You can try using the code from the injector plugin.
Code: Select all
int injectDll(HWND hwnd, const char *dll)
{
DWORD pId;
GetWindowThreadProcessId(hwnd, &pId);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pId);
if( hProcess == NULL )
return GetLastError();
LPVOID lpRemoteAddress = VirtualAllocEx(hProcess, NULL, strlen(dll),
MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
if( lpRemoteAddress == NULL )
return GetLastError();
if( !WriteProcessMemory(hProcess, lpRemoteAddress, (LPVOID)dll,
strlen(dll), NULL) )
return GetLastError();
if( CreateRemoteThread(hProcess, NULL, 0,
(LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("Kernel32"),
"LoadLibraryA"), lpRemoteAddress, 0, NULL) == NULL )
return GetLastError();
return 0;
}
int startInjectDll(const char *dll, const char *target, const char *cmd)
{
//char *execname;
char execpath[2048];
getFilePath(execpath, (char*)target, 2048);
STARTUPINFO si; ZeroMemory(&si, sizeof(si));
PROCESS_INFORMATION pi; ZeroMemory(&pi, sizeof(pi));
si.cb = sizeof(si);
bool createok = CreateProcess( (CHAR*)target, (CHAR*)cmd, NULL, NULL, false,
CREATE_NEW_CONSOLE | CREATE_SUSPENDED, NULL, execpath, &si, &pi);
if( !createok )
return GetLastError();
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pi.dwProcessId);
if( hProcess == NULL )
return GetLastError();
LPVOID lpRemoteAddress = VirtualAllocEx(hProcess, NULL, strlen(dll),
MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
if( lpRemoteAddress == NULL )
return GetLastError();
if( !WriteProcessMemory(hProcess, lpRemoteAddress, (LPVOID)dll,
strlen(dll), NULL) )
return GetLastError();
if( CreateRemoteThread(hProcess, NULL, 0,
(LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("Kernel32"),
"LoadLibraryA"), lpRemoteAddress, 0, NULL) == NULL )
return GetLastError();
ResumeThread(pi.hThread);
return 0;
}