-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMain.cpp
More file actions
102 lines (86 loc) · 3.1 KB
/
Main.cpp
File metadata and controls
102 lines (86 loc) · 3.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#include <iostream>
#include <Windows.h>
// Ôóíêöèÿ äëÿ ïîëó÷åíèÿ äàííûõ îò ïîëüçîâàòåëÿ
template <typename T>
void getUserInput(const char* prompt, T& value) {
std::cout << prompt << ": ";
std::cin >> value;
}
// Ôóíêöèÿ äëÿ ïîëó÷åíèÿ ïóòè ê DLL
void getDLLpath(char* dll) {
getUserInput("Please enter the path to DLL-file", dll);
}
// Ôóíêöèÿ äëÿ ïîëó÷åíèÿ PID öåëåâîãî ïðîöåññà
void getPID(DWORD& PID) {
getUserInput("Enter the PID of your target process", PID);
}
// Ôóíêöèÿ äëÿ îòêðûòèÿ îáðàáîò÷èêà öåëåâîãî ïðîöåññà
HANDLE openProcess(DWORD pid) {
HANDLE handleToProc = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
return handleToProc;
}
// Ôóíêöèÿ èíúåêöèè DLL â öåëåâîé ïðîöåññ
bool injectDLL(DWORD PID, const char* dll) {
// Îòêðûâàåì îáðàáîò÷èê öåëåâîãî ïðîöåññà
HANDLE handleToProc = openProcess(PID);
if (!handleToProc) {
std::cout << "Unable to open process.\n";
return false;
}
// Ïîëó÷àåì àäðåñ ôóíêöèè LoadLibraryA èç kernel32.dll
LPVOID LoadLibAddr = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
if (!LoadLibAddr) {
std::cout << "Unable to get address of LoadLibraryA.\n";
CloseHandle(handleToProc);
return false;
}
// Ïîëó÷àåì äëèíó ïóòè ê DLL
int dllLength = strlen(dll) + 1;
// Âûäåëÿåì âèðòóàëüíóþ ïàìÿòü â öåëåâîì ïðîöåññå
LPVOID baseAddr = VirtualAllocEx(handleToProc, NULL, dllLength, MEM_DECOMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if (!baseAddr) {
std::cout << "Unable to allocate memory in the target process.\n";
CloseHandle(handleToProc);
return false;
}
// Çàïèñûâàåì ïóòü ê DLL â âûäåëåííóþ âèðòóàëüíóþ ïàìÿòü
if (!WriteProcessMemory(handleToProc, baseAddr, dll, dllLength, NULL)) {
std::cout << "Unable to write to target process memory.\n";
VirtualFreeEx(handleToProc, baseAddr, dllLength, MEM_RELEASE);
CloseHandle(handleToProc);
return false;
}
// Ñîçäàåì óäàëåííûé ïîòîê, âûçûâàÿ LoadLibraryA ñ ïóòåì ê DLL â êà÷åñòâå ïàðàìåòðà
HANDLE remThread = CreateRemoteThread(handleToProc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddr, baseAddr, 0, NULL);
if (!remThread) {
std::cout << "Unable to create a remote thread.\n";
VirtualFreeEx(handleToProc, baseAddr, dllLength, MEM_RELEASE);
CloseHandle(handleToProc);
return false;
}
// Æäåì çàâåðøåíèÿ óäàëåííîãî ïîòîêà
WaitForSingleObject(remThread, INFINITE);
// Îñâîáîæäàåì âûäåëåííóþ âèðòóàëüíóþ ïàìÿòü
VirtualFreeEx(handleToProc, baseAddr, dllLength, MEM_RELEASE);
CloseHandle(remThread);
CloseHandle(handleToProc);
return true;
}
int main() {
// Óñòàíàâëèâàåì çàãîëîâîê êîíñîëüíîãî îêíà
SetConsoleTitle("Injector - Release");
DWORD PID = -1;
char dll[255];
// Ïîëó÷àåì ïóòü ê DLL è PID îò ïîëüçîâàòåëÿ
getDLLpath(dll);
getPID(PID);
// Âûïîëíÿåì èíúåêöèþ DLL
if (injectDLL(PID, dll)) {
std::cout << "DLL injected successfully.\n";
}
else {
std::cout << "DLL injection failed.\n";
}
system("Pause");
return 0;
}