int DllInjector::inject(unsigned long processId, std::string dllName)
{
LPTHREAD_START_ROUTINE lpStartExecAddr = NULL;
LPVOID lpExecParam = NULL;
HANDLE hTargetProcHandle = NULL;
char* lpcDll = NULL;
char tcDllPath[_bufferSize] = "";
if (GetFullPathNameA(dllName.c_str(), _bufferSize, tcDllPath, NULL) == 0) {
if (_logger) _logger->error("Cannot get full dll path!");
return -1;
};
// Attach to process with OpenProcess()
hTargetProcHandle = attachToProcess(processId);
if (hTargetProcHandle == NULL) {
if (_logger) _logger->error("Could not Attach to Process!!");
return -1;
}
// Copy the DLL via write path method
lpStartExecAddr = AllocWritePath(hTargetProcHandle, tcDllPath, &lpExecParam);
if (lpStartExecAddr == NULL) {
if (_logger) _logger->error("Could not allocate memory!!");
return -1;
}
// Inject the DLL into process via create remote thread method
if (_logger) _logger->info("INJECTING!");
injectDLL(hTargetProcHandle, lpStartExecAddr, lpExecParam);
CloseHandle(hTargetProcHandle);
return 0;
}
int main(int argc, char *argv[]) {
std::cout << "MRI Patch created by DeNial" << std::endl;
std::cout << std::endl;
std::string EXEPath;
std::string DLLPath;
TCHAR pwd[MAX_PATH];
GetCurrentDirectory(MAX_PATH, pwd);
EXEPath = pwd;
DLLPath = pwd;
DLLPath.append("\\MRI-Patch.dll");
if (argc == 2) {
EXEPath = argv[1];
} else {
std::cout << " To run a different program, just drag the desired program onto this" << std::endl;
std::cout << " and it will automatically run!" << std::endl;
std::cout << " To run via command line, use " << std::endl;
std::cout << " MRI-Loader.exe \"{PATH-TO-FILE}\"" << std::endl;
}
if (!injectDLL(EXEPath, DLLPath)) {
std::cout << "Failed to load MRI patch." << std::endl;
system("pause > nul");
} else {
std::cout << "Successfully loaded MRI patch." << std::endl;
}
return 0;
}
int _tmain(int argc, _TCHAR* argv[])
{
// Inject a DLL into process specified by its PID
// Replace "5080" with the PID of the target process
injectDLL((DWORD)5080l);
return 0;
}
bool executeProcessAndInjectDll(wchar_t* fileName)
{
STARTUPINFOW StartupInfo = {0};
PROCESS_INFORMATION ProcessInformation;
// initialize the structures
StartupInfo.cb = sizeof(StartupInfo);
// attempt to load the specified target
if (CreateProcessW(fileName, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &StartupInfo, &ProcessInformation))
{
injectDLL(ProcessInformation.hProcess, L"PackerAttackerHook.dll");
ResumeThread(ProcessInformation.hThread);
WaitForSingleObject(ProcessInformation.hThread, INFINITE);
return true;
}
else
return false;
}
int main(int argc, char *argv[])
{
DWORD dwPid = 0;
DWORD dwInjectMethod = 1;
DWORD dwAllocMethod = 1;
DWORD dwCount;
LPTHREAD_START_ROUTINE lpStartExecAddr = NULL;
LPVOID lpExecParam = NULL;
HANDLE hTargetProcHandle = NULL;
LPCTSTR lpcDll = NULL;
TCHAR tcDllPath[BUFSIZE] = TEXT("");
#ifdef _WIN64
TCHAR tcArch[4] = TEXT("x64");
#else
TCHAR tcArch[4] = TEXT("x32");
#endif
for(dwCount = 1; dwCount < (DWORD)argc; dwCount++) {
if(strcmp(argv[dwCount], "-p") == 0) {
if(dwCount + 1 != argc) {
dwPid = GetProcessId(argv[dwCount + 1]);
printf("[+] Targeting PID: %d\n", dwPid);
dwCount++;
}
} else if(strcmp(argv[dwCount], "-l") == 0) {
if(dwCount + 1 != argc) {
lpcDll = TEXT(argv[dwCount + 1]);
printf("[+] Injecting DLL: %s\n", lpcDll);
dwCount++;
}
} else if(strcmp(argv[dwCount], "-n") == 0) {
dwInjectMethod = 1;
} else if(strcmp(argv[dwCount], "-c") == 0) {
dwInjectMethod = 2;
} else if(strcmp(argv[dwCount], "-s") == 0) {
dwInjectMethod = 3;
} else if(strcmp(argv[dwCount], "-r") == 0) {
dwInjectMethod = 4;
} else if(strcmp(argv[dwCount], "-P") == 0) {
dwAllocMethod = 1;
} else if(strcmp(argv[dwCount], "-F") == 0) {
dwAllocMethod = 2;
} else {
help(argv[0]);
exit(0);
}
}
if(dwPid == 0 || lpcDll == NULL) {
help(argv[0]);
return -1;
}
GetFullPathName(lpcDll, BUFSIZE, tcDllPath, NULL);
printf("[+] Full DLL Path: %s\n", tcDllPath);
// Attach to process with OpenProcess()
hTargetProcHandle = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, dwPid);
if(hTargetProcHandle == NULL) {
printf("\n[!] ERROR: Could not Attach to Process!!\n");
return -1;
}
// Copy the DLL via allocMethod
switch(dwAllocMethod) {
case 1:
lpStartExecAddr = AllocWritePath(hTargetProcHandle, tcDllPath, &lpExecParam);
break;
case 2:
lpStartExecAddr = AllocWriteDLL(hTargetProcHandle, tcDllPath);
break;
default:
printf("\n[!] ERROR: Unknown allocMethod\n");
break;
}
if(lpStartExecAddr == NULL) {
printf("\n[!] ERROR: Could not allocate memory!!\n");
return -1;
}
// Inject the DLL into process via injectMethod. lpExecParam may be NULL
injectDLL(hTargetProcHandle, dwInjectMethod, lpStartExecAddr, lpExecParam);
CloseHandle(hTargetProcHandle);
return 0;
}