-
-
Save AvPelli/a44b9a137f7759f6e2ee23dd3c4edb82 to your computer and use it in GitHub Desktop.
basic injector
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <TlHelp32.h> | |
| #include <iostream> | |
| typedef VOID(CALLBACK* displayMessage)(void); | |
| void inject_dll(DWORD PId, char* DllName) | |
| { | |
| HANDLE hProcess; | |
| HINSTANCE dllHandle; | |
| PVOID Alloc; | |
| SIZE_T DllPathLen; | |
| HMODULE Kernel32Base; | |
| PVOID LoadLibAddress; | |
| displayMessage messageBoxPtr = NULL; | |
| BOOL runtimeLinkSucces = FALSE; | |
| if (PId != 0 && DllName != NULL) | |
| { | |
| DllPathLen = strlen(DllName); | |
| Kernel32Base = GetModuleHandleA("Kernel32.dll"); | |
| if (Kernel32Base == NULL) | |
| { | |
| std::cout << "kernel32.dll not found" << std::endl; | |
| return; | |
| } | |
| LoadLibAddress = GetProcAddress(Kernel32Base, "LoadLibraryA"); | |
| if (LoadLibAddress == NULL) | |
| { | |
| std::cout << "LoadLibraryA not found" << std::endl; | |
| return; | |
| } | |
| hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PId); | |
| if (hProcess == NULL) | |
| { | |
| std::cout << "hProcess handle not opened" << std::endl; | |
| return; | |
| } | |
| Alloc = VirtualAllocEx(hProcess, NULL, DllPathLen + 1, MEM_COMMIT, PAGE_READWRITE); | |
| if (Alloc == NULL) | |
| { | |
| std::cout << "no memory allocated for hProcess" << std::endl; | |
| return; | |
| } | |
| if (!WriteProcessMemory(hProcess, Alloc, DllName, DllPathLen + 1, NULL)) | |
| { | |
| std::cout << "didn't write dll to processmemory" << std::endl; | |
| return; | |
| } | |
| HANDLE remoteHandle = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibAddress, Alloc, 0, NULL); | |
| DWORD exitCode = 0; | |
| LPDWORD ptrExitcode = &exitCode; | |
| WaitForSingleObject(remoteHandle, INFINITE); | |
| GetExitCodeThread(remoteHandle, ptrExitcode); | |
| CloseHandle(hProcess); | |
| VirtualFreeEx(hProcess, Alloc, 0, MEM_RELEASE); | |
| std::cout << "end reached" << std::endl; | |
| } | |
| } | |
| DWORD get_PId( const char* ProcessName) { | |
| HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); | |
| PROCESSENTRY32 pe32; | |
| pe32.dwSize = sizeof(PROCESSENTRY32); | |
| if (hSnapshot != NULL) | |
| { | |
| if (Process32First(hSnapshot, &pe32)) { | |
| do | |
| { | |
| if (!strcmp(pe32.szExeFile, ProcessName)) | |
| { | |
| CloseHandle(hSnapshot); | |
| return pe32.th32ProcessID; | |
| } | |
| } while (Process32Next(hSnapshot, &pe32)); | |
| } | |
| CloseHandle(hSnapshot); | |
| } | |
| return 0; | |
| } | |
| int main(int argc, char* argv[]) | |
| { | |
| DWORD pid = get_PId("Calculator.exe"); | |
| std::cout << pid << std::endl; | |
| if (pid) { | |
| char dllName[] = "C:\\Users\\***\\Desktop\\VisualStudio\\#2\\DLL\\Dll3.dll"; | |
| std::cout << dllName << std::endl; | |
| inject_dll(pid, dllName); | |
| } | |
| system("PAUSE"); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment