BOOL CInjectDLL::Inject(const DWORD dwRemoteProcessID, const LPCTSTR& lpwszRemoteDllFullPath) { std::wstring wstrRemoteDllFullPath = lpwszRemoteDllFullPath; AdjustProcessTokenPrivilege(); HANDLE hRemoteProgress = ::OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwRemoteProcessID); if (hRemoteProgress == NULL) { //wprintf_s(_T("OpenProcess fail\n")); return FALSE; } DWORD dwMemSize = sizeof(wchar_t)*wstrRemoteDllFullPath.length()+1; wchar_t* wszDllPath = reinterpret_cast<wchar_t*>(::VirtualAllocEx(hRemoteProgress, NULL, dwMemSize, MEM_COMMIT, PAGE_READWRITE)); if (wszDllPath == NULL) { //wprintf_s(_T("Allocate memory in remote process fail\n")); ::CloseHandle(hRemoteProgress); return FALSE; } ::WriteProcessMemory(hRemoteProgress, wszDllPath, wstrRemoteDllFullPath.c_str(), dwMemSize, NULL); FARPROC pfnFunAddr = ::GetProcAddress(::GetModuleHandle(_T("Kernel32")),"LoadLibraryW"); ::CreateRemoteThread(hRemoteProgress, NULL, 0, (LPTHREAD_START_ROUTINE) pfnFunAddr, wszDllPath, 0, NULL); ::VirtualFreeEx(hRemoteProgress, reinterpret_cast<LPVOID>(wszDllPath), dwMemSize, MEM_COMMIT); ::CloseHandle(hRemoteProgress); return TRUE; }
FetchProcessHandle::FetchProcessHandle( const int Pid, std::function<bool(FetchProcessHandleResult&)> cbFetchResult ) : m_pZWQuerySystemInfoformation ( nullptr ), m_pZWQueryObject( nullptr ), m_NtDllName( "ntdll.dll" ) { AdjustProcessTokenPrivilege(); LoadNtDll(); Query( Pid, cbFetchResult ); }