Injector

1. #include <windows.h>
2. #include <tlhelp32.h>
3. #include <shlwapi.h>
4. #include <conio.h>
5. #include <stdio.h>
6.  
7.  
8. #define WIN32_LEAN_AND_MEAN
9. #define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
10.  
11. BOOL Inject(DWORD pID, const char * DLL_NAME);
12. DWORD GetTargetThreadIDFromProcName(const char * ProcName);
13.  
14. int main(int argc, char * argv[])
15. {
16. // Retrieve process ID
17. DWORD pID = GetTargetThreadIDFromProcName("Engine.exe");
18.  
19. // Get the dll's full path name
20. char buf[MAX_PATH] = {0};
21. GetFullPathName("HACKS.dll", MAX_PATH, buf, NULL);
22. printf(buf);
23. printf("\n");
24.  
25. // Inject our main dll
26. if(!Inject(pID, buf))
27. {
28.  
29. printf("DLL Not Loaded!");
30. }else{
31. printf("DLL Loaded!");
32. }
33.  
34. _getch();
35. return 0;
36. }
37.  
38. BOOL Inject(DWORD pID, const char * DLL_NAME)
39. {
40. HANDLE Proc;
41. HMODULE hLib;
42. char buf[50] = {0};
43. LPVOID RemoteString, LoadLibAddy;
44.  
45. if(!pID)
46. return false;
47.  
48. Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
49. if(!Proc)
50. {
51. sprintf(buf, "OpenProcess() failed: %d", GetLastError());
52. //MessageBox(NULL, buf, "Loader", MB_OK);
53. printf(buf);
54. return false;
55. }
56.  
57. LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
58.  
59. // Allocate space in the process for our DLL
60. RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
61.  
62. // Write the string name of our DLL in the memory allocated
63. WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL);
64.  
65. // Load our DLL
66. CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL);
67.  
68. CloseHandle(Proc);
69. return true;
70. }
71.  
72. DWORD GetTargetThreadIDFromProcName(const char * ProcName)
73. {
74. PROCESSENTRY32 pe;
75. HANDLE thSnapShot;
76. BOOL retval, ProcFound = false;
77.  
78. thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
79. if(thSnapShot == INVALID_HANDLE_VALUE)
80. {
81. //MessageBox(NULL, "Error: Unable to create toolhelp snapshot!", "2MLoader", MB_OK);
82. printf("Error: Unable to create toolhelp snapshot!");
83. return false;
84. }
85.  
86. pe.dwSize = sizeof(PROCESSENTRY32);
87.  
88. retval = Process32First(thSnapShot, &pe);
89. while(retval)
90. {
91. if(StrStrI(pe.szExeFile, ProcName))
92. {
93. return pe.th32ProcessID;
94. }
95. retval = Process32Next(thSnapShot, &pe);
96. }
97. return 0;
98. }