Armenian Knowledge Base  

Go Back   Armenian Knowledge Base > Technical sections > Languages, Compilers, Interpreters
Register

Reply
 
LinkBack Thread Tools
Old 16.04.2003, 09:22   #1
Младенец
 
Join Date: 10 2001
Location: Yerevan
Posts: 55
Downloads: 7
Uploads: 0
Reputation: 8 | 0
Default Code Injection

hi...
i have some problem with code injection...
okay, say i have some process (ID and/or HANDLE) and some piece of code, that code creates new file and writes some info to it and closes... i injecting that code to working process which i have and all goes ok except writing to file.... so injected code crates file do other works but WriteFile function fails.... can someone help me ???
__________________
http://freenet.am/~softland
Reply With Quote
Old 16.04.2003, 15:59   #2
Академик
 
W_z_rd's Avatar
 
Join Date: 08 2002
Location: Yerevan, Armenia
Age: 45
Posts: 4,854
Downloads: 1
Uploads: 0
Reputation: 225 | 4
Default

"code injection"... That's something new to me. Could you explain what is it, pls ?
Reply With Quote
Old 16.04.2003, 17:46   #3
Младенец
 
Join Date: 10 2001
Location: Yerevan
Posts: 55
Downloads: 7
Uploads: 0
Reputation: 8 | 0
Default

i tho its self-explaining, but anyway....
code injection is a method of running some code (or DLL) in virtual memory space of other process... u INJECT that code to virtual memory of other process and let that code run, so u can now menage/debug that process, its kinda api hooking, instead of SetWindowsHookEx etc etc etc...
Reply With Quote
Old 16.04.2003, 18:20   #4
Академик
 
W_z_rd's Avatar
 
Join Date: 08 2002
Location: Yerevan, Armenia
Age: 45
Posts: 4,854
Downloads: 1
Uploads: 0
Reputation: 225 | 4
Default

Ok, I got the idea. I don't really know what the problem is, but if I'm not mistaken, file handles are unique within the process (I'm not sure, though). So, if you open file in one process and then trying to work with the same file in another process using it's handle - it won't work. There must be some way of transferring handles or you should open the file again.
Hope, that this will help or at least give you some hint.
__________________
Женщин не надо понимать, их надо любить!
Reply With Quote
Old 16.04.2003, 18:48   #5
Младенец
 
Join Date: 10 2001
Location: Yerevan
Posts: 55
Downloads: 7
Uploads: 0
Reputation: 8 | 0
Default

heh, thats the problem...
coz i creating file in injected code, in other process and do write file in that (same) process... file creating and writing is in the same process...
Reply With Quote
Old 17.04.2003, 18:37   #6
Академик
 
W_z_rd's Avatar
 
Join Date: 08 2002
Location: Yerevan, Armenia
Age: 45
Posts: 4,854
Downloads: 1
Uploads: 0
Reputation: 225 | 4
Default

Well, then - sorry, I can't tell more without looking at the code, at least.
Reply With Quote
Old 17.04.2003, 18:51   #7
Младенец
 
Join Date: 10 2001
Location: Yerevan
Posts: 55
Downloads: 7
Uploads: 0
Reputation: 8 | 0
Default

here the code snippet (if it will help you)...........


; ####### INJECTION CODE ######

InjCodeStart:
call Delta
Delta:
pop ebx
sub ebx, OFFSET Delta
push NULL
push FILE_ATTRIBUTE_NORMAL
push CREATE_ALWAYS
push NULL
push FILE_SHARE_WRITE
push GENERIC_WRITE
mov eax, OFFSET newFile
add eax, ebx
push eax ; last two lines for gettin relative address of newFile...
call [ebx + pCreateFileA]
mov [ebx + hFile], eax
; useless code.............
push NULL
push dword ptr [ebx + bwrite]
push dword ptr [ebx + buffSize]
push dword ptr [ebx + memBuff]
push eax
call [ebx + pWriteFile]
push dword ptr [ebx + hFile]
call [ebx + pCloseHandle]
ret

NOP

newFile db "new.bin",0
hFile dd 0
bwrite dd 0
pCreateFileA dd 0 ; address of CreateFileA
pWriteFile dd 0 ; '---'
pCloseHandle dd 0 ; '---'
memBuff dd 0 ; buffer with some info
buffSize dd 06000h

InjCodeEnd:
Reply With Quote
Old 18.04.2003, 15:41   #8
Младенец
 
Join Date: 10 2001
Location: Yerevan
Posts: 55
Downloads: 7
Uploads: 0
Reputation: 8 | 0
Default

thanks to everybody, who helped and just viewed this post :)

i found whats wrong...

push dword ptr [ebx + bwrite]

this line pushes dword in bwrite (which is NULL at initialization-time), but need to push offset of bwrite, so rite code is...

mov eax, OFFSET bwrite
add eax, ebx
push eax

heh.....
Reply With Quote
Sponsored Links
Reply

Thread Tools


На правах рекламы:
реклама

All times are GMT. The time now is 08:05.


Powered by vBulletin® Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.