2

I wrote code that injects a function in Internet Explorer/Chrome but it doesn't work with these processes. Basically, it fills one big structure with all the APIs my function needs, strings, and other data, then it opens a process to get a handle, virtualallocex to allocate enough memory to store a function and structure there, and it writes the function and the structure in allocated memory. It then runs createremotethread there with the function as a starting address and structure as parameter.

It works all great with calc/notepad/winamp processes but I have problems with browser injection.

I'm wondering what could it be, I'm using these APIs.

x.xCreateFile
x.xWriteFile
x.xCloseHandle
x.xSleep
x.xVirtualAlloc
x.xVirtualFree
x.xMessageBox
x.xLoadLibrary
x.xShellExecute

Is it because browsers are protected now and they're running with lowest privileges?

Ben
  • 51,770
  • 36
  • 127
  • 149
Volim Te
  • 21
  • 2

1 Answers1

3

Google Chrome has some issues with injections. Especially with it's child processes such as tabs, flash player, plugin, etc. Try Injecting into the ParentProcess. Check also your handle that returns from CreateRemoteThread. Make also sure all your API addresses are correct in the remotethread

Ben
  • 3,380
  • 2
  • 44
  • 98
  • 1
    Thank you very much, that was the issue. Injecting in parent process works well, I would vote you up but I don't have enough reputation. Thanks – Volim Te Jun 30 '12 at 23:42