#define _CRT_SECURE_NO_WARNINGS#include "stdio.h"#include "windows.h"typ

1. #define _CRT_SECURE_NO_WARNINGS
2.  
3. #include "stdio.h"
4. #include "windows.h"
5. typedef HINSTANCE (*fpLoadLibrary)(char*);
6.  
7. int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,LPSTR lpCmdLine, int nCmdShow)
8. {
9. char dir[1024] = {0};
10. char param[1024] = {0};
11.  
12. STARTUPINFO siStartupInfo;
13. PROCESS_INFORMATION piProcessInfo;
14. memset(&siStartupInfo, 0, sizeof(siStartupInfo));
15. memset(&piProcessInfo, 0, sizeof(piProcessInfo));
16.  
17. siStartupInfo.cb = sizeof(siStartupInfo);
18.  
19. GetCurrentDirectory(512, dir);
20. GetCurrentDirectory(512, param);
21.  
22. strcat(dir, "\\sro_client.exe");
23. strcat(param, "\\sro_client.exe 0 /4 0 0");
24. CreateProcessA(dir, param, 0, 0, false, CREATE_DEFAULT_ERROR_MODE, 0, 0, &siStartupInfo, &piProcessInfo);
25.  
26. SuspendThread(piProcessInfo.hProcess);
27. SuspendThread(piProcessInfo.hThread);
28.  
29. HANDLE hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD, false, piProcessInfo.dwProcessId);
30.  
31. BYTE JMP = 0xEB;
32. WriteProcessMemory(hProcess,ULongToPtr(0x633D6C), &JMP, sizeof(JMP), NULL);
33.  
34. if(hProcess != NULL)
35. {
36. LPVOID paramAddr = 0;
37. HINSTANCE hDll = LoadLibrary("kernel32");
38.  
39. fpLoadLibrary LoadLibraryAddr = (fpLoadLibrary)GetProcAddress(hDll, "LoadLibraryA");
40. char* dll_path = "BetaDev.dll";
41.  
42. paramAddr = VirtualAllocEx(hProcess, 0, strlen(dll_path)+1, MEM_COMMIT, PAGE_READWRITE);
43. WriteProcessMemory(hProcess, paramAddr, dll_path, strlen(dll_path)+1, NULL);
44. CreateRemoteThread(hProcess, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibraryAddr, paramAddr, 0, 0);
45. CloseHandle(hProcess);
46. }
47.  
48. ResumeThread(piProcessInfo.hThread);
49. ResumeThread(piProcessInfo.hProcess);
50.  
51. return 0;
52. }