bool IsProcessAlreadyInjected(DWORD PID, const char* moduleName)
{
HANDLE clientProcess = OpenClientProcess(PID);
if (clientProcess)
{
// 256 should be more than enough
HMODULE modules[256];
// how many bytes needed to store the modules
DWORD bytesReq = 0;
if (!EnumProcessModules(clientProcess, modules, sizeof(modules), &bytesReq))
{
printf("Can't get process' modules. ErrorCode: %u\n",
GetLastError());
CloseHandle(clientProcess);
return false;
}
// calculates how many modules are loaded by the process
DWORD modulesCount = bytesReq / sizeof(HMODULE);
// loops over the modules
for (DWORD i = 0; i < modulesCount; ++i)
{
// full path of the module
char modulePath[MAX_PATH];
// gets module's path
if (GetModuleFileNameEx(clientProcess, modules[i], modulePath, MAX_PATH))
{
// path not needed, just file name
PathStripPath(modulePath);
// matches, so already injected
if (!strcmp(modulePath, moduleName))
{
CloseHandle(clientProcess);
return true;
}
}
}
}
// error?
else
{
printf("Process can't be opened. ");
printf("So assume that there is no injection.\n");
CloseHandle(clientProcess);
return false;
}
CloseHandle(clientProcess);
// not injected
return false;
}
bool InjectDLL(DWORD processID, const char* dllLocation)
{
// gets a module handler which loaded by the process which
// should be injected
HMODULE hModule = GetModuleHandle("kernel32.dll");
if (!hModule)
{
printf("ERROR: Can't get 'kernel32.dll' handle, ");
printf("ErrorCode: %u\n", GetLastError());
return false;
}
// gets the address of an exported function which can load DLLs
FARPROC loadLibraryAddress = GetProcAddress(hModule, "LoadLibraryA");
if (!loadLibraryAddress)
{
printf("ERROR: Can't get function 'LoadLibraryA' address, ");
printf("ErrorCode: %u\n", GetLastError());
return false;
}
// opens the process which should be injected
HANDLE hProcess = OpenClientProcess(processID);
if (!hProcess)
{
printf("Process [%u] '%s' open is failed.\n", processID, lookingProcessName);
return false;
}
printf("\nProcess [%u] '%s' is opened.\n", processID, lookingProcessName);
// gets the build number
WORD buildNumber = GetBuildNumberFromProcess(hProcess);
// error occured
if (!buildNumber)
{
printf("Can't determine build number.\n");
CloseHandle(hProcess);
return false;
}
printf("Detected build number: %hu\n", buildNumber);
// checks this build is supported or not
HookEntry hookEntry;
if (!GetOffsets(NULL, buildNumber, &hookEntry))
{
printf("ERROR: This build number is not supported.\n");
CloseHandle(hProcess);
return false;
}
// allocates memory for the DLL location string
LPVOID allocatedMemoryAddress = VirtualAllocEx(hProcess, NULL, strlen(dllLocation), MEM_COMMIT, PAGE_READWRITE);
if (!allocatedMemoryAddress)
{
printf("ERROR: Virtual memory allocation is failed, ");
printf("ErrorCode: %u.\n", GetLastError());
CloseHandle(hProcess);
return false;
}
// writes the DLL location string to the process
// so this is the parameter which will be passed to LoadLibraryA
if (!WriteProcessMemory(hProcess, allocatedMemoryAddress, dllLocation, strlen(dllLocation), NULL))
{
printf("ERROR: Process memory writing is failed, ");
printf("ErrorCode: %u\n", GetLastError());
VirtualFreeEx(hProcess, allocatedMemoryAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
return false;
}
// creates a thread that runs in the virtual address space of
// the process which should be injected and gives the
// parameter (allocatedMemoryAddress) to LoadLibraryA(loadLibraryAddress)
HANDLE hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)loadLibraryAddress, allocatedMemoryAddress, 0, NULL);
if (!hRemoteThread)
{
printf("ERROR: Remote thread creation is failed, ");
printf("ErrorCode: %u\n", GetLastError());
VirtualFreeEx(hProcess, allocatedMemoryAddress, 0, MEM_RELEASE);
CloseHandle(hProcess);
return false;
}
// waits until the DLL's main function returns
WaitForSingleObject(hRemoteThread, INFINITE);
// frees resources
VirtualFreeEx(hProcess, allocatedMemoryAddress, 0, MEM_RELEASE);
CloseHandle(hRemoteThread);
CloseHandle(hProcess);
return true;
}
