Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <windows.h>
- #include <stdio.h>
- int main( int argc,char* argv[ ] ) {
- if( argc < 3 ) {
- printf( "Usage: Inject <executable> <injected DLL>\n" );
- return 1;
- }
- STARTUPINFO si;
- PROCESS_INFORMATION pi;
- char szLibPath[ MAX_PATH + 1 ];
- // Start our process in suspended mode
- ZeroMemory( &si,sizeof( si ) );
- ZeroMemory( &pi,sizeof( pi ) );
- CreateProcess( argv[ 1 ],NULL,NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&si,&pi );
- strcpy( szLibPath,argv[ 2 ] );
- // Allocate memory in the remote process for szLibPath
- void* pLibRemote = VirtualAllocEx( pi.hProcess,NULL,sizeof(szLibPath),MEM_COMMIT,PAGE_EXECUTE_READWRITE );
- // Write szLibPath to the allocated memory
- WriteProcessMemory( pi.hProcess,pLibRemote,( void* ) szLibPath,sizeof( szLibPath ),NULL );
- // Load our dll into the remote process (via CreateRemoteThread & LoadLibrary)
- HMODULE hKernel32 = GetModuleHandle( "kernel32.dll" );
- HANDLE hThread = CreateRemoteThread( pi.hProcess,NULL,0,( LPTHREAD_START_ROUTINE) GetProcAddress( hKernel32,"LoadLibraryA" ),pLibRemote,0,NULL );
- // Wait for hotpatching to complete
- WaitForSingleObject( hThread,INFINITE );
- // Resume the primary thread of our process
- ResumeThread( pi.hThread );
- // Clean up
- CloseHandle( hThread );
- VirtualFreeEx( pi.hProcess, pLibRemote, sizeof(szLibPath), MEM_RELEASE );
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
