By: karman
Credits: The owner of the web "kkamagui.springnote.com"
Hi, this is a modification of a code (Code Injection) that uses QueueUserAPC to inject a dll (it also use NtMapViewOfSection because some anticheats hooks NtWriteVirtualMemory)
Code:
#define _WIN32_WINNT 0x0500
#include
#include
DWORD APCInject(PCHAR sProcName,PCHAR sDllName){
DWORD dRet=0;
//define type and pointer to function
typedef NTSTATUS (WINAPI *tNtMapViewOfSection)(HANDLE,HANDLE,LPVOID,ULONG,SIZE_T,LARGE_INTEGER*,SIZE_T*,SECTION_INHERIT,ULONG,ULONG);
tNtMapViewOfSection NtMapViewOfSection=(tNtMapViewOfSection)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtMapViewOfSection");
if(!NtMapViewOfSection)return -1;
//create buffer
HANDLE hFile=CreateFileMapping(INVALID_HANDLE_VALUE,NULL,PAGE_READWRITE,0,strlen(sDllName)+1,NULL);
if(!hFile)return -2;
PCHAR hView=MapViewOfFile(hFile,FILE_MAP_ALL_ACCESS,0,0,0);
if(!hView){
CloseHandle(hFile);
return -3;
}else//set value to buffer
strcpy(hView,sDllName);
// Starting target process
PROCESS_INFORMATION pi;STARTUPINFO st;
ZeroMemory(&pi,sizeof(pi));
ZeroMemory(&st,sizeof(st));
st.cb=sizeof(STARTUPINFO);
//create suspended process
if(CreateProcess(sProcName,NULL,NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&st,&pi)){
LPVOID RemoteString=NULL;ULONG ViewSize=0;
if(NtMapViewOfSection(hFile,pi.hProcess,&RemoteString,0,0,NULL,&ViewSize,ViewShare,0,PAGE_READONLY)==0){
LPVOID nLoadLibrary=(LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"),"LoadLibraryA");
if(!QueueUserAPC((PAPCFUNC)nLoadLibrary,pi.hThread,(ULONG_PTR)RemoteString))
dRet=-6;
}else
dRet=-5;
ResumeThread(pi.hThread);
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
}else
dRet=-4;
UnmapViewOfFile(hView);
CloseHandle(hFile);
return dRet;
}
int main(void){
DWORD dwRet=APCInject("C:\\Games\\Counter-Strike\\hl.exe","C:\\cheat.dll");
if(!dwRet)
puts("Injection Ok!");
else
printf("Injection fail -> %d!",dwRet);
system("pause");
return 0;
}
my site:
http://www.rompiendocodigo.net/