Last active
November 17, 2023 17:16
-
-
Save khang06/56e3c221769648132023daab9fd2bc39 to your computer and use it in GitHub Desktop.
Barebones launcher/injector for mhynot2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #define GAME_DIR L"D:\\Games\\Genshin Impact\\Genshin Impact game" | |
| #define DLL_PATH "C:\\Users\\Khang\\source\\repos\\mhynot2-rewritten\\x64\\Debug\\mhynot2-rewritten.dll" | |
| int main() { | |
| printf("hi\n"); | |
| SetCurrentDirectoryW(GAME_DIR); | |
| SetEnvironmentVariableW(L"__COMPAT_LAYER", L"RunAsInvoker"); // forcefully run as not admin | |
| STARTUPINFOW startup_info = {}; | |
| startup_info.cb = sizeof(startup_info); | |
| PROCESS_INFORMATION process_info = {}; | |
| SECURITY_ATTRIBUTES attrib = {}; | |
| attrib.nLength = sizeof(attrib); | |
| SECURITY_DESCRIPTOR desc = {}; | |
| auto shit = CreateProcessW( | |
| L"GenshinImpact.exe", | |
| NULL, | |
| NULL, | |
| NULL, | |
| FALSE, | |
| CREATE_SUSPENDED, | |
| NULL, | |
| NULL, | |
| &startup_info, | |
| &process_info | |
| ); | |
| if (shit == FALSE) { | |
| printf("CreateProcessW epic fail GLE 0x%x\n", GetLastError()); | |
| return 1; | |
| } | |
| auto loadlibrary = LoadLibraryA; // i actually had no idea that the address of kernel32 is the same between all processes | |
| const char* dll = DLL_PATH; | |
| auto mem = VirtualAllocEx(process_info.hProcess, NULL, strlen(dll) + 1, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); | |
| printf("LoadLibraryA %p\n", loadlibrary); | |
| printf("allocated path addr %p\n", mem); | |
| if (!mem) { | |
| printf("VirtualAllocEx epic fail GLE: 0x%x\n", GetLastError()); | |
| return 1; | |
| } | |
| WriteProcessMemory(process_info.hProcess, mem, dll, strlen(dll) + 1, NULL); | |
| auto new_thread = CreateRemoteThread( | |
| process_info.hProcess, | |
| NULL, | |
| NULL, | |
| (LPTHREAD_START_ROUTINE)loadlibrary, | |
| mem, | |
| NULL, | |
| NULL | |
| ); | |
| if (new_thread == NULL) { | |
| printf("CreateRemoteThread epic fail GLE: 0x%x\n", GetLastError()); | |
| return 1; | |
| } | |
| printf("waiting for the dll loading thread to exit\n"); | |
| WaitForSingleObject(new_thread, INFINITE); | |
| printf("looks like the dll injected properly, time to start the process\n"); | |
| if (ResumeThread(process_info.hThread) == -1) { | |
| printf("ResumeThread epic fail GLE: 0x%x\n", GetLastError()); | |
| return 1; | |
| } | |
| printf("everything seems to be good, cleaning up!\n"); | |
| VirtualFreeEx(process_info.hProcess, mem, 0, MEM_RELEASE); | |
| CloseHandle(new_thread); | |
| CloseHandle(process_info.hProcess); | |
| CloseHandle(process_info.hThread); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment