How To : Make DLL Injection in C++

[The~Shadow~Coders]

Open C++ 2010 / 2008

Create Project Win32 Console

C++ SynTax

Code:

#include <windows.h> 
#include <tlhelp32.h> 
#include <shlwapi.h> 
#include <conio.h> 
#include <stdio.h> 


#define WIN32_LEAN_AND_MEAN 
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ) 

BOOL Inject(DWORD pID, const char * DLL_NAME); 
DWORD GetTargetThreadIDFromProcName(const char * ProcName); 

int main(int argc, char * argv[]) 
{ 
   // Retrieve process ID 
   DWORD pID = GetTargetThreadIDFromProcName("notepad.exe"); 
    
   // Get the dll's full path name 
   char buf[MAX_PATH] = {0}; 
   GetFullPathName("Project1.dll", MAX_PATH, buf, NULL); 
   printf(buf); 
   printf("\n"); 
    
   // Inject our main dll 
   if(!Inject(pID, buf)) 
   { 

        printf("DLL Not Loaded!"); 
    }else{ 
        printf("DLL Loaded!"); 
    } 

    _getch(); 
   return 0; 
} 

BOOL Inject(DWORD pID, const char * DLL_NAME) 
{ 
   HANDLE Proc; 
   HMODULE hLib; 
   char buf[50] = {0}; 
   LPVOID RemoteString, LoadLibAddy; 

   if(!pID) 
      return false; 

   Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID); 
   if(!Proc) 
   { 
      sprintf(buf, "OpenProcess() failed: %d", GetLastError()); 
      //MessageBox(NULL, buf, "Loader", MB_OK); 
      printf(buf); 
      return false; 
   } 
    
   LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); 

   // Allocate space in the process for our DLL 
   RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); 

   // Write the string name of our DLL in the memory allocated 
   WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL); 

   // Load our DLL 
   CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL); 

   CloseHandle(Proc); 
   return true; 
} 

DWORD GetTargetThreadIDFromProcName(const char * ProcName) 
{ 
   PROCESSENTRY32 pe; 
   HANDLE thSnapShot; 
   BOOL retval, ProcFound = false; 

   thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 
   if(thSnapShot == INVALID_HANDLE_VALUE) 
   { 
      //MessageBox(NULL, "Error: Unable <strong class="highlight">to</strong> create toolhelp snapshot!", "2MLoader", MB_OK); 
      printf("Error: Unable <strong class="highlight">to</strong> create toolhelp snapshot!"); 
      return false; 
   } 

   pe.dwSize = sizeof(PROCESSENTRY32); 
    
   retval = Process32First(thSnapShot, &pe); 
   while(retval) 
   { 
      if(StrStrI(pe.szExeFile, ProcName)) 
      { 
         return pe.th32ProcessID; 
      } 
      retval = Process32Next(thSnapShot, &pe); 
   } 
   return 0; 
}

Create a source file name DllMain.cpp

DllMain.cpp:

Code:

/* Replace "dll.h" with the name of your header */
#include "dll.h"
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>

DLLIMPORT void Hello ()
{
    MessageBox (0, "Hello from injected DLL!\n", "Hi", MB_ICONINFORMATION);
}


BOOL APIENTRY DllMain (HINSTANCE hInst     /* Library instance handle. */ ,
                       DWORD reason        /* Reason this function is being called. */ ,
                       LPVOID reserved     /* Not used. */ )
{
switch (reason)
    {
      case DLL_PROCESS_ATTACH:
           Hello();
        break;

      case DLL_PROCESS_DETACH:
           Hello();
        break;

      case DLL_THREAD_ATTACH:
           Hello();
        break;

      case DLL_THREAD_DETACH:
           Hello();
        break;
    }  

    /* Returns TRUE <strong class="highlight">on</strong> success, FALSE <strong class="highlight">on</strong> failure */
    return TRUE;
}

Now create a Header File name dll.h

Code:

#ifndef _DLL_H_
#define _DLL_H_

#if BUILDING_DLL
# define DLLIMPORT __declspec (dllexport)
#else /* Not BUILDING_DLL */
# define DLLIMPORT __declspec (dllimport)
#endif /* Not BUILDING_DLL */


DLLIMPORT void Hello (void);


#endif /* _DLL_H_ */

Please Thanks Me :P

<SLEEPY Guyz> No online member s Oh comeon replay

************************************************** ************************

And here a good code ( IF U NOT GOOD ON C++ DON T USE IT BECAUSE YOU WILL NOT KNOW WHERE TO PUT IT )

Code:

#include <string>
#include <windows.h>

#define MAXWAIT 10000

bool insertDll(DWORD procID, std::string dll)
{
    //Find the address of the LoadLibrary api, luckily for us, it is loaded in the same address for every process
    HMODULE hLocKernel32 = GetModuleHandle("Kernel32");
    FARPROC hLocLoadLibrary = GetProcAddress(hLocKernel32, "LoadLibraryA");
    
    //Adjust token privileges to open system processes
    HANDLE hToken;
    TOKEN_PRIVILEGES tkp;
    if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
    {
        LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tkp.Privileges[0].Luid);
        tkp.PrivilegeCount = 1;
        tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
        AdjustTokenPrivileges(hToken, 0, &tkp, sizeof(tkp), NULL, NULL);
    }

    //Open the process with all access
    HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);

    //Allocate memory to hold the path to the Dll File in the process's memory
    dll += '\0';
    LPVOID hRemoteMem = VirtualAllocEx(hProc, NULL, dll.size(), MEM_COMMIT, PAGE_READWRITE);

    //Write the path to the Dll File in the location just created
    DWORD numBytesWritten;
    WriteProcessMemory(hProc, hRemoteMem, dll.c_str(), dll.size(), &numBytesWritten);

    //Create a remote thread that starts begins at the LoadLibrary function and is passed are memory pointer
    HANDLE hRemoteThread = CreateRemoteThread(hProc, NULL, 0, (LPTHREAD_START_ROUTINE)hLocLoadLibrary, hRemoteMem, 0, NULL);

    cout << hRemoteThread << endl;

    //Wait for the thread to finish
    bool res = false;
    if (hRemoteThread)
        res = (bool)WaitForSingleObject(hRemoteThread, MAXWAIT) != WAIT_TIMEOUT;

    //Free the memory created on the other process
    VirtualFreeEx(hProc, hRemoteMem, dll.size(), MEM_RELEASE);

    //Release the handle to the other process
    CloseHandle(hProc);

    return res;
}

[Codemunkie]

Not much of a tutorial, it's just source code.

[Neechan']

What for Features we should add?
Button, Timer? ...

And screens :'D

[The~Shadow~Coders]

What for Features we should add?
Button, Timer? ...

And screens :'D

its c++ well if u want to make a project it'll be kinda a hard with this source

Not much of a tutorial, it's just source code.

its source code + How to use / put it means it a Tut

[mike2y]

isnt this suppose to be in the crossfire tutorial section jst saying but if thats ok wit gm then ok

[The~Shadow~Coders]

isnt this suppose to be in the crossfire tutorial section jst saying but if thats ok wit gm then ok

Well it must be here , because its a injector Guide

[The~Shadow~Coders]

No replay's ?

@Ghost Could you Sticky it ?

[Neechan']

No replay's ?

@Ghost Could you Sticky it ?

No sticky, if you want one, then;

- More Information
- What Features we should add?
- Add screenies...
and and and .. like mine :'D

[dragonattak]

C++ injector is stupid... just make visual basic...

[Neechan']

C++ injector is stupid... just make visual basic...

Agree...

Injector in C++ and VB = Same.

C++; is tooooo hard.
VB; Just copy + paste.

[The~Shadow~Coders]

Agree...

Injector in C++ and VB = Same.

C++; is tooooo hard.
VB; Just copy + paste.

C++ IS SO EASY

[[D]arkMan]

nice i gotta try it

[Neechan']

C++ IS SO EASY

Not for me xD

I want a book

[The~Shadow~Coders]

Not for me xD

I want a book

No need it's soooo much easy

[GS-HITMAN]

I have seen this on the internet.... you didn't make this scoure code.