BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
{
SetProcessPrivilege();
hInst = hInstance; // Store instance handle in our global variable
INITCOMMONCONTROLSEX InitCtrlEx;
InitCtrlEx.dwSize = sizeof(INITCOMMONCONTROLSEX);
InitCtrlEx.dwICC = ICC_PROGRESS_CLASS;
InitCommonControlsEx(&InitCtrlEx);
gHWND = CreateDialogParam(hInstance, MAKEINTRESOURCE(IDD_MAIN), NULL, MainDlgProc, LPARAM(0));
return TRUE;
}
/**
* InjectDLL
*/
bool InjectDLL(DWORD processId, wchar_t *dll)
{
HANDLE process = nullptr;
LPVOID address = nullptr;
HMODULE module = nullptr;
HANDLE thread = nullptr;
LPTHREAD_START_ROUTINE LoadLibraryW = nullptr;
wchar_t path[MAX_PATH] = { 0 };
wstring etext;
for (;;) {
if (!dll) {
etext = L"null dll name";
break;
}
logger->debug(L"forge.exe InjectDLL -> " + boost::lexical_cast<wstring>(processId)+L" -> " + wstring(dll));
if (!SetProcessPrivilege(true)) {
etext = L"InjectDLL SetProcessPrivilege";
break;
}
process = ::OpenProcess(PROCESS_ALL_ACCESS, false, processId);
if (!process) {
etext = L"InjectDLL ::OpenProcess";
break;
}
if (!::GetModuleFileName(NULL, path, MAX_PATH)) {
etext = L"InjectDLL ::GetModuleFileName";
break;
}
wchar_t* sp = wcsrchr(path, L'\\') + 1;
wcscpy_s(sp, path + MAX_PATH - sp, dll);
address = ::VirtualAllocEx(process, NULL, sizeof(path), MEM_COMMIT, PAGE_READWRITE);
if (!address) {
etext = L"InjectDLL ::VirtualAllocEx";
break;
}
if (!::WriteProcessMemory(process, address, path, sizeof(path), NULL)) {
etext = L"InjectDLL ::WriteProcessMemory";
break;
}
module = ::GetModuleHandle(L"Kernel32");
if (!module) {
etext = L"InjectDLL ::GetModuleHandle";
break;
}
LoadLibraryW = (LPTHREAD_START_ROUTINE)::GetProcAddress(module, "LoadLibraryW");
if (LoadLibraryW == NULL) {
etext = L"InjectDLL ::GetProcAddress";
break;
}
thread = ::CreateRemoteThread(process, NULL, 0, LoadLibraryW, address, 0, NULL);
if (!thread) {
etext = L"InjectDLL ::CreateRemoteThread";
break;
}
::WaitForSingleObject(thread, INFINITE);
break;
}
if (!etext.empty())
error(etext.c_str());
if (address)
::VirtualFreeEx(process, address, sizeof(path), MEM_RELEASE);
if (process)
::CloseHandle(process);
if (thread)
::CloseHandle(thread);
SetProcessPrivilege(false);
return etext.empty();
}
/**
* InjectDLL
*/
bool InjectDLL(DWORD processId, wchar_t *dll)
{
logger->debug(L"forge.exe InjectDLL"
L" -> " + boost::lexical_cast<wstring>(processId) +
L" -> " + wstring(dll));
if (!SetProcessPrivilege(true)) {
return error(L"InjectDLL SetProcessPrivilege");
}
HANDLE process;
process = ::OpenProcess(PROCESS_ALL_ACCESS, false, processId);
if (!process) {
return error(L"InjectDLL ::OpenProcess");
}
wchar_t path[MAX_PATH];
if (!::GetModuleFileName(NULL, path, MAX_PATH)) {
::CloseHandle(process);
return error(L"InjectDLL ::GetModuleFileName");
}
wchar_t* sp = wcsrchr(path, L'\\') + 1;
wcscpy_s(sp, path + MAX_PATH - sp, dll);
LPVOID address;
address = ::VirtualAllocEx(process, NULL, sizeof(path), MEM_COMMIT, PAGE_READWRITE);
if (!address) {
::CloseHandle(process);
return error(L"InjectDLL ::VirtualAllocEx");
}
if (!::WriteProcessMemory(process, address, path, sizeof(path), NULL)) {
::VirtualFreeEx(process, address, sizeof(path), MEM_RELEASE);
::CloseHandle(process);
return error(L"InjectDLL ::WriteProcessMemory");
}
HMODULE module = ::GetModuleHandle(L"Kernel32");
if (module == NULL) {
::CloseHandle(process);
return error(L"InjectDLL ::GetModuleHandle");
}
LPTHREAD_START_ROUTINE LoadLibraryW;
LoadLibraryW = (LPTHREAD_START_ROUTINE)::GetProcAddress(module,
"LoadLibraryW");
if (LoadLibraryW == NULL) {
::CloseHandle(process);
return error(L"InjectDLL ::GetProcAddress");
}
HANDLE thread;
thread = ::CreateRemoteThread(process, NULL, 0, LoadLibraryW, address, 0, NULL);
if (!thread) {
::VirtualFreeEx(process, address, sizeof(path), MEM_RELEASE);
::CloseHandle(process);
return error(L"InjectDLL ::CreateRemoteThread");
}
::WaitForSingleObject(thread, INFINITE);
::VirtualFreeEx(process, address, sizeof(path), MEM_RELEASE);
//DWORD ec;
//::GetExitCodeThread( thread, &ec );
::CloseHandle(thread);
::CloseHandle(process);
SetProcessPrivilege(false);
return true;
}
