s0me0ne Posted June 10, 2012 Posted June 10, 2012 (edited) is anyone familiar with kol?basically im try to inject a dll & show the form, but ive no idea what im doing with it (only just started using it)This a VCL version that works but i cant seem to figure out how to do it with KOL.why dont i just use the vcl version, because 1.xx mb is a joke & the VCL bloat gets bigger with every new release, hence the KOL replacement.uses SysUtils, Classes, Windows, Forms, Source in 'Trainer.pas' {Form1};{$R *.res}procedure CreateForm;begin Application.ShowMainForm := True; with TForm1.Create(Application) do ShowModal;end;procedure DllMain(Reason: DWORD);var a: DWORD;begin if (Reason = DLL_PROCESS_ATTACH) then CreateThread(nil, 0, @CreateForm, nil, 0, a); if (Reason = DLL_PROCESS_DETACH) then FreeLibraryAndExitThread(HInstance,0);end;begin DllProc := @DllMain; DllMain(DLL_PROCESS_ATTACH);end.you dont have to convert that, ill accept anything that works if it means not having to use a massive dll.cheers Edited June 10, 2012 by s0me0ne
ghandi Posted June 11, 2012 Posted June 11, 2012 (edited) Personally i wouldn't be creating a thread in DllMain, regardless of whether or not people say it isn't prone to deadlock issues.Instead of doing this in dll main, i'd have a function exported from the dll which performs initialization or window/form creation. This could be called from the same thread which loads the library and when the window/form closes the thread can exit after calling FreeLibrary, it just means the CreateRemoteThread(LoadLibraryA) method is not suited to it.PUSH XXXXXXXX <- offset of library nameCALL DWORD PTR [XXXXXXXX] <- DWORD variable which holds address of LoadLibraryAPUSH EAX <- Push as parameter for call to FreeLibraryPUSH 1PUSH EAXCALL DWORD PTR [XXXXXXXX] <- DWORD variable which holds address of GetProcAddressCALL EAX <- Call function to create window, etcCALL DWORD PTR [XXXXXXXX] <- DWORD variable which holds address of FreeLibrary, hModule is already pushedPUSH 0CALL DWORD PTR [XXXXXXXX] <- DWORD variable which holds address of ExitThreadAs always, there are many spins on this. You can remove any need for the dword variables if you want to calculate the distance for each call to reach its respective API, but there is still a need to allocate memory to place the dll name into the remote process and Windows allocates a minimum of a page (1000h or 4096d bytes) so there is not any space being saved by not writing it there.You can also simply use a RET to get back to where the thread function body was called from, it *should* eventually go back to ExitThread itself but it is not a bad habit to ensure your thread is dead when you've finished with it by calling ExitThread yourself.HR,GhandiEDIT: I've thrown together an offset independant version of what i described above to illustrate what i mean, if there are any code errors i apologize because i have not tested it, as i said it is more for theory than anything.;// Get our delta address to base everything off,;// trash EBP cos we are not worried about the ABI for the main bodycall GetDeltaGetDelta:pop ebp;// Load the dlllea ecx, dword ptr [ebp + (LibName_ - GetDelta)]push ecxcall dword ptr [ebp + (LoadLibary_ - GetDelta)];// Push hModule for FreeLibrary callpush eax;// Push hModule for dll initialization function callpush eax;// Get the address of the initialization function,;// ive used #1 as ordinal but you can use string if you wantpush 1push eaxcall dword ptr [ebp + (GetProcAddress_ - GetDelta)];// hModule is already pushed to stack, initialization function is __stdcall so;// it corrects the stack before returning to the callercall eax;// Save return value to EBX for ExitThread, not following ABI still in main bodymov ebx, eax;// hModule is already pushed to stack, FreeLibrary function is __stdcall so;// it corrects the stack before returning to the callercall dword ptr [ebp + (FreeLibrary_ - GetDelta)];// Push return value as dwExitCode parameter to ExitThread IF DESIRED,;// this is not necessary and can be omitted along with saving the value to EBXpush ebxcall dword ptr [ebp + (ExitThread_ - GetDelta)];// Begin dataExitThread_ dd ?GetProcAddress_ dd ?FreeLibrary_ dd ?LoadLibary_ dd ?LibName_ db "SomeDll.dll",0 Edited June 11, 2012 by ghandi
s0me0ne Posted June 11, 2012 Author Posted June 11, 2012 (edited) as much as i appreciate the response, i really didnt get that.anyway ive sort of got it working with remotethread.probably not the best way to do it but it might help someone else at some point.{ KOL MCK } // Do not remove this line!{$DEFINE KOL_MCK}library KOLdllForm;usesKOL,Windows, unit1 in 'unit1.pas' {Form1};//{$R *.res}//{$R KOLdllForm.res}//{$R WinXP.res}Procedure RunKOLFormTest();Begin if not Assigned(Form1) then NewForm1(Form1, nil); Run(Form1.Form);End;var ThreadID:cardinal;begin // PROGRAM START HERE -- Please do not remove this comment{$IF Defined(KOL_MCK)} {$I KOLdllTest_0.inc} {$ELSE} Application.Initialize; Application.CreateForm(TForm1, Form1); Application.Run;{$IFEND} CreateThread(nil, 0, @RunKOLFormTest, nil, 0, ThreadID); // Working as intended //RunKOLFormTest; // Shows the Form but i have to close it before the main app will show (which defeats the purpose)end.....where are the code tags?nvm NoScripts doing it jobKOL-MCK dll 47.5KB vs XE2 VCL dll 6.77 MB (seriously, is there any need?) Edited June 11, 2012 by s0me0ne
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now