Description // Info
Source Code
- #define PROCESS_NAME \"target.exe\"
- #define DLL_NAME \"injected.dll\"
- //I could just use PROCESS_ALL_ACCESS but it\'s always best to use the absolute bare minimum of
- //priveleges, so that your code works in as
- //many circumstances as possible.
- #define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD |
- PROCESS_QUERY_INFORMATION |
- PROCESS_VM_OPERATION |
- PROCESS_VM_WRITE |
- PROCESS_VM_READ
- )
- BOOL WriteProcessBYTES(HANDLE hProcess,LPVOID lpBaseAddress,LPCVOID lpBuffer,SIZE_T nSize);
- BOOL LoadDll(char *procName, char *dllName);
- BOOL InjectDLL(DWORD ProcessID, char *dllName);
- unsigned long GetTargetProcessIdFromProcname(char *procName);
- bool IsWindowsNT()
- {
- // check current version of Windows
- DWORD version = GetVersion();
- // parse return
- DWORD majorVersion = (DWORD)(LOBYTE(LOWORD(version)));
- DWORD minorVersion = (DWORD)(HIBYTE(LOWORD(version)));
- return (version < 0x80000000);
- }
- int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)
- {
- if(IsWindowsNT())
- LoadDll(PROCESS_NAME, DLL_NAME);
- else
- MessageBox(0, \"Your system does not support this method\", \"Error!\", 0);
- return 0;
- }
- BOOL LoadDll(char *procName, char *dllName)
- {
- DWORD ProcID = 0;
- ProcID = GetProcID(procName);
- if(!(InjectDLL(ProcID, dllName)))
- MessageBox(NULL, \"Process located, but injection failed\", \"Loader\", NULL);
- return true;
- }
- BOOL InjectDLL(DWORD ProcessID, char *dllName)
- {
- HANDLE Proc;
- char buf[50]={0};
- LPVOID RemoteString, LoadLibAddy;
- if(!ProcessID)
- return false;
- Proc = OpenProcess(CREATE_THREAD_ACCESS, FALSE, ProcessID);
- if(!Proc)
- {
- sprintf(buf, \"OpenProcess() failed: %d\", GetLastError());
- MessageBox(NULL, buf, \"Loader\", NULL);
- return false;
- }
- LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle(\"kernel32.dll\"), \"LoadLibraryA\");
- RemoteString = (LPVOID)VirtualAllocEx(Proc,
- NULL,
- strlen(DLL_NAME),
- MEM_RESERVE|MEM_COMMIT,
- PAGE_READWRITE
- );
- WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME,strlen(DLL_NAME), NULL);
- CreateRemoteThread(Proc,
- NULL,
- NULL,
- (LPTHREAD_START_ROUTINE)LoadLibAddy,
- (LPVOID)RemoteString,
- NULL,
- NULL
- );
- CloseHandle(Proc);
- return true;
- }
- unsigned long GetTargetProcessIdFromProcname(char *procName)
- {
- PROCESSENTRY32 pe;
- HANDLE thSnapshot;
- BOOL retval, ProcFound = false;
- thSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
- if(thSnapshot == INVALID_HANDLE_VALUE)
- {
- MessageBox(NULL, \"Error: unable to create toolhelp snapshot\", \"Loader\", NULL);
- return false;
- }
- pe.dwSize = sizeof(PROCESSENTRY32);
- retval = Process32First(thSnapshot, &pe);
- while(retval)
- {
- if(StrStrI(pe.szExeFile, procName) )
- {
- ProcFound = true;
- break;
- }
- retval = Process32Next(thSnapshot,&pe);
- pe.dwSize = sizeof(PROCESSENTRY32);
- }
- return pe.th32ProcessID;
- }
0 comentarios:
Publicar un comentario