Skip to content

Commit

Permalink
Add files via upload
Browse files Browse the repository at this point in the history
  • Loading branch information
@whydee86
whydee86 committed Nov 20, 2020
0 parents commit f5d2ff6
Show file tree
Hide file tree
Showing 12 changed files with 553 additions and 0 deletions.
31 changes: 31 additions & 0 deletions Simple_Injector.sln
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.30204.135
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Simple_Injector", "Simple_Injector\Simple_Injector.vcxproj", "{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Debug|x64.ActiveCfg = Debug|x64
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Debug|x64.Build.0 = Debug|x64
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Debug|x86.ActiveCfg = Debug|Win32
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Debug|x86.Build.0 = Debug|Win32
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Release|x64.ActiveCfg = Release|x64
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Release|x64.Build.0 = Release|x64
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Release|x86.ActiveCfg = Release|Win32
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {C4B08483-FC00-4862-A29D-55EC14E2398A}
EndGlobalSection
EndGlobal
126 changes: 126 additions & 0 deletions Simple_Injector/Helper.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
#pragma once
#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>
#include <string>
#include <tchar.h>
#include <stdio.h>
#include <psapi.h>
using namespace std;

string FullPath(string file)
{
char FileFullPath[MAX_PATH];
if (GetFullPathName(file.c_str(), MAX_PATH, FileFullPath, nullptr) == FALSE)
{
cout << "[-]Cannot Get Full path of dll to check if is loaded. Error code: " << GetLastError();
}
return FileFullPath;

}

BOOL FileExits(string File)
{
struct stat buffer;
return (stat(File.c_str(), &buffer) == 0);
}

inline bool ends_with(std::string const& value, std::string const& ending)
{
if (ending.size() > value.size()) return false;
return std::equal(ending.rbegin(), ending.rend(), value.rbegin());
}

DWORD FindPidByName(string ProcessName)
{
PROCESSENTRY32 entry;
entry.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (snapshot != NULL)
{
if (Process32First(snapshot, &entry) == 1)
{
if (!ProcessName.compare(entry.szExeFile))
{
CloseHandle(snapshot);
return entry.th32ProcessID;
}
while (Process32Next(snapshot, &entry) == 1)
{
if (!ProcessName.compare(entry.szExeFile))
{
CloseHandle(snapshot);
return entry.th32ProcessID;
}
}
}
}
}


string FindNameByPid(DWORD pid)
{
PROCESSENTRY32 entry;
entry.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (snapshot != NULL)
{
entry.dwSize = DWORD(sizeof(PROCESSENTRY32));
if (Process32First(snapshot, &entry))
{
while (Process32Next(snapshot, &entry))
{
if (entry.th32ProcessID == pid)
{
return entry.szExeFile;
}
}

}
}
}

DWORD GetPID(string ProcessPIDorName)
{
if (ends_with(ProcessPIDorName, ".exe"))
{
return FindPidByName(ProcessPIDorName);
}
else
{
DWORD pid = atol(ProcessPIDorName.c_str());
return pid;
}
}

BOOL IsProcessRunnig(DWORD PID)
{
BOOL exists = FALSE;
PROCESSENTRY32 entry;
entry.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (snapshot == NULL)
{
cout << "[-]Unable to check if the process is Running. Error code: " << GetLastError() << endl;
return FALSE;
}
if (Process32First(snapshot, &entry))
{
while (Process32Next(snapshot, &entry))
{
if (PID == entry.th32ProcessID)
{
exists = TRUE;
}
}
CloseHandle(snapshot);
if (exists == FALSE)
{
return FALSE;
}
return exists;
}
}



52 changes: 52 additions & 0 deletions Simple_Injector/Injector.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>
#include <wchar.h>
#include <string>
#include "Helper.hpp"
using namespace std;

BOOL InjectToProcess(string ProcessName, string DllName)
{
HANDLE hProcess;
PVOID RemoteBuffer;
PTHREAD_START_ROUTINE threatStartRoutineAddress;
DWORD pid = NULL;
if (ends_with(ProcessName, ".exe"))
{
cout << "[*]Injecting: " << DllName << " To: " << ProcessName << endl;
pid = FindPidByName(ProcessName);
}
//find name by pid
//cout << "[*]Injecting: " << DllName << " To: " << ProcessName << endl;
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, strtol(ProcessName.c_str(), 0, 0));

if (hProcess == NULL)
{
cout << "Cannot open: " << FindPidByName(ProcessName) << ". Failed with Error Code: " << GetLastError() << endl;
CloseHandle(hProcess);
return 0;
}
RemoteBuffer = VirtualAllocEx(hProcess, NULL, sizeof(DllName), MEM_COMMIT, PAGE_READWRITE);
if (RemoteBuffer == NULL)
{
cout << "[-]Failed To Alloc Virtual Memory. Failed with Error Code: " << GetLastError() << endl;
CloseHandle(hProcess);
return 0;
}
if (WriteProcessMemory(hProcess, RemoteBuffer, &DllName, sizeof(DllName), NULL) == FALSE)
{
cout << "[-]Failed To Write Process Memory. Failed with Error Code: " << GetLastError() << endl;
CloseHandle(hProcess);
return 0;
}
threatStartRoutineAddress = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
if (CreateRemoteThread(hProcess, NULL, 0, threatStartRoutineAddress, RemoteBuffer, 0, NULL) == NULL)
{
cout << "[-]Failed To Create Remote Thread. Failed with Error Code: " << GetLastError() << endl;
CloseHandle(hProcess);
return 0;
}
CloseHandle(hProcess);
return 0;
}
106 changes: 106 additions & 0 deletions Simple_Injector/Injector.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
#pragma once
#include "Helper.h"

BOOL EnableDebugPriv()
{
BOOL bRet = FALSE;
HANDLE hToken = NULL;
LUID luid = { 0 };

if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
{
if (LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
{
TOKEN_PRIVILEGES tokenPriv = { 0 };
tokenPriv.PrivilegeCount = 1;
tokenPriv.Privileges[0].Luid = luid;
tokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

bRet = AdjustTokenPrivileges(hToken, FALSE, &tokenPriv, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
}
}
return bRet;
}



BOOL CheckIfDllIsLoad(DWORD pid, string DllName)
{
HMODULE hMods[1024];
DWORD cbNeeded;
unsigned int i;
BOOL There = FALSE;

HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
if (hProcess == NULL)
{
cout << "Cannot open Process ID: " << pid << ". Failed with Error Code: " << GetLastError() << endl;
CloseHandle(hProcess);
exit(-1);

}

if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
{
for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
{
TCHAR szModName[MAX_PATH];

if (GetModuleFileNameEx(hProcess, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR)))
{
if (DllName == szModName)
{
There = TRUE;
}
}
}
}
CloseHandle(hProcess);
return There;
}

BOOL InjectToProcess(DWORD pid, string DllName)
{
HANDLE hProcess;
PVOID RemoteBuffer;
PTHREAD_START_ROUTINE threatStartRoutineAddress;

hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (hProcess == NULL)
{
cout << "Cannot open Process ID: " << pid << ". Failed with Error Code: " << GetLastError() << endl;
CloseHandle(hProcess);
exit(-1);
}
RemoteBuffer = VirtualAllocEx(hProcess, NULL, sizeof(DllName), MEM_COMMIT, PAGE_READWRITE);
if (RemoteBuffer == NULL)
{
cout << "[-]Failed To Alloc Virtual Memory. Failed with Error Code: " << GetLastError() << endl;
CloseHandle(hProcess);
exit(-1);
}
if (WriteProcessMemory(hProcess, RemoteBuffer, &DllName, sizeof(DllName), NULL) == FALSE)
{
cout << "[-]Failed To Write Process Memory. Failed with Error Code: " << GetLastError() << endl;
CloseHandle(hProcess);
exit(-1);
}
threatStartRoutineAddress = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
if (CreateRemoteThread(hProcess, NULL, 0, threatStartRoutineAddress, RemoteBuffer, 0, NULL) == NULL)
{
cout << "[-]Failed To Create Remote Thread. Failed with Error Code: " << GetLastError() << endl;
CloseHandle(hProcess);
exit(-1);
}
CloseHandle(hProcess);
Sleep(1000);
if (CheckIfDllIsLoad(pid, FullPath(DllName)))
{
cout << "[+]" << DllName << " Injected Successfully!" << endl;
}
else
{
cout << "[-]" << DllName << " Failed To load. Error Code: " << GetLastError() << endl;
}
return 0;
}
52 changes: 52 additions & 0 deletions Simple_Injector/Simple_Injector.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
#include "Helper.h"
#include "Injector.h"

int main(int argc, char* argv[])
{

BOOL elevated = EnableDebugPriv();
if (!elevated)
{
cout << "[!] Run as Administrator" << endl;
exit(-1);
}

if (argc < 3 || argc > 4)
{
cout << "Usage: " << argv[0] << " Process Name Or Process ID | Dll To Load" << endl;
exit(-1);
}
if (FileExits(FullPath(argv[2])))
{

if (IsProcessRunnig(GetPID(argv[1])))
{
cout << "[*]Process is Running" << endl;
cout << "[*]Full Path of Dll: " << FullPath(argv[2]) << endl;
}
else
{
cout << "[-]Process Is Not Running" << endl;
exit(-1);
}
if (CheckIfDllIsLoad(GetPID(argv[1]), FullPath(argv[2])))
{
cout << "[+]Dll is Already Loaded" << " To: " << FindNameByPid(GetPID(argv[1])) << "(" << GetPID(argv[1]) << ")" << endl;
exit(-1);
}
else
{
cout << "[*]Injecting: " << argv[2] << " To: " << FindNameByPid(GetPID(argv[1])) << "(" << GetPID(argv[1]) << ")" << "..." << endl;
InjectToProcess(GetPID(argv[1]), FullPath(argv[2]));
}
}
else
{
cout << "[-]Dll was not found";
exit(-1);

}
return 0;
}


Loading

0 comments on commit f5d2ff6

Please sign in to comment.