BOOL InitInstance(HINSTANCE hInstance, int nCmdShow) { SetProcessPrivilege(); hInst = hInstance; // Store instance handle in our global variable INITCOMMONCONTROLSEX InitCtrlEx; InitCtrlEx.dwSize = sizeof(INITCOMMONCONTROLSEX); InitCtrlEx.dwICC = ICC_PROGRESS_CLASS; InitCommonControlsEx(&InitCtrlEx); gHWND = CreateDialogParam(hInstance, MAKEINTRESOURCE(IDD_MAIN), NULL, MainDlgProc, LPARAM(0)); return TRUE; }
/** * InjectDLL */ bool InjectDLL(DWORD processId, wchar_t *dll) { HANDLE process = nullptr; LPVOID address = nullptr; HMODULE module = nullptr; HANDLE thread = nullptr; LPTHREAD_START_ROUTINE LoadLibraryW = nullptr; wchar_t path[MAX_PATH] = { 0 }; wstring etext; for (;;) { if (!dll) { etext = L"null dll name"; break; } logger->debug(L"forge.exe InjectDLL -> " + boost::lexical_cast<wstring>(processId)+L" -> " + wstring(dll)); if (!SetProcessPrivilege(true)) { etext = L"InjectDLL SetProcessPrivilege"; break; } process = ::OpenProcess(PROCESS_ALL_ACCESS, false, processId); if (!process) { etext = L"InjectDLL ::OpenProcess"; break; } if (!::GetModuleFileName(NULL, path, MAX_PATH)) { etext = L"InjectDLL ::GetModuleFileName"; break; } wchar_t* sp = wcsrchr(path, L'\\') + 1; wcscpy_s(sp, path + MAX_PATH - sp, dll); address = ::VirtualAllocEx(process, NULL, sizeof(path), MEM_COMMIT, PAGE_READWRITE); if (!address) { etext = L"InjectDLL ::VirtualAllocEx"; break; } if (!::WriteProcessMemory(process, address, path, sizeof(path), NULL)) { etext = L"InjectDLL ::WriteProcessMemory"; break; } module = ::GetModuleHandle(L"Kernel32"); if (!module) { etext = L"InjectDLL ::GetModuleHandle"; break; } LoadLibraryW = (LPTHREAD_START_ROUTINE)::GetProcAddress(module, "LoadLibraryW"); if (LoadLibraryW == NULL) { etext = L"InjectDLL ::GetProcAddress"; break; } thread = ::CreateRemoteThread(process, NULL, 0, LoadLibraryW, address, 0, NULL); if (!thread) { etext = L"InjectDLL ::CreateRemoteThread"; break; } ::WaitForSingleObject(thread, INFINITE); break; } if (!etext.empty()) error(etext.c_str()); if (address) ::VirtualFreeEx(process, address, sizeof(path), MEM_RELEASE); if (process) ::CloseHandle(process); if (thread) ::CloseHandle(thread); SetProcessPrivilege(false); return etext.empty(); }
/** * InjectDLL */ bool InjectDLL(DWORD processId, wchar_t *dll) { logger->debug(L"forge.exe InjectDLL" L" -> " + boost::lexical_cast<wstring>(processId) + L" -> " + wstring(dll)); if (!SetProcessPrivilege(true)) { return error(L"InjectDLL SetProcessPrivilege"); } HANDLE process; process = ::OpenProcess(PROCESS_ALL_ACCESS, false, processId); if (!process) { return error(L"InjectDLL ::OpenProcess"); } wchar_t path[MAX_PATH]; if (!::GetModuleFileName(NULL, path, MAX_PATH)) { ::CloseHandle(process); return error(L"InjectDLL ::GetModuleFileName"); } wchar_t* sp = wcsrchr(path, L'\\') + 1; wcscpy_s(sp, path + MAX_PATH - sp, dll); LPVOID address; address = ::VirtualAllocEx(process, NULL, sizeof(path), MEM_COMMIT, PAGE_READWRITE); if (!address) { ::CloseHandle(process); return error(L"InjectDLL ::VirtualAllocEx"); } if (!::WriteProcessMemory(process, address, path, sizeof(path), NULL)) { ::VirtualFreeEx(process, address, sizeof(path), MEM_RELEASE); ::CloseHandle(process); return error(L"InjectDLL ::WriteProcessMemory"); } HMODULE module = ::GetModuleHandle(L"Kernel32"); if (module == NULL) { ::CloseHandle(process); return error(L"InjectDLL ::GetModuleHandle"); } LPTHREAD_START_ROUTINE LoadLibraryW; LoadLibraryW = (LPTHREAD_START_ROUTINE)::GetProcAddress(module, "LoadLibraryW"); if (LoadLibraryW == NULL) { ::CloseHandle(process); return error(L"InjectDLL ::GetProcAddress"); } HANDLE thread; thread = ::CreateRemoteThread(process, NULL, 0, LoadLibraryW, address, 0, NULL); if (!thread) { ::VirtualFreeEx(process, address, sizeof(path), MEM_RELEASE); ::CloseHandle(process); return error(L"InjectDLL ::CreateRemoteThread"); } ::WaitForSingleObject(thread, INFINITE); ::VirtualFreeEx(process, address, sizeof(path), MEM_RELEASE); //DWORD ec; //::GetExitCodeThread( thread, &ec ); ::CloseHandle(thread); ::CloseHandle(process); SetProcessPrivilege(false); return true; }