1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
#include <iostream>
#include <string>
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
const std::string process_name = "console_target.exe";
int main(int argc, char* argv[])
{
const DWORD BUFSIZE = 4096;
TCHAR dllPath[BUFSIZE] = TEXT("");
TCHAR size = GetFullPathName(_T("DLL.dll"), BUFSIZE, dllPath, NULL);
std::wstring processName(process_name.begin(), process_name.end());
PROCESSENTRY32 processInfo;
processInfo.dwSize = sizeof(processInfo);
HANDLE processesSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (processesSnapshot == INVALID_HANDLE_VALUE)
{
std::cerr << "Failed to create the processes snapshot: " << GetLastError() << std::endl;
system("pause");
return EXIT_FAILURE;
}
DWORD procID = -1;
Process32First(processesSnapshot, &processInfo);
if (!processName.compare(processInfo.szExeFile))
{
CloseHandle(processesSnapshot);
procID = processInfo.th32ProcessID;
}
while (Process32Next(processesSnapshot, &processInfo))
{
if (!processName.compare(processInfo.szExeFile))
{
CloseHandle(processesSnapshot);
procID = processInfo.th32ProcessID;
}
}
if (procID == -1)
{
CloseHandle(processesSnapshot);
std::cerr << "Failed to get the process ID: " << GetLastError() << std::endl;
system("pause");
return EXIT_FAILURE;
}
HANDLE process = OpenProcess(PROCESS_CREATE_THREAD
| PROCESS_QUERY_INFORMATION
| PROCESS_VM_OPERATION
| PROCESS_VM_WRITE
| PROCESS_VM_READ, FALSE, procID);
if (process == INVALID_HANDLE_VALUE)
{
std::cerr << "Failed to open the process: " << GetLastError() << std::endl;
system("pause");
return EXIT_FAILURE;
}
LPVOID remoteDllAddr = VirtualAllocEx(process, NULL, wcslen(dllPath) + 1, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (!WriteProcessMemory(process, remoteDllAddr, dllPath, wcslen(dllPath) + 1, NULL))
{
std::cerr << "Failed to write in the process memory: " << GetLastError() << std::endl;
system("pause");
return EXIT_FAILURE;
}
FARPROC startAddr = GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")), "LoadLibraryA");
HANDLE rThread = CreateRemoteThread(process, NULL, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(startAddr), remoteDllAddr, 0, NULL);
WaitForSingleObject(rThread, INFINITE);
if (rThread == INVALID_HANDLE_VALUE)
{
std::cerr << "Failed to create the remote thread: " << GetLastError() << std::endl;
system("pause");
return EXIT_FAILURE;
}
CloseHandle(process);
std::cout << "The dll have been successfully injected" << std::endl;
system("pause");
return EXIT_SUCCESS;
} |
Problème Injection Dll Windows
Répondre avec citation
Partager