Jump to content
Nytro

Codecave injector

Recommended Posts

Posted

[h=1]My codecave injector[/h] Started By zwclose7, Yesterday, 04:57 AM

[h=3]zwclose7 This is my first codecave injector. It inject a codecave into another process. The injected codecave will play a beep sound, and than display a message box.[/h]

#include <iostream>
#include <Windows.h>

using namespace std;

typedef BOOL (WINAPI *fnBeep)(DWORD,DWORD);
typedef int (WINAPI *fnMessageBoxA)(HWND,LPCSTR,LPCSTR,UINT);

struct PARAMETERS{
DWORD BEEP;
DWORD MSGBOX;
DWORD freq;
DWORD time;
HWND hWnd;
char text[60];
char title[60];
UINT type;
};

static DWORD ThreadProc(PARAMETERS * data){
fnBeep beep=(fnBeep)data->BEEP;
fnMessageBoxA msgbox=(fnMessageBoxA)data->MSGBOX;
beep(data->freq,data->time);
msgbox(data->hWnd,data->text,data->title,data->type);
return 0;
}

static DWORD Useless(){
return 0;
}

int main(){
DWORD PID;
DWORD TID;
DWORD exts;
HANDLE hToken;
LUID luid;
LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid);
TOKEN_PRIVILEGES tp;
tp.Privileges[0].Luid=luid;
tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
tp.PrivilegeCount=1;
OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken);
AdjustTokenPrivileges(hToken,false,&tp,sizeof(tp),NULL,NULL);
PARAMETERS data;
data.freq=1000;
data.time=1000;
data.hWnd=0;
strcpy(data.text,"Hello world");
strcpy(data.title,"Codecave");
data.type=MB_ICONINFORMATION;
HMODULE k32=LoadLibrary("kernel32.dll");
HMODULE u32=LoadLibrary("user32.dll");
data.BEEP=(DWORD)GetProcAddress(k32,"Beep");
data.MSGBOX=(DWORD)GetProcAddress(u32,"MessageBoxA");
DWORD SizeofProc=(LPBYTE)Useless-(LPBYTE)ThreadProc;
cout <<"Enter PID: ";
cin >>PID;
HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);
if(hProcess==NULL){
cout <<"\nUnable to open process handle.\n\n";
return 1;
}
cout <<"\nProcess handle opened.\n\n";
cout <<"Allocating memory for thread data.\n\n";
HANDLE pData=VirtualAllocEx(hProcess,NULL,256,MEM_COMMIT,PAGE_READWRITE);
if(pData==NULL){
cout <<"Unable to allocate memory for thread data.\n\n";
CloseHandle(hProcess);
return 1;
}
cout <<"Allocating memory for thread code.\n\n";
HANDLE code=VirtualAllocEx(hProcess,NULL,256,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
if(code==NULL){
cout <<"Unable to allocate memory for thread code.\n\n";
CloseHandle(hProcess);
return 1;
}
cout <<"Writing thread data to target process.\n\n";
if(!WriteProcessMemory(hProcess,pData,&data,sizeof(data),NULL)){
cout <<"Unable to write thread data to target process.\n\n";
CloseHandle(hProcess);
return 1;
}
cout <<"Writing thread code to target process.\n\n";
if(!WriteProcessMemory(hProcess,code,(void*)ThreadProc,SizeofProc,NULL)){
cout <<"Unable to write thread code to target process.\n\n";
CloseHandle(hProcess);
return 1;
}
cout <<"Data address: "<<pData<<"\n\n";
cout <<"Code address: "<<code<<"\n\n";
cout <<"Creating remote thread within target process.\n\n";
HANDLE hThread=CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)code,pData,0,&TID);
if(hThread==NULL){
cout <<"Unable to create remote thread within target process.\n\n";
CloseHandle(hProcess);
return 1;
}
cout <<"Thread created. Thread ID: "<<TID<<"\n\n";
cout <<"Waiting for the thread to terminate.\n\n";
WaitForSingleObject(hThread,INFINITE);
GetExitCodeThread(hThread,&exts);
cout <<"Thread terminated with status code "<<exts<<".\n\n";
cout <<"Closing thread handle.\n\n";
CloseHandle(hThread);
cout <<"Closing process handle.\n\n";
CloseHandle(hProcess);
return 0;
}

Sursa: My codecave injector - rohitab.com - Forums

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...