Cartman. Posted June 27, 2014 Report Posted June 27, 2014 #define DEFAULT_DLL_NAME "gamereversal.dll"#define WIN32_LEAN_AND_MEAN#include // struct with data needed for remote thread.typedef struct i_data{ HINSTANCE (__stdcall *LoadLibrary)( LPCTSTR lpLibFileName ); VOID (__stdcall *ExitThread)( DWORD dwExitCode ); VOID (__stdcall *ExitProcess)( UINT uExitCode ); int (__stdcall *MessageBox)( HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType ); char Error[128]; char DllName[MAX_PATH];}i_data;__inline DWORD __stdcall InjectDll( i_data *i_data ){ if( !i_data->LoadLibrary( i_data->DllName ) ) { i_data->MessageBox( NULL, i_data->Error, i_data->Error, NULL ); i_data->ExitProcess(0); } i_data->ExitThread(0); return 0;}__inline void EndInjectDll( void ){ return; }int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow ){ static PROCESS_INFORMATION ProcessInformation; static STARTUPINFO StartupInfo; HANDLE hProcess = 0; HANDLE hThread = 0; i_data idata; LPVOID ridata; LPVOID rInjectDll; DWORD tid; char szDll[MAX_PATH]; if( !CreateProcess( NULL, "<>", NULL, NULL, NULL, CREATE_SUSPENDED, NULL, NULL, &StartupInfo, &ProcessInformation ) ) { MessageBox( NULL, "Can't kick start the application", "www.gamereversal.com", NULL ); return 0; } hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, ProcessInformation.dwProcessId ); GetCurrentDirectory( sizeof szDll, szDll ); wsprintf( szDll, "%s%s", szDll, DEFAULT_DLL_NAME ); // fill structure with the needed data we gonna pass to remote thread. lstrlen( lpCmdLine ) ? lstrcpy( idata.DllName, lpCmdLine ) : lstrcpy( idata.DllName, szDll ); lstrcpy( idata.Error, "Can't find dll. You can specify the dll name as command line (with no quote marks and full path)." ); idata.ExitThread = ExitThread; idata.ExitProcess = ExitProcess; idata.LoadLibrary = LoadLibraryA; idata.MessageBox = MessageBoxA; // allocate memory on remote process for the thread and the structure. ridata = VirtualAllocEx( hProcess, NULL, sizeof idata, MEM_COMMIT, PAGE_EXECUTE_READWRITE ); rInjectDll = VirtualAllocEx( hProcess, NULL, (unsigned int)((unsigned int)EndInjectDll-(unsigned int)InjectDll), MEM_COMMIT, PAGE_EXECUTE_READWRITE ); if( ridata && rInjectDll ) { // copy data to remote process. if( WriteProcessMemory( hProcess, ridata, &idata, sizeof idata, NULL ) && WriteProcessMemory( hProcess, rInjectDll, InjectDll, (unsigned int)((unsigned int)EndInjectDll-(unsigned int)InjectDll), NULL ) ) { // create thread on remote process. hThread = CreateRemoteThread( hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)rInjectDll, ridata, 0, &tid ); } if( hThread ) { // wait for remote thread to finish. WaitForSingleObject( hThread, INFINITE ); // resume main process thread. ResumeThread( ProcessInformation.hThread ); CloseHandle( hThread ); } // free memory allocated on remote process. VirtualFreeEx( hProcess, ridata, 0, MEM_RELEASE ); VirtualFreeEx( hProcess, rInjectDll, 0, MEM_RELEASE ); } CloseHandle( hProcess ); return 0;} Quote