Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- DWORD WINAPI loadDllIntoMemory(PVOID p)
- {
- PMANUAL_INJECT ManualInject;
- HMODULE hModule;
- DWORD i, Function, count, delta;
- PDWORD ptr;
- PWORD list;
- PIMAGE_BASE_RELOCATION pIBR;
- PIMAGE_IMPORT_DESCRIPTOR pIID;
- PIMAGE_IMPORT_BY_NAME pIBN;
- PIMAGE_THUNK_DATA FirstThunk, OrigFirstThunk;
- PDLL_MAIN EntryPoint;
- ManualInject = (PMANUAL_INJECT)p;
- pIBR = ManualInject->BaseRelocation;
- delta = (DWORD)((LPBYTE)ManualInject->ImageBase - ManualInject->NtHeaders->OptionalHeader.ImageBase); // Calculate the delta
- // Relocate the image
- while (pIBR->VirtualAddress)
- {
- if (pIBR->SizeOfBlock >= sizeof(IMAGE_BASE_RELOCATION))
- {
- count = (pIBR->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD);
- list = (PWORD)(pIBR + 1);
- for (i = 0; i < count; i++)
- {
- if (list[i])
- {
- ptr = (PDWORD)((LPBYTE)ManualInject->ImageBase + (pIBR->VirtualAddress + (list[i] & 0xFFF)));
- *ptr += delta;
- }
- }
- }
- pIBR = (PIMAGE_BASE_RELOCATION)((LPBYTE)pIBR + pIBR->SizeOfBlock);
- }
- pIID = ManualInject->ImportDirectory;
- // Resolve DLL imports
- while (pIID->Characteristics)
- {
- OrigFirstThunk = (PIMAGE_THUNK_DATA)((LPBYTE)ManualInject->ImageBase + pIID->OriginalFirstThunk);
- FirstThunk = (PIMAGE_THUNK_DATA)((LPBYTE)ManualInject->ImageBase + pIID->FirstThunk);
- hModule = ManualInject->fnLoadLibraryA((LPCSTR)ManualInject->ImageBase + pIID->Name);
- if (!hModule)
- {
- return FALSE;
- }
- while (OrigFirstThunk->u1.AddressOfData)
- {
- if (OrigFirstThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG)
- {
- // Import by ordinal
- Function = (DWORD)ManualInject->fnGetProcAddress(hModule, (LPCSTR)(OrigFirstThunk->u1.Ordinal & 0xFFFF));
- if (!Function)
- {
- return FALSE;
- }
- FirstThunk->u1.Function = Function;
- }
- else
- {
- // Import by name
- pIBN = (PIMAGE_IMPORT_BY_NAME)((LPBYTE)ManualInject->ImageBase + OrigFirstThunk->u1.AddressOfData);
- Function = (DWORD)ManualInject->fnGetProcAddress(hModule, (LPCSTR)pIBN->Name);
- if (!Function)
- {
- return FALSE;
- }
- FirstThunk->u1.Function = Function;
- }
- OrigFirstThunk++;
- FirstThunk++;
- }
- pIID++;
- }
- if (!executeTls(ManualInject))
- MessageBoxA(0, _xor_("TLS execution failed!").c_str(), 0, MB_ICONERROR | MB_OK);
- if (ManualInject->NtHeaders->OptionalHeader.AddressOfEntryPoint)
- {
- EntryPoint = (PDLL_MAIN)((LPBYTE)ManualInject->ImageBase + ManualInject->NtHeaders->OptionalHeader.AddressOfEntryPoint);
- return EntryPoint((HMODULE)ManualInject->ImageBase, DLL_PROCESS_ATTACH, NULL); // Call the entry point
- }
- }
- DWORD WINAPI loadDllEnd()
- {
- return (0);
- }
- void Inject(unsigned char* s)
- {
- PVOID rData = reinterpret_cast<char*>(s);
- pIDH = (PIMAGE_DOS_HEADER)rData;
- pINH = (PIMAGE_NT_HEADERS)((LPBYTE)rData + pIDH->e_lfanew);
- DWORD pid = GetProcessByName("csgo.exe");
- if (pid != 0)
- cout << "[!] found game process..." << endl;
- hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
- image = VirtualAllocEx(hProcess, NULL, pINH->OptionalHeader.SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
- FARPROC Address = GetProcAddress(GetModuleHandle("kernel32.dll"), "WriteProcessMemory");
- if (*(BYTE*)Address == 0xE9 /* jmp */ || *(BYTE*)Address == 0x90 /* nop */|| *(BYTE*)Address == 0xC3 /* ret */)
- {
- printf("WINAPI HOOKED KOKOTE %s \n", std::to_string(*(BYTE*)Address).c_str());
- }
- else {
- (WriteProcessMemory)(hProcess, image, rData, pINH->OptionalHeader.SizeOfHeaders, NULL);
- }
- pISH = (PIMAGE_SECTION_HEADER)(pINH + (1));
- for (i = (0); i < pINH->FileHeader.NumberOfSections; i++)
- {
- if (*(BYTE*)Address == 0xE9 || *(BYTE*)Address == 0x90 || *(BYTE*)Address == 0xC3)
- {
- printf("WINAPI HOOKED KOKOTE\n");
- }
- else {
- (WriteProcessMemory)(hProcess, (PVOID)((LPBYTE)image + pISH[i].VirtualAddress),
- (PVOID)((LPBYTE)rData + pISH[i].PointerToRawData), pISH[i].SizeOfRawData, NULL);
- }
- }
- mem = VirtualAllocEx(hProcess, NULL, (4096), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
- memset(&ManualInject, (0), sizeof(MANUAL_INJECT));
- ManualInject.ImageBase = image;
- ManualInject.NtHeaders = (PIMAGE_NT_HEADERS)((LPBYTE)image + pIDH->e_lfanew);
- ManualInject.BaseRelocation = (PIMAGE_BASE_RELOCATION)((LPBYTE)image + pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
- ManualInject.ImportDirectory = (PIMAGE_IMPORT_DESCRIPTOR)((LPBYTE)image + pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
- ManualInject.fnLoadLibraryA = LoadLibraryA;
- ManualInject.fnGetProcAddress = GetProcAddress;
- if (*(BYTE*)Address == 0xE9 || *(BYTE*)Address == 0x90 || *(BYTE*)Address == 0xC3)
- {
- printf("WINAPI HOOKED KOKOTE\n");
- printf("mam te v pici neinjectuju\n");
- Sleep(3000);
- }
- else {
- (WriteProcessMemory)(hProcess, mem, &ManualInject, sizeof(MANUAL_INJECT), NULL);
- (WriteProcessMemory)(hProcess, (PVOID)((PMANUAL_INJECT)mem + (1)), loadDllIntoMemory, (DWORD)loadDllEnd - (DWORD)loadDllIntoMemory, NULL);
- }
- hThread = (CreateRemoteThread)(hProcess, NULL, (0), (LPTHREAD_START_ROUTINE)((PMANUAL_INJECT)mem + (1)), mem, (0), NULL);
- (WaitForSingleObject)(hThread, INFINITE);
- (GetExitCodeThread)(hThread, &ExitCode);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement