bool IsProcessAlreadyInjected(DWORD PID, const char* moduleName) { HANDLE clientProcess = OpenClientProcess(PID); if (clientProcess) { // 256 should be more than enough HMODULE modules[256]; // how many bytes needed to store the modules DWORD bytesReq = 0; if (!EnumProcessModules(clientProcess, modules, sizeof(modules), &bytesReq)) { printf("Can't get process' modules. ErrorCode: %u\n", GetLastError()); CloseHandle(clientProcess); return false; } // calculates how many modules are loaded by the process DWORD modulesCount = bytesReq / sizeof(HMODULE); // loops over the modules for (DWORD i = 0; i < modulesCount; ++i) { // full path of the module char modulePath[MAX_PATH]; // gets module's path if (GetModuleFileNameEx(clientProcess, modules[i], modulePath, MAX_PATH)) { // path not needed, just file name PathStripPath(modulePath); // matches, so already injected if (!strcmp(modulePath, moduleName)) { CloseHandle(clientProcess); return true; } } } } // error? else { printf("Process can't be opened. "); printf("So assume that there is no injection.\n"); CloseHandle(clientProcess); return false; } CloseHandle(clientProcess); // not injected return false; }
bool InjectDLL(DWORD processID, const char* dllLocation) { // gets a module handler which loaded by the process which // should be injected HMODULE hModule = GetModuleHandle("kernel32.dll"); if (!hModule) { printf("ERROR: Can't get 'kernel32.dll' handle, "); printf("ErrorCode: %u\n", GetLastError()); return false; } // gets the address of an exported function which can load DLLs FARPROC loadLibraryAddress = GetProcAddress(hModule, "LoadLibraryA"); if (!loadLibraryAddress) { printf("ERROR: Can't get function 'LoadLibraryA' address, "); printf("ErrorCode: %u\n", GetLastError()); return false; } // opens the process which should be injected HANDLE hProcess = OpenClientProcess(processID); if (!hProcess) { printf("Process [%u] '%s' open is failed.\n", processID, lookingProcessName); return false; } printf("\nProcess [%u] '%s' is opened.\n", processID, lookingProcessName); // gets the build number WORD buildNumber = GetBuildNumberFromProcess(hProcess); // error occured if (!buildNumber) { printf("Can't determine build number.\n"); CloseHandle(hProcess); return false; } printf("Detected build number: %hu\n", buildNumber); // checks this build is supported or not HookEntry hookEntry; if (!GetOffsets(NULL, buildNumber, &hookEntry)) { printf("ERROR: This build number is not supported.\n"); CloseHandle(hProcess); return false; } // allocates memory for the DLL location string LPVOID allocatedMemoryAddress = VirtualAllocEx(hProcess, NULL, strlen(dllLocation), MEM_COMMIT, PAGE_READWRITE); if (!allocatedMemoryAddress) { printf("ERROR: Virtual memory allocation is failed, "); printf("ErrorCode: %u.\n", GetLastError()); CloseHandle(hProcess); return false; } // writes the DLL location string to the process // so this is the parameter which will be passed to LoadLibraryA if (!WriteProcessMemory(hProcess, allocatedMemoryAddress, dllLocation, strlen(dllLocation), NULL)) { printf("ERROR: Process memory writing is failed, "); printf("ErrorCode: %u\n", GetLastError()); VirtualFreeEx(hProcess, allocatedMemoryAddress, 0, MEM_RELEASE); CloseHandle(hProcess); return false; } // creates a thread that runs in the virtual address space of // the process which should be injected and gives the // parameter (allocatedMemoryAddress) to LoadLibraryA(loadLibraryAddress) HANDLE hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)loadLibraryAddress, allocatedMemoryAddress, 0, NULL); if (!hRemoteThread) { printf("ERROR: Remote thread creation is failed, "); printf("ErrorCode: %u\n", GetLastError()); VirtualFreeEx(hProcess, allocatedMemoryAddress, 0, MEM_RELEASE); CloseHandle(hProcess); return false; } // waits until the DLL's main function returns WaitForSingleObject(hRemoteThread, INFINITE); // frees resources VirtualFreeEx(hProcess, allocatedMemoryAddress, 0, MEM_RELEASE); CloseHandle(hRemoteThread); CloseHandle(hProcess); return true; }