// InjectDllDlg.cpp : implementation file
//
#include "stdafx.h"
#include "InjectDll.h"
#include "InjectDllDlg.h"
#include "Tlhelp32.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
/////////////////////////////////////////////////////////////////////////////
// CInjectDllDlg dialog
DWORD ProcessIDValue[]={0};
BOOL CheckEditValue=false;
CInjectDllDlg::CInjectDllDlg(CWnd* pParent /*=NULL*/)
: CDialog(CInjectDllDlg::IDD, pParent)
{
//{{AFX_DATA_INIT(CInjectDllDlg)
m_ProcName = _T("");
m_filePath = _T("");
//}}AFX_DATA_INIT
// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CInjectDllDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CInjectDllDlg)
DDX_Text(pDX, IDC_ProcName, m_ProcName);
DDX_Text(pDX, IDC_FILEPATH, m_filePath);
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CInjectDllDlg, CDialog)
//{{AFX_MSG_MAP(CInjectDllDlg)
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_BN_CLICKED(IDC_BTNXZ, OnBtnxz)
ON_BN_CLICKED(IDC_BTNINJECT, OnBtninject)
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CInjectDllDlg message handlers
BOOL CInjectDllDlg::OnInitDialog()
{
CDialog::OnInitDialog();
// Set the icon for this dialog. The framework does this automatically
// when the application's main window is not a dialog
SetIcon(m_hIcon, TRUE); // Set big icon
SetIcon(m_hIcon, FALSE); // Set small icon
// TODO: Add extra initialization here
return TRUE; // return TRUE unless you set the focus to a control
}
// If you add a minimize button to your dialog, you will need the code below
// to draw the icon. For MFC applications using the document/view model,
// this is automatically done for you by the framework.
void CInjectDllDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // device context for painting
SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
// Center icon in client rectangle
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// Draw the icon
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}
// The system calls this to obtain the cursor to display while the user drags
// the minimized window.
HCURSOR CInjectDllDlg::OnQueryDragIcon()
{
return (HCURSOR) m_hIcon;
}
void CInjectDllDlg::OnBtnxz()
{
try
{
UpdateData(true);
char szFileName[MAX_PATH]="";
OPENFILENAME pfile={0};
pfile.lStructSize=sizeof(pfile);
pfile.lpstrFile=szFileName;
pfile.nMaxFile=MAX_PATH;
pfile.lpstrFilter="DLL Files(*.DLL)\0*.DLL\0\0";
pfile.nFilterIndex=1;
GetOpenFileName(&pfile);
GetDlgItem(IDC_FILEPATH)->SetWindowText(szFileName);
}
catch(...)
{
return;
}
}
int EnableDebugPriv(const char * name)
{
try
{
HANDLE hToken;
LUID luid;
TOKEN_PRIVILEGES tp;
if(OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
{
if(LookupPrivilegeValue(NULL,name,&luid))
{
tp.PrivilegeCount=1;
tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
tp.Privileges[0].Luid=luid;
AdjustTokenPrivileges(hToken,0,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL);
}
}
return 1;
}
catch (...)
{
return 1;
}
}
DWORD GetProcessID(char *ProcName)
{
PROCESSENTRY32 pe32;
pe32.dwSize=sizeof(pe32);
HANDLE hProcessSnmp=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hProcessSnmp!=INVALID_HANDLE_VALUE)
{
BOOL bProcess=Process32First(hProcessSnmp,&pe32);
int i=0;
while(bProcess)
{
if(strcmp(strupr(pe32.szExeFile),strupr(ProcName))==0)
{
if(CheckEditValue)
{
ProcessIDValue[i]=pe32.th32ProcessID;
i++;
}
else
{
return pe32.th32ProcessID;
}
}
bProcess=Process32Next(hProcessSnmp,&pe32);
}
CloseHandle(hProcessSnmp);
return 0;
}
return 0;
}
BOOL DllInject(const char *DllFunPath,const DWORD dwRemoteProcessId)
{
HANDLE hRemoteProcess;
EnableDebugPriv(SE_DEBUG_NAME);
if((hRemoteProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwRemoteProcessId))!=NULL)
{
char *pszLibFileRemote;
pszLibFileRemote=(char *)VirtualAllocEx(hRemoteProcess,NULL,
lstrlen(DllFunPath)+1,MEM_COMMIT,PAGE_READWRITE);
if(pszLibFileRemote!=NULL)
{
if(WriteProcessMemory(hRemoteProcess,
pszLibFileRemote,(void*)DllFunPath,lstrlen(DllFunPath)+1,NULL)!=0)
{
PTHREAD_START_ROUTINE pfnstraddr=(PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(TEXT("kernel32")),"LoadLibraryA");
if(pfnstraddr!=NULL)
{
HANDLE hRemoteThread;
if((hRemoteThread=CreateRemoteThread(hRemoteProcess,
NULL,0,pfnstraddr,pszLibFileRemote,0,NULL))!=NULL)
{
return true;
}
}
}
}
}
return FALSE;
}
void CInjectDllDlg::OnBtninject()
{
try
{
UpdateData(true);
if(m_ProcName.IsEmpty()||m_filePath.IsEmpty())
{
AfxMessageBox("Error! Dll Path Not empty! or Process Name Not empty!");
}
else
{
if(((CButton *)GetDlgItem(IDC_CHECKEDIT))->GetCheck())
{
CheckEditValue=TRUE;
}
char *ProcName=new char;
strcpy(ProcName,m_ProcName.GetBuffer(m_ProcName.GetLength()));
DWORD ProcID=GetProcessID(ProcName);
if(ProcID!=0&&CheckEditValue==false)
{
if(DllInject(m_filePath,ProcID))
{
AfxMessageBox("Inject Dll Success!");
}
else
{
AfxMessageBox("Inject Dll Error!");
}
}
else if(CheckEditValue)
{
int i=0;
while(true)
{
if(ProcessIDValue[i]!=0)
{
DllInject(m_filePath,ProcessIDValue[i]);
i++;
}
else
{
break;
}
}
AfxMessageBox("Inject Dll Success!");
}
else
{
AfxMessageBox("Process Name Error!");
}
}
memset(ProcessIDValue,0,sizeof(ProcessIDValue)+1);
CheckEditValue=false;
}
catch (...)
{
return;
}
}