SakiirDLLInjector

1. #include <Windows.h>
2. #include <TlHelp32.h>
3. #include <stdio.h>
4. #include <stdlib.h>
5.  
6.  
7. typedef HINSTANCE(*fpLoadLibrary)(char*);
8.  
9. DWORD GetPidByName(const char* processname)
10. {
11.     HANDLE hProcessSnap;
12.     PROCESSENTRY32 p;
13.     hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
14.     p.dwSize = sizeof(PROCESSENTRY32);
15.     if (Process32First(hProcessSnap, &p))
16.     {
17.         do{
18.             if (!strcmp(processname, p.szExeFile)) return (p.th32ProcessID);
19.         } while (Process32Next(hProcessSnap, &p));
20.         return (-1);
21.     }
22.     else return (-1);
23. }
24.  
25.  
26.  
27. int main(int argc, char **argv)
28. {
29.  
30.     if (argc != 3)
31.     {
32.         printf("#DLL INJECTOR BY SAKIIR !\n");
33.         printf("\tUsage : ./injector <process.exe> <DLL_PATH>\n");
34.         printf("\tExemple : ./injector iexplorer.exe C:\\inject_me.dll\n");
35.         Sleep(3000);
36.         ExitProcess(1);
37.     }
38.  
39.     typedef UINT (CALLBACK* LPFNDLLFUNC1)(DWORD,UINT);
40.     STARTUPINFOA startupInfo;
41.     //PROCESS_INFORMATION processInformation;
42.     char PROCESS[1024];
43.     char DLL_PATH[1024];
44.     HINSTANCE hDLL;
45.     DWORD PID;
46.     HANDLE hProcess;
47.  
48.     printf("\n\n#DLL INJECTOR BY SAKIIR !\n\n");
49.     printf("[*] Getting Arguments..\n");
50.     strncpy(PROCESS, argv[1], 1023);
51.     strncpy(DLL_PATH, argv[2], 1023);
52.     printf("[+] Arguments Gotten !\n");
53.     printf("[*] Process Name : %s\n",PROCESS);
54.     printf("[*] DLL Name : %s\n", DLL_PATH);
55.  
56.  
57.     hDLL = GetModuleHandleA("kernel32");
58.     LPFNDLLFUNC1 pLoadLibrary = (LPFNDLLFUNC1)GetProcAddress(hDLL,"LoadLibraryA");
59.     printf("[*] LoadLibrary() : 0x%x\n",pLoadLibrary);
60.  
61.     printf("[*] Getting Process ID of %s...\n",PROCESS);
62.     while((PID = GetPidByName(PROCESS)) == -1) Sleep(500);
63.     printf("[+] Process ID Gotten !\n");
64.  
65.     printf("[*] Openning Process With All Access...\n");
66.     hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, PID);
67.     if(hProcess == NULL)
68.     {
69.         printf("[-] Failed To OpenProcess :(...\n");
70.         exit(1);
71.     }
72.     printf("[+] Successfully Created Process !\n");
73.  
74.  
75.     // Allocating Virtual Memory
76.     printf("[*] Allocating Virtual Memory ... \n");
77.     void* pReservedSpace = VirtualAllocEx(hProcess,NULL,strlen(DLL_PATH),MEM_COMMIT,PAGE_EXECUTE_READWRITE);
78.     if(!pReservedSpace)
79.     {
80.         printf("[-] Failed To VirtualAllocEx() ...\n");
81.         exit(1);
82.     }
83.     printf("[+] Succefully : Allocating Memory\n");
84.  
85.  
86.  
87.     //Writing Into Virtual Memory
88.     printf("[*] Writing Into Virtual Memory...\n");
89.     if(!WriteProcessMemory(hProcess,pReservedSpace,DLL_PATH,strlen(DLL_PATH),NULL))
90.     {
91.         printf("[-] Failed To WriteProcessMemory() ...\n");
92.         exit(1);
93.     }
94.     printf("[+] Succefully : Writing Into Memory\n");
95.  
96.  
97.  
98.     //Creating Remote Thread
99.     printf("[*] Creating Remote Thread..\n");
100.     HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pLoadLibrary, pReservedSpace, 0, NULL);
101.     if(!hThread)
102.     {
103.         printf("[-] Failed To CreateRemoteThread() ...\n");
104.         exit(1);
105.     }
106.      printf("[+] Succefully : Creating Remote Thread\n");
107.      printf("[+] Thread is Created !\n");
108.  
109.     WaitForSingleObject(hThread,INFINITE);
110.     VirtualFreeEx(hProcess,pReservedSpace,strlen(DLL_PATH),MEM_COMMIT);
111.     printf("[+] END ! :)\n");
112.     return 0;
113. }