C++

Forum

 
Loadlibrary dont load my library

omarespanol (47)
Hi i'm trying to load one dll library but seem's not to work the problem is:
HANDLE rThread = CreateRemoteThread(myProc, NULL, NULL, (LPTHREAD_START_ROUTINE)GetProcAddress(LoadLibrary(a), "LoadLibraryA"), dirToArg, NULL, NULL);

the code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
#include "stdafx.h"
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <Tlhelp32.h>
#include <wchar.h>
#include <iostream>
using namespace std;


void error(char *err);

HANDLE myProc = NULL;

void error(char *err)
{
	if (myProc != NULL) CloseHandle(myProc);
	printf("%s", err);
	exit(0);
}



int main(int argc, char *argv[])
{
	LPCWSTR a;
	std::string s = "Kernel32.dll";
	a = (LPCWSTR)s.c_str();
	HANDLE processList = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	PROCESSENTRY32 pInfo;
	BOOL st = TRUE;
	pInfo.dwSize = sizeof(PROCESSENTRY32);
	Process32First(processList, &pInfo);
	int myPid = 0;
	do
	{
		std::wstring name(L"explorer.exe");
		const wchar_t* szName = name.c_str();
		if (wcscmp(pInfo.szExeFile, szName) == 0)
		{
			myPid = pInfo.th32ProcessID;
			cout << myPid << endl;
			break;
		}
		Process32Next(processList, &pInfo);
	} while (st != FALSE);
	
	// Abrir el proceso
	printf("[+] Opening process %i\n", myPid);
	myProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, myPid);
	if (myProc == NULL) error("[-] Error abriendo proceso.\n");
	else printf("[+] Proceso abierto.\n");
	
	// Reservar memoria para el argumento (ruta de la DLL)
	char thData[] = "C:/Users/moh/Desktop/dllmain.dll";
	LPVOID dirToArg = VirtualAllocEx(myProc, NULL, strlen(thData), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
	if (dirToArg == NULL)
		error("[-] Error reservando memoria para argumento.\n");
	else
		printf("[+] Memoria reservada para argumento (%i bytes).\n", strlen(thData));


	// Escribir la ruta de la DLL en la memoria reservada
	SIZE_T written = 0;
	if (WriteProcessMemory(myProc, dirToArg, (LPVOID)&thData, strlen(thData), &written) == 0)
		error("[-] Error escribiendo memoria.\n");
	else
		printf("[+] Memoria escrita (arg %i bytes).\n", written);
	 //Lanzar un hilo con LoadLibrary
	HANDLE rThread = CreateRemoteThread(myProc, NULL, NULL, (LPTHREAD_START_ROUTINE)GetProcAddress(LoadLibrary(a), "LoadLibraryA"), dirToArg, NULL, NULL);
	if (rThread == NULL)
		error("[-] Error creando el hilo.\n");
	else 
		printf("[+] Hilo creado.\n");
	CloseHandle( rThread );
	
}
Last edited on
Topic archived. No new replies allowed.