I'm not sure why this isn't letting me inject this testdll3.dll into the process. Everything is correct all my variables are getting the correct data. All memory regions are getting the proper flags. I'm fed up with it. My output is below.
Can anyone tell me what I'm doing wrong?
You can drop a test dll into the diablo III.exe folder.... This could will read it and try to inject it into a running process.
Code:
#undef UNICODE
#include <vector>
#include <string>
#include <windows.h>
#include <Tlhelp32.h>
#include <iostream>
#include <Psapi.h>
using namespace std;
int main(void)
{
vector<string>processNames;
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
HANDLE hTool32 = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
BOOL bProcess = Process32First(hTool32, &pe32);
if(bProcess == TRUE)
{
while((Process32Next(hTool32, &pe32)) == TRUE)
{
processNames.push_back(pe32.szExeFile);
if(strcmp(pe32.szExeFile, "Diablo III.exe") == 0)
{
string dllPathMod;
char DirPath[MAX_PATH];
char* FullPath = new char[MAX_PATH];
//Grab handle
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
//Grab File location
GetProcessImageFileName(hProcess, DirPath, sizeof(DirPath));
//Save Path into string
dllPathMod = DirPath;
dllPathMod.erase( dllPathMod.size() - 14 );
//Convert back to char[]
char* dllPath = new char[dllPathMod.size() + 1];
dllPath[dllPathMod.size()] = 0;
memcpy(dllPath, dllPathMod.c_str(), dllPathMod.size());
//Copy Path
sprintf_s(FullPath, MAX_PATH, "%s\\testdll3.dll", dllPath);
//Finding LoadLibraryAddr
LPVOID LoadLibraryAddr = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
//Allocate memory inside diablo III.exe
LPVOID LLParam = (LPVOID)VirtualAllocEx(hProcess, NULL, strlen(FullPath), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
//Write to memory
WriteProcessMemory(hProcess, LLParam, FullPath, strlen(FullPath), NULL);
//Create a thread inside virtual address space of diablo III.exe
CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibraryAddr, LLParam, NULL, NULL);
CloseHandle(hProcess);
delete [] FullPath;
delete [] dllPath;
}
}
}
CloseHandle(hTool32);
return 0;
}
My Output:
-Bit_Hacker