hooks (Following the email I sent you on this site)
The method is jmp, to your own thinking do you think simple detours could be used for that kind of task?
Topic archived. No new replies allowed.