-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit f5d2ff6
Showing
12 changed files
with
553 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
|
||
Microsoft Visual Studio Solution File, Format Version 12.00 | ||
# Visual Studio Version 16 | ||
VisualStudioVersion = 16.0.30204.135 | ||
MinimumVisualStudioVersion = 10.0.40219.1 | ||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Simple_Injector", "Simple_Injector\Simple_Injector.vcxproj", "{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}" | ||
EndProject | ||
Global | ||
GlobalSection(SolutionConfigurationPlatforms) = preSolution | ||
Debug|x64 = Debug|x64 | ||
Debug|x86 = Debug|x86 | ||
Release|x64 = Release|x64 | ||
Release|x86 = Release|x86 | ||
EndGlobalSection | ||
GlobalSection(ProjectConfigurationPlatforms) = postSolution | ||
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Debug|x64.ActiveCfg = Debug|x64 | ||
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Debug|x64.Build.0 = Debug|x64 | ||
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Debug|x86.ActiveCfg = Debug|Win32 | ||
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Debug|x86.Build.0 = Debug|Win32 | ||
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Release|x64.ActiveCfg = Release|x64 | ||
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Release|x64.Build.0 = Release|x64 | ||
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Release|x86.ActiveCfg = Release|Win32 | ||
{7B3CA4D2-0176-45E7-BCA5-54B3EB00D898}.Release|x86.Build.0 = Release|Win32 | ||
EndGlobalSection | ||
GlobalSection(SolutionProperties) = preSolution | ||
HideSolutionNode = FALSE | ||
EndGlobalSection | ||
GlobalSection(ExtensibilityGlobals) = postSolution | ||
SolutionGuid = {C4B08483-FC00-4862-A29D-55EC14E2398A} | ||
EndGlobalSection | ||
EndGlobal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,126 @@ | ||
#pragma once | ||
#include <iostream> | ||
#include <Windows.h> | ||
#include <TlHelp32.h> | ||
#include <string> | ||
#include <tchar.h> | ||
#include <stdio.h> | ||
#include <psapi.h> | ||
using namespace std; | ||
|
||
string FullPath(string file) | ||
{ | ||
char FileFullPath[MAX_PATH]; | ||
if (GetFullPathName(file.c_str(), MAX_PATH, FileFullPath, nullptr) == FALSE) | ||
{ | ||
cout << "[-]Cannot Get Full path of dll to check if is loaded. Error code: " << GetLastError(); | ||
} | ||
return FileFullPath; | ||
|
||
} | ||
|
||
BOOL FileExits(string File) | ||
{ | ||
struct stat buffer; | ||
return (stat(File.c_str(), &buffer) == 0); | ||
} | ||
|
||
inline bool ends_with(std::string const& value, std::string const& ending) | ||
{ | ||
if (ending.size() > value.size()) return false; | ||
return std::equal(ending.rbegin(), ending.rend(), value.rbegin()); | ||
} | ||
|
||
DWORD FindPidByName(string ProcessName) | ||
{ | ||
PROCESSENTRY32 entry; | ||
entry.dwSize = sizeof(PROCESSENTRY32); | ||
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); | ||
if (snapshot != NULL) | ||
{ | ||
if (Process32First(snapshot, &entry) == 1) | ||
{ | ||
if (!ProcessName.compare(entry.szExeFile)) | ||
{ | ||
CloseHandle(snapshot); | ||
return entry.th32ProcessID; | ||
} | ||
while (Process32Next(snapshot, &entry) == 1) | ||
{ | ||
if (!ProcessName.compare(entry.szExeFile)) | ||
{ | ||
CloseHandle(snapshot); | ||
return entry.th32ProcessID; | ||
} | ||
} | ||
} | ||
} | ||
} | ||
|
||
|
||
string FindNameByPid(DWORD pid) | ||
{ | ||
PROCESSENTRY32 entry; | ||
entry.dwSize = sizeof(PROCESSENTRY32); | ||
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); | ||
if (snapshot != NULL) | ||
{ | ||
entry.dwSize = DWORD(sizeof(PROCESSENTRY32)); | ||
if (Process32First(snapshot, &entry)) | ||
{ | ||
while (Process32Next(snapshot, &entry)) | ||
{ | ||
if (entry.th32ProcessID == pid) | ||
{ | ||
return entry.szExeFile; | ||
} | ||
} | ||
|
||
} | ||
} | ||
} | ||
|
||
DWORD GetPID(string ProcessPIDorName) | ||
{ | ||
if (ends_with(ProcessPIDorName, ".exe")) | ||
{ | ||
return FindPidByName(ProcessPIDorName); | ||
} | ||
else | ||
{ | ||
DWORD pid = atol(ProcessPIDorName.c_str()); | ||
return pid; | ||
} | ||
} | ||
|
||
BOOL IsProcessRunnig(DWORD PID) | ||
{ | ||
BOOL exists = FALSE; | ||
PROCESSENTRY32 entry; | ||
entry.dwSize = sizeof(PROCESSENTRY32); | ||
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); | ||
if (snapshot == NULL) | ||
{ | ||
cout << "[-]Unable to check if the process is Running. Error code: " << GetLastError() << endl; | ||
return FALSE; | ||
} | ||
if (Process32First(snapshot, &entry)) | ||
{ | ||
while (Process32Next(snapshot, &entry)) | ||
{ | ||
if (PID == entry.th32ProcessID) | ||
{ | ||
exists = TRUE; | ||
} | ||
} | ||
CloseHandle(snapshot); | ||
if (exists == FALSE) | ||
{ | ||
return FALSE; | ||
} | ||
return exists; | ||
} | ||
} | ||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
#include <iostream> | ||
#include <Windows.h> | ||
#include <TlHelp32.h> | ||
#include <wchar.h> | ||
#include <string> | ||
#include "Helper.hpp" | ||
using namespace std; | ||
|
||
BOOL InjectToProcess(string ProcessName, string DllName) | ||
{ | ||
HANDLE hProcess; | ||
PVOID RemoteBuffer; | ||
PTHREAD_START_ROUTINE threatStartRoutineAddress; | ||
DWORD pid = NULL; | ||
if (ends_with(ProcessName, ".exe")) | ||
{ | ||
cout << "[*]Injecting: " << DllName << " To: " << ProcessName << endl; | ||
pid = FindPidByName(ProcessName); | ||
} | ||
//find name by pid | ||
//cout << "[*]Injecting: " << DllName << " To: " << ProcessName << endl; | ||
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, strtol(ProcessName.c_str(), 0, 0)); | ||
|
||
if (hProcess == NULL) | ||
{ | ||
cout << "Cannot open: " << FindPidByName(ProcessName) << ". Failed with Error Code: " << GetLastError() << endl; | ||
CloseHandle(hProcess); | ||
return 0; | ||
} | ||
RemoteBuffer = VirtualAllocEx(hProcess, NULL, sizeof(DllName), MEM_COMMIT, PAGE_READWRITE); | ||
if (RemoteBuffer == NULL) | ||
{ | ||
cout << "[-]Failed To Alloc Virtual Memory. Failed with Error Code: " << GetLastError() << endl; | ||
CloseHandle(hProcess); | ||
return 0; | ||
} | ||
if (WriteProcessMemory(hProcess, RemoteBuffer, &DllName, sizeof(DllName), NULL) == FALSE) | ||
{ | ||
cout << "[-]Failed To Write Process Memory. Failed with Error Code: " << GetLastError() << endl; | ||
CloseHandle(hProcess); | ||
return 0; | ||
} | ||
threatStartRoutineAddress = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); | ||
if (CreateRemoteThread(hProcess, NULL, 0, threatStartRoutineAddress, RemoteBuffer, 0, NULL) == NULL) | ||
{ | ||
cout << "[-]Failed To Create Remote Thread. Failed with Error Code: " << GetLastError() << endl; | ||
CloseHandle(hProcess); | ||
return 0; | ||
} | ||
CloseHandle(hProcess); | ||
return 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
#pragma once | ||
#include "Helper.h" | ||
|
||
BOOL EnableDebugPriv() | ||
{ | ||
BOOL bRet = FALSE; | ||
HANDLE hToken = NULL; | ||
LUID luid = { 0 }; | ||
|
||
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) | ||
{ | ||
if (LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) | ||
{ | ||
TOKEN_PRIVILEGES tokenPriv = { 0 }; | ||
tokenPriv.PrivilegeCount = 1; | ||
tokenPriv.Privileges[0].Luid = luid; | ||
tokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; | ||
|
||
bRet = AdjustTokenPrivileges(hToken, FALSE, &tokenPriv, sizeof(TOKEN_PRIVILEGES), NULL, NULL); | ||
} | ||
} | ||
return bRet; | ||
} | ||
|
||
|
||
|
||
BOOL CheckIfDllIsLoad(DWORD pid, string DllName) | ||
{ | ||
HMODULE hMods[1024]; | ||
DWORD cbNeeded; | ||
unsigned int i; | ||
BOOL There = FALSE; | ||
|
||
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); | ||
if (hProcess == NULL) | ||
{ | ||
cout << "Cannot open Process ID: " << pid << ". Failed with Error Code: " << GetLastError() << endl; | ||
CloseHandle(hProcess); | ||
exit(-1); | ||
|
||
} | ||
|
||
if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)) | ||
{ | ||
for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++) | ||
{ | ||
TCHAR szModName[MAX_PATH]; | ||
|
||
if (GetModuleFileNameEx(hProcess, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR))) | ||
{ | ||
if (DllName == szModName) | ||
{ | ||
There = TRUE; | ||
} | ||
} | ||
} | ||
} | ||
CloseHandle(hProcess); | ||
return There; | ||
} | ||
|
||
BOOL InjectToProcess(DWORD pid, string DllName) | ||
{ | ||
HANDLE hProcess; | ||
PVOID RemoteBuffer; | ||
PTHREAD_START_ROUTINE threatStartRoutineAddress; | ||
|
||
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); | ||
if (hProcess == NULL) | ||
{ | ||
cout << "Cannot open Process ID: " << pid << ". Failed with Error Code: " << GetLastError() << endl; | ||
CloseHandle(hProcess); | ||
exit(-1); | ||
} | ||
RemoteBuffer = VirtualAllocEx(hProcess, NULL, sizeof(DllName), MEM_COMMIT, PAGE_READWRITE); | ||
if (RemoteBuffer == NULL) | ||
{ | ||
cout << "[-]Failed To Alloc Virtual Memory. Failed with Error Code: " << GetLastError() << endl; | ||
CloseHandle(hProcess); | ||
exit(-1); | ||
} | ||
if (WriteProcessMemory(hProcess, RemoteBuffer, &DllName, sizeof(DllName), NULL) == FALSE) | ||
{ | ||
cout << "[-]Failed To Write Process Memory. Failed with Error Code: " << GetLastError() << endl; | ||
CloseHandle(hProcess); | ||
exit(-1); | ||
} | ||
threatStartRoutineAddress = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); | ||
if (CreateRemoteThread(hProcess, NULL, 0, threatStartRoutineAddress, RemoteBuffer, 0, NULL) == NULL) | ||
{ | ||
cout << "[-]Failed To Create Remote Thread. Failed with Error Code: " << GetLastError() << endl; | ||
CloseHandle(hProcess); | ||
exit(-1); | ||
} | ||
CloseHandle(hProcess); | ||
Sleep(1000); | ||
if (CheckIfDllIsLoad(pid, FullPath(DllName))) | ||
{ | ||
cout << "[+]" << DllName << " Injected Successfully!" << endl; | ||
} | ||
else | ||
{ | ||
cout << "[-]" << DllName << " Failed To load. Error Code: " << GetLastError() << endl; | ||
} | ||
return 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
#include "Helper.h" | ||
#include "Injector.h" | ||
|
||
int main(int argc, char* argv[]) | ||
{ | ||
|
||
BOOL elevated = EnableDebugPriv(); | ||
if (!elevated) | ||
{ | ||
cout << "[!] Run as Administrator" << endl; | ||
exit(-1); | ||
} | ||
|
||
if (argc < 3 || argc > 4) | ||
{ | ||
cout << "Usage: " << argv[0] << " Process Name Or Process ID | Dll To Load" << endl; | ||
exit(-1); | ||
} | ||
if (FileExits(FullPath(argv[2]))) | ||
{ | ||
|
||
if (IsProcessRunnig(GetPID(argv[1]))) | ||
{ | ||
cout << "[*]Process is Running" << endl; | ||
cout << "[*]Full Path of Dll: " << FullPath(argv[2]) << endl; | ||
} | ||
else | ||
{ | ||
cout << "[-]Process Is Not Running" << endl; | ||
exit(-1); | ||
} | ||
if (CheckIfDllIsLoad(GetPID(argv[1]), FullPath(argv[2]))) | ||
{ | ||
cout << "[+]Dll is Already Loaded" << " To: " << FindNameByPid(GetPID(argv[1])) << "(" << GetPID(argv[1]) << ")" << endl; | ||
exit(-1); | ||
} | ||
else | ||
{ | ||
cout << "[*]Injecting: " << argv[2] << " To: " << FindNameByPid(GetPID(argv[1])) << "(" << GetPID(argv[1]) << ")" << "..." << endl; | ||
InjectToProcess(GetPID(argv[1]), FullPath(argv[2])); | ||
} | ||
} | ||
else | ||
{ | ||
cout << "[-]Dll was not found"; | ||
exit(-1); | ||
|
||
} | ||
return 0; | ||
} | ||
|
||
|
Oops, something went wrong.