DLL Injector not working (64Bit compiler)

Question

I'm still working on my same project (in case you wondering why I ask so many questions.) Anyway I switched from compiler, from mingw32 (mingw.org) to MinGW-w64 (mingw-w64.sourceforge.net/)

While the project compiles fine without any error, the injector doesn't work, without giving any errors or something. Here is the source:

int Inject(DWORD pID) 
{ 
    HANDLE hProcess;
    if (!(hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID)))
        return 0;

    char* szDllName = "subclass64.dll";

    LPVOID LoadLibraryAddress;
    if ((LoadLibraryAddress = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")) == NULL)
    {
        char buf[32];
        sprintf(buf, "%d", GetLastError());
        MessageBox(0, buf, "", 0);

        CloseHandle(hProcess);
        return 0;
    }

    LPVOID lpStringAddress;
    if ((lpStringAddress = (LPVOID)VirtualAllocEx(hProcess, NULL, strlen(szDllName), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE)) == NULL)
    {
        char buf[32];
        sprintf(buf, "%d", GetLastError());
        MessageBox(0, buf, "", 0);

        CloseHandle(hProcess);
        return 0;
    }

    if (WriteProcessMemory(hProcess, lpStringAddress, szDllName, strlen(szDllName), NULL) == 0)
    {
        char buf[32];
        sprintf(buf, "%d", GetLastError());
        MessageBox(0, buf, "", 0);

        CloseHandle(hProcess);
        return 0;
    }

    HANDLE hThread;
    if ((hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibraryAddress, lpStringAddress, 0, NULL)) == NULL)
    {
        char buf[32];
        sprintf(buf, "%d", GetLastError());
        MessageBox(0, buf, "", 0);

        CloseHandle(hProcess);
        return 0;
    }

    CloseHandle(hProcess); 
    return 1; 
}

I debugged as well, but I didn't get any weird values:

(gdb) p hProcess
$1 = (HANDLE) 0xec
(gdb) p LoadLibraryAddress
$2 = (LPVOID) 0x7f9de0528ac <LoadLibraryA>
(gdb) p lpStringAddress
$3 = (LPVOID) 0x8a4d10000
(gdb) p hThread
$4 = (HANDLE) 0xf0
(gdb) p GetLastError()
$5 = 0

Nothing is wrong with the DLL because it works fine with another DLL Injector (from the internet)

Edit: It works fine with a dummy/test application, but it doesn't with notepad for example (which works with using an third party injector.)

Hopefully someone could help me, regards

Answer 1

I switched from compiler to Visual Studio, in there it didn't worked at first but then it did. The answer for this is not to debug. So you navigate to the path of the application and then start the program manually.

Answer 2

One problem is that the name of the DLL in the target process is not null terminated, as only strlen(szDllName) bytes are being allocated and written. Change the the string handling logic to allocate and write strlen(szDllName) + 1 to ensure the string is null terminated.

Note that the DLL to be injected, subclass64.dll, must be in the same directory as the target process or its PATH environment variable must include the directory were the DLL resides.