Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <iostream>
- #include <direct.h>
- #include <windows.h>
- #include <TlHelp32.h>
- #define BUFSIZE 4096
- extern "C" __declspec(dllimport) void Share();
- int main()
- {
- LPCSTR dllPath = "C:\\Program Files\\Notepad++\\notepad++.exe";
- int len = strlen((char*)dllPath) + 1;
- // Get full path of DLL to inject ** DO IT IN strlen() FUNCTION **
- //TCHAR buffer[BUFSIZE] = TEXT("");
- //TCHAR** lppPart = { NULL };
- //DWORD pathLen = GetFullPathNameA((LPCSTR)dllPath,BUFSIZE, (LPSTR)buffer, (LPSTR*)lppPart);
- // Get LoadLibrary function address –
- // the address doesn't change at remote process
- LPCWSTR moduleName = L"myDll.dll";
- FARPROC addrLoadLibrary = GetProcAddress(GetModuleHandleA("User32.dll"), "LoadLibrary");
- // Open remote process
- HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE, 15352);
- // Get a pointer to memory location in remote process,
- // big enough to store DLL path
- int tmp = strlen((char*)dllPath) + 1;
- PVOID memAddr = (PVOID)VirtualAllocEx(hProcess, 0,len, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);
- if (NULL == memAddr) {
- DWORD err = GetLastError();
- return 0;
- }
- // Write DLL name to remote process memory
- BOOL check = WriteProcessMemory(hProcess,memAddr, (LPCVOID)memAddr,len,NULL);
- if (0 == check) {
- DWORD err = GetLastError();
- return 0;
- }
- // Open remote thread, while executing LoadLibrary
- // with parameter DLL name, will trigger DLLMain
- HANDLE hRemote = CreateRemoteThread(hProcess, 0, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandleA("Kernel32.dll"),"LoadLibraryA"), memAddr,0,0);
- if (NULL == hRemote) {
- DWORD err = GetLastError();
- return 0;
- }
- WaitForSingleObject(hRemote, INFINITE);
- check = CloseHandle(hRemote);
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
