Injector Class (Should work for 64bit)

[topblast]

it is a simple update and edited class to the sdk nextgen posted and stuff. Just added a few things to see how they go :O


Credits
@topblast
@NextGen1


[highlight="VB.Net"]
Imports System
Imports System.Collections.Generic
Imports System.ComponentModel
Imports System.Data
Imports System.Text
Imports System.Diagnostics
Imports System.Threading
Imports System.Runtime.InteropServices
Imports System.IO
Imports System.IO.Compression
Imports System.Security.Cryptography
Imports System.Net
Imports System.Windows.Forms
Imports System.Management
Imports System.Xml.XPath
Public Class Injector
Public Shared LOG As String

Private Shared Sub AddLog(ByVal text As String)
LOG = LOG + text + vbNewLine
End Sub

Private Shared Sub AddError(ByVal text As String)
AddLog(text)
MessageBox.Show(text, "ERROR", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Sub


Friend Declare Auto Function WaitForSingleObject Lib "kernel32" (ByVal handle As IntPtr, ByVal milliseconds As Int32) As Int32
<DllImport("kernel32")> _
Private Shared Function CreateRemoteThread(ByVal hProcess As IntPtr, ByVal lpThreadAttributes As IntPtr, ByVal dwStackSize As UInteger, ByVal lpStartAddress As UIntPtr, ByVal lpParameter As IntPtr, ByVal dwCreationFlags As UInteger, ByRef lpThreadId As IntPtr) As IntPtr
End Function
<DllImport("kernel32.dll")> _
Private Shared Function OpenProcess(ByVal dwDesiredAccess As UInt32, ByVal bInheritHandle As Int32, ByVal dwProcessId As Int32) As IntPtr
End Function
<DllImport("kernel32.dll", CharSet:=CharSet.Ansi, ExactSpelling:=True)> _
Private Shared Function GetProcAddress(ByVal hModule As IntPtr, ByVal procName As String) As UIntPtr
End Function
<DllImport("kernel32.dll")> _
Private Shared Function CloseHandle(ByVal hObject As IntPtr) As Int32
End Function
Private Declare Auto Function VirtualFreeEx Lib "kernel32.dll" (ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, ByVal dwSize As UIntPtr, ByVal dwFreeType As UInteger) As Boolean
Private Declare Auto Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, ByVal dwSize As UInteger, ByVal flAllocationType As UInteger, ByVal flProtect As UInteger) As IntPtr
<DllImport("kernel32.dll")> _
Private Shared Function WriteProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As Object, ByVal nSize As UIntPtr, ByRef lpNumberOfBytesWritten As IntPtr) As Boolean
End Function
<DllImport("kernel32.dll", CharSet:=CharSet.Auto)> _
Private Shared Function GetModuleHandle(ByVal lpModuleName As String) As IntPtr
End Function
Private Shared Function ProcessId(ByVal proc As [String]) As Int32
Dim ProcLRet As Process()
ProcLRet = Process.GetProcessesByName(proc)
Return ProcLRet(0).Id
End Function

Private Shared Function Inject(ByVal oProcess As IntPtr, ByVal strDLLName As [String]) As Boolean
Try
Dim bytes As IntPtr
Dim Len As Int32 = strDLLName.Length + 1
Dim AllMem As IntPtr = VirtualAllocEx(oProcess, IntPtr.Zero, CUInt(Len), &H1000, &H40)
WriteProcessMemory(oProcess, AllMem, strDLLName, Len, bytes)
Dim Injector As UIntPtr = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")

If Injector = Nothing Then
AddError("Injector: Error ID 001, Fail to find Fail to find [ Kernel32.dll::LoadLibraryA ]")
Return False
End If
Dim ThreadHd As IntPtr = CreateRemoteThread(oProcess, IntPtr.Zero, 0, Injector, AllMem, 0, bytes)

If ThreadHd = Nothing Then
AddError("Injector: Error ID 101, Fail to start DLL")
Return False
End If
Dim Result As Integer = WaitForSingleObject(ThreadHd, Int32.MaxValue)

If Result = 128L OrElse Result = 258L OrElse Result = &HFFFFFFFF Then
If Result = 258L Then
AddError("Injector: Error ID 201, FAIL Waiting to Long for Object")
Else
AddError("Injector: Error ID 202, Injection fail")
End If

If Not ThreadHd = Nothing Then
Return CloseHandle(ThreadHd)
End If
Return False
End If
Thread.Sleep(10)
VirtualFreeEx(oProcess, AllMem, 0, &H8000)

If Not ThreadHd = Nothing Then
Return CloseHandle(ThreadHd)
End If
Return False
Catch ex As Exception
Return False
End Try

End Function

Public Shared Function InjectDirect(ByVal DLLName As [String], ByVal ProcessName As [String]) As Boolean

Dim ProcID As Int32 = ProcessId(ProcessName)
If ProcID >= 0 Then
AddLog("Injector: Getting Process Info")
Dim oProcess As String = OpenProcess(&H1F0FFF, 1, ProcID)
If oProcess Is Nothing Then
AddLog("Injector: Error, Starting Process FAILED!")
AddLog("-------------------------------------------")
MessageBox.Show("ERROR: Process start FAILED", "Process Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
Return False
Exit Function
Else
Dim val = Inject(oProcess, DLLName)
AddLog("Injector: Injected is " + val.ToString)
AddLog("-------------------------------------------")
Return val
End If

End If
Return False
End Function

Public Shared Function InjectDirect(ByVal DLLName As [String], ByVal ProcID As [Int32]) As Boolean
If ProcID >= 0 Then
AddLog("Injector: Getting Process Info")
Dim oProcess As String = OpenProcess(&H1F0FFF, 1, ProcID)
If oProcess Is Nothing Then
AddLog("Injector: Error, Starting Process FAILED!")
AddLog("-------------------------------------------")
MessageBox.Show("ERROR: Process start FAILED", "Process Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
Return False
Exit Function
Else
Dim val = Inject(oProcess, DLLName)
AddLog("Injector: Injected is " + val.ToString)
AddLog("-------------------------------------------")
Return val
End If

End If
Return False
End Function

End Class
[/highlight]

[Jason]

Lol I like how you posted in my thread saying my method was wrong...then you release this, which does the EXACT same thing (albeit, worse with implicit casting), you just don't understand how it's working lulz.

[willrulz188]

You have two Injectdirect's in there

[Jason]

You have two Injectdirect's in there

It's called Method Overloading, look it up.

[topblast]

Lol I like how you posted in my thread saying my method was wrong...then you release this, which does the EXACT same thing (albeit, worse with implicit casting), you just don't understand how it's working lulz.

Well yours is wrong. LoadLibrary does not work with Byte Arrays. It works with File Location.

[Jason]

Well yours is wrong. LoadLibrary does not work with Byte Arrays. It works with File Location.

Did you even read my response for fucks sake? EVERYTHING IS STORED IN MEMORY AS BYTES (or bits.) An integer variable is stored as 4 bytes in memory representing the value of the integer. A short is 2 bytes in memory, a structure is really just a series of bytes in memory. A STRING is really just an array of bytes the size of the string. If you learned how programming works at a fundamental level maybe you'd understand that.

[freedompeace]

Well yours is wrong. LoadLibrary does not work with Byte Arrays. It works with File Location.

Biggest facepalm of my life. You made no significant changes to the code base at all. Oh, nevermind, you did make a significant contribution: 1 extra character. The credits order should be in order of contribution, as it has always been.

PS. "VB onli for nubs" in CA section, and what are you doing here (and your "help" threads that were obvious)? 0.o

[qddW$#%^jtyjtyj]

lol fail code.

I thoud you were "done" with VB section.
You said c++ is for pro's and you call yourself pro.
So go to c++ then...

[topblast]

Biggest facepalm of my life. You made no significant changes to the code base at all. Oh, nevermind, you did make a significant contribution: 1 extra character. The credits order should be in order of contribution, as it has always been.

PS. "VB onli for nubs" in CA section, and what are you doing here (and your "help" threads that were obvious)? 0.o

I did contribute to this.
VB is EPIC!!!!!
If you guys will Read the Code and stop OVER LOOKING THINGS you will see the difference,

Haters

lol fail code.

I thoud you were "done" with VB section.
You said c++ is for pro's and you call yourself pro.
So go to c++ then...

I dont remember saying any of these things.

[Jason]

I did contribute to this.
VB is EPIC!!!!!
If you guys will Read the Code and stop OVER LOOKING THINGS you will see the difference,

Haters



I dont remember saying any of these things.

All I'm seeing is an incorrect declaration of the WriteProcessMemory and an implicit conversion, and you not understanding it and pretending you're right.

[F.R.sesin]

Sorry,i need help...
I don't know how to select a dll and process...
Where is the variable of dll and process? Can you explain ?

[aLcohoL_95]

Sorry,i need help...
I don't know how to select a dll and process...
Where is the variable of dll and process? Can you explain ?

dude , if u dont know how to use it , it means u didnt deserve it

[topblast]

All I'm seeing is an incorrect declaration of the WriteProcessMemory and an implicit conversion, and you not understanding it and pretending you're right.

That is not an Incorrect declaration, And this class works EVEN for 64bit. I just post this because your code was using the argument in LoadLibrary as the Bytearray of the File, instead of the location to the DLL which it is suppose to be.

Back to WriteProcessMemory

lpBuffer is a LPVOID which can be the pointer of anything. VB does all the pointer stuff for us (with reference to this) which is why I used Object which can be Anything.

Code:

BOOL WINAPI WriteProcessMemory(
  __in   HANDLE hProcess,
  __in   LPVOID lpBaseAddress,
  __in   LPVOID lpBuffer, 
  __in   SIZE_T nSize,
  __out  SIZE_T *lpNumberOfBytesWritten
);

Code:

hProcess [in]
A handle to the process memory to be modified. The handle must have PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process.

lpBaseAddress [in]
A pointer to the base address in the specified process to which data is written. Before data transfer occurs, the system verifies that all data in the base address and memory of the specified size is accessible for write access, and if it is not accessible, the function fails.

lpBuffer [in]
A pointer to the buffer that contains data to be written in the address space of the specified process.

nSize [in]
The number of bytes to be written to the specified process.

lpNumberOfBytesWritten [out]
A pointer to a variable that receives the number of bytes transferred into the specified process. This parameter is optional. If lpNumberOfBytesWritten is NULL, the parameter is ignored.

Back to LoadLibrary
lpFileName is the Pointer to the array of chars which is the Filename / Location to the File. This proves I am right and your wrong :O, just doing it because I care

Code:

HMODULE WINAPI LoadLibrary(
  __in  LPCTSTR lpFileName
);

Code:

lpFileName [in]
The name of the module. This can be either a library module (a .dll file) or an executable module (an .exe file). The name specified is the file name of the module and is not related to the name stored in the library module itself, as specified by the LIBRARY keyword in the module-definition (.def) file.

If the string specifies a full path, the function searches only that path for the module.

If the string specifies a relative path or a module name without a path, the function uses a standard search strategy to find the module; for more information, see the Remarks.

If the function cannot find the module, the function fails. When specifying a path, be sure to use backslashes (\), not forward slashes (/). For more information about paths, see Naming a File or Directory.

If the string specifies a module name without a path and the file name extension is omitted, the function appends the default library extension .dll to the module name. To prevent the function from appending .dll to the module name, include a trailing point character (.) in the module name string.

[Jason]

Back to LoadLibrary
lpFileName is the Pointer to the array of chars which is the Filename / Location to the File. This proves I am right and your wrong :O, just doing it because I care :

Actually, that just proves my correctness even more. In case you weren't aware, a char holds a value from 0-255....OMG SO DOES A BYTE. If you learned how memory was actually stored and interpreted you might have understood the connection. My code works fine on my 64-bit computer lol.

Take a look at the proper PINVOKE declaration:
pinvoke.net: writeProcessMemory (kernel32)

I please you to learn how memory works, how it's stored and the relationship between bytes an any variable lol, you're really just embarrassing the fuck out of yourself haha. I don't know what's proving so hard to understand, but that's really not my problem any more.

Now, just before you refer me to the C++ declaration of WPM from Windows.h, look at this -.-

Code:

BOOL WINAPI WriteProcessMemory(
  __in   HANDLE hProcess,
  __in   LPVOID lpBaseAddress,
  __in   LPVOID lpBuffer, 
  __in   SIZE_T nSize,
  __out  SIZE_T *lpNumberOfBytesWritten
);

OMG THAT TELLS YOU HOW MANY BYTES WERE WRITTEN TO MEMORY. This is because the function will write your dll location to memory IN BYTES. I'm not passing a byte array to LoadLibrary, I'm telling it the location of my written memory, and LoadLibrary will interpret it as a LPCTSTR.

PLEASE FUCKING LEARN HOW MEMORY WORKS. An int is really 4 bytes in memory, do you thing that any function that takes an int is wrong because you're passing an array of 4 bytes to it? NO! Jesus christ use your brain.

[Hell_Demon]

In C++ BYTE is a typedef for unsigned char, which means it occupies 1 byte in memory and it's value can be between 0 and 255. Jason is right.