puppis42/InjectDLL.cpp

## InjectDLL.cpp
#include <Windows.h>

BOOL InjectDLL(DWORD procID, const char* dllPath)
{
	BOOL WPM = 0;
	HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);
	if (hProc == INVALID_HANDLE_VALUE)
	{
		return -1;
	}

	void* loc = VirtualAllocEx(hProc, 0, MAX_PATH, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
	WPM = WriteProcessMemory(hProc, loc, dllPath, strlen(dllPath) + 1, 0);
	if (!WPM)
	{
		CloseHandle(hProc);
		return -2;
	}

	HANDLE hThread = CreateRemoteThread(hProc, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, loc, 0, 0);
	if (!hThread)
	{
		VirtualFree(loc, strlen(dllPath) + 1, MEM_RELEASE);
		CloseHandle(hProc);
		return -3;
	}

	CloseHandle(hProc);
	VirtualFree(loc, strlen(dllPath) + 1, MEM_RELEASE);
	CloseHandle(hThread);

	return 0;
}

BOOL SetPrivilege(
	HANDLE hToken,
	LPCTSTR lpszPrivilege,
	BOOL bEnablePrivilege
)
{
	TOKEN_PRIVILEGES tp;
	LUID luid;

	if (!LookupPrivilegeValue(
		NULL,
		lpszPrivilege,
		&luid))
	{
		return FALSE;
	}

	tp.PrivilegeCount = 1;
	tp.Privileges[0].Luid = luid;
	if (bEnablePrivilege)
		tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
	else
		tp.Privileges[0].Attributes = 0;

	if (!AdjustTokenPrivileges(
		hToken,
		FALSE,
		&tp,
		sizeof(TOKEN_PRIVILEGES),
		(PTOKEN_PRIVILEGES)NULL,
		(PDWORD)NULL))
	{
		return FALSE;
	}

	if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)

	{
		return FALSE;
	}

	return TRUE;
}

int main()
{
	BOOL isOK;
	HANDLE hToken;
	HANDLE hCurrentProcess;
	hCurrentProcess = GetCurrentProcess();
	isOK = OpenProcessToken(hCurrentProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
	SetPrivilege(hToken, SE_DEBUG_NAME, TRUE);

	InjectDLL(436, "C:\\Users\\uname\\Desktop\\dll.dll");
}
	#include <Windows.h>

	BOOL InjectDLL(DWORD procID, const char* dllPath)
	{
	BOOL WPM = 0;
	HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);
	if (hProc == INVALID_HANDLE_VALUE)
	{
	return -1;
	}

	void* loc = VirtualAllocEx(hProc, 0, MAX_PATH, MEM_COMMIT \| MEM_RESERVE, PAGE_READWRITE);
	WPM = WriteProcessMemory(hProc, loc, dllPath, strlen(dllPath) + 1, 0);
	if (!WPM)
	{
	CloseHandle(hProc);
	return -2;
	}

	HANDLE hThread = CreateRemoteThread(hProc, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, loc, 0, 0);
	if (!hThread)
	{
	VirtualFree(loc, strlen(dllPath) + 1, MEM_RELEASE);
	CloseHandle(hProc);
	return -3;
	}

	CloseHandle(hProc);
	VirtualFree(loc, strlen(dllPath) + 1, MEM_RELEASE);
	CloseHandle(hThread);

	return 0;
	}

	BOOL SetPrivilege(
	HANDLE hToken,
	LPCTSTR lpszPrivilege,
	BOOL bEnablePrivilege
	)
	{
	TOKEN_PRIVILEGES tp;
	LUID luid;

	if (!LookupPrivilegeValue(
	NULL,
	lpszPrivilege,
	&luid))
	{
	return FALSE;
	}

	tp.PrivilegeCount = 1;
	tp.Privileges[0].Luid = luid;
	if (bEnablePrivilege)
	tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
	else
	tp.Privileges[0].Attributes = 0;

	if (!AdjustTokenPrivileges(
	hToken,
	FALSE,
	&tp,
	sizeof(TOKEN_PRIVILEGES),
	(PTOKEN_PRIVILEGES)NULL,
	(PDWORD)NULL))
	{
	return FALSE;
	}

	if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)

	{
	return FALSE;
	}

	return TRUE;
	}

	int main()
	{
	BOOL isOK;
	HANDLE hToken;
	HANDLE hCurrentProcess;
	hCurrentProcess = GetCurrentProcess();
	isOK = OpenProcessToken(hCurrentProcess, TOKEN_ADJUST_PRIVILEGES \| TOKEN_QUERY, &hToken);
	SetPrivilege(hToken, SE_DEBUG_NAME, TRUE);

	InjectDLL(436, "C:\\Users\\uname\\Desktop\\dll.dll");
	}