Generic Dll Injector for x86 and x64 + Export Caller

**Cypher** · 08-20-2009

Releasing this for several reasons:
* Previous releases have become abandoned because they weren't part of an actively developed project, this one is so it should hopefully receive regular updates.
* Extra functionality unavailable in other loaders (a remote export caller)
* Compatibility with XP (thanks Harko).
* Easier to use without needing to modify the source.
* Batch scriptable.

Anyway, the meat is here:
Ramblings++ » Blog Archive » Generic Dll Injector for x86 and x64 + Export Caller - Just another periodically updated, syndicated website

Mods: I'm linking like this so I only have to update one source rather than multiple (as I'm posting this in multiple locations). I checked the rules and this seems within them, however if you disagree please let me know.

Apoc: Now you have nothing to complain about you noob.

**Shenlok** · 08-23-2009

Hello,

Firstly, thanks for this contribution. I know I will find this a very useful program, when I get it to work that is

Unfortunately I've been unable to get your loader to work for me so far. I've compiled it using VS2008 SP1, Boost Library 1.39 (which i compiled for use in x64) and it compiles fine. However when running it from the command prompt with the instruction posted on your blog (“Loader64.exe” –process=”notepad.exe” –module=”Module64.dll” –export=”Initialize”), I get the error "Error! unkown option -p".

So I try the command while removing the "-" from the params, and the error changes to "Error! Invalid combination of options." I've tried most options that I can think of, as well as all of the examples posted on your blog, each time giving me the same errors, depending on whether I use hyphens or not. I know I must be doing something wrong that is retardedly simple, and if so I apologise for being an idiot, but I can't figure it out myself. Any help would be appreciated.

EDIT: I'm using Windows 7 Professional x64, an official copy I got from the MSDNAA, if thats any help.

**Cypher** · 08-23-2009

You need to use "--" not "-" before the command names.

Sorry, it seems the blog software has taken the two hyphens and merged them into one big one. >_>

**Shenlok** · 08-23-2009

Ah, that would make sense. I feel like such a fool, especially since I used the double hyphens when compiling boost not long ago

But now, another error emerges.
"Error! Injector::InjectLib: Call to LoadLibraryW in remote process failed."

And if I try with the --launch parameter, it says:
"Error! Injector::InjectLib: Could not create process."

If I were to make a guess I'd have thought it would be something to do with admin rights, but I open the command prompt from the Run menu thus giving it admin privileges. Sorry to bug you about this. Again it's probably something very simple that I'm overlooking.

P.S.: UAC is disabled, fyi

**Cypher** · 08-23-2009

That's strange... You on Vista or Windows 7? Also, x86 or x64?

Just to be sure about the admin privs. Please find the Command Prompt in your start menu, then right click it, and click "Run as Administrator". The title of the window should be "Administrator: Command Prompt".

This is just bizarre because I've tested the code on my Windows 7 machine extensively.

EDIT:

For the x86/x64 question, I'll split it up:
1. What architecture is your OS?
2. What loader architecture are you using?
3. Does the loader architecture match the process?

e.g
Even on x64 Windows, you need to use the x86 loader if the process (for example, WoW) is x86.

**Shenlok** · 08-23-2009

Thanks for your help Cypher, got it working now. Seems that it was indeed something retardedly simple, namely that the process (WoW's) architecture was not x64, and I was using the x64 loader. I had forgotten that wow wasn't a 64bit process. Now the injection works using the --process parameter, however --launch still gives me the "Could not create process" error.

I'm on Windows 7 Professional RTM x64 by the way. And yes, the title of the command prompt is correct.

So yeah, thanks for your help, and sorry for being a moron.

The --launch thing isnt much of an issue for me, but if you want I'll stick around this thread and try any suggestions you may have.

**Cypher** · 08-23-2009

I'm on Windows 7 Ultimate x64.

Please give me the full commandline you're using when using "--launch".

Here is mine, it is working fine on my end:
Loader32 --launch="C:\Users\Public\Games\World of Warcraft\WoW.exe" --module="Extensions\HXGeneric32.dll" --export="Initialize"

**Shenlok** · 08-23-2009

Loader32.exe --launch="C:\World of Warcraft\WoW.exe" --module="LuaFoo.Injectee.dll"

**Cypher** · 08-23-2009

Okay, I just tried injecting the exact same DLL and it worked fine for me.

Are you capable of debugging the loader and checking the error code for the call to CreateProcessW? If so, please do.

If not then I'll throw together a quick version just for you that will dump that information out, but if you are, that would save us both some time.

Thanks.

**Shenlok** · 08-23-2009

Ok, figured it out. Seems idiocy runs in my family. This is a fresh install of Windows 7, so I copied WoW over from my Brother's PC, and it turned out that he had named the folder "Word of Warcraft", which I failed to notice up until now. So naturally it couldn't find wow.exe as I had left out this typo when using your launcher. Sorry for the hassle, all works well and good. Thanks again for the release!

**Cypher** · 08-23-2009

Hahaha. No problem.

At least now I know there's nothing wrong with the loader.

**flo8464** · 08-31-2009

Hi,
working just perfectly, thanks for sharing.
Just a thing I am wondering about .. is there a way to pass arguments to the called exported function without ending up with ugly code & asm in it?

**Cypher** · 08-31-2009

Originally Posted by flo8464

Hi,
working just perfectly, thanks for sharing.
Just a thing I am wondering about .. is there a way to pass arguments to the called exported function without ending up with ugly code & asm in it?

You can pass 1 via the call to CreateRemoteThread.

If you want to pass more than 1 you'll need to use my RtlRemoteCall rewrite.