Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
method/function call gsc functions (vector/entity probably not working like 1.3) Updated kung's injector loop with file check
- Loading branch information
Showing
9 changed files
with
227 additions
and
78 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,62 +1,116 @@ | ||
#include <stdio.h> | ||
#define _WIN32_WINNT 0x500 | ||
#include <windows.h> | ||
#include <tlhelp32.h> | ||
#include <iostream> | ||
|
||
void EnableDebugPriv(); | ||
void CALLBACK WaitOrTimerCallback(PVOID lpParameter, BOOLEAN TimerOrWaitFired); | ||
int GetProcessByName(char *name, HANDLE *outProcessHandle, int *outProcessID); | ||
void InjectDLL(HANDLE hProcess, char *name); | ||
void WaitForProcessAndInjectDLL(char *name_process, char *name_dll); | ||
void LoopInjecting(); | ||
|
||
BOOL FileExists(LPCTSTR szPath) | ||
{ | ||
DWORD dwAttrib = GetFileAttributes(szPath); | ||
|
||
return (dwAttrib != INVALID_FILE_ATTRIBUTES && | ||
!(dwAttrib & FILE_ATTRIBUTE_DIRECTORY)); | ||
} | ||
|
||
void EnableDebugPriv() { | ||
HANDLE hToken; | ||
LUID luid; | ||
TOKEN_PRIVILEGES tkp; | ||
|
||
OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ); | ||
|
||
LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid ); | ||
|
||
tkp.PrivilegeCount = 1; | ||
tkp.Privileges[0].Luid = luid; | ||
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; | ||
|
||
AdjustTokenPrivileges( hToken, false, &tkp, sizeof( tkp ), NULL, NULL ); | ||
|
||
CloseHandle( hToken ); | ||
} | ||
|
||
int main( int, char *[] ) { | ||
void CALLBACK WaitOrTimerCallback(PVOID lpParameter, BOOLEAN TimerOrWaitFired) { | ||
//MessageBox(0, "The process has exited.", "INFO", MB_OK); | ||
LoopInjecting(); | ||
} | ||
|
||
int GetProcessByName(char *name, HANDLE *outProcessHandle, int *outProcessID) { | ||
PROCESSENTRY32 entry; | ||
entry.dwSize = sizeof( PROCESSENTRY32 ); | ||
|
||
HANDLE snapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, NULL ); | ||
if ( Process32First( snapshot, &entry ) != TRUE ) | ||
return 0; | ||
while (Process32Next( snapshot, &entry ) == TRUE) { | ||
if (stricmp( entry.szExeFile, name) != 0) | ||
continue; | ||
// printf("Found: %s\n", entry.szExeFile); | ||
// PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | ||
*outProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, entry.th32ProcessID); | ||
*outProcessID = entry.th32ProcessID; | ||
return 1; | ||
} | ||
CloseHandle( snapshot ); | ||
return 0; | ||
} | ||
|
||
if ( Process32First( snapshot, &entry ) == TRUE ) { | ||
while ( Process32Next( snapshot, &entry ) == TRUE ) { | ||
if ( stricmp( entry.szExeFile, "CoD2MP_s.exe" ) == 0 ) { | ||
std::cout << "Found CoD2MP_s.exe\n"; | ||
EnableDebugPriv(); | ||
|
||
char dirPath[MAX_PATH]; | ||
char fullPath[MAX_PATH]; | ||
|
||
GetCurrentDirectory( MAX_PATH, dirPath ); | ||
|
||
snprintf ( fullPath, MAX_PATH, "%s\\libcod_win.dll", dirPath ); | ||
|
||
std::cout << "Injecting: " << fullPath << "\n"; | ||
|
||
HANDLE hProcess = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, entry.th32ProcessID ); | ||
std::cout << "Process: " << entry.th32ProcessID << "\n"; | ||
LPVOID libAddr = (LPVOID)GetProcAddress( GetModuleHandle( "kernel32.dll" ), "LoadLibraryA" ); | ||
LPVOID llParam = (LPVOID)VirtualAllocEx( hProcess, NULL, strlen( fullPath ), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE ); | ||
void InjectDLL(HANDLE hProcess, char *name) { | ||
char dirPath[MAX_PATH]; | ||
char fullPath[MAX_PATH]; | ||
GetCurrentDirectory( MAX_PATH, dirPath ); | ||
snprintf ( fullPath, MAX_PATH, "%s\\%s", dirPath, name); | ||
|
||
if(FileExists(fullPath) == 1) | ||
{ | ||
printf("Injecting: %s\n", fullPath); | ||
LPVOID libAddr = (LPVOID)GetProcAddress( GetModuleHandle( "kernel32.dll" ), "LoadLibraryA" ); | ||
LPVOID llParam = (LPVOID)VirtualAllocEx( hProcess, NULL, strlen( fullPath ) + 1, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE ); | ||
printf("libAddr=%.8p llParam=%.8p\n", libAddr, llParam); | ||
bool written = WriteProcessMemory( hProcess, llParam, fullPath, strlen( fullPath ) + 1, NULL ); | ||
HANDLE threadID = CreateRemoteThread( hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)libAddr, llParam, NULL, NULL ); | ||
//CloseHandle( hProcess ); | ||
printf("Finished injecting DLL success=%d thread #%d\n", written, threadID); | ||
} | ||
else | ||
printf("File '%s' does not exist.\n", fullPath); | ||
} | ||
|
||
bool written = WriteProcessMemory( hProcess, llParam, fullPath, strlen( fullPath ), NULL ); | ||
HANDLE threadID = CreateRemoteThread( hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)libAddr, llParam, NULL, NULL ); | ||
CloseHandle( hProcess ); | ||
std::cout << "Finished injecting DLL (" << written << ") thread #" << threadID; | ||
} | ||
void WaitForProcessAndInjectDLL(char *name_process, char *name_dll) { | ||
printf("WaitForProcessAndInjectDLL(process=%s, dll=%s);\n", name_process, name_dll); | ||
HANDLE hProcess; | ||
int processID; | ||
while (1) { | ||
int ret = GetProcessByName(name_process, &hProcess, &processID); | ||
if (ret == 0) { | ||
printf("."); | ||
Sleep(1000); | ||
continue; | ||
} | ||
printf("\nprocessID=%d\n", processID); | ||
InjectDLL(hProcess, name_dll); | ||
HANDLE hNewHandle; | ||
RegisterWaitForSingleObject(&hNewHandle, hProcess, WaitOrTimerCallback, NULL, INFINITE, WT_EXECUTEONLYONCE); | ||
break; | ||
} | ||
} | ||
|
||
CloseHandle( snapshot ); | ||
int argc; | ||
char **argv; | ||
void LoopInjecting() { | ||
// CoD2MP_s.exe | ||
WaitForProcessAndInjectDLL(argv[1], argv[2]); // process, dll | ||
} | ||
int main(int c, char **v) { | ||
argc = c; | ||
argv = v; | ||
if (argc < 2) { | ||
printf("Please provide process-name and dll-name!\nExample: InjectDLL SERVER.exe libcod2_1_3.dll"); | ||
getchar(); | ||
return 1; | ||
} | ||
EnableDebugPriv(); | ||
LoopInjecting(); | ||
getchar(); | ||
|
||
return 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.