-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathutil.cpp
118 lines (94 loc) · 3.1 KB
/
util.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#pragma once
#include "util.h"
#include <windows.h>
#include <tlhelp32.h>
#include <psapi.h>
#include <string>
#define MAX_PROCESSES 1024
namespace util {
void InjectDLL(HANDLE process, const std::string& dll_name) {
HANDLE loadlib_addr = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
LPVOID remote_str = (LPVOID)VirtualAllocEx(process, NULL, dll_name.size(), MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
if(remote_str != NULL) {
WriteProcessMemory(process, remote_str, dll_name.c_str(), dll_name.size(), NULL);
CreateRemoteThread(process, NULL, NULL, (LPTHREAD_START_ROUTINE)loadlib_addr, remote_str, NULL, NULL);
}
CloseHandle(loadlib_addr);
}
//Gets process id by name
DWORD FindProcess(__in_z LPCTSTR lpcszFileName)
{
LPDWORD lpdwProcessIds;
LPTSTR lpszBaseName;
HANDLE hProcess;
DWORD i, cdwProcesses, dwProcessId = 0;
lpdwProcessIds = (LPDWORD)HeapAlloc(GetProcessHeap(), 0, MAX_PROCESSES*sizeof(DWORD));
if (lpdwProcessIds != NULL)
{
if (EnumProcesses(lpdwProcessIds, MAX_PROCESSES*sizeof(DWORD), &cdwProcesses))
{
lpszBaseName = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, MAX_PATH*sizeof(TCHAR));
if (lpszBaseName != NULL)
{
cdwProcesses /= sizeof(DWORD);
for (i = 0; i < cdwProcesses; i++)
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, lpdwProcessIds[i]);
if (hProcess != NULL)
{
if (GetModuleBaseName(hProcess, NULL, lpszBaseName, MAX_PATH) > 0)
{
if (!lstrcmpi(lpszBaseName, lpcszFileName))
{
dwProcessId = lpdwProcessIds[i];
CloseHandle(hProcess);
break;
}
}
CloseHandle(hProcess);
}
}
HeapFree(GetProcessHeap(), 0, (LPVOID)lpszBaseName);
}
}
HeapFree(GetProcessHeap(), 0, (LPVOID)lpdwProcessIds);
}
return dwProcessId;
}
//taken from http://pastebin.com/6tw0CRrS
FARPROC GetRemoteProcAddress( HANDLE hProcess, const char *szModuleName, const char *szProcName )
{
HMODULE hLocalModule = GetModuleHandleA( szModuleName );
if( hLocalModule == false )
return (FARPROC)0;
FARPROC fpLocal = GetProcAddress( hLocalModule, szProcName );
if( fpLocal == (FARPROC)0 )
return (FARPROC)0;
DWORD dwOffset = (DWORD)fpLocal - (DWORD)hLocalModule;
HMODULE hRemoteModuleHandle = GetRemoteModuleHandle( szModuleName, hProcess, false );
if( hRemoteModuleHandle == (HMODULE)0 )
return (FARPROC)0;
return (FARPROC)((DWORD)hRemoteModuleHandle + dwOffset);
}
HMODULE GetRemoteModuleHandle(const char *szModuleName, HANDLE hProcess, bool bUsePath )
{
HANDLE tlh = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, GetProcessId( hProcess ) );
MODULEENTRY32 modEntry;
modEntry.dwSize = sizeof( MODULEENTRY32 );
Module32First( tlh, &modEntry );
do
{
std::string comp;
comp.clear();
if(bUsePath){ comp = modEntry.szExePath; } else { comp = modEntry.szModule; }
if( !strcmp( szModuleName, comp.c_str() ) )
{
CloseHandle( tlh );
return modEntry.hModule;
}
}
while(Module32Next( tlh, &modEntry ) );
CloseHandle( tlh );
return NULL;
}
}