Пример #1
0
BOOL InjectDllToOne(LPCTSTR szProc, int nMode, LPCTSTR szDllPath)
{
    int                     i = 0, nLen = (int)_tcslen(szProc);
	DWORD                   dwPID = 0;
	HANDLE                  hSnapShot = INVALID_HANDLE_VALUE;
	PROCESSENTRY32          pe;
    BOOL                    bMore = FALSE;

    // check if ProcName or PID
    for(i = 0; i < nLen; i++)
        if( !_istdigit(szProc[i]) )
            break;

    if( i == nLen )     // PID
    {
        dwPID = (DWORD)_tstol(szProc);
        
        if( nMode == INJECTION_MODE )
            InjectDll(dwPID, szDllPath);
        else
            EjectDll(dwPID, szDllPath);
    }
    else                // ProcName
    {
        // Get the snapshot of the system
	    pe.dwSize = sizeof(PROCESSENTRY32);
	    hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, NULL);
        if( hSnapShot == INVALID_HANDLE_VALUE )
        {
            _tprintf(L"InjectDllToOne() : CreateToolhelp32Snapshot() failed!!! [%d]", 
                      GetLastError());
            return FALSE;
        }

	    // find process
	    bMore = Process32First(hSnapShot, &pe);
	    for( ; bMore; bMore = Process32Next(hSnapShot, &pe) )
	    {
		    dwPID = pe.th32ProcessID;

            // 시스템의 안정성을 위해서
            // PID 가 100 보다 작은 시스템 프로세스에 대해서는
            // DLL Injection 을 수행하지 않는다.
		    if( dwPID < 100 )
			    continue;

            if( !_tcsicmp(pe.szExeFile, szProc) )
            {
                if( nMode == INJECTION_MODE )
		            InjectDll(dwPID, szDllPath);
                else
                    EjectDll(dwPID, szDllPath);
            }
	    }

	    CloseHandle(hSnapShot);
    }

    return TRUE;
}
Пример #2
0
BOOL InjectAllProcess(int nMode, LPCTSTR szDllPath)
{
	DWORD                   dwPID = 0;
	HANDLE                  hSnapShot = INVALID_HANDLE_VALUE;
	PROCESSENTRY32          pe;

	// Get the snapshot of the system
	pe.dwSize = sizeof( PROCESSENTRY32 );
	hSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPALL, NULL );

	// find process
	Process32First(hSnapShot, &pe);
	do
	{
		dwPID = pe.th32ProcessID;

        // 시스템의 안정성을 위해서
        // PID 가 100 보다 작은 시스템 프로세스에 대해서는
        // DLL Injection 을 수행하지 않는다.
		if( dwPID < 100 )
			continue;

        if( nMode == INJECTION_MODE )
		    InjectDll(dwPID, szDllPath);
        else
            EjectDll(dwPID, szDllPath);
	}
	while( Process32Next(hSnapShot, &pe) );

	CloseHandle(hSnapShot);

	return TRUE;
}
Пример #3
0
/*************************************
 * Eject code from a remote process. *
 *************************************/
BOOL Eject()
{
#ifdef INJECT_DLL
    return (EjectDll() != 0);
#else
    return (EjectCode() != 0);
#endif
}
Пример #4
0
int _tmain(int argc, TCHAR* argv[])
{
    if( argc != 4 )
    {
        usage();
        return 1;
    }

	// adjust privilege
	_EnableNTPrivilege(SE_DEBUG_NAME, SE_PRIVILEGE_ENABLED);

    // InjectDll.exe <i|e> <PID> <dll_path>
    if( !_tcsicmp(argv[1], L"i") )
        InjectDll((DWORD)_tstoi(argv[2]), argv[3]);
    else if(!_tcsicmp(argv[1], L"e") )
        EjectDll((DWORD)_tstoi(argv[2]), argv[3]);

	return 0;
}
Пример #5
0
BOOL InjectDllToAll(int nMode, LPCTSTR szDllPath)
{
	DWORD                   dwPID = 0;
	HANDLE                  hSnapShot = INVALID_HANDLE_VALUE;
	PROCESSENTRY32          pe;
    BOOL                    bMore = FALSE;

	// Get the snapshot of the system
	pe.dwSize = sizeof(PROCESSENTRY32);
	hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, NULL);
    if( hSnapShot == INVALID_HANDLE_VALUE )
    {
        _tprintf(L"InjectDllToAll() : CreateToolhelp32Snapshot() failed!!! [%d]", 
                  GetLastError());
        return FALSE;
    }

	// find process
	bMore = Process32First(hSnapShot, &pe);
	for( ; bMore; bMore = Process32Next(hSnapShot, &pe) )
	{
		dwPID = pe.th32ProcessID;

        // 예외 프로세스 : [System Process], System, smss.exe, csrss.exe
        if( dwPID < 100 ||
            !_tcsicmp(pe.szExeFile, L"smss.exe") ||
            !_tcsicmp(pe.szExeFile, L"csrss.exe") )
        {
            _tprintf(L"%s(%d) => System Process... DLL %s is impossible!\n", 
                   pe.szExeFile, dwPID, nMode==INJECTION_MODE ? L"Injection" : L"Ejection");
            continue;
        }

        if( nMode == INJECTION_MODE )
		    InjectDll(dwPID, szDllPath);
        else
            EjectDll(dwPID, szDllPath);
	}

	CloseHandle(hSnapShot);

	return TRUE;
}
Пример #6
0
void CdllInjectDoc::EjectSelected(CListCtrl* lv, LPTSTR szDllName)
{
	POSITION pos = lv->GetFirstSelectedItemPosition();
	
	int index = 0;
	TCHAR pid[21];
	TCHAR cPid[21] = {0};
	DWORD dwPid;

	while((index = lv->GetNextSelectedItem(pos)) != -1)
	{
		memcpy_s(pid, 21, cPid, 21);

		lv->GetItemText(index, 1, pid, 20);
		dwPid = _ttoi(pid);

		TCHAR exeFile[MAX_PATH];
		lv->GetItemText(index, 0, exeFile, MAX_PATH);

		TCHAR line[260];
		_stprintf_s(line, 260, _T("Ejecting %s(%s)... "), exeFile, pid);

		writeLog(CString(line));

		if (EjectDll(dwPid, szDllName) == TRUE)
		{
			CString temp;
			temp.Append(exeFile);
			temp += _T("|");
			temp.Append(pid);
			temp += _T("|");

			pidInfo.Replace(temp, _T(""));

			writeLog(CString("SUCCEED.\r\n"));
		}
		else
			writeLog(CString("FAILED.\r\n"));
	}
}