API tools faq
paste
Advertisement
waliedassar

SuppressDllMains --> SkipThreadAttach

waliedassar
Dec 7th, 2012
1,008
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.80 KB | None | 0 0
raw download clone embed print report
  1. //http://www.waleedassar.blogspot.com/
  2. //http://www.twitter.com/waleedassar
  3.  
  4. //---------------code of walied.dll (the dummy dll)----
  5. //-----------------------------------------------------
  6. //-----------------------------------------------------
  7. #include "stdafx.h"
  8. #include "windows.h"
  9. #include "stdio.h"
  10.  
  11. BOOL APIENTRY DllMain(HANDLE hModule,int reason,void*)
  12. {
  13.     if(reason==DLL_THREAD_ATTACH)
  14.     {
  15.         MessageBox(0,"Thread attached","waliedassar",0);
  16.     }
  17.     else if(reason==DLL_THREAD_DETACH)
  18.     {
  19.         MessageBox(0,"Thread detached","waliedassar",0);
  20.     }
  21.     return TRUE;
  22. }
  23. //================================================================
  24. //================================================================
  25. //-----------code of main executable-------------------
  26. #include "stdafx.h"
  27. #include "windows.h"
  28. #include "stdio.h"
  29.  
  30. //--------------------Definitions--------------------------
  31. #define CreateSuspended  0x1
  32. #define SuppressDllMains 0x2
  33. #define HideFromDebugger 0x4
  34. //--TEB bit flags--
  35. #define DisableATlThunkEmulation 0x1
  36. #define InDebugPrint             0x2
  37. #define HasFiberData             0x4
  38. #define SkipThreadAttach         0x8
  39. #define WerShipAssert            0x10
  40. #define RanProcessInit           0x20
  41. #define ClonedThread             0x40
  42. #define SuppressDebugMsg         0x80
  43. #define CORSpecific              0x400 //.net application
  44. //--------------------Structures-------------------------
  45. struct UNICODE_S
  46. {
  47.         unsigned short len;
  48.         unsigned short max;
  49.         wchar_t* pStr;
  50. };
  51. struct OBJECT_ATTRIBUTES
  52. {
  53.   unsigned long           Length;
  54.   HANDLE                  RootDirectory;
  55.   UNICODE_S*              ObjectName;
  56.   unsigned long           Attributes;
  57.   void*           SecurityDescriptor;
  58.   void*           SecurityQualityOfService;
  59. };
  60. //----------------------------------------------------------
  61. typedef int(__stdcall *FUNC)(HANDLE* hThread,int DesiredAccess,OBJECT_ATTRIBUTES* ObjectAttributes,
  62. HANDLE ProcessHandle,void* lpStartAddress,void* lpParameter,
  63. unsigned long Flags,unsigned long StackZeroBits,
  64. unsigned long SizeOfStackCommit,unsigned long SizeOfStackReserve,
  65. void* lpBytesBuffer);
  66.  
  67.  
  68. void Watch(unsigned char* pTEB)
  69. {
  70.     printf("New Thread\r\n");
  71.     return;
  72. }
  73.  
  74. int main(int argc, char* argv[])
  75. {
  76.  
  77.     //---------Load a dummy dll-------------
  78.     LoadLibrary("walied.dll");
  79.  
  80.     unsigned long tid=0;
  81.     HANDLE hT=0;
  82.  
  83.     FUNC ZwCreateThreadEx=(FUNC)GetProcAddress(GetModuleHandle("ntdll.dll"),"ZwCreateThreadEx");
  84.     if(ZwCreateThreadEx)
  85.     {
  86.              HANDLE hThread=0;
  87.              ZwCreateThreadEx(&hThread,0x1FFFFF,0,GetCurrentProcess(),&Watch,0,
  88.                                     /*you can replace this flag with 0*/SuppressDllMains,
  89.                                     0,0x1000,0x10000,0);
  90.             ResumeThread(hThread);
  91.             WaitForSingleObject(hThread,INFINITE);
  92.     }
  93.     return 0;
  94. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!