krot

DLL Injector

Aug 27th, 2016
235
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #include <windows.h>
  2. #include <iostream>
  3. #include <tlhelp32.h>
  4. #define MAXWAIT 10000
  5.  
  6.  
  7. using namespace std;
  8.  
  9. int main()
  10. {
  11.     char exename[MAX_PATH];
  12.     char dllname[MAX_PATH];
  13.  
  14.     cout << "Welcome to PhyX injector v1.0" << endl;
  15.     Sleep(1000);
  16.     cout << "Please enter dll name Example: c:\\PhyX.dll\n" << endl;
  17.     cin >> dllname;
  18.     cout << "Dll name is:" << dllname << endl;
  19.     Sleep(1000);
  20.     cout << " Please enter window name of the processor example:notepad " << endl;
  21.     cin >> exename;
  22.     cout << "Widnow name is" << exename << endl;
  23.     Sleep(1000);
  24.  
  25.     BOOL bFound;
  26.     PROCESSENTRY32 pe;
  27.     HANDLE hSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
  28.     pe.dwSize=sizeof(pe);
  29.     bFound=Process32First(hSnap,&pe);
  30.     do {
  31.         if (strstr(pe.szExeFile,exename)) {
  32.             insertDll(pe.th32ProcessID, dllname); // c:\\PhyX.dll
  33.             cout << "Injection successful!" << endl;
  34.         }else{ cout << "Injection failed!" << endl; }
  35.  
  36.         pe.dwSize=sizeof(pe);
  37.         bFound=Process32Next(hSnap,&pe);
  38.     } while(bFound);
  39.     getchar();
  40. }
  41.  
  42.  
  43.  
  44. bool insertDll(DWORD procID, char *dll)
  45. {
  46.     //Find the address of the LoadLibrary api, luckily for us, it is loaded in the same address for every process
  47.     HMODULE hLocKernel32 = GetModuleHandle("Kernel32");
  48.     FARPROC hLocLoadLibrary = GetProcAddress(hLocKernel32, "LoadLibraryA");
  49.  
  50.     HANDLE hProc = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_VM_OPERATION, FALSE, procID);
  51.  
  52.     printf("prochandle %d %d\n",hProc,procID);
  53.     //Allocate memory to hold the path to the Dll File in the process's memory
  54.  
  55.     LPVOID hRemoteMem = VirtualAllocEx(hProc, NULL,strlen( dll)+1, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE);
  56.     printf("%x\n",hRemoteMem);
  57.  
  58.     //Write the path to the Dll File in the location just created
  59.     WriteProcessMemory(hProc, hRemoteMem, dll, strlen(dll)+1,0);
  60.  
  61.     //Create a remote thread that starts begins at the LoadLibrary function and is passed are memory pointer
  62.     HANDLE hRemoteThread = CreateRemoteThread(hProc, NULL, 0, (LPTHREAD_START_ROUTINE)hLocLoadLibrary, hRemoteMem, 0, NULL);
  63.  
  64.     //Release the handle to the other process
  65.     CloseHandle(hProc);
  66.  
  67.     return 0;
  68. }
Add Comment
Please, Sign In to add comment