CODEWITHSUNDEEP
c++
scxrzle
scxrzle

Reputation: 21

Dll Injector not detecting Dll

I recently coded an injector where as long as the dll is in the same directory as the exe injector it will inject but even when the dLL is in the same path it still returns with the error file not found.

Very new to c++ so not exactly sure how to fix it, only this I know that the problem must lie in the dll_name

The c++ code is listed here

#include <Windows.h>
#include <string>
#include <thread>
#include <libloaderapi.h>

using namespace std;

void get_proc_id(const char* window_title, DWORD &process_id)
{
    GetWindowThreadProcessId(FindWindow(NULL, window_title), &process_id); // Find Process ID by using title of window
}

void error(const char* error_title, const char* error_message) 
{
    MessageBox(NULL, error_message, error_title, NULL);
    exit(-1);
    //if error occurs output false
}

bool file_exists(string file_name) // Makes sure file exists
{
    struct stat buffer;
    return (stat(file_name.c_str(), &buffer) == 0);
    //Information goes through buffer if = 0 , it worked
    //Creates random buffer of stat sturc doesnt matter what goes in - making sure function is successful, gets info about file and checks if it workeed
}

int main()
{
    DWORD proc_id = NULL;
     char dll_path[MAX_PATH];
     const char* dll_name = "TestDll2.dll"; //Name of Dll
     const char* window_title = "Untitled - Paint"; //Must Match Title Name

     if (!file_exists(dll_name));
     {
         error("file_exists", "File does not exist");
     }

     if (!GetFullPathName(dll_name, MAX_PATH, dll_path, nullptr))
     {
         error("GetFullPathName", "Failed to get full file path");
     }

     get_proc_id(window_title, proc_id);
     if (proc_id == NULL)
     {
         error("get_proc_id", "Failed to get process ID");
     }

     HANDLE h_process = OpenProcess(PROCESS_ALL_ACCESS, NULL, proc_id);
     if (!h_process)
     {
         error("OpenProcess", "Failed to open handle to process");
     }

     void* allocated_memory = VirtualAllocEx(h_process, nullptr, MAX_PATH, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); //Calling Virutal Allocation, passing handle to process - reserving memory by going thru reserve and need to commit to it so we can write
     if (!allocated_memory)
     {
         error("VirtualAllocEx", "Failed to allocate memory");
     }

     if (!WriteProcessMemory(h_process, allocated_memory, dll_path, MAX_PATH, nullptr)) // Write DLL path into the target program
     {
         error("WriteProcessMemory", "Failed to write process memory");
     }
     //If above works we call loadlibarya which is where the dll is stored
     HANDLE h_thread = CreateRemoteThread(h_process, nullptr, NULL, LPTHREAD_START_ROUTINE(LoadLibraryA), allocated_memory, NULL, nullptr);
     if (!h_thread)
     {
         error("CreateRemoteThread", "Failed to create remote thread");
     }

     CloseHandle(h_process);
     VirtualFreeEx(h_process, allocated_memory, NULL, MEM_RELEASE);
     MessageBox(0, "Successfully Injected!", "Sucess", 0);
} ```

Upvotes: 0

Views: 610

Answers (2)

Marko Mahnič
Marko Mahnič

Reputation: 735

The file is being searched in the current directory, not in the directory of the exe file. These might not be the same. You have to find the path to the exe file in order to search for files in its directory. On Windows you could do something like this:

#include <psapi.h>

// ....

HANDLE Handle = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 
                FALSE, GetCurrentProcessId() );
if ( Handle ) {
   TCHAR buffer[MAX_PATH];
   if ( GetModuleFileNameEx( Handle, 0, buffer, MAX_PATH ) ) {
      std::filesystem::path exePath( buffer ); // TODO this might need encoding conversion
      auto exeDir = exePath.parent_path();
      auto dllPath = exeDir / "TestDll2.dll";
      if ( std::filesystem::exists( dllPath ) ) {
         // ...
      }
   }
}

You can also try GetProcessImageFileName if GetModuleFileNameEx does not work. Apparently it does not work in 32-bit applications on a 64-bit system (see comments in this answer).

Upvotes: 0

Sprite
Sprite

Reputation: 3763

Try to use C++ STL function or Windows native API:

#include <string>
#include <filesystem>

#include <Shlwapi.h>

#pragma comment(lib, "Shlwapi.lib")


bool IsExists(const std::string &FilePathName)
{
    return std::filesystem::exists(FilePathName);
}

bool IsExists(const std::string &FilePathName)
{
    return PathFileExistsA(FilePathName.c_str());
}

Upvotes: 1

Related Questions