VB Injection Source

1. Public Class Form1
2.  
3.     Private TargetProcessHandle As Integer
4.     Private pfnStartAddr As Integer
5.     Private pszLibFileRemote As String
6.     Private TargetBufferSize As Integer
7.  
8.     Public Const PROCESS_VM_READ = &H10
9.     Public Const TH32CS_SNAPPROCESS = &H2
10.     Public Const MEM_COMMIT = 4096
11.     Public Const PAGE_READWRITE = 4
12.     Public Const PROCESS_CREATE_THREAD = (&H2)
13.     Public Const PROCESS_VM_OPERATION = (&H8)
14.     Public Const PROCESS_VM_WRITE = (&H20)
15.  
16.     Public Declare Function ReadProcessMemory Lib "kernel32" ( _
17.     ByVal hProcess As Integer, _
18.     ByVal lpBaseAddress As Integer, _
19.     ByVal lpBuffer As String, _
20.     ByVal nSize As Integer, _
21.     ByRef lpNumberOfBytesWritten As Integer) As Integer
22.  
23.     Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" ( _
24.     ByVal lpLibFileName As String) As Integer
25.  
26.     Public Declare Function VirtualAllocEx Lib "kernel32" ( _
27.     ByVal hProcess As Integer, _
28.     ByVal lpAddress As Integer, _
29.     ByVal dwSize As Integer, _
30.     ByVal flAllocationType As Integer, _
31.     ByVal flProtect As Integer) As Integer
32.  
33.     Public Declare Function WriteProcessMemory Lib "kernel32" ( _
34.     ByVal hProcess As Integer, _
35.     ByVal lpBaseAddress As Integer, _
36.     ByVal lpBuffer As String, _
37.     ByVal nSize As Integer, _
38.     ByRef lpNumberOfBytesWritten As Integer) As Integer
39.  
40.     Public Declare Function GetProcAddress Lib "kernel32" ( _
41.     ByVal hModule As Integer, ByVal lpProcName As String) As Integer
42.  
43.     Private Declare Function GetModuleHandle Lib "Kernel32" Alias "GetModuleHandleA" ( _
44.     ByVal lpModuleName As String) As Integer
45.  
46.     Public Declare Function CreateRemoteThread Lib "kernel32" ( _
47.     ByVal hProcess As Integer, _
48.     ByVal lpThreadAttributes As Integer, _
49.     ByVal dwStackSize As Integer, _
50.     ByVal lpStartAddress As Integer, _
51.     ByVal lpParameter As Integer, _
52.     ByVal dwCreationFlags As Integer, _
53.     ByRef lpThreadId As Integer) As Integer
54.  
55.     Public Declare Function OpenProcess Lib "kernel32" ( _
56.     ByVal dwDesiredAccess As Integer, _
57.     ByVal bInheritHandle As Integer, _
58.     ByVal dwProcessId As Integer) As Integer
59.  
60.     Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" ( _
61.     ByVal lpClassName As String, _
62.     ByVal lpWindowName As String) As Integer
63.  
64.     Private Declare Function CloseHandle Lib "kernel32" Alias "CloseHandleA" ( _
65.     ByVal hObject As Integer) As Integer
66.  
67.  
68.     Private Sub Inject()
69.         On Error GoTo 1 ' If error occurs, app will close without any error messages
70.        Timer1.Stop()
71.         Dim TargetProcess As Process() = Process.GetProcessesByName(TextBox1.Text)
72.         TargetProcessHandle = OpenProcess(PROCESS_CREATE_THREAD Or PROCESS_VM_OPERATION Or PROCESS_VM_WRITE, False, TargetProcess(0).Id)
73.         pszLibFileRemote = OpenFileDialog1.FileName
74.         pfnStartAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
75.         TargetBufferSize = 1 + Len(pszLibFileRemote)
76.         Dim Rtn As Integer
77.         Dim LoadLibParamAdr As Integer
78.         LoadLibParamAdr = VirtualAllocEx(TargetProcessHandle, 0, TargetBufferSize, MEM_COMMIT, PAGE_READWRITE)
79.         Rtn = WriteProcessMemory(TargetProcessHandle, LoadLibParamAdr, pszLibFileRemote, TargetBufferSize, 0)
80.         CreateRemoteThread(TargetProcessHandle, 0, 0, pfnStartAddr, LoadLibParamAdr, 0, 0)
81.         CloseHandle(TargetProcessHandle)
82. 1:      Me.Close()
83.     End Sub
84.  
85.     Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
86.         Timer1.Start()
87.         Timer2.Start()
88.     End Sub
89.  
90.     Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
91.         OpenFileDialog1.Filter = "DLL (*.dll) |*.dll|(*.*) |*.*"
92.         OpenFileDialog1.ShowDialog()
93.         Dim FileName As String
94.         FileName = OpenFileDialog1.FileName.Substring(OpenFileDialog1.FileName.LastIndexOf("\"))
95.         Dim DllFileName As String = FileName.Replace("\", "")
96.         Me.TextBox2.Text = (DllFileName)
97.     End Sub
98.  
99.     Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
100.         If IO.File.Exists(OpenFileDialog1.FileName) Then
101.             Dim TargetProcess As Process() = Process.GetProcessesByName(TextBox1.Text)
102.             If TargetProcess.Length = 0 Then
103.                 Label4.Text = ("Waiting for " + TextBox1.Text + ".exe")
104.             Else
105.                 If RadioButton2.Checked Then
106.                     Timer1.Stop()
107.                     Label4.Text = "Successfully Injected!"
108.                     Call Inject()
109.                 End If
110.             End If
111.         Else
112.             Label4.Text = ("Error dll not found!")
113.         End If
114.     End Sub
115.  
116.     Private Sub Timer2_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer2.Tick
117.         If RadioButton1.Checked Then
118.             Button2.Enabled = True
119.         End If
120.         If RadioButton2.Checked Then
121.             Button2.Enabled = False
122.         End If
123.     End Sub
124.  
125.     Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
126.         Call Inject()
127.         Me.Label4.Text = "Successfully Injected!"
128.     End Sub
129. End Class