-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathinjector.cpp
More file actions
186 lines (138 loc) · 6.59 KB
/
injector.cpp
File metadata and controls
186 lines (138 loc) · 6.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
#include <windows.h>
#include <iostream>
#include <string>
#include <vector>
#include <psapi.h>
#include <set>
//const char* DLL_PATH = "edr.dll";
const char* DLL_PATH = "edr.dll";
const char* TARGET_PROCESS_NAME ;
void sendMessage(std::string message){
HANDLE pipe;
LPCSTR pipeName = "\\\\.\\pipe\\my_named_pipe";
pipe = CreateNamedPipeA(pipeName, PIPE_ACCESS_OUTBOUND, PIPE_TYPE_BYTE, 1, 0, 0, 0, NULL);
// Connect to the named pipe
ConnectNamedPipe(pipe, NULL);
// Write data to the named pipe
DWORD bytesWritten;
WriteFile(pipe, message.c_str(), static_cast<DWORD>(message.size()) + 1, &bytesWritten, NULL);
DisconnectNamedPipe(pipe);
CloseHandle(pipe);
}
bool InjectDLL(DWORD processId, const char* dllPath) {
// Open the target process
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processId);
if (hProcess == NULL) {
std::cerr << "Failed to open the target process with PID: " << processId << std::endl;
return false;
}
// Allocate memory in the target process for the DLL path
LPVOID dllPathAddr = VirtualAllocEx(hProcess, nullptr, strlen(dllPath) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (dllPathAddr == nullptr) {
std::cerr << "Failed to allocate memory in the target process." << std::endl;
CloseHandle(hProcess);
return false;
}
// Write the DLL path into the target process
if (!WriteProcessMemory(hProcess, dllPathAddr, dllPath, strlen(dllPath) + 1, nullptr)) {
std::cerr << "Failed to write the DLL path into the target process." << std::endl;
VirtualFreeEx(hProcess, dllPathAddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return false;
}
// Get the address of the LoadLibrary function
LPVOID loadLibraryAddr = reinterpret_cast<LPVOID>(GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA"));
if (loadLibraryAddr == nullptr) {
std::cerr << "Failed to retrieve the address of LoadLibrary." << std::endl;
VirtualFreeEx(hProcess, dllPathAddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return false;
}
// Create a remote thread in the target process to load the DLL
HANDLE remoteThread = CreateRemoteThread(hProcess, nullptr, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(loadLibraryAddr), dllPathAddr, 0, nullptr);
if (remoteThread == nullptr) {
std::cerr << "Failed to create a remote thread in the target process." << std::endl;
VirtualFreeEx(hProcess, dllPathAddr, 0, MEM_RELEASE);
CloseHandle(hProcess);
return false;
}
// Wait for the remote thread to complete
WaitForSingleObject(remoteThread, INFINITE);
// Clean up resources
VirtualFreeEx(hProcess, dllPathAddr, 0, MEM_RELEASE);
CloseHandle(remoteThread);
CloseHandle(hProcess);
return true;
}
int main(int argc, char* argv[]) {
if (argc < 2) {
std::cout << "Usage: " << argv[0] << " <process name> [process name 2] [process name 3] ..." << std::endl;
return 1;
}
//for colored texts
HANDLE hstdout = GetStdHandle(STD_OUTPUT_HANDLE);
//Legend
HANDLE pipe;
LPCSTR pipeName = "\\\\.\\pipe\\my_named_pipe";
char buffer[256];
//keep track of already injected process
std::set<DWORD> injectedProcesses;
while (true) {
// Enumerate processes
DWORD processIds[1024];
DWORD bytesReturned;
if (!EnumProcesses(processIds, sizeof(processIds), &bytesReturned)) {
std::cerr << "Failed to enumerate processes." << std::endl;
return 1;
}
// Calculate the number of processes
DWORD numProcesses = bytesReturned / sizeof(DWORD);
for (int i = 1; i < argc; i++) {
const char* TARGET_PROCESS_NAME = argv[i];
// Iterate over processes and inject the DLL into the target process
for (DWORD i = 0; i < numProcesses; i++) {
// Check if the process has already been injected
if (injectedProcesses.find(processIds[i]) != injectedProcesses.end()) {
continue;
}
// Open the process
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processIds[i]);
if (hProcess != NULL) {
char processName[MAX_PATH];
if (GetModuleFileNameExA(hProcess, nullptr, processName, MAX_PATH)) {
std::string name(processName);
// Check if the process name matches the target process name
if (name.find(TARGET_PROCESS_NAME) != std::string::npos) {
//Inject the DLL into the target process
if (InjectDLL(processIds[i], "syscall-detect.dll")) {
injectedProcesses.insert(processIds[i]);
SetConsoleTextAttribute(hstdout, 0xE5);
std::string message = "syscall detect DLL injected into process with PID: " + std::to_string(processIds[i]);
sendMessage(message);
std::cout << "syscall detect DLL injected into process with PID: " << processIds[i] << std::endl;
SetConsoleTextAttribute(hstdout, 0x5F);
} else {
std::cerr << "Failed to inject syscall detect DLL into process with PID: " << processIds[i] << std::endl;
}
if (InjectDLL(processIds[i], DLL_PATH)) {
injectedProcesses.insert(processIds[i]);
SetConsoleTextAttribute(hstdout, 0xE5);
std::string message = "DLL injected into process with PID: " + std::to_string(processIds[i]);
sendMessage(message);
std::cout << "DLL injected into process with PID: " << processIds[i] << std::endl;
SetConsoleTextAttribute(hstdout, 0x5F);
} else {
std::cerr << "Failed to inject DLL into process with PID: " << processIds[i] << std::endl;
}
}
}
// Close the process handle
CloseHandle(hProcess);
}
}
}
// Delay for some time before checking for new processes again
//Sleep(500);
}
return 0;
}