[C++]Injektor Source

[.Dell™]

Code:

#include <windows.h>
#include <tlhelp32.h>
#include <string>
#include <vector>
#include <iostream>

using namespace std;

class INJECTOR
{
    private:
        std::wstring ConvertPath( std::string str );
        DWORD GetPID( std::string str );
        void GetProcessList( std::vector<std::string>* vec_str, std::vector<DWORD>* vec_dw );
        bool TryInjectDll( DWORD pid, std::wstring* path );
    public:
        INJECTOR();
        bool InjectDll( std::string dll_path, std::string target_process );
};

INJECTOR :: INJECTOR()
{
}



bool INJECTOR :: InjectDll( string dll_path, std::string target_process )
{
    wstring path = this->ConvertPath( dll_path );
    DWORD pid = this->GetPID( target_process );
    if( pid == 0 )
        return false;
    else
        return this->TryInjectDll( pid, &path );
}


bool INJECTOR :: TryInjectDll( DWORD pid, std::wstring* path )
{
    HMODULE hLocKernel32 = GetModuleHandleW( L"KERNEL32" );
    FARPROC hLocLoadLibrary = GetProcAddress( hLocKernel32, "LoadLibraryW" );

    HANDLE hToken;
    TOKEN_PRIVILEGES tkp;
    if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
    {
        LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tkp.Privileges[0].Luid);
        tkp.PrivilegeCount = 1;
        tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
        AdjustTokenPrivileges(hToken, 0, &tkp, sizeof(tkp), NULL, NULL);
        CloseHandle( hToken );
    }

    HANDLE hProc = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pid );
    if( hProc == NULL )
        return false;

    //Allocate memory to hold the path to the Dll File in the process's memory
    LPVOID hRemoteMem = VirtualAllocEx(hProc, NULL, path->size()*sizeof(wchar_t), MEM_COMMIT, PAGE_READWRITE);

    //Write the path to the Dll File in the location just created
    DWORD numBytesWritten;
    WriteProcessMemory(hProc, hRemoteMem, path->c_str(), path->size()*sizeof(wchar_t), &numBytesWritten);

    //Create a remote thread that starts begins at the LoadLibrary function and is passed are memory pointer
    HANDLE hRemoteThread = CreateRemoteThread(hProc, NULL, 0, (LPTHREAD_START_ROUTINE)hLocLoadLibrary, hRemoteMem, 0, NULL);

    //Wait for the thread to finish
    WaitForSingleObject( hRemoteThread, INFINITE );
    DWORD  hLibModule = 0;
    GetExitCodeThread( hRemoteThread, &hLibModule );

    //Free the memory created on the other process
    VirtualFreeEx(hProc, hRemoteMem, path->size()*sizeof(wchar_t), MEM_RELEASE);

    //Release the handle to the other process
    CloseHandle(hProc);

    return true;
}


DWORD INJECTOR :: GetPID( string str )
{
    DWORD dw = 0;
    vector<string> vec_str;
    vector<DWORD> vec_dw;
    this->GetProcessList( &vec_str, &vec_dw );
    for( unsigned int x = 0; x < vec_str.size(); x++ )
    {
        if( vec_str.at( x ) == str )
            dw = vec_dw.at( x );
    }
    return dw;
}


void INJECTOR :: GetProcessList( vector<string>* vec_str, vector<DWORD>* vec_dw )
{
    HANDLE hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );

    PROCESSENTRY32 pe32;
    pe32.dwSize = sizeof( PROCESSENTRY32 );

    do
    {
        vec_str->push_back( pe32.szExeFile );
        vec_dw->push_back( pe32.th32ProcessID );
    }while( Process32Next( hProcessSnap, &pe32 ) );

    CloseHandle( hProcessSnap );
}


wstring INJECTOR :: ConvertPath( string str )
{
    str.at( str.size() - 1 ) = 'l';
    str.at( str.size() - 2 ) = 'l';
    str.at( str.size() - 3 ) = 'd';
    wstring ret( str.begin(), str.end() );
    return ret;
}


int main( int argc, char** argv )
{
    string target;
    cout << "INJEKTOR by Thunder\n\n";
    cout << "Target: ";
    getline( cin, target );

    INJECTOR injector;
    while( ! injector.InjectDll( argv[0], target ) ){ Sleep(1000); }
        cout << "Erfolgreich!";


    cin.get();
    return 0;
}

*Compiled with Code::Blocks ans MinGW*
*Tested with Win7 32bit*