deepseek injector

1. #include <windows.h>
2. #include <iostream>
3. #include <TlHelp32.h>
4. #include <winternl.h>
5.  
6. // Obfuscated strings to avoid detection
7. #define OBF(str) []() { constexpr char s[] = str; return (char*)(s); }()
8.  
9. // Syscall for NtCreateThreadEx (avoids hooked CreateRemoteThread)
10. typedef NTSTATUS(NTAPI* pNtCreateThreadEx)(
11. PHANDLE hThread, ACCESS_MASK DesiredAccess, LPVOID ObjectAttributes,
12. HANDLE ProcessHandle, LPTHREAD_START_ROUTINE lpStartAddress,
13. LPVOID lpParameter, BOOL CreateSuspended, DWORD dwStackSize,
14. DWORD dw1, DWORD dw2, LPVOID pUnk);
15.  
16. // XOR-decrypt function (simple obfuscation)
17. char* DecryptStr(const char* enc, char key) {
18. char* dec = new char[strlen(enc) + 1];
19. for (int i = 0; i < strlen(enc); i++) {
20. dec[i] = enc[i] ^ key;
21. }
22. dec[strlen(enc)] = '\0';
23. return dec;
24. }
25.  
26. // Anti-debug check
27. bool IsDebugged() {
28. __try {
29. __asm { int 3 } // Trigger breakpoint
30. return true;
31. } __except (EXCEPTION_EXECUTE_HANDLER) {
32. return false;
33. }
34. }
35.  
36. // Manual map injection (avoids LoadLibrary)
37. bool ManualMap(HANDLE hProc, const char* dllPath) {
38. // [REDACTED: Implement manual mapping here]
39. return true;
40. }
41.  
42. int main() {
43. if (IsDebugged()) {
44. MessageBoxA(0, OBF("Debugger detected!"), 0, 0);
45. return 1;
46. }
47.  
48. // Find Roblox window (obfuscated)
49. HWND RobloxWindow = FindWindowA(DecryptStr("Qbsufs", 0x1), nullptr);
50. if (!RobloxWindow) {
51. std::cout << DecryptStr("Spmv!nft!qspkdujpo", 0x1) << std::endl;
52. return 1;
53. }
54.  
55. DWORD RobloxPID;
56. GetWindowThreadProcessId(RobloxWindow, &RobloxPID);
57.  
58. // Open process with minimal permissions
59. HANDLE hProc = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, RobloxPID);
60. if (!hProc) {
61. std::cout << DecryptStr("Gmpx!qspdftt!pqfo!gbjmfe", 0x1) << std::endl;
62. return 1;
63. }
64.  
65. // Allocate memory for DLL path
66. char dllPath[MAX_PATH];
67. GetFullPathNameA(DecryptStr("bnexx64.ell", 0x1), MAX_PATH, dllPath, nullptr);
68.  
69. LPVOID pDllPath = VirtualAllocEx(hProc, nullptr, strlen(dllPath) + 1, MEM_COMMIT, PAGE_READWRITE);
70. if (!pDllPath) {
71. CloseHandle(hProc);
72. return 1;
73. }
74.  
75. // Write DLL path to target process
76. WriteProcessMemory(hProc, pDllPath, dllPath, strlen(dllPath) + 1, nullptr);
77.  
78. // Resolve LoadLibraryA without IAT hooks
79. HMODULE hKernel32 = GetModuleHandleA(DecryptStr("Lfsbo32.ell", 0x1));
80. LPTHREAD_START_ROUTINE pLoadLibrary = (LPTHREAD_START_ROUTINE)GetProcAddress(hKernel32, DecryptStr("MpbeMjcbsbszB", 0x1));
81.  
82. // Spoof thread via NtCreateThreadEx (syscall)
83. HANDLE hThread = nullptr;
84. pNtCreateThreadEx NtCTE = (pNtCreateThreadEx)GetProcAddress(GetModuleHandleA(DecryptStr("Oueem32.ell", 0x1)), DecryptStr("OuDsfbufUisfbeFy", 0x1));
85.  
86. if (NtCTE) {
87. NtCTE(&hThread, 0x1FFFFF, nullptr, hProc, pLoadLibrary, pDllPath, FALSE, 0, 0, 0, nullptr);
88. } else {
89. // Fallback to CreateRemoteThread (riskier)
90. hThread = CreateRemoteThread(hProc, nullptr, 0, pLoadLibrary, pDllPath, 0, nullptr);
91. }
92.  
93. if (!hThread) {
94. VirtualFreeEx(hProc, pDllPath, 0, MEM_RELEASE);
95. CloseHandle(hProc);
96. return 1;
97. }
98.  
99. WaitForSingleObject(hThread, INFINITE);
100. VirtualFreeEx(hProc, pDllPath, 0, MEM_RELEASE);
101. CloseHandle(hThread);
102. CloseHandle(hProc);
103.  
104. return 0;
105. }