This is such a good Tutorial but just one thing... for me, I had to change the define TARGET_BINARY From: #define TARGET_BINARY L"Notepad.exe" to #define TARGET_BINARY L"notepad.exe" (Removes the capital at the start), I'm not sure if in Windows 11 they changed it to "Notepad" But on my Windows 10 system its "notepad.exe" Anyways, cheers for the vid
Glad you enjoyed the video and hope it helped you out on your learning journey. Seems I can call Notepad with either Upper or Lower case with Windows 11. Nice catch on that! If you haven't would you mind giving the video a like and sub? If not, no worries. Thanks for watching and happy hacking!
This video is more about injecting additional functionality. Function hooking is a different concept. There's multiple ways to accomplish it, including using dll's to accomplish it. Try this link as a starting point: www.ired.team/offensive-security/code-injection-process-injection/how-to-hook-windows-api-using-c++
What you're looking for would be a STATIC library. The difference is that static libraries are embedded into the executable, making a single but larger file. DLLs are intended to be dynamically loaded. They're created as separate files with a specific set of functions that can be shared by multiple applications. Secondly, since they're not embedded, it lets you ship smaller programs if the DLL is already on the machine. Lastly, when updating a set of functions, with static libraries you have to update EVERY program that uses it. With DLL's you only have to update the DLL and the programs can all just load the new version. If you haven't, would you mind giving the video a subscription to help others find this information? If not, no worries. Glad I could enjoyed the video and happy hacking!
I've pushed my source code to github (URL in the description) so everyone can just grab it. If you haven't yet, would you mind sending a like/sub my way to help others find this information? If not, no worries & happy hacking.
i copied your code it keeps saying Injection failed no matter what i do i changed the dll path but with no result please i just wanna see it work my dll path is "C:\\Users\\PC\\Desktop\\basic_dll_injection-main\\yt_tutorial_dll\\x64\\Debug\\yt_tutorial_dll"
@@Taiikey It should not close notepad unless maybe notepad is crashing? Also, LoadLibrary is simply mapped to either LoadLibraryA or LoadLibraryW depending on your system. Using 'A' is explicitly for ascii strings whereas 'A' is for Unicode. Can you push your code to github? I'll take a peek when I have some time. Also, you can grab my code from github.com/BIackMage/basic_dll_injection
its the same code you have i fixed it and it say injection successful but it won't open calc why it creates the thread inside of notepad but it will not open calc @@DungeonsAndDiving
@@Taiikey Ahhh I might just know the answer. I gave live training on this yesterday and one of the "students" had the same result. The issue is most likely that you're trying to inject the dll from the wrong location (i.e. the dll can't be found). What happens is the injector gets a "success" return from the CreateRemoteThread call but LoadLibraryA runs in its own thread in your target process (i.e. notepad) and fails to successfully load the missing dll. In this case, LoadLibraryA should have a fail return, but we're not capturing that. We only capture CreateRemoteThread, which again was successful in running LoadLibraryA. Rebuild your DLL and look at the path that VS shows in the output window (it will be right above the message that 1 project was built successfully). Then take that specific path and verify the dll actually exists there (via windows explorer). Once verified, paste that path into the injector app's #define statement (line 7). You'll need to ensure that any backslashes ("\") in the path are "escaped" by adding an extra backslash in the string. For example, my path is: "D:\Repos\C++\yt_tutorial_dll\x64\Debug\yt_tutorial_dll.dll" It needs to be changed to: "D:\\Repos\\C++\\yt_tutorial_dll\\x64\\Debug\\yt_tutorial_dll.dll"
This is such a good Tutorial but just one thing...
for me, I had to change the define TARGET_BINARY From:
#define TARGET_BINARY L"Notepad.exe"
to
#define TARGET_BINARY L"notepad.exe"
(Removes the capital at the start), I'm not sure if in Windows 11 they changed it to "Notepad" But on my Windows 10 system its "notepad.exe"
Anyways, cheers for the vid
Glad you enjoyed the video and hope it helped you out on your learning journey. Seems I can call Notepad with either Upper or Lower case with Windows 11. Nice catch on that! If you haven't would you mind giving the video a like and sub? If not, no worries. Thanks for watching and happy hacking!
@@DungeonsAndDiving Yeah man subbed a while ago these vids are really helpful cheers 🤙
@@ventrat1134 Appreciate it man. Every like/sub helps other people find this info!
Another question, can I use this method if I want to hook "WSASend, WSARecv, send, and recv" for tcp packet manipulations?
This video is more about injecting additional functionality. Function hooking is a different concept. There's multiple ways to accomplish it, including using dll's to accomplish it. Try this link as a starting point: www.ired.team/offensive-security/code-injection-process-injection/how-to-hook-windows-api-using-c++
cool detailed explained.
Next video: Compile .dll into the .exe. In production, so it only has one executable.
Any idea?
What you're looking for would be a STATIC library. The difference is that static libraries are embedded into the executable, making a single but larger file. DLLs are intended to be dynamically loaded. They're created as separate files with a specific set of functions that can be shared by multiple applications. Secondly, since they're not embedded, it lets you ship smaller programs if the DLL is already on the machine. Lastly, when updating a set of functions, with static libraries you have to update EVERY program that uses it. With DLL's you only have to update the DLL and the programs can all just load the new version.
If you haven't, would you mind giving the video a subscription to help others find this information? If not, no worries. Glad I could enjoyed the video and happy hacking!
can you send me your source code. I followed the video but I failed. But I don't know where I went wrong.
I've pushed my source code to github (URL in the description) so everyone can just grab it. If you haven't yet, would you mind sending a like/sub my way to help others find this information? If not, no worries & happy hacking.
i copied your code it keeps saying Injection failed no matter what i do i changed the dll path but with no result please i just wanna see it work
my dll path is "C:\\Users\\PC\\Desktop\\basic_dll_injection-main\\yt_tutorial_dll\\x64\\Debug\\yt_tutorial_dll"
i fixed it but won't open calc and i change LoadLaibraryA to LoadLiabrary and now when i run it it will just close notepad tf
@@Taiikey It should not close notepad unless maybe notepad is crashing? Also, LoadLibrary is simply mapped to either LoadLibraryA or LoadLibraryW depending on your system. Using 'A' is explicitly for ascii strings whereas 'A' is for Unicode.
Can you push your code to github? I'll take a peek when I have some time. Also, you can grab my code from github.com/BIackMage/basic_dll_injection
its the same code you have
i fixed it and it say injection successful but it won't open calc why
it creates the thread inside of notepad but it will not open calc @@DungeonsAndDiving
@@Taiikey Ahhh I might just know the answer. I gave live training on this yesterday and one of the "students" had the same result. The issue is most likely that you're trying to inject the dll from the wrong location (i.e. the dll can't be found). What happens is the injector gets a "success" return from the CreateRemoteThread call but LoadLibraryA runs in its own thread in your target process (i.e. notepad) and fails to successfully load the missing dll. In this case, LoadLibraryA should have a fail return, but we're not capturing that. We only capture CreateRemoteThread, which again was successful in running LoadLibraryA.
Rebuild your DLL and look at the path that VS shows in the output window (it will be right above the message that 1 project was built successfully). Then take that specific path and verify the dll actually exists there (via windows explorer). Once verified, paste that path into the injector app's #define statement (line 7). You'll need to ensure that any backslashes ("\") in the path are "escaped" by adding an extra backslash in the string.
For example, my path is: "D:\Repos\C++\yt_tutorial_dll\x64\Debug\yt_tutorial_dll.dll"
It needs to be changed to: "D:\\Repos\\C++\\yt_tutorial_dll\\x64\\Debug\\yt_tutorial_dll.dll"