Need to get rid of <window.h>

[Israel]

This is C++ code I found a good place to translate C++ in C (long story) but I need to get ride of <windows.h> from this code so I can run it on linux. (Already tried WINE, no good) I'm new at C/C++ and I've never had to do this before, but I'm trying to learn DLL Injections. Here's my code:

Code: Select all

#include <iostream>
#include <windows.h>

using namespace::std;

int Inject(HWND hwnd, char *name);

int main()
{
   char dll[]="c:/tt.dll";//change the name to your dll
   HWND hw=0;


      hw = FindWindow("Notepad",NULL);//change the "Notepad" to your window name

      if(!hw)
      {
         cout<<"Unable find window"<<endl;
         return 0;
      }

      if(Inject(hw,dll))
      {
         cout<<"DLL has injected into the process successfully"<<endl;
      }

      else
      {
         cout<<"Couldn't inject DLL into process"<<endl;
      }

   return 0;
}


int Inject(HWND hwnd,char *name)
{
   DWORD Pid;
   HANDLE    hProcess,hThread;
   DWORD   BytesWritten;
   LPVOID    mem;


   GetWindowThreadProcessId(hwnd, &Pid);


   hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Pid);

   if(!hProcess)
      return 0;


   mem = VirtualAllocEx(hProcess, NULL,  strlen(name), MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);

   if(mem==NULL)
   {
CloseHandle(hProcess);
return 0;
   }

   if(WriteProcessMemory(hProcess, mem, (LPVOID)name,  strlen(name), &BytesWritten))
   {
   
      hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("KERNEL32.DLL"), "LoadLibraryA"), mem, 0, NULL);
   
      if(!hThread)
      {
          VirtualFreeEx(hProcess,NULL,strlen(name),MEM_RESERVE|MEM_COMMIT);
CloseHandle(hProcess);
         return 0;
      }
      VirtualFreeEx(hProcess,NULL,strlen(name),MEM_RESERVE|MEM_COMMIT);
         
            CloseHandle(hThread);
               CloseHandle(hProcess);

      return 1;
     

   }   
   VirtualFreeEx(hProcess,NULL,strlen(name),MEM_RESERVE|MEM_COMMIT);

               CloseHandle(hProcess);
             
   return 0;
}

[BhaaL]

Pretty much everything you use in there is defined in windows.h, because they are Windows API functions (obviously only available on windows).
That would never run multiplatform, unless you changed all calls (such as OpenProcess, FindWindow etc) to neutral ones, and implement them in platform-specific ways.

You might want to look at the following link for more about migration from Win32 to Linux, but I highly doubt that you'd find a useful application for that program there.
http://www.ibm.com/developerworks/eserv ... Linux.html

[Israel]

Ok, I just want to learn how to do this with a language and platform I use. I could probably use Metasploit and not learn a thing (because I don't know assembly) but I want to learn. Could anyone else point me in the direction of how to do this in Linux either under C or C++?

[mischief]

Ok, I just want to learn how to do this with a language and platform I use. I could probably use Metasploit and not learn a thing (because I don't know assembly) but I want to learn. Could anyone else point me in the direction of how to do this in Linux either under C or C++?

this sounds exactly what you are looking for, given that a shared object is the linux name for 'dll'.

http://www.codeproject.com/KB/cpp/shared_object_injection_1.aspx

[Israel]

Looks really good, but this one part I saw concerned me:

There are two ways which may lead us to code injection: 1) using the LD_PRELOAD method (this requires to restart the process in which we are injecting our shared object) 2) injecting a stub into the target process which loads the required library. Of course as you may have guessed, the second way requires the presence of "libdl" in the address space of the target process

Don't really know but the first method seems to be a little unreliable being that 1.- The user must restart the process which may or may not happen and 2.- I'm guessing that may be kind of loud on a network.

Of course they seem to recommend the second method more but does libdl.so even run on Windoze?

[mischief]

Looks really good, but this one part I saw concerned me:

There are two ways which may lead us to code injection: 1) using the LD_PRELOAD method (this requires to restart the process in which we are injecting our shared object) 2) injecting a stub into the target process which loads the required library. Of course as you may have guessed, the second way requires the presence of "libdl" in the address space of the target process

Don't really know but the first method seems to be a little unreliable being that 1.- The user must restart the process which may or may not happen and 2.- I'm guessing that may be kind of loud on a network.

Of course they seem to recommend the second method more but does libdl.so even run on Windoze?

the fact of the matter is that was you are trying to do is not portable. if you want to do this on windows and linux, you're going to need to develop two separate sets of code.

[Israel]

Well, the goal was to do it from Linux to Windoze. I'm sure it is possible. If it wasn't how could I do it with Metasploit using x86 shellcode? Maybe its not as easily done in C though.

[mischief]

there is a small chance you might be able to find some sort of cross compiler targeting a windows OS. but don't count on it.

[Israel]

Right on. Thanks for getting me close