Code injecting a process

// INJECTION.CPP: Define the entry point of the console application.

//

#include "stdafx.h"

#include "inJection.h"

#ifdef _Debug

#define new debug_new

#ENDIF

// Unique application object

CWINAPPPP;

Using namespace std;

Typedef struct _remotepara {// parameter structure

Char PMessageBox [12];

DWORD DWMESSAGEBOX;

Remotepara;

// Remote thread

DWORD __STDCALL THREADPROC (Remotepara * LPPAR) {

Typedf int (__stdcall * mmessageboxa) (HWND, LPCTSTSTSTSTSTSTSTSTSTSTSTST; / / Define MessageBox "

MMessageBoxa mymessageboxa;

MyMessageBoxa = (MMessageBoxa) LPPARA-> dwMessageBox; // Get function entry address

MyMessageBoxa (Null, LPpara-> PMessagebox, LPpara-> PMessageBox, 0); // Call

Return 0;

}

Void enabledebugpriv (); // upgrade application level debug permissions

INT_Tmain (int Argc, tchar * argv [], tchar * envp [])

{

Const DWORD Threadsize = 1024 * 4;

DWORD BYTE_WRITE;

Enabledebugpriv (); // upgrade permissions

Handle hwnd = :: OpenProcess (Process_All_Access, False, 760);

IF (! hWnd) Return 0;

Void * premothetread = :: Virtualalocex (hwnd, 0, threadsize, mem_commit | mem_reserve, page_execute_readwrite);

IF (! premotethread) Return 0;

IF (! :: writeprocessmemory (hwnd, premothetread, & threadproc, threadsize, 0))

Return 0;

// pay more

Remotepara myremotepara;

:: ZeromeMory (& myRemotepara, Sizeof (Remotepara);

Hinstance huser32 = :: loadLibrary ("user32.dll");

MyRemotepara.dwMessageBox = (DWORD) :: getProcaddress (HUSER32, "MessageBoxa);

STRCAT (MyRemotepara.pMessageBox, "Hello / 0");

// Write into the target process

Remotepara * premotepara = (remotepara *) :: VirtualaLalkEx (hwnd, 0, sizeof (remotepara), MEM_COMMIT, PAGE_READWRITE); // Note Page Properties when applying Space

IF (! premotepara) Return 0;

IF (! :: writeprocessmemory (hwnd, premotepara, & myremotepara, sizeof myremotepara, 0)) Return 0;

// Start thread

Handle hthread = :: createremoteThread (hwnd, 0, 0, (dword (__stdcall *)) premotethread, premotepara, 0, & byte_write; if (! Hthread) {

Return 0;

}

Return 0;

}

Void EnableDebugpriv (Void)

{

Handle htokeen;

Luid SedbugnameValue;

Token_Privileges TKP;

IF (! openprocesstoken (getCurrentProcess (),

Token_adjust_privileges | token_query, & htokeen))

Return;

IF (! LookupprivileGevalue (NULL, SE_DEBUG_NAME, & SEDEBUGNAMEVALUE) {

CloseHandle (HTOKEN);

Return;

}

Tkp.priVilegect = 1;

Tkp.privileges [0] .luid = sedebugnameValue;

Tkp.privileges [0] .attributes = se_privilege_enabled;

IF (! AdjustTokenprivileges (HToken, False, & Tkp, Sizeof TKP, NULL, NULL)

CloseHandle (HTOKEN);

}