Advertisement
Wolfrost

Little injector made based on tutorial/source code

May 19th, 2016
303
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #include "Injector.h"
  2.  
  3. HANDLE CInjector::GetProcessByName(const std::string& strProcessName)
  4. {
  5.     PROCESSENTRY32 ProcessInfo;
  6.     ProcessInfo.dwSize = sizeof(PROCESSENTRY32);
  7.  
  8.     HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
  9.     if (hSnapshot == INVALID_HANDLE_VALUE) return NULL;
  10.  
  11.     Process32First(hSnapshot, &ProcessInfo);
  12.     if (strProcessName.find(ProcessInfo.szExeFile) != std::string::npos)
  13.     {
  14.         CloseHandle(hSnapshot);
  15.         if (!ProcessInfo.th32ProcessID) return NULL;
  16.         return OpenProcess(PROCESS_ALL_ACCESS, 0, ProcessInfo.th32ProcessID);
  17.     }
  18.  
  19.     while (Process32Next(hSnapshot, &ProcessInfo))
  20.     {
  21.         if (strProcessName.find(ProcessInfo.szExeFile) != std::string::npos)
  22.         {
  23.             CloseHandle(hSnapshot);
  24.             if (!ProcessInfo.th32ProcessID) return NULL;
  25.             //return OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION, PROCESS_VM_READ, ProcessInfo.th32ProcessID);
  26.             return OpenProcess(PROCESS_ALL_ACCESS, 0, ProcessInfo.th32ProcessID);
  27.         }
  28.     }
  29.  
  30.     CloseHandle(hSnapshot);
  31.     return NULL;
  32. }
  33.  
  34. bool CInjector::SetPrivilege(const std::string& strNamePrivilege, bool bEnableTF)
  35. {
  36.     HANDLE hToken;
  37.     LUID SeValue;
  38.     TOKEN_PRIVILEGES TokenPrivileges;
  39.  
  40.     if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
  41.         return false;
  42.  
  43.     if (!LookupPrivilegeValue(NULL, strNamePrivilege.c_str(), &SeValue))
  44.     {
  45.         CloseHandle(hToken);
  46.         return false;
  47.     }
  48.  
  49.     TokenPrivileges.PrivilegeCount = 1;
  50.     TokenPrivileges.Privileges[0].Luid = SeValue;
  51.     TokenPrivileges.Privileges[0].Attributes = bEnableTF ? SE_PRIVILEGE_ENABLED : 0;
  52.  
  53.     AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TokenPrivileges), NULL, NULL);
  54.     CloseHandle(hToken);
  55.     return true;
  56. }
  57.  
  58. bool CInjector::Inject(const std::string& strModulePath, const std::string& strProcessName)
  59. {
  60.     LPVOID lpRemoteString, lpLoadLibrary;
  61.     HANDLE hThread, hProcess;
  62.     DWORD dwOutput;
  63.  
  64.     if (!SetPrivilege("SeDebugPrivilege", true)) return false;
  65.  
  66.     hProcess = GetProcessByName(strProcessName);
  67.     if (!hProcess) return false;
  68.  
  69.     lpLoadLibrary = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
  70.     if (!lpLoadLibrary) return false;
  71.  
  72.     lpRemoteString = (LPVOID)VirtualAllocEx(hProcess, NULL, strlen(strModulePath.c_str()), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
  73.     if (!lpRemoteString) return false;
  74.  
  75.     if (!WriteProcessMemory(hProcess, (LPVOID)lpRemoteString, strModulePath.c_str(), strlen(strModulePath.c_str()), NULL))
  76.         return false;
  77.  
  78.     hThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)lpLoadLibrary, (LPVOID)lpRemoteString, NULL, NULL);
  79.     if (!hThread) return false;
  80.     else
  81.     {
  82.         while (GetExitCodeThread(hThread, &dwOutput))
  83.             if (dwOutput != STILL_ACTIVE) break;
  84.     }
  85.  
  86.     CloseHandle(hThread);
  87.     CloseHandle(hProcess);
  88.  
  89.     return true;
  90. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement