CODEWITHSUNDEEP
c++winapidll-injection
Michael Villeneuve
Michael Villeneuve

Reputation: 4033

DLL Injection | GetProcAddress return NULL

Alright, I'll try to make it quick. I am trying to learn how to inject a DLL in another process. At the moment, I'm only trying to detect when output a message when I open the calculator. I'v written the following DLL:

#include <windows.h>
#include <iostream>

using namespace std;
extern "C"{
    LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam)
    {       
       cout << "I'M NOT WORKING " << endl;
       // Bunch of code...
       return CallNextHookEx(0, nCode, wParam, lParam);
    } 
    void ASimpleFunc(){
        cout << "DLL WORKING" << endl;
    }
}

And here is my injector (well... it's just trying to load the DLL at the moment). 

#include <windows.h>
#include <iostream>

using namespace std;
typedef LRESULT (*CBTProc)(int,WPARAM,LPARAM); 
typedef void (*ASimpleFunc)(); 
int main()
{   
    // My two functions... 
    LRESULT _CBTProc;
    ASimpleFunc _ASimpleFunc;

   HMODULE hDll = LoadLibrary("myDLL.dll");
   if(!hDll){
       cout << "DLL FAILED TO LOAD" << endl;
   }else{
       cout << "DLL LOAD SUCCESS" << endl;

       // This one is working
       _ASimpleFunc = (ASimpleFunc)GetProcAddress(hDll, "ASimpleFunc");

       // This one is not working
        _CBTProc = (CBTProc)GetProcAddress(hDll, "CBTProc");
        if(!_ASimpleFunc || !_CBTProc){
            cout << "UNABLE TO CALL HOOK" << endl;
        }else{
            // other code...
        }
    }
   return 1;
}

Any ideas?

EDIT: this is not 100% of the code. I took out the obvious stuff like the DLLMain and everything that doesn't interact directly with my problem.

Upvotes: 0

Views: 1328

Answers (3)

James McNellis
James McNellis

Reputation: 355049

The CALLBACK macro gives CBTProc stdcall calling convention, so its name will be annotated with a leading underscore and a byte count (e.g., it might be _CBTProc@12). You need to call GetProcAddress with the exact name of the export. The name can be found using the dumpbin tool.

Note that your function pointer must also be annotated with CALLBACK so that when you call the function via the function pointer, the correct calling convention is used.

Upvotes: 2

icktoofay
icktoofay

Reputation: 129011

I don't know why one of them would work without this, but if you want a function to be exported from a DLL, you have to explicitly export it. There are two ways to do this:

  1. Tell the compiler through some compiler-specific means.

    For Visual C++, use __declspec(dllexport).

  2. Use a module definition file.

Upvotes: 0

sean
sean

Reputation: 3985

You need to actually get the DLL to load in the other process for this to work. You do this by creating a remote thread in the other process that will load your DLL.

Then you need to perform your hooks in the loading of the DLLMain to hook the functions you wish to hook.

http://msdn.microsoft.com/en-us/library/windows/desktop/ms682583(v=vs.85).aspx

http://en.wikipedia.org/wiki/DLL_injection

Those two links should point you in the right direction.

Upvotes: 1

Related Questions