Code:
format PE GUI 4.0
include 'win32a.inc'
entry start
logo_main = 2001
IDB_LOGO = 2000
IDD_MAIN = 1000
IDE_FILE = 101
IDB_OPEN = 102
IDB_INJECT = 103
IDB_REFRESH = 104
IDL_PROCLIST = 105
struct PROCESSENTRY32
dwSize dd ?
cntUsage dd ?
th32ProcessID dd ?
th32DefaultHeapID dd ?
th32ModuleID dd ?
cntThreads dd ?
th32ParentProcessID dd ?
pcPriClassBase dd ?
dwFlags dd ?
szExeFile rb 1000h
ends
section '.idata' import data readable
library kernel,'KERNEL32.DLL',\
user,'USER32.DLL',\
comdlg,'COMDLG32.DLL'
import kernel,\
ExitProcess,'ExitProcess',\
GetModuleHandle,'GetModuleHandleA',\
CreateToolhelp32Snapshot,'CreateToolhelp32Snapshot',\
Process32First,'Process32First',\
Process32Next,'Process32Next',\
OpenProcess,'OpenProcess',\
WriteProcessMemory,'WriteProcessMemory',\
VirtualAllocEx,'VirtualAllocEx',\
CreateRemoteThread,'CreateRemoteThread',\
GetProcAddress,'GetProcAddress',\
GetLastError,'GetLastError',\
FormatMessage,'FormatMessageA',\
Module32First,'Module32First',\
Module32Next,'Module32Next'
import user,\
MessageBox,'MessageBoxA',\
DialogBoxParam,'DialogBoxParamA',\
EndDialog,'EndDialog',\
SetDlgItemText,'SetDlgItemTextA',\
GetDlgItem,'GetDlgItem',\
SendMessage,'SendMessageA',\
GetDlgItemText,'GetDlgItemTextA',\
LoadBitmap,'LoadBitmapA',\
SendDlgItemMessage,'SendDlgItemMessageA'
import comdlg,\
GetOpenFileName,'GetOpenFileNameA'
section '.rsrc' resource data readable
directory RT_DIALOG,dialogs,\
RT_BITMAP,bitmaps
resource dialogs,\
IDD_MAIN,LANG_ENGLISH+SUBLANG_DEFAULT,DLLINJECTORDIALOG
resource bitmaps,\
logo_main,LANG_NEUTRAL,LOGO
dialog DLLINJECTORDIALOG,'DLL Injector',0,0,248,197,WS_CAPTION+WS_VISIBLE+WS_SYSMENU+WS_MINIMIZEBOX+DS_CENTER
dialogitem 'EDIT','',IDE_FILE,21,66,157,14,WS_VISIBLE+WS_BORDER+ES_READONLY+ES_AUTOHSCROLL
dialogitem 'BUTTON','Browse',IDB_OPEN,185,66,43,14,WS_VISIBLE
dialogitem 'LISTBOX','',IDL_PROCLIST,19,96,208,66,WS_VISIBLE+WS_VSCROLL+WS_BORDER
dialogitem 'BUTTON','Injector',-1,11,49,227,142,WS_VISIBLE+BS_GROUPBOX
dialogitem 'BUTTON','Inject',IDB_INJECT,97,166,50,14,WS_VISIBLE
dialogitem 'BUTTON','Refresh',IDB_REFRESH,180,166,47,14,WS_VISIBLE
dialogitem 'STATIC','',IDB_LOGO,11,7,227,42,WS_VISIBLE+SS_BITMAP
enddialog
bitmap LOGO,'LOGO.BMP'
section '.text' code readable writeable executable
start:
mov [pe32.dwSize],sizeof.PROCESSENTRY32
invoke CreateToolhelp32Snapshot,dword 2,0
mov [hlpsnap],eax
invoke GetModuleHandle,0
mov [hInstance],eax
mov [ofn.lStructSize], sizeof.OPENFILENAME
mov [ofn.hInstance],eax
mov [ofn.nMaxFile],1000h
mov [ofn.lpstrFile],path_buffer
mov [ofn.lpstrFilter],openfilter
invoke DialogBoxParam,eax,IDD_MAIN,NULL,MainDialogProc,0
invoke ExitProcess,0
proc EnumProcesses snapshotpe,listbox
local currlbindex:DWORD
mov [currlbindex],0
invoke SendMessage,[listbox],LB_RESETCONTENT,0,0
invoke Process32First,[snapshotpe],pe32
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,[pe32.th32ProcessID]
test eax,eax
jnz .processnap
.processnext:
invoke Process32Next,[snapshotpe],pe32
test eax,eax
jz endenum
;invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,[pe32.th32ProcessID]
;test eax,eax ;will only work for top level
;jz .processnext
.processnap:
invoke SendMessage,[listbox],LB_ADDSTRING,0,pe32.szExeFile
invoke SendMessage,[listbox],LB_SETITEMDATA,[currlbindex],[pe32.th32ProcessID]
inc [currlbindex]
jmp .processnext
endenum:
ret
endp
proc MainDialogProc hwnd,msg,wparam,lparam
push ebx esi edi
cmp [msg],WM_INITDIALOG
je .init
cmp [msg],WM_COMMAND
je .wmcommand
cmp [msg],WM_CLOSE
je .close
xor eax,eax
jmp .finish
.init:
push [hwnd]
pop [ofn.hwndOwner]
invoke LoadBitmap,[hInstance],logo_main
invoke SendDlgItemMessage,[hwnd],IDB_LOGO,STM_SETIMAGE,IMAGE_BITMAP,eax
invoke GetDlgItem,[hwnd],IDL_PROCLIST
stdcall EnumProcesses,[hlpsnap],eax
jmp .processed
.wmcommand:
mov eax,[wparam]
and eax,0FFFFh
cmp eax,IDB_OPEN
je .open
cmp eax,IDB_INJECT
je .inject
cmp eax,IDB_REFRESH
je .refresh
jmp .processed
.open:
invoke GetOpenFileName,ofn
test eax,eax
jz .processed
invoke SetDlgItemText,[hwnd],IDE_FILE,path_buffer
jmp .processed
.inject:
invoke GetDlgItemText,[hwnd],IDE_FILE,path_buffer,1000h
test eax,eax
jz .nofilename
mov [path_length],eax
invoke GetDlgItem,[hwnd],IDL_PROCLIST
mov [proclisthwnd],eax
invoke SendMessage,eax,LB_GETCURSEL,0,0
invoke SendMessage,[proclisthwnd],LB_GETITEMDATA,eax,0
stdcall InjectDLL,eax,path_buffer,[path_length],[hwnd]
jmp .processed
.refresh:
invoke CreateToolhelp32Snapshot,dword 2,0
mov [hlpsnap],eax
invoke GetDlgItem,[hwnd],IDL_PROCLIST
stdcall EnumProcesses,[hlpsnap],eax
jmp .processed
.nofilename:
invoke MessageBox,[hwnd],_nofile,_error,MB_ICONERROR
jmp .processed
.close:
invoke EndDialog,[hwnd],0
jmp .processed
.processed:
mov eax,TRUE
.finish:
pop edi esi ebx
ret
endp
proc InjectDLL procid,dllpath,ledllpath,hwnd
local ProcAddress:DWORD,Alloc:DWORD
invoke GetModuleHandle,kernel32dll
invoke GetProcAddress,eax,LoadLibFunc
mov [ProcAddress],eax
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,[procid]
mov [procid],eax
invoke VirtualAllocEx,eax,0,[ledllpath],MEM_RESERVE+MEM_COMMIT,PAGE_EXECUTE_READWRITE
test eax,eax
jz .error
mov [Alloc],eax
invoke WriteProcessMemory,[procid],eax,[dllpath],[ledllpath],0
test eax,eax
jz .error
invoke CreateRemoteThread,[procid],0,0,[ProcAddress],[Alloc],0,threadId
test eax,eax
jz .error
invoke MessageBox,0,_dllsuccess,_dlloadtitle,0
jmp .endofproc
.error:
invoke GetLastError,0
invoke FormatMessage,FORMAT_MESSAGE_FROM_SYSTEM+FORMAT_MESSAGE_ALLOCATE_BUFFER,0,eax,0,error_buffer,0,0
invoke MessageBox,[hwnd],[error_buffer],_error,MB_OK+MB_ICONERROR
.endofproc:
ret
endp
;section '.data' data readable writeable
kernel32dll TCHAR 'KERNEL32.DLL',0
LoadLibFunc TCHAR 'LoadLibraryA',0
_nofile TCHAR 'No dll to inject',0
_error TCHAR 'ERROR',0
_dllsuccess TCHAR 'DLL LOADED',0
_dlloadtitle TCHAR 'Successfully loaded',0
openfilter db 'DLL FILES',0,'*.dll',0
db 0
error_buffer dd ?
threadId dd ?
proclisthwnd dd ?
hInstance dd ?
hlpsnap dd ?
hlsnapme dd ?
path_length dd ?
exe_length dd ?
path_buffer rb 1000h
ofn OPENFILENAME
pe32 PROCESSENTRY32