Home > Software engineering >  About CreateRemoteThreadex create remote thread failure
About CreateRemoteThreadex create remote thread failure

Time:10-11

CreateRemoteThreadex failed to create the remote thread tip, error message is not a valid win32 application, error number 193.

Known to modify the program to achieve this effect, PE but through test protection is not modified PE, so to solve any other ways to make CreateRemoteThreadex failed to create the remote thread, tip is not a valid win32 application,

CodePudding user response:

Fyi: 
/* 
Application: Code Injection in Explorer 
Author: @ _RT 
Compiled on: Feb 2014 
URL:http://www.codeproject.com/Tips/732044/Code-Injection-2 

We will see the company's steps involved to perform a code injection into an already running process. 

Following are the quick steps through the process of injection. 
1. Get the API addresses that will be calling from the injected code. 
2. Prepare the shell code of your function that you want to get executed from the injected process. 
3. Get the process ID of the running process that wish to inject into by enumerating through the 
A list of the processes or by finding the process 's window (in case it' s a GUI application) by the class name or title. 
4. Open the process using its Pid with All Access rights. 
5. The Allocate company's memory Spaces in the process that you are going to inject the to with desired access 
Does the for holding the company segments of your shell code. 
Code part (the executable instructions) 
The Data part (strings, the function parameters, etc.) 
6. Write the allocated memories with the respective values (code and data). 
7. Call CreateRemoteThread API and pass it to the start of the allocated memory address where you have 
Written your shell code from the process we are injecting. 
*/

# include & lt; Windows. H> 
# pragma comment (lib, "user32. Lib") 

LPVOID addr. 
LPVOID addr2; 

BOOL InjectExecutable (DWORD dwPid LPVOID si, LPVOID PI, int sisize, int pisize) 
{
LPVOID hNewModule; 
HANDLE hProcess; 
CHAR [] S={" C: \ \ Windows \ \ system32 \ \ notepad exe "}; 
X6a BYTE byt []={0, 0 x00 to 0 x6a, 0 x00 to 0 x6a, 0 x00 to 0 x6a, 0 x01, 0 x6a, 0 x00 to 0 x6a, 0 x00 to 0 x6a, 0 x00 to 0 x68}; 
//push 0, push 0, push 0, 1, push push 0, push 0, push 0, push 0 XXXXXXXXX 
BYTE byt2 []=xe8 {0};//call 0 XXXXXXXXX 
BYTE byt3 []=x68 {0};//push 0 XXXXXXXXX 

HProcess=OpenProcess (PROCESS_ALL_ACCESS, FALSE, dwPid); 
If (hProcess==NULL) 
{
return FALSE; 
} 

LPVOID staddr=VirtualAllocEx (hProcess, NULL, sizeof (S), MEM_COMMIT, PAGE_READWRITE); 
WriteProcessMemory (hProcess, staddr, S, sizeof (S), NULL); 
LPVOID fnaddr=VirtualAllocEx (hProcess, NULL, 4, MEM_COMMIT, PAGE_READWRITE); 
WriteProcessMemory (hProcess, fnaddr, PI, sisize, NULL); 
LPVOID fnaddr2=VirtualAllocEx (hProcess, NULL, 4, MEM_COMMIT, PAGE_READWRITE); 
WriteProcessMemory (hProcess, fnaddr2, si, pisize, NULL); 

HNewModule=VirtualAllocEx (hProcess, NULL, 100, MEM_COMMIT, PAGE_EXECUTE_READWRITE); 
If (hNewModule==NULL) 
{
return FALSE; 
} 
LPTHREAD_START_ROUTINE strtaddr=(LPTHREAD_START_ROUTINE hNewModule); 

WriteProcessMemory (hProcess, hNewModule byt3, sizeof (byt3), NULL); 
HNewModule=(LPVOID) ((int) hNewModule + sizeof (byt3)); 
WriteProcessMemory (hProcess, hNewModule, & amp; Fnaddr, sizeof (fnaddr), NULL); 
HNewModule=(LPVOID) ((int) hNewModule + sizeof (fnaddr));//push & amp; PI; LpProcessInformation 
WriteProcessMemory (hProcess, hNewModule byt3, sizeof (byt3), NULL); 
HNewModule=(LPVOID) ((int) hNewModule + sizeof (byt3)); 
WriteProcessMemory (hProcess, hNewModule, & amp; Fnaddr2, sizeof (fnaddr2), NULL); 
HNewModule=(LPVOID) ((int) hNewModule + sizeof (fnaddr2));//push & amp; Si; LpStartupInfo 
WriteProcessMemory (hProcess, hNewModule, byt, sizeof (byt), NULL);//push 0, push 0, push 0, 1, push push 0, push 0, push 0, push 0 XXXXXXXXX==& amp; S [0];" C: \ \ Windows \ \ system32 \ \ notepad exe 
"HNewModule=(LPVOID) ((int) hNewModule + sizeof (byt));//lpCurrentDirectory lpEnvironment, dwCreationFlags bInheritHandles, lpThreadAttributes, lpProcessAttributes, lpCommandLine, lpApplicationName 
WriteProcessMemory (hProcess, hNewModule, & amp; Staddr, sizeof (staddr), NULL); 
HNewModule=(LPVOID) ((int) hNewModule + sizeof (staddr)); 
WriteProcessMemory (hProcess, hNewModule byt2, sizeof (byt2), NULL); 
HNewModule=(LPVOID) ((int) hNewModule + sizeof (byt2));//call CreateProcessA 
Addr=(LPVOID) ((int) addr - ((int) hNewModule + 4)); 
WriteProcessMemory (hProcess, hNewModule, & amp; Addr, sizeof (addr), NULL); 
HNewModule=(LPVOID) ((int) hNewModule + sizeof (addr)); 
WriteProcessMemory (hProcess, hNewModule, byt, 2, NULL); 
HNewModule=(LPVOID) ((int) hNewModule + 2);//push 0; DWORD dwExitCode//exit code for this thread 
WriteProcessMemory (hProcess, hNewModule byt2, sizeof (byt2), NULL); 
HNewModule=(LPVOID) ((int) hNewModule + sizeof (byt2));//call ExitThread 
Addr2=(LPVOID) ((int) addr2 - ((int) hNewModule + 4)); 
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull

Page link:https//www.codepudding.com/Softwareengineering/62404.html

Prev:C calling COM components, don't know why the heartbeat mechanism in the COM components don'
Next:About the prediction algorithm
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding