can you decompile a .exe?

hm....maybe i'll just find some injector source codes.....<,<

DLL injectors simply load modules into the target program using the LoadLibrary function. You cannot just use LoadLibrary any way you want, you would have to get the procedure address of LoadLibrary using GetProcAddress and then create a remote thread starting at the location of the LoadLibrary procedure.

Now, the LoadLibrary function does take a parameter, in this case, the path to the DLL you're injecting. You can't just create string and use that as the parameter because the LoadLibrary function isn't being called in your program, it's being called in the target process in which has no access to any of your programs variables. You have to write the path somewhere in the processes memory using WriteProcessMemory. You can use VirtualAllocEx to allocate memory in which you can write your path to.

I didn't put the steps in order and I didn't include every single function but if you actualy want to learn something I suggest you read up on this. I could have just gave you some code but then again, I wouldn't want you leeching, I'd rather you have to learn it.

This was off the top of my head so if anyone sees any mistakes or if i'm missing something...just say it.

Its possible but only with VB executables and yeah c++ doesn't go well with vb

Very nice explanation David. You know more about this then I do so I have no idea if your right or wrong, but I think that's how the titanium injector works.

I also think there might be a way to do it by hooking or detouring... prbly wrong =/

Nice explanation. You're missing a couple important steps through.
1. Allocate some memory in the target process(using VirtualAllocEx). Next, it's important you make sure you have write & execute permissions to that region. So using VirtualProtectEx, give yourself sufficient permissions to the memory region.

2. At the base of the newly allocated memory region, you need to write information such as where the library that you want loaded can be located in the form of a string. And at which address the procedure LoadLibrary exported from the kernel can be located. You can scan the EAT of the kernel module in the target address space, but it's probably easier to find the address of LoadLibrary when the 'injected code'(which reffers to what we're writing to the allocated memory region in the target and not the DLL being loaded) is executed using GetModualHandle API.

3. From here, you write your function which will be executed in the address space of the target to the allocated region at an appropriate offset so you don't overwrite your string.

4. Now all you need to do is call CreateRemoteThread(Which gives you the option to pass a single variable to the newly created thread. In this case you would pass a pointer to the string in the targets address space(which you had put at the base of the region allocated earlier)

very well explained jetamay

Jetamay is a god like B1ackAnge1, but he speaks less often(although I haven't seen BA in a while either).

Err..I'm not sure but. You can hook the LoadLibrary function and whenever it's called you can just edit it to load your own library instead of the one it actually wants to. Although...I guess you'll be missing some important libraries if you do that. I'm not too sure.

Wouldn't that require you to be in the other process already? :P

You could code cave in the exe tho(use ollydbg to jmp to your code, exec the original codes from there and then call loadlibrary, and after loadlibrary jum back)

Oh crap I forgot you need to inject a DLL to do what I said.

Ignore my post.

thanks you guys, i wish i'd read these posts before i made a thread <,<


some of the things you two mentioned i haven't learned about yet, so my understanding is gapped. but google/c++ tutorials will fix that.


thanks so much guys. now i go learn some things and hopefully get myself familiar with this.

Epic lol @ this.
Look who was right.

I like the way this fagg0t uses a userbar as avatar to make people think he's the biggest retard in the world, no need for it, we were already sure you were...