LORD INJECTOR V1.1

[Onelordofpain]

Hello friends ..
As few as updating my injector
Well this as most of my release has been rewritten!

I hope this helps, that you enjoy and good game

______________________________________________

 

 

 

______________________________________________

 

XBOX


WHITE/BLUE


WIN XP


GREY/BLUE


VISTA


METRO

______________________________________________


News LORD INJECTOR to LORD INJECTOR V1.1

Added option to choose theme

Nothing else
Once my injector is not detected I will not rewrite it again

Topic to LORD INJECTOR: LORD INJECTOR

______________________________________________



Type the file regarding their game in "Process"
Select the hack (.dll) in "Browser"
(if your game is open search process in his "List of Process." If you do not will need to follow the next part of the tutorial)
Open your game, minimizes it (the game) and click "INJECT NOW" at the injector
Ready
Good Game


Note: I found a bug with the doubts of Users In my injector
if you happen to follow the step-down!

"Injector closes when I select dll"

Good for that I already found the solution, follow these instructions:
Open the nozzle and do whatever you have to do, how to choose
dll and the process. Having done this, open your game, wait for him to carry,
after loaded va until the push and click "INJECT NOW"
______________________________________________



JottiScan 1/21
VirusTotal 2/56

______________________________________________

 

Code:

Coding of Injection :

function CheckProcess(Process: String): boolean;
const PROCESS_TERMINATE=$0001;
var ContinueLoop: BOOL;
    FSnapshotHandle: THandle;
    FProcessEntry32: TProcessEntry32;
begin
 result:=false;
 FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
 FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
 ContinueLoop := Process32First(FSnapshotHandle,FProcessEntry32);
while integer(ContinueLoop) <> 0 do
begin
if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) = UpperCase(Process))
or (UpperCase(FProcessEntry32.szExeFile) = UpperCase(Process))) then
begin
ProcessID:=FProcessEntry32.th32ProcessID;
Result := true;
exit;
end;
ContinueLoop := Process32Next(FSnapshotHandle,FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end;

function InjectDll(PID:DWORD; sDll:string):Boolean;
var
hLib:     Pointer;
hThread:  THandle;
pMod:     Pointer;
hOpen:    THandle;
dWritten: Cardinal;
ThreadID: Cardinal;
LibName:  WideString;
begin
  LibName:=WideString(sDll);
  Result := FALSE;
  hOpen := OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
  if hOpen <> INVALID_HANDLE_VALUE then
  begin
    hLib := GetProcAddress(GetModuleHandle(PChar('kernel32.dll')), PChar('LoadLibraryW'));
    pMod := VirtualAllocEx(hOpen, nil, (Length(LibName)*2) + 2, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
    if WriteProcessMemory(hOpen, pMod,        @LIBName[1], (Length(LibName)*2), dWritten) then
      Result := TRUE;
    hThread := CreateRemoteThread(hOpen, nil, 0, hLib, pMod, 0, ThreadID);
    WaitForSingleObject(hThread, INFINITE);
    CloseHandle(hOpen);
    CloseHandle(hThread);
  end;
end;

______________________________________________



Special thanks to @ludgerogabriel for helping me and coding of injection!
@Onelordofpain (ME!)
@akosipol by designer
@rwby for helping in disseminating
GLHF.



Helped you ?! Thank not cost anything

[Minnesota Dabs]

//Approved.

[forlastpass]

Thanks for sharing.

[Onelordofpain]

//Approved.

Thank you

- - - Updated - - -

Thanks for sharing.

Okay man thanks

[akosipol]

Looking good!

Been busy pain

[Onelordofpain]

Looking good!

Been busy pain

Improvements brother ;(

[{"Hoosier"}]

Nice Injector ... Have you considered advanced injection methods ? Here is some source on mapping to a process .
(Credits) to zwclose7
This can be converted to VB.net and could i make one suggestion use a list box for your styles you could add an import feature to the Injector "custom style" so users could use their own . But i really like what you have done and how you continue to improve upon your project .

 

#include <stdio.h>
#include <Windows.h>

typedef HMODULE (WINAPI *pLoadLibraryA)(LPCSTR);
typedef FARPROC (WINAPI *pGetProcAddress)(HMODULE,LPCSTR);

typedef BOOL (WINAPI *PDLL_MAIN)(HMODULE,DWORD,PVOID);

typedef struct _MANUAL_INJECT
{
PVOID ImageBase;
PIMAGE_NT_HEADERS NtHeaders;
PIMAGE_BASE_RELOCATION BaseRelocation;
PIMAGE_IMPORT_DESCRIPTOR ImportDirectory;
pLoadLibraryA fnLoadLibraryA;
pGetProcAddress fnGetProcAddress;
}MANUAL_INJECT,*PMANUAL_INJECT;

DWORD WINAPI LoadDll(PVOID p)
{
PMANUAL_INJECT ManualInject;

HMODULE hModule;
DWORD i,Function,count,delta;

PDWORD ptr;
PWORD list;

PIMAGE_BASE_RELOCATION pIBR;
PIMAGE_IMPORT_DESCRIPTOR pIID;
PIMAGE_IMPORT_BY_NAME pIBN;
PIMAGE_THUNK_DATA FirstThunk,OrigFirstThunk;

PDLL_MAIN EntryPoint;

ManualInject=(PMANUAL_INJECT)p;

pIBR=ManualInject->BaseRelocation;
delta=(DWORD)((LPBYTE)ManualInject->ImageBase-ManualInject->NtHeaders->OptionalHeader.ImageBase); // Calculate the delta

// Relocate the image

while(pIBR->VirtualAddress)
{
if(pIBR->SizeOfBlock>=sizeof(IMAGE_BASE_RELOCATION))
{
count=(pIBR->SizeOfBlock-sizeof(IMAGE_BASE_RELOCATION))/sizeof(WORD);
list=(PWORD)(pIBR+1);

for(i=0;i<count;i++)
{
if(list[i])
{
ptr=(PDWORD)((LPBYTE)ManualInject->ImageBase+(pIBR->VirtualAddress+(list[i] & 0xFFF)));
*ptr+=delta;
}
}
}

pIBR=(PIMAGE_BASE_RELOCATION)((LPBYTE)pIBR+pIBR->SizeOfBlock);
}

pIID=ManualInject->ImportDirectory;

// Resolve DLL imports

while(pIID->Characteristics)
{
OrigFirstThunk=(PIMAGE_THUNK_DATA)((LPBYTE)ManualI nject->ImageBase+pIID->OriginalFirstThunk);
FirstThunk=(PIMAGE_THUNK_DATA)((LPBYTE)ManualInjec t->ImageBase+pIID->FirstThunk);

hModule=ManualInject->fnLoadLibraryA((LPCSTR)ManualInject->ImageBase+pIID->Name);

if(!hModule)
{
return FALSE;
}

while(OrigFirstThunk->u1.AddressOfData)
{
if(OrigFirstThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG)
{
// Import by ordinal

Function=(DWORD)ManualInject->fnGetProcAddress(hModule,(LPCSTR)(OrigFirstThun k->u1.Ordinal & 0xFFFF));

if(!Function)
{
return FALSE;
}

FirstThunk->u1.Function=Function;
}

else
{
// Import by name

pIBN=(PIMAGE_IMPORT_BY_NAME)((LPBYTE)ManualInject->ImageBase+OrigFirstThunk->u1.AddressOfData);
Function=(DWORD)ManualInject->fnGetProcAddress(hModule,(LPCSTR)pIBN->Name);

if(!Function)
{
return FALSE;
}

FirstThunk->u1.Function=Function;
}

OrigFirstThunk++;
FirstThunk++;
}

pIID++;
}

if(ManualInject->NtHeaders->OptionalHeader.AddressOfEntryPoint)
{
EntryPoint=(PDLL_MAIN)((LPBYTE)ManualInject->ImageBase+ManualInject->NtHeaders->OptionalHeader.AddressOfEntryPoint);
return EntryPoint((HMODULE)ManualInject->ImageBase,DLL_PROCESS_ATTACH,NULL); // Call the entry point
}

return TRUE;
}

DWORD WINAPI LoadDllEnd()
{
return 0;
}

int wmain(int argc,wchar_t* argv[])
{
PIMAGE_DOS_HEADER pIDH;
PIMAGE_NT_HEADERS pINH;
PIMAGE_SECTION_HEADER pISH;

HANDLE hProcess,hThread,hFile,hToken;
PVOID buffer,image,mem;
DWORD i,FileSize,ProcessId,ExitCode,read;

TOKEN_PRIVILEGES tp;
MANUAL_INJECT ManualInject;

if(argc<3)
{
printf("\nUsage: ManualInject [DLL name] [PID]\n");
return -1;
}

if(OpenProcessToken((HANDLE)-1,TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
{
tp.PrivilegeCount=1;
tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;

tp.Privileges[0].Luid.LowPart=20;
tp.Privileges[0].Luid.HighPart=0;

AdjustTokenPrivileges(hToken,FALSE,&tp,0,NULL,NULL );
CloseHandle(hToken);
}

printf("\nOpening the DLL.\n");
hFile=CreateFile(argv[1],GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,NUL L,OPEN_EXISTING,0,NULL); // Open the DLL

if(hFile==INVALID_HANDLE_VALUE)
{
printf("\nError: Unable to open the DLL (%d)\n",GetLastError());
return -1;
}

FileSize=GetFileSize(hFile,NULL);
buffer=VirtualAlloc(NULL,FileSize,MEM_COMMIT|MEM_R ESERVE,PAGE_READWRITE);

if(!buffer)
{
printf("\nError: Unable to allocate memory for DLL data (%d)\n",GetLastError());

CloseHandle(hFile);
return -1;
}

// Read the DLL

if(!ReadFile(hFile,buffer,FileSize,&read,NULL))
{
printf("\nError: Unable to read the DLL (%d)\n",GetLastError());

VirtualFree(buffer,0,MEM_RELEASE);
CloseHandle(hFile);

return -1;
}

CloseHandle(hFile);

pIDH=(PIMAGE_DOS_HEADER)buffer;

if(pIDH->e_magic!=IMAGE_DOS_SIGNATURE)
{
printf("\nError: Invalid executable image.\n");

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

pINH=(PIMAGE_NT_HEADERS)((LPBYTE)buffer+pIDH->e_lfanew);

if(pINH->Signature!=IMAGE_NT_SIGNATURE)
{
printf("\nError: Invalid PE header.\n");

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

if(!(pINH->FileHeader.Characteristics & IMAGE_FILE_DLL))
{
printf("\nError: The image is not DLL.\n");

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

ProcessId=wcstoul(argv[2],NULL,0);

printf("\nOpening target process.\n");
hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,Proc essId);

if(!hProcess)
{
printf("\nError: Unable to open target process (%d)\n",GetLastError());

VirtualFree(buffer,0,MEM_RELEASE);
CloseHandle(hProcess);

return -1;
}

printf("\nAllocating memory for the DLL.\n");
image=VirtualAllocEx(hProcess,NULL,pINH->OptionalHeader.SizeOfImage,MEM_COMMIT|MEM_RESERVE ,PAGE_EXECUTE_READWRITE); // Allocate memory for the DLL

if(!image)
{
printf("\nError: Unable to allocate memory for the DLL (%d)\n",GetLastError());

VirtualFree(buffer,0,MEM_RELEASE);
CloseHandle(hProcess);

return -1;
}

// Copy the header to target process

printf("\nCopying headers into target process.\n");

if(!WriteProcessMemory(hProcess,image,buffer,pINH->OptionalHeader.SizeOfHeaders,NULL))
{
printf("\nError: Unable to copy headers to target process (%d)\n",GetLastError());

VirtualFreeEx(hProcess,image,0,MEM_RELEASE);
CloseHandle(hProcess);

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

pISH=(PIMAGE_SECTION_HEADER)(pINH+1);

// Copy the DLL to target process

printf("\nCopying sections to target process.\n");

for(i=0;i<pINH->FileHeader.NumberOfSections;i++)
{
WriteProcessMemory(hProcess,(PVOID)((LPBYTE)image+ pISH[i].VirtualAddress),(PVOID)((LPBYTE)buffer+pISH[i].PointerToRawData),pISH[i].SizeOfRawData,NULL);
}

printf("\nAllocating memory for the loader code.\n");
mem=VirtualAllocEx(hProcess,NULL,4096,MEM_COMMIT|M EM_RESERVE,PAGE_EXECUTE_READWRITE); // Allocate memory for the loader code

if(!mem)
{
printf("\nError: Unable to allocate memory for the loader code (%d)\n",GetLastError());

VirtualFreeEx(hProcess,image,0,MEM_RELEASE);
CloseHandle(hProcess);

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

printf("\nLoader code allocated at %#x\n",mem);
memset(&ManualInject,0,sizeof(MANUAL_INJECT));

ManualInject.ImageBase=image;
ManualInject.NtHeaders=(PIMAGE_NT_HEADERS)((LPBYTE )image+pIDH->e_lfanew);
ManualInject.BaseRelocation=(PIMAGE_BASE_RELOCATIO N)((LPBYTE)image+pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
ManualInject.ImportDirectory=(PIMAGE_IMPORT_DESCRI PTOR)((LPBYTE)image+pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
ManualInject.fnLoadLibraryA=LoadLibraryA;
ManualInject.fnGetProcAddress=GetProcAddress;

printf("\nWriting loader code to target process.\n");

WriteProcessMemory(hProcess,mem,&ManualInject,size of(MANUAL_INJECT),NULL); // Write the loader information to target process
WriteProcessMemory(hProcess,(PVOID)((PMANUAL_INJEC T)mem+1),LoadDll,(DWORD)LoadDllEnd-(DWORD)LoadDll,NULL); // Write the loader code to target process

printf("\nExecuting loader code.\n");
hThread=CreateRemoteThread(hProcess,NULL,0,(LPTHRE AD_START_ROUTINE)((PMANUAL_INJECT)mem+1),mem,0,NUL L); // Create a remote thread to execute the loader code

if(!hThread)
{
printf("\nError: Unable to execute loader code (%d)\n",GetLastError());

VirtualFreeEx(hProcess,mem,0,MEM_RELEASE);
VirtualFreeEx(hProcess,image,0,MEM_RELEASE);

CloseHandle(hProcess);

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

WaitForSingleObject(hThread,INFINITE);
GetExitCodeThread(hThread,&ExitCode);

if(!ExitCode)
{
VirtualFreeEx(hProcess,mem,0,MEM_RELEASE);
VirtualFreeEx(hProcess,image,0,MEM_RELEASE);

CloseHandle(hThread);
CloseHandle(hProcess);

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

CloseHandle(hThread);
VirtualFreeEx(hProcess,mem,0,MEM_RELEASE);

CloseHandle(hProcess);

printf("\nDLL injected at %#x\n",image);

if(pINH->OptionalHeader.AddressOfEntryPoint)
{
printf("\nDLL entry point: %#x\n",(PVOID)((LPBYTE)image+pINH->OptionalHeader.AddressOfEntryPoint));
}

VirtualFree(buffer,0,MEM_RELEASE);
return 0;
}

Some other good source was posted by Kenshin13 in his thread Erase DLL PE Header yet another good feature for an advanced injector .

[Onelordofpain]

Nice Injector ... Have you considered advanced injection methods ? Here is some source on mapping to a process .
(Credits) to zwclose7
This can be converted to VB.net and could i make one suggestion use a list box for your styles you could add an import feature to the Injector "custom style" so users could use their own . But i really like what you have done and how you continue to improve upon your project .

 

#include <stdio.h>
#include <Windows.h>

typedef HMODULE (WINAPI *pLoadLibraryA)(LPCSTR);
typedef FARPROC (WINAPI *pGetProcAddress)(HMODULE,LPCSTR);

typedef BOOL (WINAPI *PDLL_MAIN)(HMODULE,DWORD,PVOID);

typedef struct _MANUAL_INJECT
{
PVOID ImageBase;
PIMAGE_NT_HEADERS NtHeaders;
PIMAGE_BASE_RELOCATION BaseRelocation;
PIMAGE_IMPORT_DESCRIPTOR ImportDirectory;
pLoadLibraryA fnLoadLibraryA;
pGetProcAddress fnGetProcAddress;
}MANUAL_INJECT,*PMANUAL_INJECT;

DWORD WINAPI LoadDll(PVOID p)
{
PMANUAL_INJECT ManualInject;

HMODULE hModule;
DWORD i,Function,count,delta;

PDWORD ptr;
PWORD list;

PIMAGE_BASE_RELOCATION pIBR;
PIMAGE_IMPORT_DESCRIPTOR pIID;
PIMAGE_IMPORT_BY_NAME pIBN;
PIMAGE_THUNK_DATA FirstThunk,OrigFirstThunk;

PDLL_MAIN EntryPoint;

ManualInject=(PMANUAL_INJECT)p;

pIBR=ManualInject->BaseRelocation;
delta=(DWORD)((LPBYTE)ManualInject->ImageBase-ManualInject->NtHeaders->OptionalHeader.ImageBase); // Calculate the delta

// Relocate the image

while(pIBR->VirtualAddress)
{
if(pIBR->SizeOfBlock>=sizeof(IMAGE_BASE_RELOCATION))
{
count=(pIBR->SizeOfBlock-sizeof(IMAGE_BASE_RELOCATION))/sizeof(WORD);
list=(PWORD)(pIBR+1);

for(i=0;i<count;i++)
{
if(list[i])
{
ptr=(PDWORD)((LPBYTE)ManualInject->ImageBase+(pIBR->VirtualAddress+(list[i] & 0xFFF)));
*ptr+=delta;
}
}
}

pIBR=(PIMAGE_BASE_RELOCATION)((LPBYTE)pIBR+pIBR->SizeOfBlock);
}

pIID=ManualInject->ImportDirectory;

// Resolve DLL imports

while(pIID->Characteristics)
{
OrigFirstThunk=(PIMAGE_THUNK_DATA)((LPBYTE)ManualI nject->ImageBase+pIID->OriginalFirstThunk);
FirstThunk=(PIMAGE_THUNK_DATA)((LPBYTE)ManualInjec t->ImageBase+pIID->FirstThunk);

hModule=ManualInject->fnLoadLibraryA((LPCSTR)ManualInject->ImageBase+pIID->Name);

if(!hModule)
{
return FALSE;
}

while(OrigFirstThunk->u1.AddressOfData)
{
if(OrigFirstThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG)
{
// Import by ordinal

Function=(DWORD)ManualInject->fnGetProcAddress(hModule,(LPCSTR)(OrigFirstThun k->u1.Ordinal & 0xFFFF));

if(!Function)
{
return FALSE;
}

FirstThunk->u1.Function=Function;
}

else
{
// Import by name

pIBN=(PIMAGE_IMPORT_BY_NAME)((LPBYTE)ManualInject->ImageBase+OrigFirstThunk->u1.AddressOfData);
Function=(DWORD)ManualInject->fnGetProcAddress(hModule,(LPCSTR)pIBN->Name);

if(!Function)
{
return FALSE;
}

FirstThunk->u1.Function=Function;
}

OrigFirstThunk++;
FirstThunk++;
}

pIID++;
}

if(ManualInject->NtHeaders->OptionalHeader.AddressOfEntryPoint)
{
EntryPoint=(PDLL_MAIN)((LPBYTE)ManualInject->ImageBase+ManualInject->NtHeaders->OptionalHeader.AddressOfEntryPoint);
return EntryPoint((HMODULE)ManualInject->ImageBase,DLL_PROCESS_ATTACH,NULL); // Call the entry point
}

return TRUE;
}

DWORD WINAPI LoadDllEnd()
{
return 0;
}

int wmain(int argc,wchar_t* argv[])
{
PIMAGE_DOS_HEADER pIDH;
PIMAGE_NT_HEADERS pINH;
PIMAGE_SECTION_HEADER pISH;

HANDLE hProcess,hThread,hFile,hToken;
PVOID buffer,image,mem;
DWORD i,FileSize,ProcessId,ExitCode,read;

TOKEN_PRIVILEGES tp;
MANUAL_INJECT ManualInject;

if(argc<3)
{
printf("\nUsage: ManualInject [DLL name] [PID]\n");
return -1;
}

if(OpenProcessToken((HANDLE)-1,TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
{
tp.PrivilegeCount=1;
tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;

tp.Privileges[0].Luid.LowPart=20;
tp.Privileges[0].Luid.HighPart=0;

AdjustTokenPrivileges(hToken,FALSE,&tp,0,NULL,NULL );
CloseHandle(hToken);
}

printf("\nOpening the DLL.\n");
hFile=CreateFile(argv[1],GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,NUL L,OPEN_EXISTING,0,NULL); // Open the DLL

if(hFile==INVALID_HANDLE_VALUE)
{
printf("\nError: Unable to open the DLL (%d)\n",GetLastError());
return -1;
}

FileSize=GetFileSize(hFile,NULL);
buffer=VirtualAlloc(NULL,FileSize,MEM_COMMIT|MEM_R ESERVE,PAGE_READWRITE);

if(!buffer)
{
printf("\nError: Unable to allocate memory for DLL data (%d)\n",GetLastError());

CloseHandle(hFile);
return -1;
}

// Read the DLL

if(!ReadFile(hFile,buffer,FileSize,&read,NULL))
{
printf("\nError: Unable to read the DLL (%d)\n",GetLastError());

VirtualFree(buffer,0,MEM_RELEASE);
CloseHandle(hFile);

return -1;
}

CloseHandle(hFile);

pIDH=(PIMAGE_DOS_HEADER)buffer;

if(pIDH->e_magic!=IMAGE_DOS_SIGNATURE)
{
printf("\nError: Invalid executable image.\n");

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

pINH=(PIMAGE_NT_HEADERS)((LPBYTE)buffer+pIDH->e_lfanew);

if(pINH->Signature!=IMAGE_NT_SIGNATURE)
{
printf("\nError: Invalid PE header.\n");

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

if(!(pINH->FileHeader.Characteristics & IMAGE_FILE_DLL))
{
printf("\nError: The image is not DLL.\n");

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

ProcessId=wcstoul(argv[2],NULL,0);

printf("\nOpening target process.\n");
hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,Proc essId);

if(!hProcess)
{
printf("\nError: Unable to open target process (%d)\n",GetLastError());

VirtualFree(buffer,0,MEM_RELEASE);
CloseHandle(hProcess);

return -1;
}

printf("\nAllocating memory for the DLL.\n");
image=VirtualAllocEx(hProcess,NULL,pINH->OptionalHeader.SizeOfImage,MEM_COMMIT|MEM_RESERVE ,PAGE_EXECUTE_READWRITE); // Allocate memory for the DLL

if(!image)
{
printf("\nError: Unable to allocate memory for the DLL (%d)\n",GetLastError());

VirtualFree(buffer,0,MEM_RELEASE);
CloseHandle(hProcess);

return -1;
}

// Copy the header to target process

printf("\nCopying headers into target process.\n");

if(!WriteProcessMemory(hProcess,image,buffer,pINH->OptionalHeader.SizeOfHeaders,NULL))
{
printf("\nError: Unable to copy headers to target process (%d)\n",GetLastError());

VirtualFreeEx(hProcess,image,0,MEM_RELEASE);
CloseHandle(hProcess);

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

pISH=(PIMAGE_SECTION_HEADER)(pINH+1);

// Copy the DLL to target process

printf("\nCopying sections to target process.\n");

for(i=0;i<pINH->FileHeader.NumberOfSections;i++)
{
WriteProcessMemory(hProcess,(PVOID)((LPBYTE)image+ pISH[i].VirtualAddress),(PVOID)((LPBYTE)buffer+pISH[i].PointerToRawData),pISH[i].SizeOfRawData,NULL);
}

printf("\nAllocating memory for the loader code.\n");
mem=VirtualAllocEx(hProcess,NULL,4096,MEM_COMMIT|M EM_RESERVE,PAGE_EXECUTE_READWRITE); // Allocate memory for the loader code

if(!mem)
{
printf("\nError: Unable to allocate memory for the loader code (%d)\n",GetLastError());

VirtualFreeEx(hProcess,image,0,MEM_RELEASE);
CloseHandle(hProcess);

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

printf("\nLoader code allocated at %#x\n",mem);
memset(&ManualInject,0,sizeof(MANUAL_INJECT));

ManualInject.ImageBase=image;
ManualInject.NtHeaders=(PIMAGE_NT_HEADERS)((LPBYTE )image+pIDH->e_lfanew);
ManualInject.BaseRelocation=(PIMAGE_BASE_RELOCATIO N)((LPBYTE)image+pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
ManualInject.ImportDirectory=(PIMAGE_IMPORT_DESCRI PTOR)((LPBYTE)image+pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
ManualInject.fnLoadLibraryA=LoadLibraryA;
ManualInject.fnGetProcAddress=GetProcAddress;

printf("\nWriting loader code to target process.\n");

WriteProcessMemory(hProcess,mem,&ManualInject,size of(MANUAL_INJECT),NULL); // Write the loader information to target process
WriteProcessMemory(hProcess,(PVOID)((PMANUAL_INJEC T)mem+1),LoadDll,(DWORD)LoadDllEnd-(DWORD)LoadDll,NULL); // Write the loader code to target process

printf("\nExecuting loader code.\n");
hThread=CreateRemoteThread(hProcess,NULL,0,(LPTHRE AD_START_ROUTINE)((PMANUAL_INJECT)mem+1),mem,0,NUL L); // Create a remote thread to execute the loader code

if(!hThread)
{
printf("\nError: Unable to execute loader code (%d)\n",GetLastError());

VirtualFreeEx(hProcess,mem,0,MEM_RELEASE);
VirtualFreeEx(hProcess,image,0,MEM_RELEASE);

CloseHandle(hProcess);

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

WaitForSingleObject(hThread,INFINITE);
GetExitCodeThread(hThread,&ExitCode);

if(!ExitCode)
{
VirtualFreeEx(hProcess,mem,0,MEM_RELEASE);
VirtualFreeEx(hProcess,image,0,MEM_RELEASE);

CloseHandle(hThread);
CloseHandle(hProcess);

VirtualFree(buffer,0,MEM_RELEASE);
return -1;
}

CloseHandle(hThread);
VirtualFreeEx(hProcess,mem,0,MEM_RELEASE);

CloseHandle(hProcess);

printf("\nDLL injected at %#x\n",image);

if(pINH->OptionalHeader.AddressOfEntryPoint)
{
printf("\nDLL entry point: %#x\n",(PVOID)((LPBYTE)image+pINH->OptionalHeader.AddressOfEntryPoint));
}

VirtualFree(buffer,0,MEM_RELEASE);
return 0;
}

Some other good source was posted by Kenshin13 in his thread Erase DLL PE Header yet another good feature for an advanced injector .

Thanks for The suggestion Brother

But I don't intend to do that, at least not yet. I'm going to wait and also develop new stuff

[HOOSIER]

Thanks for The suggestion Brother

But I don't intend to do that, at least not yet. I'm going to wait and also develop new stuff

It is actually not that hard there is a video with this source to help understand how to manually map . If you do not mind what new stuff are you referring to ?

[EV1LK]

what hacks exactly should i inject ? -_-

[blackops3cheats]

thanks for the share

[GodFire]

Thank you For this My friend

[Letrektem]

can you tell me how to use it step by step? im new here btw sooo hope comunnity here is nice

[Hunter]

can you tell me how to use it step by step? im new here btw sooo hope comunnity here is nice

[Letrektem]

i mean like what should i write on process and what check dll?