Jump to content
Cartman.

Standard DLL Injector

Recommended Posts

Posted


#define DEFAULT_DLL_NAME "gamereversal.dll"
#define WIN32_LEAN_AND_MEAN
#include

// struct with data needed for remote thread.
typedef struct i_data
{
HINSTANCE (__stdcall *LoadLibrary)( LPCTSTR lpLibFileName );
VOID (__stdcall *ExitThread)( DWORD dwExitCode );
VOID (__stdcall *ExitProcess)( UINT uExitCode );
int (__stdcall *MessageBox)( HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType );
char Error[128];
char DllName[MAX_PATH];
}i_data;


__inline DWORD __stdcall InjectDll( i_data *i_data )
{
if( !i_data->LoadLibrary( i_data->DllName ) )
{
i_data->MessageBox( NULL, i_data->Error, i_data->Error, NULL );
i_data->ExitProcess(0);
}
i_data->ExitThread(0);
return 0;
}
__inline void EndInjectDll( void ){ return; }


int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow )
{
static PROCESS_INFORMATION ProcessInformation;
static STARTUPINFO StartupInfo;
HANDLE hProcess = 0;
HANDLE hThread = 0;
i_data idata;
LPVOID ridata;
LPVOID rInjectDll;
DWORD tid;
char szDll[MAX_PATH];

if( !CreateProcess(
NULL,
"<>",
NULL,
NULL,
NULL,
CREATE_SUSPENDED,
NULL,
NULL,
&StartupInfo,
&ProcessInformation ) )
{
MessageBox( NULL, "Can't kick start the application", "www.gamereversal.com", NULL );
return 0;
}

hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, ProcessInformation.dwProcessId );

GetCurrentDirectory( sizeof szDll, szDll );
wsprintf( szDll, "%s%s", szDll, DEFAULT_DLL_NAME );

// fill structure with the needed data we gonna pass to remote thread.
lstrlen( lpCmdLine ) ? lstrcpy( idata.DllName, lpCmdLine ) : lstrcpy( idata.DllName, szDll );
lstrcpy( idata.Error, "Can't find dll. You can specify the dll name as command line (with no quote marks and full path)." );
idata.ExitThread = ExitThread;
idata.ExitProcess = ExitProcess;
idata.LoadLibrary = LoadLibraryA;
idata.MessageBox = MessageBoxA;

// allocate memory on remote process for the thread and the structure.
ridata = VirtualAllocEx( hProcess, NULL, sizeof idata, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
rInjectDll = VirtualAllocEx( hProcess, NULL, (unsigned int)((unsigned int)EndInjectDll-(unsigned int)InjectDll), MEM_COMMIT, PAGE_EXECUTE_READWRITE );

if( ridata && rInjectDll )
{
// copy data to remote process.
if( WriteProcessMemory( hProcess, ridata, &idata, sizeof idata, NULL ) &&
WriteProcessMemory( hProcess, rInjectDll, InjectDll, (unsigned int)((unsigned int)EndInjectDll-(unsigned int)InjectDll), NULL ) )
{
// create thread on remote process.
hThread = CreateRemoteThread( hProcess,
NULL,
0,
(LPTHREAD_START_ROUTINE)rInjectDll,
ridata,
0,
&tid );
}
if( hThread )
{
// wait for remote thread to finish.
WaitForSingleObject( hThread, INFINITE );
// resume main process thread.
ResumeThread( ProcessInformation.hThread );
CloseHandle( hThread );
}
// free memory allocated on remote process.
VirtualFreeEx( hProcess, ridata, 0, MEM_RELEASE );
VirtualFreeEx( hProcess, rInjectDll, 0, MEM_RELEASE );
}
CloseHandle( hProcess );
return 0;
}



Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...