#include #include int main(int argc, char** argv) { if(argc<3) { fprintf(stdout,"\nUsage : %s

\n\n",argv[0]); return 1; } DWORD Pid,DllPathLen; if(sscanf(argv[1],"%u",&Pid)<=0 ) // Get Process Id { fprintf(stderr,"\n[-] ERROR: Pid Value\n"),fflush(stderr); return 1; } if( DllPathLen = strlen(argv[2]),DllPathLen == 0 ) // Get Dll Path { fprintf(stderr,"\n[-] ERROR: DllPath\n"),fflush(stderr); return 1; } // Get Process Handle HANDLE hDstProc = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE,TRUE,Pid); if(hDstProc==NULL) { fprintf(stderr,"\n[-] ERROR: in OpenProcess(), Pid %u\n",Pid),fflush(stderr); return 1; } // Get LoadLibraryA Address fprintf(stdout,"\n[+] Pid: %u, Handle : 0Xx \n",Pid,hDstProc),fflush(stdout); LPTHREAD_START_ROUTINE LibFunc = (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("Kernel32"),"LoadLibraryA"); fprintf(stdout,"\n[+] LoadLibraryA Address : 0Xx\n",LibFunc),fflush(stdout); // Create Remote Heap, Set Dll Path DWORD Success = TRUE; char * DllPath = (char*) VirtualAllocEx(hDstProc,NULL,DllPathLen + 1,MEM_COMMIT,PAGE_READWRITE); if(DllPath) { fprintf(stdout,"\n[+] Create Memory in %u, Address : 0Xx\n",Pid,DllPath); if(WriteProcessMemory(hDstProc,DllPath,argv[2],DllPathLen + 1,NULL)) { fprintf(stdout,"\n[+] Set Dll Path : %s\n",argv[2]); } else { fprintf(stderr,"\n[-] ERROR: in WriteProcessMemory(), Set Dll Path Failed\n"); Success = FALSE; } } else { fprintf(stderr,"\n[-] ERROR: in VirtualAllocEx(), Get Memory\n"); Success = FALSE; } //Start Dll Inject if(Success) { HANDLE hThread = CreateRemoteThread(hDstProc,NULL,0,LibFunc,DllPath,0,NULL); if(hThread) { fprintf(stdout,"\n[+] Create Remote Thread, Handle : 0Xx, Dll Injection Success\n",hThread); } else { fprintf(stderr,"\n[-] in CreateRemoteThread(), Dll Injection Failed\n"); Success = FALSE; } CloseHandle(hThread); } //Cleaning VirtualFreeEx(hDstProc,DllPath,0,MEM_RELEASE); CloseHandle(hDstProc); return !Success; }