Simple DLL injector

1. //  Written by mgostIH
2.  
3. //  You can change and distribute this program however you want, but please write the original author in a comment: mgostIH
4.  
5. #include <Windows.h>
6. #include <iostream>
7. #include <string>
8.  
9. HANDLE GetHandle(LPCSTR windowname)
10. {
11.     HWND hWnd = FindWindowA(0, windowname);
12.     std::cout << "Waiting for " << windowname << "..." << std::endl;
13.     while (!hWnd){
14.         hWnd = FindWindowA(0, windowname);
15.         Sleep(250);
16.  
17.     }
18.     system("CLS");
19.     DWORD pId;
20.  
21.     GetWindowThreadProcessId(hWnd, &pId);
22.  
23.     HANDLE hProc = OpenProcess(PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION | PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD, FALSE, pId);
24.     int hprocerror = GetLastError();
25.     if (!hProc) {
26.         std::cerr << "Cannot open process. Error No. " << hprocerror << " happened.\n Try running this program in administrator mode." << std::endl;
27.         std::cin.get();
28.         return 0;
29.     }
30.     else{
31.         return hProc;
32.     }
33. }
34. DWORD AllocString(HANDLE hwnd, const char* ToAlloc, size_t strsize){
35.     PVOID addr = VirtualAllocEx(hwnd, NULL, strsize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
36.     WriteProcessMemory(hwnd, addr, ToAlloc, strsize, NULL);
37.     return (DWORD)addr;
38.  
39. }
40.  
41. int main(int argc, char** argv){
42.     SetConsoleTitleA("Simple DLL Injector by mgostIH");
43.     DWORD LLa= (DWORD)LoadLibraryA;             //Get LoadLibraryA address
44.     std::string DllPath;
45.  
46.     if (argc > 1) DllPath = argv[1];            //Get the path if the dll is dragged onto the injector
47.     else {
48.             std::cout << "Write the entire DLL path:" << std::endl;
49.             std::getline(std::cin, DllPath);    //Otherwise, get the path from userinput
50.         }
51.  
52.     std::string option;
53.     std::cout << "Are you sure the correct path of the DLL to inject is: " << DllPath << " ? (Y/N)" << std::endl;
54.     std::getline(std::cin, option);
55.  
56.     if (tolower(option[0]) == 'n') {
57.         system("cls");
58.         main(1,argv);
59.     }
60.  
61.     std::string WindowName;
62.     std::cout << "Write window title of the process: ";
63.     std::getline(std::cin, WindowName);
64.     HANDLE hwnd = GetHandle(WindowName.c_str());
65.  
66.     char Payload[13] = { 0xB8, 0x00, 0x00, 0x00, 0x00, 0x68, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xD0, 0xC3 };
67.  
68.     /*
69.     MOV EAX,00000000    ; LoadLibraryA Address here later
70.     PUSH 00000000       ; Allocated DLL path Address here later
71.     CALL EAX            ;
72.     RET                 ;
73.     */
74.  
75.     *(DWORD*)(Payload + 1) = LLa;                                   //Modify the Payload by adding LoadLibraryA address
76.     *(DWORD*)(Payload + 6) = AllocString(hwnd,DllPath.c_str(),DllPath.size());  //Modify the Payload by adding the allocated string address
77.  
78.     DWORD PayloadAddr = AllocString(hwnd, Payload, sizeof(Payload));
79.     CreateRemoteThread(hwnd, 0, 0, (LPTHREAD_START_ROUTINE)PayloadAddr, 0, 0, 0);
80.    
81.     std::cout << "Dll Injected.\nYou can close this now." << std::endl;
82.     system("PAUSE>NUL");
83.    
84. }