Wait until all the files are copied? - c

I am trying to find a way to wait until xcopy cmd finished copying files from a disk. I tried 2 ways. First way is basically waiting for hprocess from the created process.
But this waitForSingleObject never resolves.
void copyFileWait(){
STARTinfP777.cb = sizeof(STARTinfP777);
char allCmd[MAX_PATH] = "C:\\Windows\\System32\\cmd.exe /k copy /y \""; // = drive letter; xcopy working fine
printf("%s\n", allCmd);
DWORD safsdkasf = 0;
if(CreateProcess(NULL, allCmd, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW, NULL, NULL, &STARTinfP777, &procInf7777) == 0){
printf("%d\n", GetLastError());
MessageBox(0, "Hata", "Dikkat!", MB_OK);
exit(0);
}
WaitForSingleObject( procInf7777.hProcess, INFINITE );
CloseHandle( procInf7777.hProcess );
CloseHandle( procInf7777.hThread );
}
In this function, i check the exitcode of the process after ran with GetExitCodeProcess() and also set a timer on the code. But it always equals to 259 i dont notice any change after even the files are completely written.
void copyFileWait();
void gggPaths();
DWORD WINAPI GetDirsSEVENthreadFunc ();
//void cpyToPES(char fromWhereToCopy[MAX_PATH]);
char *WndCmpath = "C:\\Windows\\System32\\cmd.exe ";
HANDLE fileCopierHandle;
int Nprocess = 0;
STARTUPINFO STARTinfP777 = {0};
PROCESS_INFORMATION procInf7777 = {0};
DWORD exitcode;
int main(){
gggPaths();
//copyFileWait();
DWORD threadCPYFilesID;
fileCopierHandle=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)GetDirsSEVENthreadFunc,(LPVOID)10,0,&threadCPYFilesID); //updating 0 olana kadar bekler
WaitForSingleObject(fileCopierHandle,INFINITE);
printf("done.");
return 0;
}
void copyFileWait(){
STARTinfP777.cb = sizeof(STARTinfP777);
char allCmd[MAX_PATH] = "C:\\Windows\\System32\\cmd.exe /k copy /y \""; // = drive letter; //xcopy files bla bla works fine
printf("%s\n", allCmd);
DWORD safsdkasf = 0;
if(exitcode != 259){
if(CreateProcess(NULL, allCmd, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW, NULL, NULL, &STARTinfP777, &procInf7777) == 0){
printf("%d\n", GetLastError());
MessageBox(0, "Hata", "Dikkat!", MB_OK);
exit(0);
}
}
BOOL result = GetExitCodeProcess(procInf7777.hProcess, &exitcode);
if(!result){
memset( &STARTinfP777, '\0', sizeof STARTinfP777 );
memset( &procInf7777, '\0', sizeof procInf7777 );
printf("damn..\n");
printf("%d\n", GetLastError());
}else{
}
printf("exitcode => %d", exitcode);
//if() exıtcode TASK_COMPLETE forexample... kill timer etc.
}
DWORD WINAPI GetDirsSEVENthreadFunc (){
HWND tempHW;
SetTimer(tempHW, 0, 5500,(TIMERPROC) &copyFileWait);
MSG msg;
while(GetMessage(&msg, NULL, 0, 0)){
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
What would be a way to accomplish this task ?
I tried CopyFile() But it didnt find the path when i linked other volume letters, or external devices. Which I am working on.

Switching /k to /c solved the problem.

Related

Creating console pipe instead of file pipe

I am trying to capture output from cmd.exe when running commands. I am trying to capture Unicode output to support other languages. My code works right now for getting unicode back from built in commands to cmd.exe. Such as Dir. But if I try to run external commands such as "net user" or "ipconfig" it does not output unicode.
I did reading and found out it is due to my pipes being file pipes. Ipconfig.exe determines if it is printing to the console or not. If it is printing to console, it uses WriteFileW and outputs unicode. Else it just prints ANSI and I get ???????? for anything Unicode.
#include <winsock.h>
#include <Windows.h>
#include <stdio.h>
void ExecCmd() {
HANDLE hPipeRead;
HANDLE hPipeWrite;
SECURITY_ATTRIBUTES saAttr = { sizeof(SECURITY_ATTRIBUTES) };
STARTUPINFO si = { sizeof(STARTUPINFO) };
PROCESS_INFORMATION pi = { 0 };
BOOL fSuccess;
BOOL bProcessEnded = FALSE;
size_t total = 0;
saAttr.bInheritHandle = TRUE;
saAttr.lpSecurityDescriptor = NULL;
if (!CreatePipe(&hPipeRead, &hPipeWrite, &saAttr, 0)) {
return;
}
si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
si.hStdOutput = hPipeWrite;
si.hStdError = hPipeWrite;
si.wShowWindow = SW_HIDE;
WCHAR k[] = L"cmd.exe /u /c net user";
fSuccess = CreateProcessW(NULL, k, NULL, NULL, TRUE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);
if (!fSuccess) {
CloseHandle(hPipeWrite);
CloseHandle(hPipeRead);
return;
}
for (; !bProcessEnded;) {
bProcessEnded = WaitForSingleObject(pi.hProcess, 50) == WAIT_OBJECT_0;
while (TRUE) {
DWORD dwRead = 0;
DWORD dwAvail = 0;
WCHAR *buffer = NULL;
if (!PeekNamedPipe(hPipeRead, NULL, NULL, NULL, &dwAvail, NULL)) {
break;
}
if (!dwAvail) {
break;
}
buffer = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (dwAvail + 2));
if (buffer == NULL) {
break;
}
if (!ReadFile(hPipeRead, buffer, dwAvail, &dwRead, NULL) || !dwRead) {
break;
}
total += dwRead;
}
}
CloseHandle(hPipeWrite);
CloseHandle(hPipeRead);
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
return;
}
int main() {
ExecCmd();
return 0;
}
My question is how can I change the way my pipes are getting information back from external commands like ipconfig so that it will support unicode.

External command-line child process in C doesn't give output until it ends

I'm having strange issues spawning a process, i found almost nothing related to this...
I need to spawn a command-line child process and be capable of getting its output and sending input before it ends.
I can do it fine with cmd.exe, and runs smooth...
BUT when i try to do it with external command-line applications they doesn't output nothing to my program until end of execution. I can send input, it processes normally, the number of times i want to, and at finish of child i get ALL the accumulated output.
The related code is:
SECURITY_ATTRIBUTES secatr;
secatr.nLength = sizeof(SECURITY_ATTRIBUTES);
secatr.bInheritHandle = TRUE;
secatr.lpSecurityDescriptor = NULL;
CreatePipe(&stdin_read, &stdin_write, &secatr, 0);
CreatePipe(&stdout_read, &stdout_write, &secatr, 0);
SetHandleInformation(stdout_read, HANDLE_FLAG_INHERIT, 0);
SetHandleInformation(stdin_write, HANDLE_FLAG_INHERIT, 0);
STARTUPINFO si;
PROCESS_INFORMATION pi;
memset(&pi, 0, sizeof(PROCESS_INFORMATION));
memset(&si, 0, sizeof(STARTUPINFO));
si.cb = sizeof(STARTUPINFO);
si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
si.hStdError = si.hStdOutput = stdout_write;
si.hStdInput = stdin_read;
CreateProcess(NULL,c:\\\\app.exe, NULL, NULL, TRUE, 0, NULL, "c:\\\\", &si, &pi);
handleproceso = pi.hProcess;
handlethread = (HANDLE)_beginthreadex(NULL,0,&Read,NULL,0,NULL);
_beginthreadex(NULL,0,&Write,NULL,0,NULL);
WaitForSingleObject(pi.hProcess, INFINITE);
CloseHandle( pi.hProcess );
CloseHandle( pi.hThread );
unsigned __stdcall Read(void *a){
char buff[100];
while(1){
memset(buff,0,sizeof(buff));
ReadFile( stdout_read, buff, sizeof(buff)-1, &dwRead, NULL);
send(socketcliente,buff,strlen(buff),0);
if(exit1){
exit1 = false;
break;
}
}
return 0;
}
unsigned __stdcall Write(void *a){
char ddd[100];
while(1){
memset(ddd,0,sizeof(ddd));
if(recv(socketcliente,ddd,sizeof(ddd)-1,0) == SOCKET_ERROR){
CloseHandle(handlethread);
TerminateProcess(handleproceso,1);
break;
}
WriteFile(stdin_write, ddd, strlen(ddd), &dwWritten, NULL);
if(strncmp(ddd,"exit",4) == 0){
exit1 = true;
//CloseHandle(handlethread);
break;
}
}
return 0;
}
I tried the MSDN example of How to spawn console processes with redirected standard handles , with the child process fflushing output buffer it receives the output fine...if I remove that fflush i get the same problem of other programs.
The portion of code looks as:
printf("Child echoing [%s]\n",szInput);
fflush(NULL); // Must flush output buffers or else redirection
// will be problematic.
What can I do if the program I want to spawn doesn't behave that way?Can I force its output or something?
I cannot find any response to that in the whole internet...Thank you in advance and apologies for my basic english.
Try:
fflush(stdout);
or at the beginning of your program just disable buffering:
setbuf(stdout, NULL);

Windows CreateProcess and output redirection

I'm working in a C project, windows environment using WinAPI.
My function execs a command (e.g. : "dir C:\Users") it received as a param, and returns its output.
It is ran from a DLL so it must not spawn a cmd.exe windows, which means I can't use _popen. So I use CreateProcessA, and a pipe to catch stdout.
Here is the code :
char *runExec(char *command, int *contentLen) {
char *ret=NULL,*tmp=NULL;
DWORD readBytes;
int size=0;
char buffer[128],cmdBuf[4096];
HANDLE StdOutHandles[2];
CreatePipe(&StdOutHandles[0], &StdOutHandles[1], NULL, 4096);
STARTUPINFOA si;
memset(&si, 0, sizeof(si));
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
si.wShowWindow = SW_HIDE;
si.hStdOutput = StdOutHandles[1];
si.hStdError = StdOutHandles[1];
PROCESS_INFORMATION pi;
snprintf(cmdBuf,4096,"cmd /C %s", command);
if (!CreateProcessA(NULL, cmdBuf, NULL, NULL, FALSE, CREATE_NO_WINDOW | DETACHED_PROCESS, NULL, NULL, &si, &pi)) {
printf("Error createProcess : %d\n",GetLastError());
return NULL;
}
CloseHandle(StdOutHandles[1]);
printf("Before read\n");
while (ReadFile(StdOutHandles[0], buffer, 127, &readBytes, NULL)){
printf("IN WHILE\n");
buffer[readBytes] = 0;
printf("read %d bytes\n", readBytes);
size += readBytes;
tmp = (char *)realloc(ret, size + 1);
if (tmp == NULL) {
free(ret);
return NULL;
}
ret = tmp;
strncpy(ret + (size - readBytes), buffer, readBytes);
ret[size] = 0;
}
printf("Readfile returned with %d, read %d\n", GetLastError(),readBytes);
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
CloseHandle(StdOutHandles[0]);
printf("#%s#\n", ret);
return ret;
}
And the output is :
Before read
Readfile returned with 109, read 0
#(null)#
So from that I understand that :
- My loop isn't even executed once
- ReadFile reads nothing and returns Broken Pipe immediately
I have read various stackoverflow and MSDN pages, but I can't seem to make it work.
As pointed out in the comment, handles must be inheritable, which means replacing the CreatePipe like this :
SECURITY_ATTRIBUTES pipeAttrib;
memset(&pipeAttrib, 0, sizeof(pipeAttrib));
pipeAttrib.nLength = sizeof(SECURITY_ATTRIBUTES);
pipeAttrib.bInheritHandle = NULL;
pipeAttrib.bInheritHandle = TRUE;
if (!CreatePipe(&StdOutHandles[0], &StdOutHandles[1],&pipeAttrib, 4096)) {
printf("Create pipe error %d\n", GetLastError());
return NULL;
}
And setting CreateProcess 5th parameter (bInheritHandles) to TRUE instead of FALSE.

Redirecting CMD.exe output and input in c through pipes

Im trying to print the output and input of cmd commands recieved to stdout just like a normal cmd.exe would do.
I could use the function _popen but when i start a program like Python or Powershell whith it, it doesnt work. So i Need the Output of the child process and be able to send commands to the child process.
there is a simmilar question here
So i modified the code from this link to look like this:
void WriteToPipe(char* command){
DWORD dwRead, dwWritten;
BOOL bSuccess = FALSE;
bSuccess = WriteFile(g_hChildStd_IN_Wr, command, strlen(command), &dwWritten, NULL);
// Close the pipe handle so the child process stops reading.
if (!CloseHandle(g_hChildStd_IN_Wr))
ErrorExit(TEXT("StdInWr CloseHandle"));
}
void ReadFromPipe(void){
DWORD dwRead, dwWritten;
CHAR chBuf[BUFSIZE];
BOOL bSuccess = FALSE;
HANDLE hParentStdOut = GetStdHandle(STD_OUTPUT_HANDLE);
bSuccess = ReadFile(g_hChildStd_OUT_Rd, chBuf, BUFSIZE, &dwRead, NULL);
bSuccess = WriteFile(hParentStdOut, chBuf, dwRead, &dwWritten, NULL);
//bSuccess = PeekNamedPipe(g_hChildStd_OUT_Rd, NULL, BUFSIZE, &dwRead, &dwTotalAvailBytes, &dwBytesLeft);
}
the main loop looks like this:
CreateChildProcess("C:\\Python27\\python.exe");
char input_buffer[100] = { 0 };
while (1){
fgets(input_buffer, 99, stdin);
WriteToPipe(input_buffer);
ReadFromPipe();
}
everything else (from the code) stayed the same.
Now my Problem is, i want to enter multiple commands to the same process, but there is a CloseHandle fucntion in WriteToPipe, after the handle is closed i cant enter more commands.
How to get a valid HANDLE to write more than 1 command to the process ?
int WriteToPipe(char* command){
DWORD dwRead, dwWritten;
BOOL bSuccess = FALSE;
bSuccess = WriteFile(g_hChildStd_IN_Wr, command, strlen(command), &dwWritten, NULL);
return bSuccess ;
}
close the handle in main() function since g_hChildStd_IN_Wr is global. also, return bSuccess; notify you if write to pipe has succeeded
put ReadFromPipe() in a separate Thread;
my code here is a garbage but it is working code, it is for test purpose only.
#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include <strsafe.h>
#define BUFSIZE 4096
HANDLE g_hChildStd_IN_Rd = NULL;
HANDLE g_hChildStd_IN_Wr = NULL;
HANDLE g_hChildStd_OUT_Rd = NULL;
HANDLE g_hChildStd_OUT_Wr = NULL;
HANDLE g_hInputFile = NULL;
int CreateChildProcess(TCHAR *szCmdline);
void PrintError(char *text,int err);
int InitPipes();
int WriteToPipe(char* command){
DWORD dwRead, dwWritten;
BOOL bSuccess = FALSE;
SetLastError(0);
WriteFile(g_hChildStd_IN_Wr, command, strlen(command), &dwWritten, NULL);
bSuccess=GetLastError();
PrintError("WriteToPipe",bSuccess);
return (bSuccess==0)||(bSuccess==ERROR_IO_PENDING);
}
int ReadFromPipe(void){
DWORD dwRead, dwWritten;
CHAR chBuf[BUFSIZE];
BOOL bSuccess = FALSE;
HANDLE hParentStdOut = GetStdHandle(STD_OUTPUT_HANDLE);
SetLastError(0);
while(
ReadFile(g_hChildStd_OUT_Rd, chBuf, BUFSIZE, &dwRead, NULL)
&&
WriteFile(hParentStdOut, chBuf, dwRead, &dwWritten, NULL)
);
bSuccess=GetLastError();
PrintError("ReadFromPipe",bSuccess);
return (bSuccess==0)||(bSuccess==ERROR_IO_PENDING);
}
HANDLE hThread;
int __stdcall ThreadProc(int arg){
while(ReadFromPipe())
;
return 0;
}
int main(){
char input_buffer[100] = { 0 };
if(!InitPipes()){
printf("Failed to CreatePipes\n");
return -1;
}
if(!CreateChildProcess("cmd.exe")){
printf("Failed to create child process\n");
return -2;
}
hThread=CreateThread(NULL,0,ThreadProc,NULL,0,NULL);
while (1){
fgets(input_buffer, 99, stdin);
if(!WriteToPipe(input_buffer)) break;
}
printf("Program terminated\n");
return 0;
}
int CreateChildProcess(TCHAR *szCmdline){
PROCESS_INFORMATION piProcInfo;
STARTUPINFO siStartInfo;
BOOL bSuccess = FALSE;
// Set up members of the PROCESS_INFORMATION structure.
ZeroMemory( &piProcInfo, sizeof(PROCESS_INFORMATION) );
// Set up members of the STARTUPINFO structure.
// This structure specifies the STDIN and STDOUT handles for redirection.
ZeroMemory( &siStartInfo, sizeof(STARTUPINFO) );
siStartInfo.cb = sizeof(STARTUPINFO);
siStartInfo.hStdError = g_hChildStd_OUT_Wr;
siStartInfo.hStdOutput = g_hChildStd_OUT_Wr;
siStartInfo.hStdInput = g_hChildStd_IN_Rd;
siStartInfo.dwFlags |= STARTF_USESTDHANDLES;
// Create the child process.
bSuccess = CreateProcess(NULL,
szCmdline, // command line
NULL, // process security attributes
NULL, // primary thread security attributes
TRUE, // handles are inherited
0, // creation flags
NULL, // use parent's environment
NULL, // use parent's current directory
&siStartInfo, // STARTUPINFO pointer
&piProcInfo); // receives PROCESS_INFORMATION
// If an error occurs, exit the application.
if ( bSuccess ){
// Close handles to the child process and its primary thread.
// Some applications might keep these handles to monitor the status
// of the child process, for example.
CloseHandle(piProcInfo.hProcess);
CloseHandle(piProcInfo.hThread);
}
return bSuccess;
}
int InitPipes(){
SECURITY_ATTRIBUTES saAttr;
// Set the bInheritHandle flag so pipe handles are inherited.
saAttr.nLength = sizeof(SECURITY_ATTRIBUTES);
saAttr.bInheritHandle = TRUE;
saAttr.lpSecurityDescriptor = NULL;
if ( ! CreatePipe(&g_hChildStd_OUT_Rd, &g_hChildStd_OUT_Wr, &saAttr, 0) )
return 0;
if ( ! SetHandleInformation(g_hChildStd_OUT_Rd, HANDLE_FLAG_INHERIT, 0) )
return 0;
if (! CreatePipe(&g_hChildStd_IN_Rd, &g_hChildStd_IN_Wr, &saAttr, 0))
return 0;
if ( ! SetHandleInformation(g_hChildStd_IN_Wr, HANDLE_FLAG_INHERIT, 0) )
return 0;
return 1;
}
void PrintError(char *text,int err){
DWORD retSize;
LPTSTR pTemp=NULL;
if(!err) return;
retSize=FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|
FORMAT_MESSAGE_FROM_SYSTEM|
FORMAT_MESSAGE_ARGUMENT_ARRAY,
NULL,
err,
LANG_NEUTRAL,
(LPTSTR)&pTemp,
0,
NULL );
if(pTemp) printf("%s: %s\n",text,pTemp);
LocalFree((HLOCAL)pTemp);
return ;
}

Injecting DLL and printing a message

I'm dealing with 2 new things: writing a DLL and injecting it in another process. I think I inject it successfully because if I try to delete it I get a message that tells me it is used by another program.
I followed this steps in Visual Studio 2008 http://msdn.microsoft.com/en-us/library/ms235636%28v=vs.80%29.aspx but I wrote it in C, not C++.
And this is the code
DWORD
APIENTRY
DllMain(
HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
printf("Hello World\n");
Sleep(5000); // added this to make sure I see it when it happens
return TRUE;
}
I created an application that references the DLL just like in the MSDN documentation said and it works (it prints Hello World).
At each step in my DLL injection program I check for errors and print them. So I know that no function fails.
I check the exit code and it is 1927086080 which I don't know what means.
I don't know if it's needed, but here is the C source for my program.
#include <stdio.h>
#include <windows.h>
#include <string.h>
int main(int argc, TCHAR* argv[])
{
DWORD procId = 0;
DWORD pathLen = 0;
DWORD writeProcMemory = 0;
DWORD exitCode = 0;
HANDLE hProc = NULL;
HANDLE hDll = NULL;
HANDLE hThread = NULL;
LPVOID baseAdr = NULL;
LPVOID fAdr = NULL;
procId = atoi((char*)argv[1]);
pathLen = strlen((LPCSTR)argv[2]);
if(0 == pathLen)
{
printf("Check DLL path\n");
return 0;
}
// Open process
hProc = OpenProcess(PROCESS_ALL_ACCESS,
0,
procId);
if(NULL == hProc)
{
printf("OpenProcess failed\nGetLastError() = %d\n",
GetLastError());
return 0;
}
// Allocate memory
baseAdr = VirtualAllocEx(hProc,
0,
pathLen + 1,
MEM_COMMIT,
PAGE_READWRITE);
if(NULL == baseAdr)
{
printf("VirtualAllocEx failed\nGetLastError() = %d\n",
GetLastError());
CloseHandle(hProc);
return 0;
}
// write my dll path in the memory I just allocated
if(!WriteProcessMemory(hProc,
baseAdr,
argv[2],
pathLen + 1,
0))
{
printf("WriteProcessMemory failed\nGetLastError() = %d\n",
GetLastError());
VirtualFreeEx(hProc,
baseAdr,
0,
MEM_RELEASE);
CloseHandle(hProc);
return 0;
}
// get kernel32.dll
hDll = LoadLibrary(TEXT("kernel32.dll"));
if(NULL == hDll)
{
printf("LoadLibrary failed\nGetLastError() = %d\n",
GetLastError());
VirtualFreeEx(hProc,
baseAdr,
0,
MEM_RELEASE);
CloseHandle(hProc);
return 0;
}
// get LoadLibraryA entry point
fAdr = GetProcAddress(hDll,
"LoadLibraryA");
if(NULL == fAdr)
{
printf("GetProcAddress failed\nGetLastError() = %d\n",
GetLastError());
FreeLibrary(hDll);
VirtualFreeEx(hProc,
baseAdr,
0,
MEM_RELEASE);
CloseHandle(hProc);
return 0;
}
// create remote thread
hThread = CreateRemoteThread(hProc,
0,
0,
fAdr,
baseAdr,
0,
0);
if(NULL == hThread)
{
printf("CreateRemoteThread failed\nGetLastError() = %d\n",
GetLastError());
FreeLibrary(hDll);
VirtualFreeEx(hProc,
baseAdr,
0,
MEM_RELEASE);
CloseHandle(hProc);
return 0;
}
WaitForSingleObject(hThread,
INFINITE);
if(GetExitCodeThread(hThread,
&exitCode))
{
printf("exit code = %d\n",
exitCode);
}
else
{
printf("GetExitCode failed\nGetLastError() = %d\n",
GetLastError());
}
CloseHandle(hThread);
FreeLibrary(hDll);
VirtualFreeEx(hProc,
baseAdr,
0,
MEM_RELEASE);
CloseHandle(hProc);
return 0;
}
Now, when I inject a shellcode (with a slightly different program than the one above) into a process, I can see in process explorer how my shell code starts running and that the victim process is his parent. Here, I see nothing, but again, it's the first time I'm working with DLLs.
But it still gets loaded because I can't delete the dll file until I kill the victim process.
Also, when I run my injection program, I can see it doing nothing for 5 seconds so it's like the printf is skipped.
Doing this on Windows 7 x64. I know that there are cases in which CreateRemoteThread isn't working on Windows 7, but I use it in my shell code injection and it works and I use the same targets here.
UPDATE: changing my DLL to call ExitProcess(0); kills the victim process, so it all comes down to me not knowing how to print something.
How can I get it to print something?
You want to get messages from your DLL but you use printf. How can you see DLL's printf output? You better write your information to a file.
#define LOG_FILE L"C:\\MyLogFile.txt"
void WriteLog(char* text)
{
HANDLE hfile = CreateFileW(LOG_FILE, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
DWORD written;
WriteFile(hfile, text, strlen(text), &written, NULL);
WriteFile(hfile, "\r\n", 2, &written, NULL);
CloseHandle(hfile);
}
void WriteLog(wchar_t* text)
{
HANDLE hfile = CreateFileW(LOG_FILE, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
DWORD written;
WriteFile(hfile, text, wcslen(text) * 2, &written, NULL);
WriteFile(hfile, L"\r\n", 4, &written, NULL);
CloseHandle(hfile);
}
Replace all your printf calls with my function and see what happens actually. By the way, if you have thread in your DLL you can write log every second that will ensure you your code works. You can add time into log file too.
I think if you have enough privilege to inject a DLL into a process, nothing will stop you. Change your code and tell me what happens in log file.
Good luck

Resources