BOOL CInjectDLL::Inject(const DWORD dwRemoteProcessID, const LPCTSTR& lpwszRemoteDllFullPath)
{
std::wstring wstrRemoteDllFullPath = lpwszRemoteDllFullPath;
AdjustProcessTokenPrivilege();
HANDLE hRemoteProgress = ::OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwRemoteProcessID);
if (hRemoteProgress == NULL)
{
//wprintf_s(_T("OpenProcess fail\n"));
return FALSE;
}
DWORD dwMemSize = sizeof(wchar_t)*wstrRemoteDllFullPath.length()+1;
wchar_t* wszDllPath = reinterpret_cast<wchar_t*>(::VirtualAllocEx(hRemoteProgress, NULL, dwMemSize, MEM_COMMIT, PAGE_READWRITE));
if (wszDllPath == NULL)
{
//wprintf_s(_T("Allocate memory in remote process fail\n"));
::CloseHandle(hRemoteProgress);
return FALSE;
}
::WriteProcessMemory(hRemoteProgress, wszDllPath, wstrRemoteDllFullPath.c_str(), dwMemSize, NULL);
FARPROC pfnFunAddr = ::GetProcAddress(::GetModuleHandle(_T("Kernel32")),"LoadLibraryW");
::CreateRemoteThread(hRemoteProgress, NULL, 0, (LPTHREAD_START_ROUTINE) pfnFunAddr, wszDllPath, 0, NULL);
::VirtualFreeEx(hRemoteProgress, reinterpret_cast<LPVOID>(wszDllPath), dwMemSize, MEM_COMMIT);
::CloseHandle(hRemoteProgress);
return TRUE;
}
FetchProcessHandle::FetchProcessHandle( const int Pid, std::function<bool(FetchProcessHandleResult&)> cbFetchResult )
: m_pZWQuerySystemInfoformation ( nullptr ),
m_pZWQueryObject( nullptr ),
m_NtDllName( "ntdll.dll" )
{
AdjustProcessTokenPrivilege();
LoadNtDll();
Query( Pid, cbFetchResult );
}
