Simple Injector || Source

/* Filename: injector.cpp
 * Project: Injector
 * Author: Biesi
*/

#include <Windows.h>
#include <tlhelp32.h>
#include <fstream>
#include <stdio.h>

LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam);
DWORD GetProcessIdByName(const char * ProcName);
bool Inject(DWORD pID, char* dllName);
void ApplicationRoutine();
void ErasePEHeader();
void SetDebugPrivileges();

int CALLBACK WinMain(_In_  HINSTANCE hInstance, _In_  HINSTANCE hPrevInstance, _In_  LPSTR lpCmdLine, _In_  int nCmdShow)
{
	CreateThread(0, 0, (LPTHREAD_START_ROUTINE)ApplicationRoutine, 0, 0, 0);

	MSG msg;
	while (GetMessage(&msg, NULL, 0, 0))
	{
		TranslateMessage(&msg);
		DispatchMessage(&msg);
	}

	return (int) msg.wParam;
}

LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
    switch (message)
    {
    case WM_DESTROY:
        PostQuitMessage(0);
        break;
    default:
        return DefWindowProc(hWnd, message, wParam, lParam);
        break;
    }

    return 0;
}

void ErasePEHeader()
{
	DWORD OldProtect = 0;
	char *pBaseAddr = (char*)GetModuleHandle(NULL);
	VirtualProtect(pBaseAddr, 4096, PAGE_READWRITE, &OldProtect);
	ZeroMemory(pBaseAddr, 4096);
}

void SetDebugPrivileges()
{
    void* tokenHandle;
    OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &tokenHandle);
    TOKEN_PRIVILEGES privilegeToken;
    LookupPrivilegeValue(0, SE_DEBUG_NAME, &privilegeToken.Privileges[0].Luid);
    privilegeToken.PrivilegeCount = 1;
    privilegeToken.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    AdjustTokenPrivileges(tokenHandle, 0, &privilegeToken, sizeof(TOKEN_PRIVILEGES), 0, 0);
    CloseHandle(tokenHandle);
}

void ApplicationRoutine()
{
	ErasePEHeader();
	SetDebugPrivileges();
	char szAppPath[MAX_PATH] = "";
	GetModuleFileName(0, szAppPath, MAX_PATH);

	for(int i = 0; i < sizeof(szAppPath); i++)
	{
		if(szAppPath[i] == '.' && szAppPath[i + 1] == 'e' && szAppPath[i + 2] == 'x' && szAppPath[i + 3] == 'e')
		{
			szAppPath[i + 1] = 'd';
			szAppPath[i + 2] = 'l';
			szAppPath[i + 3] = 'l';
			break;
		}
	}

	if(std::ifstream(szAppPath))
	{
		MessageBox(HWND_DESKTOP, "Press OK and start crossfire", "Injector", MB_OK | MB_ICONINFORMATION);
		
		while(!GetProcessIdByName("crossfire.exe"))
			Sleep(250);

		DWORD pID = GetProcessIdByName("crossfire.exe");
		if(Inject(pID, szAppPath))
		{
			exit(EXIT_SUCCESS);
		} else {
			Sleep(500);
			Inject(pID, szAppPath);
			exit(EXIT_SUCCESS);	
		}
	} else {
		MessageBox(0, "Dll not found", "Injector", MB_OK | MB_ICONERROR);
		exit(EXIT_FAILURE);
	}
}


DWORD GetProcessIdByName(const char * ProcName)
{
	PROCESSENTRY32 pe;
	HANDLE thSnapShot;
	BOOL retval, ProcFound = false;

	thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if(thSnapShot == INVALID_HANDLE_VALUE)
	{
		MessageBox(NULL, "Error: Unable to create toolhelp snapshot!", "Injector", MB_OK | MB_ICONERROR);
		return false;
	}

	pe.dwSize = sizeof(PROCESSENTRY32);

	retval = Process32First(thSnapShot, &pe);
	while(retval)
	{
		if(!strcmp(pe.szExeFile, ProcName))
		{
			return pe.th32ProcessID;
		}
		retval = Process32Next(thSnapShot, &pe);
	}
	return 0;
}

bool Inject(DWORD pID, char* dllName)
{
	char DLL_NAME[MAX_PATH] = {0};
	GetFullPathName(dllName, MAX_PATH,DLL_NAME, NULL);

	HANDLE Proc = 0;
	HMODULE hLib = 0;
	char buf[50] = {0};
	LPVOID RemoteString = NULL;
	LPVOID LoadLibAddy	= NULL;

	if(!pID)
		return false; 

	Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
	if(!Proc)
	{
		return false;
	} 

	while(!LoadLibAddy)
	{
		LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); 
	}

	while(!RemoteString)
	{
		RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
	}

	WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL); 

	CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL); 

	CloseHandle(Proc);
	return true;
}