Nytro Posted January 27, 2013 Report Posted January 27, 2013 [h=1]My codecave injector[/h] Started By zwclose7, Yesterday, 04:57 AM [h=3]zwclose7 This is my first codecave injector. It inject a codecave into another process. The injected codecave will play a beep sound, and than display a message box.[/h]#include <iostream>#include <Windows.h>using namespace std;typedef BOOL (WINAPI *fnBeep)(DWORD,DWORD);typedef int (WINAPI *fnMessageBoxA)(HWND,LPCSTR,LPCSTR,UINT);struct PARAMETERS{DWORD BEEP;DWORD MSGBOX;DWORD freq;DWORD time;HWND hWnd;char text[60];char title[60];UINT type;};static DWORD ThreadProc(PARAMETERS * data){fnBeep beep=(fnBeep)data->BEEP;fnMessageBoxA msgbox=(fnMessageBoxA)data->MSGBOX;beep(data->freq,data->time);msgbox(data->hWnd,data->text,data->title,data->type);return 0;}static DWORD Useless(){return 0;}int main(){DWORD PID;DWORD TID;DWORD exts;HANDLE hToken;LUID luid;LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid);TOKEN_PRIVILEGES tp;tp.Privileges[0].Luid=luid;tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;tp.PrivilegeCount=1;OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken);AdjustTokenPrivileges(hToken,false,&tp,sizeof(tp),NULL,NULL);PARAMETERS data;data.freq=1000;data.time=1000;data.hWnd=0;strcpy(data.text,"Hello world");strcpy(data.title,"Codecave");data.type=MB_ICONINFORMATION;HMODULE k32=LoadLibrary("kernel32.dll");HMODULE u32=LoadLibrary("user32.dll");data.BEEP=(DWORD)GetProcAddress(k32,"Beep");data.MSGBOX=(DWORD)GetProcAddress(u32,"MessageBoxA");DWORD SizeofProc=(LPBYTE)Useless-(LPBYTE)ThreadProc;cout <<"Enter PID: ";cin >>PID;HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);if(hProcess==NULL){cout <<"\nUnable to open process handle.\n\n";return 1;}cout <<"\nProcess handle opened.\n\n";cout <<"Allocating memory for thread data.\n\n";HANDLE pData=VirtualAllocEx(hProcess,NULL,256,MEM_COMMIT,PAGE_READWRITE);if(pData==NULL){cout <<"Unable to allocate memory for thread data.\n\n";CloseHandle(hProcess);return 1;}cout <<"Allocating memory for thread code.\n\n";HANDLE code=VirtualAllocEx(hProcess,NULL,256,MEM_COMMIT,PAGE_EXECUTE_READWRITE);if(code==NULL){cout <<"Unable to allocate memory for thread code.\n\n";CloseHandle(hProcess);return 1;}cout <<"Writing thread data to target process.\n\n";if(!WriteProcessMemory(hProcess,pData,&data,sizeof(data),NULL)){cout <<"Unable to write thread data to target process.\n\n";CloseHandle(hProcess);return 1;}cout <<"Writing thread code to target process.\n\n";if(!WriteProcessMemory(hProcess,code,(void*)ThreadProc,SizeofProc,NULL)){cout <<"Unable to write thread code to target process.\n\n";CloseHandle(hProcess);return 1;}cout <<"Data address: "<<pData<<"\n\n";cout <<"Code address: "<<code<<"\n\n";cout <<"Creating remote thread within target process.\n\n";HANDLE hThread=CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)code,pData,0,&TID);if(hThread==NULL){cout <<"Unable to create remote thread within target process.\n\n";CloseHandle(hProcess);return 1;}cout <<"Thread created. Thread ID: "<<TID<<"\n\n";cout <<"Waiting for the thread to terminate.\n\n";WaitForSingleObject(hThread,INFINITE);GetExitCodeThread(hThread,&exts);cout <<"Thread terminated with status code "<<exts<<".\n\n";cout <<"Closing thread handle.\n\n";CloseHandle(hThread);cout <<"Closing process handle.\n\n";CloseHandle(hProcess);return 0;}Sursa: My codecave injector - rohitab.com - Forums Quote
nedo Posted January 27, 2013 Report Posted January 27, 2013 Cel care a postat acolo codul ala, l-a luat tot dupa acel forum de aiciCred ca link-ul ar trebui sa duca mai bine catre postul original, si nu la acesta Quote