-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathinjector.cpp
103 lines (76 loc) · 2.7 KB
/
injector.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#include <windows.h>
#include <iostream>
#include <tchar.h>
#pragma comment(lib, "shell32.lib")
// Inject a DLL with CreateRemoteThread
//====================================================
void inject_DLL(TCHAR *dllPath, HANDLE process)
{
LPVOID lpBaseAddress;
HANDLE hRemoteThread;
HMODULE kernel32;
FARPROC loadlibrary;
SIZE_T pathLen;
lpBaseAddress= NULL;
hRemoteThread= NULL;
loadlibrary= NULL;
kernel32= NULL;
pathLen= _tcslen(dllPath) * sizeof(TCHAR);
kernel32= GetModuleHandle(_T("kernel32.dll"));
loadlibrary= GetProcAddress(kernel32, _T("LoadLibraryA"));
lpBaseAddress= VirtualAllocEx(process, NULL, pathLen, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (lpBaseAddress == NULL)
std::cout << "VirtualAllocEx failed: " << GetLastError() << std::endl;
if (!WriteProcessMemory(process, lpBaseAddress, dllPath, pathLen, NULL))
std::cout << "WriteProcessMemory failed: " << GetLastError() << std::endl;
hRemoteThread= CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)(VOID *)loadlibrary, lpBaseAddress, NULL, 0);
if (hRemoteThread == NULL)
std::cout << "CreateRemoteThread failed: " << GetLastError() << std::endl;
WaitForSingleObject(hRemoteThread, INFINITE);
CloseHandle(hRemoteThread);
}
// Open a log generated by the monitor
//====================================================
void open_log(TCHAR *exePath)
{
TCHAR logPath[MAX_PATH + 4]= {0};
exePath[_tcslen(exePath) - 4]= '\0';
_tcscat(logPath, exePath);
_tcscat(logPath, "_log.txt");
ShellExecute(0, 0, logPath, 0, 0 , SW_SHOW );
}
// Entry: Createprocess (suspended) > inject > resume
//====================================================
int main(int argc, TCHAR *argv[])
{
STARTUPINFO si;
PROCESS_INFORMATION pi;
TCHAR *targetExe;
TCHAR *dllName;
TCHAR dllPath[MAX_PATH];
SIZE_T pathLen;
HANDLE serverThread;
if (argc < 3)
{
std::cout << "Not enough arguments\n" << "Usage: injector.exe <target> <dll>\n";
return 1;
}
targetExe= _T(argv[1]);
dllName= _T(argv[2]);
GetFullPathName(dllName, MAX_PATH, dllPath, NULL);
ZeroMemory( &si, sizeof(si));
ZeroMemory( &pi, sizeof(pi));
si.cb = sizeof(si);
if(!CreateProcess(NULL, targetExe, NULL, NULL, FALSE, CREATE_SUSPENDED | CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi))
{
std::cout << "CreateProcess failed: " << GetLastError() << std::endl;
return 1;
}
inject_DLL(dllPath, pi.hProcess);
ResumeThread(pi.hThread);
WaitForSingleObject(pi.hProcess, INFINITE);
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
open_log(targetExe);
return 0;
}