trietptm · September 10, 2020 17:47
diff --git a/dllinject.c b/dllinject.c
 #include <windows.h>
 #include <tlhelp32.h>

 DWORD getProcessID() {
  DWORD processID = 0;
  HANDLE snapHandle;
  PROCESSENTRY32 processEntry = {0};

  if( (snapHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)) == INVALID_HANDLE_VALUE ) {
    return 0;
  }

  processEntry.dwSize = sizeof(PROCESSENTRY32);
  Process32First(snapHandle, &processEntry);
  do {
    if ( strcmp(processEntry.szExeFile, "notepad.exe") == 0 ) {
      return processEntry.th32ProcessID;
    }
  } while (Process32Next(snapHandle,&processEntry));

  if ( snapHandle != INVALID_HANDLE_VALUE ) {
    CloseHandle(snapHandle);
  }

  return 0;
 } 

 int inject_DLL(const char* file_name, int PID)
 {
    HANDLE h_process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);                   //retrieving a handle to the process

    char fullDLLPath[_MAX_PATH];                                                      //getting the full path of the dll file
    GetFullPathNameA(file_name, _MAX_PATH, fullDLLPath, NULL);

    LPVOID DLLPath_addr = VirtualAllocEx(h_process, NULL, _MAX_PATH,
                          MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);          //allocating memory in the target process
    WriteProcessMemory(h_process, DLLPath_addr, fullDLLPath,
                       strlen(fullDLLPath), NULL);                                    //writing the dll path to that memory

    LPVOID LoadLib_addr = GetProcAddress(GetModuleHandleA("Kernel32"),
                                         "LoadLibraryA");                             //getting LoadLibraryA address (same across
                                                                                      //all processes) to start execution at it
    HANDLE h_rThread = CreateRemoteThread(h_process, NULL, 0, 
                       (LPTHREAD_START_ROUTINE)LoadLib_addr, DLLPath_addr, 0, NULL);  //starting a remote execution thread at
    WaitForSingleObject(h_rThread, INFINITE);                                         //LoadLibraryA and passing the dll path as
                                                                                      //an argument then waiting for it to be finished
    DWORD exit_code;
    GetExitCodeThread(h_rThread, &exit_code);                                         //Retrieving the module handle returned by LoadLibraryA

    CloseHandle(h_rThread);                                                           //Freeing the thread handle and the memory
    VirtualFreeEx(h_process, DLLPath_addr, 0, MEM_RELEASE);                           //allocated for the DLL path

    return 0;
 }

 int main(){

 inject_DLL("dll.dll", (int)getProcessID() );

    return 0;
 }
	#include <windows.h>
	#include <tlhelp32.h>

	DWORD getProcessID() {
	DWORD processID = 0;
	HANDLE snapHandle;
	PROCESSENTRY32 processEntry = {0};

	if( (snapHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)) == INVALID_HANDLE_VALUE ) {
	return 0;
	}

	processEntry.dwSize = sizeof(PROCESSENTRY32);
	Process32First(snapHandle, &processEntry);
	do {
	if ( strcmp(processEntry.szExeFile, "notepad.exe") == 0 ) {
	return processEntry.th32ProcessID;
	}
	} while (Process32Next(snapHandle,&processEntry));

	if ( snapHandle != INVALID_HANDLE_VALUE ) {
	CloseHandle(snapHandle);
	}

	return 0;
	}

	int inject_DLL(const char* file_name, int PID)
	{
	HANDLE h_process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID); //retrieving a handle to the process

	char fullDLLPath[_MAX_PATH]; //getting the full path of the dll file
	GetFullPathNameA(file_name, _MAX_PATH, fullDLLPath, NULL);

	LPVOID DLLPath_addr = VirtualAllocEx(h_process, NULL, _MAX_PATH,
	MEM_COMMIT \| MEM_RESERVE, PAGE_EXECUTE_READWRITE); //allocating memory in the target process
	WriteProcessMemory(h_process, DLLPath_addr, fullDLLPath,
	strlen(fullDLLPath), NULL); //writing the dll path to that memory

	LPVOID LoadLib_addr = GetProcAddress(GetModuleHandleA("Kernel32"),
	"LoadLibraryA"); //getting LoadLibraryA address (same across
	//all processes) to start execution at it
	HANDLE h_rThread = CreateRemoteThread(h_process, NULL, 0,
	(LPTHREAD_START_ROUTINE)LoadLib_addr, DLLPath_addr, 0, NULL); //starting a remote execution thread at
	WaitForSingleObject(h_rThread, INFINITE); //LoadLibraryA and passing the dll path as
	//an argument then waiting for it to be finished
	DWORD exit_code;
	GetExitCodeThread(h_rThread, &exit_code); //Retrieving the module handle returned by LoadLibraryA

	CloseHandle(h_rThread); //Freeing the thread handle and the memory
	VirtualFreeEx(h_process, DLLPath_addr, 0, MEM_RELEASE); //allocated for the DLL path

	return 0;
	}

	int main(){

	inject_DLL("dll.dll", (int)getProcessID() );

	return 0;
	}