#include <windows.h> #include <tlhelp32.h> #include <shlwapi.h> #include

1.  
2. #include <windows.h>
3. #include <tlhelp32.h>
4. #include <shlwapi.h>
5. #include <conio.h>
6. #include <stdio.h>
7. #include <iostream>
8.  
9. #define WIN32_LEAN_AND_MEAN
10. #define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
11.  
12.  
13. using namespace std;
14.  
15. BOOL Inject(DWORD pID, const char * DLL_NAME);
16. DWORD GetTargetThreadIDFromProcName(const char * ProcName);
17.  
18. int main(int argc, char * argv[])
19. {
20.    // Retrieve process ID
21.    DWORD pID = GetTargetThreadIDFromProcName("notepad.exe");
22.     cout <<"process id" <<pID<<endl;
23.    // Get the <strong class="highlight">dll</strong>'s full path name
24.    char buf[MAX_PATH] = {0};
25.    GetFullPathName("Project1.dll", MAX_PATH, buf, NULL);
26.    printf(buf);
27.    printf("\n");
28.    
29.    // Inject our main <strong class="highlight">dll</strong>
30.    if(!Inject(pID, buf))
31.    {
32.  
33.         printf("DLL Not Loaded!");
34.     }else{
35.         printf("DLL Loaded!");
36.         cout <<buf<<endl;
37.     }
38.  
39.     _getch();
40.    return 0;
41. }
42.  
43. BOOL Inject(DWORD pID, const char * DLL_NAME)
44. {
45.    HANDLE Proc;
46.    HMODULE hLib;
47.    char buf[50] = {0};
48.    LPVOID RemoteString, LoadLibAddy;
49.  
50.    if(!pID)
51.       return false;
52.  
53.    Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
54.    if(!Proc)
55.    {
56.       sprintf(buf, "OpenProcess() failed: %d", GetLastError());
57.       //MessageBox(NULL, buf, "Loader", MB_OK);
58.       printf(buf);
59.       return false;
60.    }
61.    
62.    LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
63.  
64.    // Allocate space in the process for our <strong class="highlight">DLL</strong>
65.    RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
66.  
67.    // Write the string name of our <strong class="highlight">DLL</strong> in the memory allocated
68.    WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL);
69.  
70.    // Load our <strong class="highlight">DLL</strong>
71.    CreateRemoteThread(Proc, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, 0, 0);
72.  
73.    CloseHandle(Proc);
74.    return true;
75. }
76.  
77. DWORD GetTargetThreadIDFromProcName(const char * ProcName)
78. {
79.    PROCESSENTRY32 pe;
80.    HANDLE thSnapShot;
81.    BOOL retval, ProcFound = false;
82.  
83.    thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
84.    if(thSnapShot == INVALID_HANDLE_VALUE)
85.    {
86.       //MessageBox(NULL, "Error: Unable to create toolhelp snapshot!", "2MLoader", MB_OK);
87.       printf("Error: Unable to create toolhelp snapshot!");
88.       return false;
89.    }
90.  
91.    pe.dwSize = sizeof(PROCESSENTRY32);
92.    
93.    retval = Process32First(thSnapShot, &pe);
94.    while(retval)
95.    {
96.       if(StrStrI(pe.szExeFile, ProcName))
97.       {
98.          return pe.th32ProcessID;
99.       }
100.       retval = Process32Next(thSnapShot, &pe);
101.    }
102.    return 0;
103. }