AfxCodeHook Example - Inject Library Ex

Post date: Oct 17, 2010 10:54:15 PM

{

Inject Library Ex Demo

by Aphex

This program demonstrates how to inject a DLL into another process using

the Ex method. This method prevents any changes from being noticed in

the application being injected into. Commonly known as FWB++.

}

program InjLibEx;

uses

  Windows,

  afxCodeHook;

var

  StartInfo: TStartupInfo;

  ProcInfo: TProcessInformation;

  BytesRead, Module, Process, Size: dword;

  Path: array [0..MAX_PATH] of char;

  Data: pointer;

begin

  //create process to inject into

  ZeroMemory(@StartInfo, SizeOf(TStartupInfo));

  StartInfo.cb := SizeOf(TStartupInfo);

  CreateProcess(nil, 'notepad.exe', nil, nil, False, 0, nil, nil, StartInfo, ProcInfo);

  //get the dll data to inject

  Process := ProcInfo.hProcess;

  Module := CreateFile(pchar('test.dll'), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);

  Size := GetFileSize(Module, nil);

  GetMem(Data, Size);

  ReadFile(Module, Data^, Size, BytesRead, nil);

  CloseHandle(Module);

  //inject the DLL using the Ex method

  InjectLibrary(Process, Data);

  FreeMem(Data);

  Sleep(3000);

  //kill the process

  TerminateProcess(Process, 0);

end.

test.dll

library test;

uses

  Windows;

procedure EntryPoint(Reason: dword); stdcall;

begin

  if Reason = DLL_PROCESS_ATTACH then MessageBox(0, 'hi from notepad :)', 'afxCodeHook', 0);

end;

begin

  DLLProc := @EntryPoint;

  EntryPoint(DLL_PROCESS_ATTACH);

end.