[Release][Source Code] DLL Injection
[Release][Source Code] DLL Injection
DLL Injection
To turn it in a unversial injector wich can inject any DLL into any process:
DOWNLOAD COMPILED UNIVERSAL INJECTOR: Download
VIRUSTOTAL:Virustotal. MD5: cd43aef8fbdf49f7a3bfe0f5879f5db7
Sorry if there any error's in the code above i did it straight away without reading anything just straigt out of my mind..
This is not a injector wich can inject everybody's DLL in every proccess. You can release it with your DLL to make it easier for people.
You can edit the name of the DLL to your DLL and edit the process of the process where i should be injected to.
Just something easy you can use for your hack.
This is free of use and you may modify it, but just leave my name on it.
You can edit the name of the DLL to your DLL and edit the process of the process where i should be injected to.
Just something easy you can use for your hack.
This is free of use and you may modify it, but just leave my name on it.
Code:
// Filename: DLL Injector.cpp
// Author: HadFuny
// Date: 31-05-2010
// HadFuny Copyright 2010
#include <windows.h>
#include <tlhelp32.h>
#include <shlwapi.h>
#include <conio.h>
#include <stdio.h>
#include <iostream>
#define WIN32_LEAN_AND_MEAN
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
BOOL Inject(DWORD pID, const char * DLL_NAME);
DWORD GetTargetThreadIDFromProcName(const char * ProcName);
using namespace std;
int main(int argc, char * argv[])
{
// The name of the process you want to inject
DWORD pID = GetTargetThreadIDFromProcName("notepad.exe");
// Get the dll's full path name
char buf[MAX_PATH] = {0};
GetFullPathName("Project1.dll", MAX_PATH, buf, NULL); // On the place where is Project1.dll you can put the name of your dll
printf(buf);
printf("\n");
// Inject our main dll
if(!Inject(pID, buf))
{
printf("Not loaded!"); // If injection is not sucsessfull
}
else
{
printf("Loaded!"); // If injection is sucsessfull
}
_getch();
return 0;
}
BOOL Inject(DWORD pID, const char * DLL_NAME)
{
HANDLE Proc;
HMODULE hLib;
char buf[50] = {0};
LPVOID RemoteString, LoadLibAddy;
if(!pID)
return false;
Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
if(!Proc)
{
sprintf(buf, "OpenProcess() failed: %d", GetLastError());
//MessageBox(NULL, buf, "Loader", MB_OK);
printf(buf);
return false;
}
LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
// Allocate space in the process for our DLL
RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
// Write the string name of our DLL in the memory allocated
WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL);
// Load our <strong class="highlight">DLL</strong>
CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL);
CloseHandle(Proc);
return true;
}
DWORD GetTargetThreadIDFromProcName(const char * ProcName)
{
PROCESSENTRY32 pe;
HANDLE thSnapShot;
BOOL retval, ProcFound = false;
thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(thSnapShot == INVALID_HANDLE_VALUE)
{
//MessageBox(NULL, "Error: Unable to create toolhelp snapshot!", "2MLoader", MB_OK);
printf("Error: Unable to create toolhelp snapshot!");
return false;
}
pe.dwSize = sizeof(PROCESSENTRY32);
retval = Process32First(thSnapShot, &pe);
while(retval)
{
if(StrStrI(pe.szExeFile, ProcName))
{
return pe.th32ProcessID;
}
retval = Process32Next(thSnapShot, &pe);
}
return 0;
}
DOWNLOAD COMPILED UNIVERSAL INJECTOR: Download
VIRUSTOTAL:Virustotal. MD5: cd43aef8fbdf49f7a3bfe0f5879f5db7
Code:
// Filename: DLL Injector.cpp
// Author: HadFuny
// Date: 31-05-2010
// HadFuny Copyright 2010
#include <windows.h>
#include <tlhelp32.h>
#include <shlwapi.h>
#include <conio.h>
#include <stdio.h>
#include <iostream>
#define WIN32_LEAN_AND_MEAN
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
BOOL Inject(DWORD pID, const char * DLL_NAME);
DWORD GetTargetThreadIDFromProcName(const char * ProcName);
using namespace std;
char* proc = "text";
char* dll = "text";
int main(int argc, char * argv[])
{
// The name of the process you want to inject
printf("Name of process:");
cin >> proc;
printf("/nName of DLL:");
cin >> dll;
DWORD pID = GetTargetThreadIDFromProcName(proc);
// Get the dll's full path name
char buf[MAX_PATH] = {0};
GetFullPathName(dll, MAX_PATH, buf, NULL); // On the place where is Project1.dll you can put the name of your dll
printf(buf);
printf("\n");
// Inject our main dll
if(!Inject(pID, buf))
{
printf("Not loaded!"); // If injection is not sucsessfull
}
else
{
printf("Loaded!"); // If injection is sucsessfull
}
_getch();
return 0;
}
BOOL Inject(DWORD pID, const char * DLL_NAME)
{
HANDLE Proc;
HMODULE hLib;
char buf[50] = {0};
LPVOID RemoteString, LoadLibAddy;
if(!pID)
return false;
Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
if(!Proc)
{
sprintf(buf, "OpenProcess() failed: %d", GetLastError());
//MessageBox(NULL, buf, "Loader", MB_OK);
printf(buf);
return false;
}
LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
// Allocate space in the process for our DLL
RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
// Write the string name of our DLL in the memory allocated
WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL);
// Load our <strong class="highlight">DLL</strong>
CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL);
CloseHandle(Proc);
return true;
}
DWORD GetTargetThreadIDFromProcName(const char * ProcName)
{
PROCESSENTRY32 pe;
HANDLE thSnapShot;
BOOL retval, ProcFound = false;
thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(thSnapShot == INVALID_HANDLE_VALUE)
{
//MessageBox(NULL, "Error: Unable to create toolhelp snapshot!", "2MLoader", MB_OK);
printf("Error: Unable to create toolhelp snapshot!");
return false;
}
pe.dwSize = sizeof(PROCESSENTRY32);
retval = Process32First(thSnapShot, &pe);
while(retval)
{
if(StrStrI(pe.szExeFile, ProcName))
{
return pe.th32ProcessID;
}
retval = Process32Next(thSnapShot, &pe);
}
return 0;
}
way 2 jack someone's code without any credit. which I notice by this huge giveaway
which occurs multiple times through out ur code.
EDIT: hmmm... might be wrong abt this accusation. if I am let me know.
Code:
<strong class="highlight">DLL</strong>
EDIT: hmmm... might be wrong abt this accusation. if I am let me know.
Sorry i was trying some highlights in the text, but is doesn't work.
Fixed the errror, it should compile fine now..
But how do you mean:
"way 2 jack someone's code without any credit. which I notice by this huge giveaway "
Do you say that i jacked it or people can easly jack it from me?
Fixed the errror, it should compile fine now..
But how do you mean:
"way 2 jack someone's code without any credit. which I notice by this huge giveaway "
Do you say that i jacked it or people can easly jack it from me?
The first one.
Could you explain this comment:
Could you explain this comment:
Code:
// Get the <strong class="highlight">dll</strong>'s full path name
Originally Posted by zhaoyun333
The first one.
Could you explain this comment:
Could you explain this comment:
Code:
// Get the <strong class="highlight">dll</strong>'s full path name
This was leeched I believe.
Originally Posted by Tukjedude
Sorry i was trying some highlights in the text, but is doesn't work.
Fixed the errror, it should compile fine now..
But how do you mean:
"way 2 jack someone's code without any credit. which I notice by this huge giveaway "
Do you say that i jacked it or people can easily jack it from me?
Fixed the errror, it should compile fine now..
But how do you mean:
"way 2 jack someone's code without any credit. which I notice by this huge giveaway "
Do you say that i jacked it or people can easily jack it from me?
Yes i did copy some parts of code from a friend of mine.. but it isn't leeched.
And i copied the the comments too..but i fixed it. if you don't belive just search around the internet..
btw i fixed the comments
And i copied the the comments too..but i fixed it. if you don't belive just search around the internet..
btw i fixed the comments
leeched ?
Don't you know what leeching is (leech, leeched, leeching) ?
Steal sombody's code, release it.. that's leeching
Steal sombody's code, release it.. that's leeching
When I compile and run the universal one I get an error with debugger when entering in process name lol
Tryed the compiled one ? With wich compiler did you try to compile it ?
It compiled fine with the latest version of dev c++.....
I already said the universial on wasnt tested i wrote it directly from my mind.
It compiled fine with the latest version of dev c++.....
I already said the universial on wasnt tested i wrote it directly from my mind.
I'm not trying to be an asshole, but if you're going to steal code, atleast attempt to cover your tracks.
This is the exact same code that is posted on another website (the only change is the addition of "using namespace std;". The other main difference being that the code was posted on the other website over a year ago. Due to the fact I can't post outside links, I can't say anything further than Google
and click the first result. The fourth result is also very similar if not exactly the same.
You are full of fail, stop trying to be a kewl kid leecher.
This is the exact same code that is posted on another website (the only change is the addition of "using namespace std;". The other main difference being that the code was posted on the other website over a year ago. Due to the fact I can't post outside links, I can't say anything further than Google
Code:
DWORD pID = GetTargetThreadIDFromProcName("notepad.exe");
You are full of fail, stop trying to be a kewl kid leecher.
did a little digging and...
look familiar?
can't post site, but do a quick search if you're interested:
Code:
#include <windows.h>
#include <tlhelp32.h>
#include <shlwapi.h>
#include <conio.h>
#include <stdio.h>
#define WIN32_LEAN_AND_MEAN
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
BOOL Inject(DWORD pID, const char * DLL_NAME);
DWORD GetTargetThreadIDFromProcName(const char * ProcName);
int main(int argc, char * argv[])
{
// Retrieve process ID
DWORD pID = GetTargetThreadIDFromProcName("notepad.exe");
// Get the dll's full path name
char buf[MAX_PATH] = {0};
GetFullPathName("Project1.dll", MAX_PATH, buf, NULL);
printf(buf);
printf("\n");
// Inject our main dll
if(!Inject(pID, buf))
{
printf("DLL Not Loaded!");
}else{
printf("DLL Loaded!");
}
_getch();
return 0;
}
BOOL Inject(DWORD pID, const char * DLL_NAME)
{
HANDLE Proc;
HMODULE hLib;
char buf[50] = {0};
LPVOID RemoteString, LoadLibAddy;
if(!pID)
return false;
Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
if(!Proc)
{
sprintf(buf, "OpenProcess() failed: %d", GetLastError());
//MessageBox(NULL, buf, "Loader", MB_OK);
printf(buf);
return false;
}
LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
// Allocate space in the process for our DLL
RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
// Write the string name of our DLL in the memory allocated
WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL);
// Load our DLL
CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL);
CloseHandle(Proc);
return true;
}
DWORD GetTargetThreadIDFromProcName(const char * ProcName)
{
PROCESSENTRY32 pe;
HANDLE thSnapShot;
BOOL retval, ProcFound = false;
thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(thSnapShot == INVALID_HANDLE_VALUE)
{
//MessageBox(NULL, "Error: Unable to create toolhelp snapshot!", "2MLoader", MB_OK);
printf("Error: Unable to create toolhelp snapshot!");
return false;
}
pe.dwSize = sizeof(PROCESSENTRY32);
retval = Process32First(thSnapShot, &pe);
while(retval)
{
if(StrStrI(pe.szExeFile, ProcName))
{
return pe.th32ProcessID;
}
retval = Process32Next(thSnapShot, &pe);
}
return 0;
}
can't post site, but do a quick search if you're interested:
Code:
"GetFullPathName("Project1.dll", MAX_PATH, buf, NULL);"
Similar Threads
- 1Last post
- 5Last post
- 7Last post
- 20Last post