Code:
Module InjLib
'CreateRemoteThread for calling loadlibrary in the target process address space to load our Dll
Private Declare Function CreateRemoteThread Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpThreadAttributes As Int32, ByVal dwStackSize As Int32, ByVal lpStartAddress As Int32, ByVal lpParameter As Int32, ByVal dwCreationFlags As Int32, ByRef lpThreadId As Int32) As Int32
'VirtualAllocEx to allocate space in our target process so that we can write the path to our Dll
Private Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpAddress As Int32, ByVal dwSize As Int32, ByVal flAllocationType As Int32, ByVal flProtect As Int32) As Int32
'WriteProcessMemory to write the path to our Dll in the target process address space
Private Declare Function WriteProcessMemory Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpBaseAddress As Int32, ByVal lpBuffer As String, ByVal nSize As Int32, ByRef lpNumberOfBytesWritten As Int32) As Int32
'VirtualFreeEx to clean up when done
Private Declare Function VirtualFreeEx Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpAddress As Int32, ByRef dwSize As Int32, ByVal dwFreeType As Int32) As Int32
'Get ModuleHandle to get a handle to LoadLibrary so we can use the Handle to get its Address in the target Process' space
Private Declare Function GetModuleHandle Lib "kernel32.dll" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Int32
'GetProcAddress to get the address that LoadLibraryA resides at
Private Declare Function GetProcAddress Lib "kernel32.dll" (ByVal hModule As Int32, ByVal lpProcName As String) As Int32
'OpenProcess to get a handle to our target process and open it with the rights we require
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Int32, ByVal bInheritHandle As Int32, ByVal dwProcessId As Int32) As Int32
'CloseHandle to Close all open handles we needed
Private Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As Int32) As Int32
Private Const Create_Suspended As Int32 = &H4 '
Private Const process_vm_operation As Int32 = &H8
Private Const process_create_thread As Int32 = &H2
Private Const process_suspend_resume As Int32 = &H800
Private Const process_vm_write As Int32 = &H20
Private Const process_vm_read As Int32 = &H10
Private Const mem_commit As Int32 = &H1000
Private Const mem_release As Int32 = &H8000
Private Const page_readwrite As Int32 = &H4
Private Pac As Int32 = process_vm_read Or process_vm_write Or process_vm_operation
Public Function InjectSingleDll(ByVal ProcessName As String, ByVal DllPath As String) As Int32
Dim ProcHandle As Int32 ' Handle to our Process
Dim DllVirtLoc As Int32 ' The Location we will end up writing out Dll's Path to
Dim Inject As Int32 ' For Error Checking
Dim CreateThread As Int32 ' For Error Cheacking
Dim ThreadID As Int32 ' The ThreadID our created thread
Dim MHandle As Int32 ' Handle to LoadLibrary
Dim TargetProc As Process() = Process.GetProcessesByName(ProcessName) ' Get Our Proccess info
MHandle = GetModuleHandle("Kernel32.dll") 'Handle to Kernel32.dll
If MHandle = Nothing Then
MessageBox.Show("Could not retrieve handle to Kernel32.dll", "Error", MessageBoxButtons.OK)
Return 0
Exit Function
Else
ProcHandle = OpenProcess(Pac, 0, TargetProc(0).Id) 'Gets Handle to Target process with required rights
If ProcHandle = 0 Then
MessageBox.Show("Could not get a handle to the target process", "Error", MessageBoxButtons.OK)
CloseHandle(MHandle) ' Closes our Handle to Kernel32.dll because we could not open Target Process
Return 0
Exit Function
Else
System.Threading.Thread.Sleep(100) ' Our Delay before injecting.
DllVirtLoc = VirtualAllocEx(ProcHandle, 0, DllPath.Length + 1, mem_commit, page_readwrite) ' Returns the Address of our Dll's Path in the target Process
If DllVirtLoc = 0 Then
MessageBox.Show("Could not allocate space in target process for Dll's path", "Error", MessageBoxButtons.OK)
CloseHandle(MHandle) ' Closes Handle to Kernel32.dll because we could not allocate space in Target Process
CloseHandle(ProcHandle) ' Closes Handle to Target Process because we could not allocate space in Target Process
Return 0
Exit Function
Else
Inject = WriteProcessMemory(ProcHandle, DllVirtLoc, DllPath, DllPath + 1, Nothing) ' Writes Our Dll's Path to our allocated Space
If Inject = 0 Then
MessageBox.Show("Could not write to target process' memory", "Error", MessageBoxButtons.OK)
VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) ' Frees Allocated Space in Target Process because we could not write our Dll's Path
CloseHandle(MHandle) ' Closes Handle to Kernel32.dll because we could not write our Dll's Path to Target Process
CloseHandle(ProcHandle) ' Closes Handle to Target Process because we could not write our Dll's Path to it
Return 0
Exit Function
Else
CreateThread = CreateRemoteThread(ProcHandle, 0, 0, GetProcAddress(MHandle, "LoadLibraryA"), DllVirtLoc, 0, ThreadID) ' Calls LoadLibraryA in Target Process to load our Dll
If CreateThread = 0 Then
MessageBox.Show("Could not create remote thread", "Error", MessageBoxButtons.OK)
VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) ' Frees Allocated Space in Target Process because we could not create our remote thread
CloseHandle(MHandle) ' Closes handle to Kernel32.dll because we could not create our remote thread
CloseHandle(ProcHandle) ' Closes handle to Target Process because we could not create our remote thread
Return 0
Exit Function
End If
End If
End If
End If
End If
VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) 'Frees Allocated space because we are done
CloseHandle(MHandle) ' Closes handle to Kernel32.dll because we are done
CloseHandle(ProcHandle) ' Closes handle to Target Process because we are done
Return 1
End Function
Public Function InjectMultipleDlls(ByVal ProcessName As String, ByVal DllPaths() As String) As int32
Dim ProcHandle As Int32 ' Handle to Target Process
Dim DllVirtLoc As Int32 ' Address of Dll Path
Dim Inject As Int32 ' Error Checking
Dim CreateThread As Int32 ' Error Checking
Dim ThreadID As Int32 ' Handle to our Created Thread
Dim MHandle As Int32 ' Handle to Kernel32.dll
Dim i As Int32 ' Counter
Dim TargetProc As Process() = Process.GetProcessesByName(ProcessName) ' Gets Process info
MHandle = GetModuleHandle("Kernel32.dll") ' Gets Handle to Kernel32.dll
If MHandle = 0 Then
MessageBox.Show("Could not get a handle to Kernel32.dll", "Error", MessageBoxButtons.OK)
Return 0
Exit Function
Else
ProcHandle = OpenProcess(Pac, 0, TargetProc(0).Id) ' Gets Handle to Process and opens with our desired rights
If ProcHandle = 0 Then
MessageBox.Show("Could not get a handle to Target process", "Error", MessageBoxButtons.OK)
CloseHandle(MHandle) ' Closes handle to kernel32.dll because we could not open our target process
Return 0
Exit Function
Else
For i = 0 To UBound(DllPaths) - 1
System.Threading.Thread.Sleep(100) ' Our Delay for initial Injection and subsequent injection
DllVirtLoc = VirtualAllocEx(ProcHandle, 0, DllPaths(i), mem_commit, page_readwrite) ' Allocates Space in Target Address Space
If DllVirtLoc = 0 Then
MessageBox.Show("Could not allocate space in target process", "Error", MessageBoxButtons.OK)
CloseHandle(MHandle) ' Closes Handle to Kernel32.dll because we could not allocate space
CloseHandle(ProcHandle) ' Closes Handle to Process becausewe could not allocate the space
Else
Inject = WriteProcessMemory(ProcHandle, DllVirtLoc, DllPaths(i), DllPaths(i).Length + 1, Nothing) ' Writes our Dll's path to Targets Address Space
If Inject = 0 Then
MessageBox.Show("Could not write to process' address space", "Error", MessageBoxButtons.OK)
VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) ' Free Allocated Space because writing failed
CloseHandle(MHandle) ' Close handle to kernel32.dll because writing failed
CloseHandle(ProcHandle) ' Close Handle to Process because writing failed
Else
CreateThread = CreateRemoteThread(ProcHandle, 0, 0, GetProcAddress(MHandle, "LoadLibraryA"), DllVirtLoc, 0, ThreadID)
If CreateThread = 0 Then
MessageBox.Show("Could not create remote thread", "Error", MessageBoxButtons.OK)
VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) ' Frees Allocated space because we could not create our remote thread
CloseHandle(MHandle) ' Closes Handle to Kernel32.dll because we could not create our remote thread
CloseHandle(ProcHandle) ' Closes Handle to Target Process because we could not create our remote thread
Return 0
Exit Function
Else
VirtualFreeEx(ProcHandle, DllVirtLoc, 0, mem_release) ' Frees Allocated Space because we are done
End If
End If
End If
Return 1 ' Returns 1 for Success 0 for failure declare recieving variable as array
Next i
CloseHandle(MHandle) ' Close Handle to Kernel32.dll because we are done
CloseHandle(ProcHandle) ' Close Handle to Target Process because we are done
End If
End If
End Function
End Module
If You use this just give credits to Linky(Me). Its free to use for non commerical use.