Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Written by Snyp3rEli7E
- // You can change and distribute this program however you want, but please write the original author in a comment: Snyp3rEli7E
- #include <Windows.h>
- #include <iostream>
- #include <string>
- HANDLE GetHandle(LPCSTR windowname)
- {
- HWND hWnd = FindWindowA(0, windowname);
- std::cout << "Waiting for " << windowname << "..." << std::endl;
- while (!hWnd){
- hWnd = FindWindowA(0, windowname);
- Sleep(250);
- }
- system("CLS");
- DWORD pId;
- GetWindowThreadProcessId(hWnd, &pId);
- HANDLE hProc = OpenProcess(PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION | PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD, FALSE, pId);
- int hprocerror = GetLastError();
- if (!hProc) {
- std::cerr << "Cannot open process. Error No. " << hprocerror << " happened.\n Try running this program in administrator mode." << std::endl;
- std::cin.get();
- return 0;
- }
- else{
- return hProc;
- }
- }
- DWORD AllocString(HANDLE hwnd, const char* ToAlloc, size_t strsize){
- PVOID addr = VirtualAllocEx(hwnd, NULL, strsize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
- WriteProcessMemory(hwnd, addr, ToAlloc, strsize, NULL);
- return (DWORD)addr;
- }
- int main(int argc, char** argv){
- SetConsoleTitleA("Simple DLL Injector by Snyp3rEli7E");
- DWORD LLa= (DWORD)LoadLibraryA; //Get LoadLibraryA address
- std::string DllPath;
- if (argc > 1) DllPath = argv[1]; //Get the path if the dll is dragged onto the injector
- else {
- std::cout << "Write the entire DLL path:" << std::endl;
- std::getline(std::cin, DllPath); //Otherwise, get the path from userinput
- }
- std::string option;
- std::cout << "Are you sure the correct path of the DLL to inject is: " << DllPath << " ? (Y/N)" << std::endl;
- std::getline(std::cin, option);
- if (tolower(option[0]) == 'n') {
- system("cls");
- main(1,argv);
- }
- std::string WindowName;
- std::cout << "Write window title of the process: ";
- std::getline(std::cin, WindowName);
- HANDLE hwnd = GetHandle(WindowName.c_str());
- char Payload[13] = { 0xB8, 0x00, 0x00, 0x00, 0x00, 0x68, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xD0, 0xC3 };
- /*
- MOV EAX,00000000 ; LoadLibraryA Address here later
- PUSH 00000000 ; Allocated DLL path Address here later
- CALL EAX ;
- RET ;
- */
- *(DWORD*)(Payload + 1) = LLa; //Modify the Payload by adding LoadLibraryA address
- *(DWORD*)(Payload + 6) = AllocString(hwnd,DllPath.c_str(),DllPath.size()); //Modify the Payload by adding the allocated string address
- DWORD PayloadAddr = AllocString(hwnd, Payload, sizeof(Payload));
- CreateRemoteThread(hwnd, 0, 0, (LPTHREAD_START_ROUTINE)PayloadAddr, 0, 0, 0);
- std::cout << "Dll Injected.\nYou can close this now." << std::endl;
- system("PAUSE>NUL");
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement