[Release][Source Code] DLL Injection

[Tukjedude]

DLL Injection

This is not a injector wich can inject everybody's DLL in every proccess. You can release it with your DLL to make it easier for people.

You can edit the name of the DLL to your DLL and edit the process of the process where i should be injected to.

Just something easy you can use for your hack.
This is free of use and you may modify it, but just leave my name on it.

Code:

// Filename: DLL Injector.cpp
// Author: HadFuny
// Date: 31-05-2010
// HadFuny Copyright 2010

#include <windows.h> 
#include <tlhelp32.h> 
#include <shlwapi.h> 
#include <conio.h> 
#include <stdio.h> 
#include <iostream>


#define WIN32_LEAN_AND_MEAN 
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ) 

BOOL Inject(DWORD pID, const char * DLL_NAME); 
DWORD GetTargetThreadIDFromProcName(const char * ProcName); 
using namespace std;

int main(int argc, char * argv[]) 
{
   // The name of the process you want to inject
   DWORD pID = GetTargetThreadIDFromProcName("notepad.exe"); 
    
   // Get the dll's full path name 
   char buf[MAX_PATH] = {0}; 
   GetFullPathName("Project1.dll", MAX_PATH, buf, NULL);  // On the place where is Project1.dll you can put the name of your dll
   printf(buf); 
   printf("\n"); 
    
   // Inject our main dll
   if(!Inject(pID, buf)) 
   { 
     printf("Not loaded!"); // If injection is not sucsessfull 
   }
   else
   { 
     printf("Loaded!"); //  If injection is sucsessfull 
   } 
   _getch(); 
   return 0; 
} 

BOOL Inject(DWORD pID, const char * DLL_NAME) 
{ 
   HANDLE Proc; 
   HMODULE hLib; 
   char buf[50] = {0}; 
   LPVOID RemoteString, LoadLibAddy; 
   if(!pID) 
      return false; 
   Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID); 
   if(!Proc) 
   { 
      sprintf(buf, "OpenProcess() failed: %d", GetLastError()); 
      //MessageBox(NULL, buf, "Loader", MB_OK); 
      printf(buf); 
      return false; 
   } 
   LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); 
   // Allocate space in the process for our DLL
   RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); 
   // Write the string name of our DLL in the memory allocated 
   WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL); 
   // Load our <strong class="highlight">DLL</strong> 
   CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL); 
   CloseHandle(Proc); 
   return true; 
} 

DWORD GetTargetThreadIDFromProcName(const char * ProcName) 
{ 
   PROCESSENTRY32 pe; 
   HANDLE thSnapShot; 
   BOOL retval, ProcFound = false; 

   thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 
   if(thSnapShot == INVALID_HANDLE_VALUE) 
   { 
      //MessageBox(NULL, "Error: Unable to create toolhelp snapshot!", "2MLoader", MB_OK); 
      printf("Error: Unable to create toolhelp snapshot!"); 
      return false; 
   } 
   pe.dwSize = sizeof(PROCESSENTRY32); 
   retval = Process32First(thSnapShot, &pe); 
   while(retval) 
   { 
      if(StrStrI(pe.szExeFile, ProcName)) 
      { 
         return pe.th32ProcessID; 
      } 
      retval = Process32Next(thSnapShot, &pe); 
   } 
   return 0; 
}

To turn it in a unversial injector wich can inject any DLL into any process:
DOWNLOAD COMPILED UNIVERSAL INJECTOR: Download
VIRUSTOTAL:Virustotal. MD5: cd43aef8fbdf49f7a3bfe0f5879f5db7

Code:

// Filename: DLL Injector.cpp
// Author: HadFuny
// Date: 31-05-2010
// HadFuny Copyright 2010

#include <windows.h> 
#include <tlhelp32.h> 
#include <shlwapi.h> 
#include <conio.h> 
#include <stdio.h> 
#include <iostream>


#define WIN32_LEAN_AND_MEAN 
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ) 

BOOL Inject(DWORD pID, const char * DLL_NAME); 
DWORD GetTargetThreadIDFromProcName(const char * ProcName); 
using namespace std;
char* proc = "text";
char* dll = "text";

int main(int argc, char * argv[]) 
{
   // The name of the process you want to inject
   printf("Name of process:");
   cin >> proc;
   printf("/nName of DLL:");
   cin >> dll;
   DWORD pID = GetTargetThreadIDFromProcName(proc); 
    
   // Get the dll's full path name 
   char buf[MAX_PATH] = {0}; 
   GetFullPathName(dll, MAX_PATH, buf, NULL);  // On the place where is Project1.dll you can put the name of your dll
   printf(buf); 
   printf("\n"); 
    
   // Inject our main dll
   if(!Inject(pID, buf)) 
   { 
    printf("Not loaded!"); // If injection is not sucsessfull 
   }
   else
   { 
     printf("Loaded!"); //  If injection is sucsessfull 
   } 
   _getch(); 
   return 0; 
} 

BOOL Inject(DWORD pID, const char * DLL_NAME) 
{ 
   HANDLE Proc; 
   HMODULE hLib; 
   char buf[50] = {0}; 
   LPVOID RemoteString, LoadLibAddy; 
   if(!pID) 
      return false; 
   Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID); 
   if(!Proc) 
   { 
      sprintf(buf, "OpenProcess() failed: %d", GetLastError()); 
      //MessageBox(NULL, buf, "Loader", MB_OK); 
      printf(buf); 
      return false; 
   } 
   LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); 
   // Allocate space in the process for our DLL
   RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); 
   // Write the string name of our DLL in the memory allocated 
   WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL); 
   // Load our <strong class="highlight">DLL</strong> 
   CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL); 
   CloseHandle(Proc); 
   return true; 
} 

DWORD GetTargetThreadIDFromProcName(const char * ProcName) 
{ 
   PROCESSENTRY32 pe; 
   HANDLE thSnapShot; 
   BOOL retval, ProcFound = false; 

   thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 
   if(thSnapShot == INVALID_HANDLE_VALUE) 
   { 
      //MessageBox(NULL, "Error: Unable to create toolhelp snapshot!", "2MLoader", MB_OK); 
      printf("Error: Unable to create toolhelp snapshot!"); 
      return false; 
   } 
   pe.dwSize = sizeof(PROCESSENTRY32); 
   retval = Process32First(thSnapShot, &pe); 
   while(retval) 
   { 
      if(StrStrI(pe.szExeFile, ProcName)) 
      { 
         return pe.th32ProcessID; 
      } 
      retval = Process32Next(thSnapShot, &pe); 
   } 
   return 0; 
}

Sorry if there any error's in the code above i did it straight away without reading anything just straigt out of my mind..

[why06]

way 2 jack someone's code without any credit. which I notice by this huge giveaway

Code:

<strong class="highlight">DLL</strong>

which occurs multiple times through out ur code.

EDIT: hmmm... might be wrong abt this accusation. if I am let me know.

[Tukjedude]

Sorry i was trying some highlights in the text, but is doesn't work.
Fixed the errror, it should compile fine now..

But how do you mean:
"way 2 jack someone's code without any credit. which I notice by this huge giveaway "

Do you say that i jacked it or people can easly jack it from me?

[zhaoyun333]

The first one.

Could you explain this comment:

Code:

// Get the <strong class="highlight">dll</strong>'s full path name

[mwb1234]

The first one.

Could you explain this comment:

Code:

// Get the <strong class="highlight">dll</strong>'s full path name

Actually no he can't.
This was leeched I believe.

[why06]

Sorry i was trying some highlights in the text, but is doesn't work.
Fixed the errror, it should compile fine now..

But how do you mean:
"way 2 jack someone's code without any credit. which I notice by this huge giveaway "

Do you say that i jacked it or people can easily jack it from me?

I would say its quite obvious that Im saying I think u took the code from someone else, due to the inconsistencies in code like this that comes from copying code from a browser. I usually don't beat around the bush. either you did or you didn't. I don't know u because you haven't been here very long. If I were still mod I would spend the time to find out for sure, but since Im not anymore idc. Just tellin you wat I think.

[Tukjedude]

Yes i did copy some parts of code from a friend of mine.. but it isn't leeched.
And i copied the the comments too..but i fixed it. if you don't belive just search around the internet..

btw i fixed the comments

[/b/oss]

leeched ?

[Tukjedude]

Don't you know what leeching is (leech, leeched, leeching) ?

Steal sombody's code, release it.. that's leeching

[r_arraz]

When I compile and run the universal one I get an error with debugger when entering in process name lol

[Tukjedude]

Tryed the compiled one ? With wich compiler did you try to compile it ?
It compiled fine with the latest version of dev c++.....
I already said the universial on wasnt tested i wrote it directly from my mind.

[That0n3Guy]

I'm not trying to be an asshole, but if you're going to steal code, atleast attempt to cover your tracks.

This is the exact same code that is posted on another website (the only change is the addition of "using namespace std;". The other main difference being that the code was posted on the other website over a year ago. Due to the fact I can't post outside links, I can't say anything further than Google

Code:

DWORD pID = GetTargetThreadIDFromProcName("notepad.exe");

and click the first result. The fourth result is also very similar if not exactly the same.

You are full of fail, stop trying to be a kewl kid leecher.

[qwerty01]

did a little digging and...

Code:

      #include <windows.h>
      #include <tlhelp32.h>
      #include <shlwapi.h>
      #include <conio.h>
      #include <stdio.h>

      #define WIN32_LEAN_AND_MEAN
      #define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)

      BOOL Inject(DWORD pID, const char * DLL_NAME);
      DWORD GetTargetThreadIDFromProcName(const char * ProcName);

      int main(int argc, char * argv[])
      {
      // Retrieve process ID
      DWORD pID = GetTargetThreadIDFromProcName("notepad.exe");

      // Get the dll's full path name
      char buf[MAX_PATH] = {0};
      GetFullPathName("Project1.dll", MAX_PATH, buf, NULL);
      printf(buf);
      printf("\n");

      // Inject our main dll
      if(!Inject(pID, buf))
      {
      printf("DLL Not Loaded!");
      }else{
      printf("DLL Loaded!");
      }

      _getch();
      return 0;
      }

      BOOL Inject(DWORD pID, const char * DLL_NAME)
      {
      HANDLE Proc;
      HMODULE hLib;
      char buf[50] = {0};
      LPVOID RemoteString, LoadLibAddy;

      if(!pID)
      return false;

      Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
      if(!Proc)
      {
      sprintf(buf, "OpenProcess() failed: %d", GetLastError());
      //MessageBox(NULL, buf, "Loader", MB_OK);
      printf(buf);
      return false;
      }

      LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");

      // Allocate space in the process for our DLL
      RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);

      // Write the string name of our DLL in the memory allocated
      WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, strlen(DLL_NAME), NULL);

      // Load our DLL
      CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL);
      CloseHandle(Proc);
      return true;
      }

      DWORD GetTargetThreadIDFromProcName(const char * ProcName)
      {
      PROCESSENTRY32 pe;
      HANDLE thSnapShot;
      BOOL retval, ProcFound = false;

      thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
      if(thSnapShot == INVALID_HANDLE_VALUE)
      {
      //MessageBox(NULL, "Error: Unable to create toolhelp snapshot!", "2MLoader", MB_OK);
      printf("Error: Unable to create toolhelp snapshot!");
      return false;
      }

      pe.dwSize = sizeof(PROCESSENTRY32);

      retval = Process32First(thSnapShot, &pe);
      while(retval)
      {
      if(StrStrI(pe.szExeFile, ProcName))
      {
      return pe.th32ProcessID;
      }
      retval = Process32Next(thSnapShot, &pe);
      }
      return 0;
      }

look familiar?

can't post site, but do a quick search if you're interested:

Code:

"GetFullPathName("Project1.dll", MAX_PATH, buf, NULL);"