Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <stdio.h>
- #include <stdlib.h>
- #include <Windows.h>
- #include <TlHelp32.h>
- DWORD *find_process_pid(char *exe_name)
- {
- DWORD* threads_list = (DWORD*)malloc(sizeof(DWORD) * 5);
- HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPTHREAD, 0);
- int i = 0;
- if (hSnapshot == INVALID_HANDLE_VALUE)
- {
- return NULL;
- }
- PROCESSENTRY32 pe = { sizeof(pe) };
- if (Process32First(hSnapshot, &pe))
- {
- do {
- if (strcmp(pe.szExeFile, exe_name) == 0)
- {
- THREADENTRY32 te = { sizeof(te) };
- threads_list[0] = pe.th32ProcessID;
- if (Thread32First(hSnapshot, &te)) {
- do {
- if (te.th32OwnerProcessID == threads_list[0]) {
- i++;
- threads_list[i] = (te.th32ThreadID);
- }
- } while (Thread32Next(hSnapshot, &te));
- }
- break;
- }
- } while (Process32Next(hSnapshot, &pe));
- }
- return threads_list;
- }
- int main(int argc, CHAR* argv[])
- {
- HMODULE handle = GetModuleHandle("kernel32.dll");
- FARPROC load_library = GetProcAddress(handle, "LoadLibraryA");
- DWORD *threads = (DWORD*)malloc(sizeof(DWORD) * 5);
- //threads = {0}
- threads = find_process_pid(argv[1]);
- printf("Process id is: %d\n", threads[0]);
- printf("Thread id is: %d\n", threads[1]);
- printf("Thread id is: %d\n", threads[2]);
- printf("Thread id is: %d\n", threads[3]);
- HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, threads[0]);
- LPVOID remote_address = VirtualAllocEx(hProcess, NULL, strlen(argv[2]) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
- WriteProcessMemory(hProcess, remote_address, argv[2], strlen(argv[2]), NULL);
- for (int i = 1; i < sizeof(threads); i++)
- {
- HANDLE hThread = OpenThread(THREAD_SET_CONTEXT, FALSE, threads[i]);
- if (hThread) {
- QueueUserAPC((PAPCFUNC)load_library, hThread, (ULONG_PTR)remote_address);
- }
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
