c++ - Dll injector don't works for x64 processes -


i have code , want inject dll file x64 process, code don't works, if compile 64 bits plattform.

someone can me please?

any suggestion welcome.

here complete code , compiling perfectlly:

#include <iostream> #include <direct.h> #include <windows.h> #include <stdlib.h> #include <strsafe.h> #include <tlhelp32.h> #include <tlhelp32.h> #include <tchar.h> #include <psapi.h> #include <cstring> #include <string> #include "injector.h"  using namespace std; typedef tchar *ptchar;  bool getprivileges();  bool injector::injectdll(dword processid, std::string dllpath) {     handle hthread, hprocess;     void*  plibremote = 0;        hmodule hkernel32 = getmodulehandlea("kernel32");      char dllfullpathname[_max_path];     getfullpathnamea(dllpath.c_str(), _max_path, dllfullpathname, null);     printf("loading dll: %s\n", dllfullpathname);      getprivileges();      hprocess = openprocess(process_all_access, false, processid);      char szlibpath[_max_path];     strcpy_s(szlibpath, dllfullpathname);      plibremote = virtualallocex(hprocess, null, sizeof(szlibpath), mem_commit, page_readwrite);      if (plibremote == null)     {         printf("couldn't allocate memory, please restart administrator privileges\n");         return false;     }      writeprocessmemory(hprocess, plibremote, (void*)szlibpath, sizeof(szlibpath), null);      hthread = createremotethread(hprocess, null, 0, (lpthread_start_routine)getprocaddress(hkernel32, "loadlibraryw"), plibremote, 0, null);      if (hthread == null)     {         printf("couldn't load dll");         return false;     }      printf("dll loaded\n");      return true; }  dword getpidfromname(ptchar processname) {   processentry32 proc32entry;   proc32entry.dwsize = sizeof(processentry32);    handle snapshot = createtoolhelp32snapshot(th32cs_snapprocess, null);    if(process32first(snapshot, &proc32entry) == true)   {     while(process32next(snapshot, &proc32entry) == true)     {       if(_tcsicmp(proc32entry.szexefile, processname) == 0)       {         closehandle(snapshot);         return proc32entry.th32processid;       }     }   }    closehandle(snapshot);    return null; }  bool getprivileges() {   handle tokenhandle = null;   token_privileges tokenpriv;    if(!openprocesstoken(getcurrentprocess(), token_query | token_adjust_privileges, &tokenhandle))     return false;    if(!lookupprivilegevalue(null, se_debug_name, &tokenpriv.privileges[0].luid))     return false;    lookupprivilegevalue(null, se_debug_name, &tokenpriv.privileges[0].luid);   tokenpriv.privilegecount = 1;   tokenpriv.privileges[0].attributes = se_privilege_enabled;    return adjusttokenprivileges(tokenhandle, 0, &tokenpriv, sizeof(tokenpriv), null, null); }   void runapplication(lpcwstr lpcszproc) {  process_information processinfo;  startupinfo startupinfo;  memset(&startupinfo,0, sizeof(startupinfo)); memset(&processinfo,0, sizeof(processinfo));  startupinfo.cb = sizeof startupinfo ; startupinfo.dwflags = startf_useshowwindow; startupinfo.wshowwindow = sw_hide;  if (createprocess(lpcszproc, null, null,null,false,0,null,null,&startupinfo,&processinfo)) {    waitforsingleobject(processinfo.hprocess,infinite);    closehandle(processinfo.hthread);    closehandle(processinfo.hprocess); } else { }  }  int main(int argc, char *argv[]) {  wchar_t dir[max_path] = {};  getsystemdirectory(dir, max_path);   wcscat_s(dir, l"\\");  stringcchcat(dir, max_path, l"notepad.exe");        injector inject;     runapplication(dir);     sleep(2000);     dword processid = getpidfromname(text("notepad.exe"));     inject.injectdll(processid, "teste.dll");  system("pause");      return exit_success; }

injector.h

#ifndef injector_h_included #define injector_h_included  #include <windows.h> #include <string>  class injector { public:     /**     * loads dll remote process     * @return true on sucess, false on failure     */     bool injectdll(dword processid, std::string dllpath); private: };  #endif // injector_h_included

dll

#include <windows.h> #include <stdio.h>  bool apientry dllmain(handle hmodule, dword  ul_reason_for_call, lpvoid lpreserved) {     switch (ul_reason_for_call)     {     case dll_process_attach:         allocconsole();         freopen("conout$", "w", stdout);          printf("base address: %x\n", (dword)getmodulehandle(null));          break;     case dll_process_detach:         freeconsole();     }      return true; }


Comments

Post a Comment

Popular posts from this blog

javascript - jQuery: Add class depending on URL in the best way -

i have html progress meter: <div class="col-md-3" style="margin-left: -20px;"> <div class="progress-pos active" id="progess-1"> <div class="progress-pos-inner"> login </div> </div> </div> <div class="col-md-3 progress-pos-container"> <div class="progress-pos" id="progess-2"> <div class="progress-pos-inner"> scan items </div> </div> </div> <div class="col-md-3 progress-pos-container"> <div class="progress-pos" id="progess-3"> <div class="progress-pos-inner"> confirm address </div> </div> </div> <div class="col-md-3 progress-pos-container"> <div class="progress-pos" id="progess-4"> <div class="progress-pos-in
Read more

caching - How to check if a url path exists in the service worker cache -

i need check if particular url path exists in service worker cache. example, suppose url is: /myserviceworker/service?a=110&b=70 this url exists in cache, there many of them different values of , b. now, suppose want refresh of these urls, how can that? i want know how access key values service worker cache. if know key, plan follows: var url = new url(key); if(url.pathname === "\/myserviceworker/service") refetch key but not sure how cache key , in format is. mean, string or url? cache api has match() method returns promise resolving in response object if match or undefined if no match exists. second parameter object can specify ignoresearch not take account url parameters. the ignoresearch option supported firefox ( chrome status here ). in other hand, retrieve cache entries, can use keys() method.
Read more

Redirect to a HTTPS version using .htaccess -

i need modify .htaccess file redirect urls https version without "www". http://example.com --> https://example.com http://www.example.com --> https://example.com https://www.example.com --> https://example.com this how .htaccess file looks like: rewriteengine on rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^(.*)$ redirect.php?id=$1&page=$2 [qsa,l] what modifications need make .htaccess in order forward https without "www"? it depends on doing current code. looks file called redirect trying display php page seo friendly url. think might confusing people. anyway, need , force https without www, need 1 more rule above. also second rule needs two capture groups in rewriterule test string because wanting 2 different values using $1 , $2 references. rewriteengine on #rediect www non www and/or http https --- combinations. rewritecond %{http_host} !^example\.com [nc,or] rewritecond %{https} !^
Read more