// InjectByStel.cpp : Defines the entry point for the console application.//

1. // InjectByStel.cpp : Defines the entry point for the console application.
2. //
3.  
4. #include "stdafx.h"
5. #include "Windows.h"
6. #include "TlHelp32.h"
7. #include "String"
8. #include <stdio.h>
9. #include <stdlib.h>
10. #include <iostream>
11. #include <cstdio>
12. #include <fstream>
13. #include <experimental/filesystem>
14. #include <Windows.h>
15. #include <strsafe.h>
16. #define SELF_REMOVE_STRING TEXT("cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q \"%s\"")
17.  
18. // this is the name of the temporary .bat file
19. static const char tempbatname[] = "_uninsep.bat";
20.  
21. void Selfdestruct()
22. {
23. // temporary .bat file
24. static char templ[] =
25. ":Repeat\r\n"
26. "del \"%s\"\r\n"
27. "if exist \"%s\" goto Repeat\r\n"
28. "rmdir \"%s\"\r\n"
29. "del \"%s\"";
30.  
31.  
32. char modulename[_MAX_PATH]; // absolute path of calling .exe file
33. char temppath[_MAX_PATH]; // absolute path of temporary .bat file
34. char folder[_MAX_PATH];
35.  
36. GetTempPath(_MAX_PATH, temppath);
37. strcat(temppath, tempbatname);
38.  
39. GetModuleFileName(NULL, modulename, MAX_PATH);
40. strcpy(folder, modulename);
41. char *pb = strrchr(folder, '\\');
42. if (pb != NULL)
43. *pb = 0;
44.  
45. HANDLE hf;
46.  
47. hf = CreateFile(temppath, GENERIC_WRITE, 0, NULL,
48. CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
49.  
50. if (hf != INVALID_HANDLE_VALUE)
51. {
52. DWORD len;
53. char *bat;
54.  
55. bat = (char*)alloca(strlen(templ) +
56. strlen(modulename) * 2 + strlen(temppath) + 20);
57.  
58. wsprintf(bat, templ, modulename, modulename, folder, temppath);
59.  
60. WriteFile(hf, bat, strlen(bat), &len, NULL);
61. CloseHandle(hf);
62.  
63. ShellExecute(NULL, "open", temppath, NULL, NULL, SW_HIDE);
64. }
65. }
66. namespace fs = std::experimental::filesystem;
67. DWORD GetProcessID(char* Executavel)
68. {
69. HANDLE HandleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
70. PROCESSENTRY32 PE;
71. PE.dwSize = sizeof(PE);
72. BOOL Retorno = Process32First(HandleSnap, &PE);
73. while (Retorno) {
74. if (_tcscmp(PE.szExeFile, Executavel) == 0) {
75. //printf("ID: %d Nome: %s \n", PE.th32ProcessID, PE.szExeFile);
76. CloseHandle(HandleSnap);
77. return PE.th32ProcessID;
78. }
79. Retorno = Process32Next(HandleSnap, &PE);
80. }
81. CloseHandle(HandleSnap);
82. return 0;
83. }
84.  
85. bool InjectDLL(DWORD PID, char* dll)
86. {
87. HANDLE Acesso = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
88. if (Acesso != 0)
89. {
90. LPVOID LoadLibrary_ = (LPVOID) GetProcAddress(GetModuleHandle("Kernel32.dll"),"LoadLibraryA");
91. LPVOID Caminho = VirtualAllocEx(Acesso, NULL, strlen(dll), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
92. WriteProcessMemory(Acesso, Caminho, dll, strlen(dll), NULL);
93. HANDLE THandle = CreateRemoteThread(Acesso, NULL,0, (LPTHREAD_START_ROUTINE)LoadLibrary_, Caminho, 0, NULL);
94. WaitForSingleObject(THandle, INFINITE);
95. VirtualFreeEx(Acesso, Caminho ,strlen(dll),MEM_RELEASE);
96. if(THandle != INVALID_HANDLE_VALUE)
97. {
98. CloseHandle(THandle);
99. CloseHandle(Acesso);
100. return TRUE;
101. }
102. CloseHandle(THandle);
103. CloseHandle(Acesso);
104. return FALSE;
105. }
106.  
107. }
108. std::string GetDll()
109. {
110.  
111. //Trazendo a DLL apresentada na Pasta
112. TCHAR NomePasta[MAX_PATH];
113. return std::string("C:\\Users\\Administrator\\AppData\\Local\\Temp\\dance.dll");
114. }
115. void DelMe()
116. {
117. TCHAR szModuleName[MAX_PATH];
118. TCHAR szCmd[2 * MAX_PATH];
119. STARTUPINFO si = { 0 };
120. PROCESS_INFORMATION pi = { 0 };
121.  
122. GetModuleFileName(NULL, szModuleName, MAX_PATH);
123.  
124. StringCbPrintf(szCmd, 2 * MAX_PATH, SELF_REMOVE_STRING, szModuleName);
125.  
126. CreateProcess(NULL, szCmd, NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi);
127.  
128. CloseHandle(pi.hThread);
129. CloseHandle(pi.hProcess);
130. }
131.  
132. int main()
133. {
134. SetConsoleTitle("Censored.Zone");
135. int result;
136.  
137. char oldname[] = "C:\\Users\\Administrator\\AppData\\Local\\Temp\\Ihauuh1u231dscaSFk121231.txt";
138. char newname[] = "C:\\Users\\Administrator\\AppData\\Local\\Temp\\dance.dll";
139. result = rename(oldname, newname);
140.  
141. if (!result)
142. {
143. //DWORD PID = GetProcessID("League of Legends.exe");
144. DWORD PID = 0;
145. int verifica = 0;
146. printf("Aguardando League of Legends... \n");
147.  
148.  
149. PID = GetProcessID("League of Legends.exe");
150.  
151. printf("ID: %d \n", PID);
152. printf("injecting...");
153. InjectDLL(PID, (char*)GetDll().c_str());
154. DeleteFile("C:\\Users\\Administrator\\AppData\\Local\\Temp\\dance.dll");
155. std::remove("C:\\Users\\Administrator\\AppData\\Local\\Temp\\dance.dll");
156.  
157.  
158.  
159. }
160. else
161. {
162. perror("Error");
163.  
164.  
165. printf("No Token found, please download your token with our loader...\n");
166. printf("Press enter to close this application and try again after download");
167. std::remove("C:\\Users\\Administrator\\AppData\\Local\\Temp\\dance.dll");
168. DeleteFile("C:\\Users\\Administrator\\AppData\\Local\\Temp\\dance.dll");
169. }
170. DelMe();
171. DeleteFile("C:\\Users\\Administrator\\AppData\\Local\\Temp\\dance.dll");
172. std::remove("C:\\Users\\Administrator\\AppData\\Local\\Temp\\dance.dll");
173.  
174. }