API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 25th, 2017
80
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.19 KB | None | 0 0
raw download clone embed print report
  1. #include "stdafx.h"
  2.  
  3.  
  4. int wmain(int argc, wchar_t* argv[]) {
  5. assert(argc > 1);
  6.  
  7. // build command line
  8.  
  9. wchar_t commandLine[MAX_PATH * 2];
  10. ::lstrcpyW(commandLine, argv[1]);
  11. if (argc > 2) {
  12. ::lstrcatW(commandLine, L" ");
  13. ::lstrcatW(commandLine, argv[2]);
  14. }
  15.  
  16. PROCESS_INFORMATION pi;
  17. STARTUPINFO si = { sizeof(si) };
  18.  
  19. // create the actual process with the debug flag to avoid an infinite loop
  20.  
  21. BOOL bCreated = ::CreateProcessW(nullptr, commandLine, nullptr, nullptr, FALSE, DEBUG_PROCESS, nullptr, nullptr, &si, &pi);
  22. if (bCreated) {
  23. WCHAR path[MAX_PATH];
  24. ::GetModuleFileName(nullptr, path, MAX_PATH);
  25. *::wcsrchr(path, L'\') = L'';
  26. ::wcscat_s(path, MAX_PATH, L"\dllmain.Dll");
  27.  
  28. // create a semaphore which count represents the main thread ID
  29.  
  30. HANDLE hSemaphore = ::CreateSemaphore(nullptr, pi.dwThreadId - 1, pi.dwThreadId, L"InjectedMainThread");
  31. assert(hSemaphore);
  32.  
  33. // duplicate in the injected process so the semaphore survives after the injected process goes away
  34.  
  35. HANDLE hTarget = nullptr;
  36. ::DuplicateHandle(::GetCurrentProcess(), hSemaphore, pi.hProcess, &hTarget, 0, FALSE, DUPLICATE_SAME_ACCESS);
  37. assert(hTarget);
  38.  
  39. // allocate buffer for the DLL path name
  40.  
  41. void* pPathBuffer = ::VirtualAllocEx(pi.hProcess, nullptr, MAX_PATH * sizeof(WCHAR), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
  42. assert(pPathBuffer);
  43.  
  44. // write the path
  45.  
  46. SIZE_T written;
  47. ::WriteProcessMemory(pi.hProcess, pPathBuffer, path, MAX_PATH * sizeof(WCHAR), &written);
  48.  
  49. // create a remote thread to load the DLL
  50.  
  51. HANDLE hRemoteThread = ::CreateRemoteThread(pi.hProcess, nullptr, 0,
  52. (PTHREAD_START_ROUTINE)::GetProcAddress(::GetModuleHandle(L"kernel32"), "LoadLibraryW"),
  53. pPathBuffer, 0, nullptr);
  54.  
  55. // allow the process to continue after this one exits
  56.  
  57. ::DebugSetProcessKillOnExit(FALSE);
  58.  
  59. // close handles (not really needed as we're existing)
  60.  
  61. ::CloseHandle(hRemoteThread);
  62. ::CloseHandle(pi.hProcess);
  63. ::CloseHandle(pi.hThread);
  64. ::CloseHandle(hSemaphore);
  65. }
  66.  
  67. return 0;
  68. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!