Advertisement
waliedassar

SuppressDllMains --> SkipThreadAttach

Dec 7th, 2012
999
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.80 KB | None | 0 0
  1. //http://www.waleedassar.blogspot.com/
  2. //http://www.twitter.com/waleedassar
  3.  
  4. //---------------code of walied.dll (the dummy dll)----
  5. //-----------------------------------------------------
  6. //-----------------------------------------------------
  7. #include "stdafx.h"
  8. #include "windows.h"
  9. #include "stdio.h"
  10.  
  11. BOOL APIENTRY DllMain(HANDLE hModule,int reason,void*)
  12. {
  13.     if(reason==DLL_THREAD_ATTACH)
  14.     {
  15.         MessageBox(0,"Thread attached","waliedassar",0);
  16.     }
  17.     else if(reason==DLL_THREAD_DETACH)
  18.     {
  19.         MessageBox(0,"Thread detached","waliedassar",0);
  20.     }
  21.     return TRUE;
  22. }
  23. //================================================================
  24. //================================================================
  25. //-----------code of main executable-------------------
  26. #include "stdafx.h"
  27. #include "windows.h"
  28. #include "stdio.h"
  29.  
  30. //--------------------Definitions--------------------------
  31. #define CreateSuspended  0x1
  32. #define SuppressDllMains 0x2
  33. #define HideFromDebugger 0x4
  34. //--TEB bit flags--
  35. #define DisableATlThunkEmulation 0x1
  36. #define InDebugPrint             0x2
  37. #define HasFiberData             0x4
  38. #define SkipThreadAttach         0x8
  39. #define WerShipAssert            0x10
  40. #define RanProcessInit           0x20
  41. #define ClonedThread             0x40
  42. #define SuppressDebugMsg         0x80
  43. #define CORSpecific              0x400 //.net application
  44. //--------------------Structures-------------------------
  45. struct UNICODE_S
  46. {
  47.         unsigned short len;
  48.         unsigned short max;
  49.         wchar_t* pStr;
  50. };
  51. struct OBJECT_ATTRIBUTES
  52. {
  53.   unsigned long           Length;
  54.   HANDLE                  RootDirectory;
  55.   UNICODE_S*              ObjectName;
  56.   unsigned long           Attributes;
  57.   void*           SecurityDescriptor;
  58.   void*           SecurityQualityOfService;
  59. };
  60. //----------------------------------------------------------
  61. typedef int(__stdcall *FUNC)(HANDLE* hThread,int DesiredAccess,OBJECT_ATTRIBUTES* ObjectAttributes,
  62. HANDLE ProcessHandle,void* lpStartAddress,void* lpParameter,
  63. unsigned long Flags,unsigned long StackZeroBits,
  64. unsigned long SizeOfStackCommit,unsigned long SizeOfStackReserve,
  65. void* lpBytesBuffer);
  66.  
  67.  
  68. void Watch(unsigned char* pTEB)
  69. {
  70.     printf("New Thread\r\n");
  71.     return;
  72. }
  73.  
  74. int main(int argc, char* argv[])
  75. {
  76.  
  77.     //---------Load a dummy dll-------------
  78.     LoadLibrary("walied.dll");
  79.  
  80.     unsigned long tid=0;
  81.     HANDLE hT=0;
  82.  
  83.     FUNC ZwCreateThreadEx=(FUNC)GetProcAddress(GetModuleHandle("ntdll.dll"),"ZwCreateThreadEx");
  84.     if(ZwCreateThreadEx)
  85.     {
  86.              HANDLE hThread=0;
  87.              ZwCreateThreadEx(&hThread,0x1FFFFF,0,GetCurrentProcess(),&Watch,0,
  88.                                     /*you can replace this flag with 0*/SuppressDllMains,
  89.                                     0,0x1000,0x10000,0);
  90.             ResumeThread(hThread);
  91.             WaitForSingleObject(hThread,INFINITE);
  92.     }
  93.     return 0;
  94. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement