-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathInjector.c
127 lines (95 loc) · 2.99 KB
/
Injector.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
#define DesiredAccess (PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD)
void error(LPCSTR FunctionName)
{
printf("[-] %s Failed\n", FunctionName);
printf("[-] GetLastError : %d\n", GetLastError());
}
DWORD GetPID() {
HANDLE hProcess = NULL;
PROCESSENTRY32 pe32 = { 0 };
hProcess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
pe32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hProcess, &pe32)) {
do {
if (!wcscmp(pe32.szExeFile, TEXT("Target.exe"))) {
return pe32.th32ProcessID;
}
} while (Process32Next(hProcess, &pe32));
}
return 0xFFFFFFFF;
}
int main(int argc, char* argv[])
{
DWORD PID = 0xFFFFFFFF;
while (TRUE) {
PID = GetPID();
if (PID != 0xFFFFFFFF) {
break;
}
else {
printf("[-] NOT FOUND PROCESS..\n");
Sleep(1000);
}
}
char* p = "[PATH]\\HookDLL.dll"; //Change
LPCSTR Path = p;
size_t length = strlen(Path);
system("cls");
printf("[+] PROCESS FOUND!\n\n");
printf("[*] Attempting To Get The Target Process' Permissions...\n\n");
HANDLE hProcess = OpenProcess(DesiredAccess, FALSE, PID);
if (hProcess == NULL)
{
error("OpenProcess");
return -1;
}
printf("[*] OpenProcess Complete!\n");
printf("[+] Process Handle : 0x%X\n\n", hProcess);
PVOID PathAddress = VirtualAllocEx(hProcess, NULL, length, MEM_COMMIT, PAGE_READWRITE);
if (PathAddress == NULL)
{
error("VirtualAllocEx");
return -1;
}
printf("[*] Allocating Buffer To The Target Process Complete!\n");
printf("[+] Buffer Address : 0x%p\n\n", PathAddress);
printf("[*] Writing DLL Path...\n");
if (WriteProcessMemory(hProcess, PathAddress, Path, length, NULL) == FALSE)
{
error("WriteProcessMemory");
return -1;
}
printf("[*] Writing DLL Path Complete!\n\n");
printf("[*] Finding Kernel32.dll...\n");
HMODULE hKernel32 = GetModuleHandleA("kernel32.dll");
if (hKernel32 == NULL)
{
error("GetModuleHandleA");
return -1;
}
printf("[*] Kernel32.dll Found!\n");
printf("[+] Kernel32.dll : 0x%p\n\n", hKernel32);
printf("[*] Finding LoadLibraryA()...\n");
FARPROC lpLoadLibraryA = GetProcAddress(hKernel32, "LoadLibraryA");
if (lpLoadLibraryA == NULL)
{
error("GetProcAddress");
return -1;
}
printf("[*] LoadLibraryA() Found!\n");
printf("[+] LoadLibraryA() : 0x%p\n\n", lpLoadLibraryA);
HANDLE hThread = CreateRemoteThread(hProcess, NULL, NULL, lpLoadLibraryA, PathAddress, 0, NULL);
if (hThread == NULL)
{
error("CreateRemoteThread");
return -1;
}
WaitForSingleObject(hThread, INFINITE);
printf("[+] DLL Injection Complete!!\n\n");
return 0;
}