The MASM Forum Archive 2004 to 2012

General Forums => The Workshop => Topic started by: kodekrazy on November 19, 2005, 02:23:53 AM

Title: DLL injection question
Post by: kodekrazy on November 19, 2005, 02:23:53 AM
I have a question. I have been able to achive dll process injection. I want to know if it is possible for an exe to inject a process without using a DLL. If there is a tutorial on the subject or something, a link would be nice.

thank you in advance
Title: Re: DLL injection question
Post by: zooba on November 19, 2005, 08:41:49 AM
I believe the MSDN Labs have some stuff on this. http://lab.msdn.microsoft.com/
Title: Re: DLL injection question
Post by: Mincho Georgiev on November 19, 2005, 09:44:45 AM
I believe, that's what you need!  :U

http://www.codeproject.com/threads/winspy.asp
Title: Re: DLL injection question
Post by: sluggy on November 19, 2005, 10:12:45 AM
Quote from: kodekrazy on November 19, 2005, 02:23:53 AMI want to know if it is possible for an exe to inject a process without using a DLL.
Why? What exactly are you trying to achieve? What are you trying to do to the process?
Title: Re: DLL injection question
Post by: MusicalMike on November 19, 2005, 05:17:07 PM
By dll injection, do you mean writing executable code dirrectly into an dll?

If so, there are only two posible applications for this. One, self modifying code, and two, virus authoring. Which one are you doing?
Title: Re: DLL injection question
Post by: MR_RAEP on November 21, 2005, 10:24:39 AM
Quote
By dll injection, do you mean writing executable code dirrectly into an dll?

If so, there are only two posible applications for this. One, self modifying code, and two, virus authoring. Which one are you doing?

I have seen you say this a few times while reading the posts. Im sure there are other reasons for injecting code into other processes. Debugging and malware protection/ analysis comes to mind.
I have created anti-spyware software, not prime time, that suspends new executable launchs and notifys user of newly created executable starting. If the user allows the exec to continue, I inject a dll to patch API's to see what the new exe is doing, and if it tries to do something bad, it can be stopped. Isnt this a valid reason for injecting code?


Title: Re: DLL injection question
Post by: sluggy on November 21, 2005, 10:55:46 AM
Quote from: MR_RAEP on November 21, 2005, 10:24:39 AMI have seen you say this a few times while reading the posts. Im sure there are other reasons for injecting code into other processes. Debugging and malware protection/ analysis comes to mind.
Debugging is not a valid reason for code injection - just use a debugger, there are plenty of free ones around. Malware protection is also not totally valid - there are few reason why you need to inject code to protect from, or to control, running malware. I have done a lot of malware cleaning, and seen a lot of nasty malware - and in my not so humble opinion, if you need code injection to shut down malware, then it is a piece malware that is too complex to be shutdown safely with software - you need a human to do it. For instance, i do not want software attempting to remove a rootkit from my machine - i would manually remove it after using diagnostic tools to determine what it was. Rather like Mark Russinovich demonstrated with the Sony rootkit. In fact that is a good example - at no point did he need to inject code into any of the modules comprising the rootkit.


QuoteIf the user allows the exec to continue, I inject a dll to patch API's to see what the new exe is doing, and if it tries to do something bad, it can be stopped. Isnt this a valid reason for injecting code?
In this case, argueably yes. But the whole point of this was that we were asking kodekrazy to explain himself. And he couldn't. The forum has various rules and policies that are not negotiable. Assisting brand new and unproven members with advanced techniques like code injection is frowned upon. We prefer to know that our members are responsible and capable before giving help with advanced topics.




Title: Re: DLL injection question
Post by: hutch-- on November 21, 2005, 01:41:06 PM
It needs top be understood that the forum has a set of rules that will be enforced and repeatedly questioning about risky techniques is a surefire way to break them. We leave enough room for people who have good technical reasons to ask questions but unless we are satisfied, the topic will be closed just like this one is. This is finally an assembler language forum, not a venue for illegal practices and borderline technology and this will not change.

For the members who have raised these issues, please remain within the forum guidelines if you wish to ask questions in here otherwise we will be forced to remove members who keep offending.