MessageBox Hook - Injector

1. // inject.cpp : Defines the entry point for the console application.
2. //
3. #include <windows.h>
4. #include <tlhelp32.h>
5. #include <shlwapi.h>
6. #include <conio.h>
7. #include <stdio.h>
8. #include <comdef.h>
9.  
10. #define WIN32_LEAN_AND_MEAN
11. #define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
12.  
13.  
14. BOOL Inject(DWORD pID, const char * DLL_NAME);
15. DWORD GetTargetThreadIDFromProcName(const char * ProcName);
16.  
17. int main(int argc, char * argv[])
18. {
19. //###############  CHANGE HERE ONLY   ###################
20.     char *Target_Process = "victim.exe"; //###
21. //#######################################################
22.  
23.    
24.  
25.     char *buf;
26.     DWORD pID = GetTargetThreadIDFromProcName(Target_Process);
27.     buf = "C:\\DllRedirectAPI.dll";
28.  
29.    if(!Inject(pID, buf))
30.    {
31.  
32.         printf("DLL Not Loaded!");
33.     }else{
34.         printf("DLL is Injected in torget Process");
35.     }
36.  
37.     _getch();
38.    return 0;
39. }
40.  
41. BOOL Inject(DWORD pID, const char * DLL_NAME)
42. {
43.    HANDLE Proc;
44.    char buf[50] = {0};
45.    LPVOID RemoteString, LoadLibAddy;
46.  
47.    if(!pID)
48.       return false;
49.  
50.    Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
51.    if(!Proc)
52.    {
53.       sprintf(buf, "OpenProcess() failed: %d", GetLastError());
54.       printf(buf);
55.       return false;
56.    }
57.    
58.    LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")), "LoadLibraryA");
59.  
60.    RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
61.  
62.    WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL);
63.  
64.    // Load our DLL
65.    CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL);
66.  
67.    CloseHandle(Proc);
68.    return true;
69. }
70.  
71. DWORD GetTargetThreadIDFromProcName(const char * ProcName)
72. {
73.    PROCESSENTRY32 pe;
74.    HANDLE thSnapShot;
75.    BOOL retval, ProcFound = false;
76.  
77.    thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
78.    if(thSnapShot == INVALID_HANDLE_VALUE)
79.    {
80.       printf("Error: Unable create toolhelp snapshot!");
81.       return false;
82.    }
83.  
84.    pe.dwSize = sizeof(PROCESSENTRY32);
85.    
86.    retval = Process32First(thSnapShot, &pe);
87.    while(retval)
88.    {
89.       if(_bstr_t(pe.szExeFile) == _bstr_t(ProcName) )
90.       {
91.          return pe.th32ProcessID;
92.       }
93.       retval = Process32Next(thSnapShot, &pe);
94.    }
95.    return 0;
96. }