Code:
#include-once
; #INDEX# =======================================================================================================================
; Title .........: Inject UDF library for AutoIt v3
; AutoIt Version : 3.3.4, Inject.au3 v 1.1 (1/2/2010)
; Language ......: English
; Description ...: Functions for getting process information and for in/ejecting a .dll file into/off a process
; Requirements ..: NomadMemory.au3, Memory.au3, WinAPI.au3, Kernel32.dll ;Script has to be compiled in x86 Mode ;#RequireAdmin
; Author(s) .....: Deathly Assassin (http://www.*************)
; ===============================================================================================================================
; #REQUIRED INCLUDES# ===========================================================================================================
#include <Memory.au3>
#include <WinAPI.au3>
#include <NomadMemory.au3>
; ===============================================================================================================================
; #CURRENT# =====================================================================================================================
;_InjectAttachDll
;_InjectDetachDllEx
;_InjectDetachDll
;_InjectModulInfo
; ===============================================================================================================================
; #FUNCTION# ====================================================================================================================
; Name...........: _InjectAttachDll
; Description ...: Injects a .dll file into a process
; Syntax.........: _InjectAttachDll($sPath, $PID)
; Parameters ....: $sPath - Path and filename of the .dll file to be injected
; $PID - A process identifier
; Return values .: Success - Returns hModule of the injected dll
; Failure - Returns @Error of the failed function and sets @Error:
; |@error = 1 - _MemoryOpen failed -> $PID might be wrong
; |@error = 2 - _MemoryWrite failed -> "SeDebugPrivilege" might not have been set. #RequireAdmin might solve this problem / $sPath might not have been found
; |@error = 3 - DllOpen failed -> kernel32.dll might not have been found
; |@error = 4 - GetExitCodeThread failed
; Author ........: Deathly Assassin (http://www.*************)
; Modified.......:
; Remarks .......:
; Related .......:
; Link ..........:
; Example .......: Yes
; ===============================================================================================================================
Func _InjectAttachDll($PID, $sPath)
Local $hRemote, $iLen = StringLen($sPath), $hProcess, $pAllocAdresse, $vError, $hOpen, $pLoadLibraryA, $vStruct
SetPrivilege("SeDebugPrivilege", 1)
SetError(0)
$hProcess = _MemoryOpen($PID)
$vError = @error
If $vError Then
SetError(1)
Return $vError
EndIf
$pAllocAdresse = _MemVirtualAllocEx($hProcess[1], 0, $iLen + 1, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)
_MemoryWrite($pAllocAdresse, $hProcess, $sPath, 'char[' & $iLen & ']')
$vError = @error
If $vError Then
SetError(2)
Return $vError
EndIf
$hOpen = DllOpen("Kernel32.dll")
$vError = @error
If $vError Then
SetError(3)
Return $vError
EndIf
$pLoadLibraryA = DllCall($hOpen, "HANDLE", "GetProcAddress", "HANDLE", _WinAPI_GetModuleHandle("kernel32.dll"), "str", "LoadLibraryA")
$hRemote = DllCall($hOpen, "HANDLE", "CreateRemoteThread", "HANDLE", $hProcess[1], "ptr", 0, "ptr", 0, "ptr", $pLoadLibraryA[0], "ptr", $pAllocAdresse, "DWORD", 0, "ptr", 0)
_WinAPI_WaitForSingleObject($hRemote[0])
$vStruct = DllStructCreate("HANDLE;")
DllCall($hOpen, "BOOL", "GetExitCodeThread", "HANDLE", $hRemote[0], "ptr", DllStructGetPtr($vStruct, 1))
$vError = DllStructGetData($vStruct, 1)
DllClose($hOpen)
_MemVirtualFreeEx($hProcess, $pAllocAdresse, $iLen, $MEM_DECOMMIT)
_MemoryClose($hProcess)
If $vError = False Then
SetError(4)
Return $vError
EndIf
Return $vError
EndFunc ;==>_InjectAttachDll
; #FUNCTION# ====================================================================================================================
; Name...........: _InjectDetachDllEx
; Description ...: Ejects a .dll file off a process
; Syntax.........: _InjectDetachDllEx($hModule, $PID)
; Parameters ....: $hModule - hModule of the dll to be ejected
; $PID - A process identifier
; Return values .: Success - Returns True
; Failure - Returns @Error of the failed function and sets @Error:
; |@error = 1 - _MemoryOpen failed -> $PID might be wrong
; |@error = 2 - DllOpen failed -> kernel32.dll might not have been found
; |@error = 3 - GetExitCodeThread failed -> "SeDebugPrivilege" might not have been set. #RequireAdmin might solve this problem
; Author ........: Deathly Assassin (http://www.*************)
; Modified.......:
; Remarks .......:
; Related .......:
; Link ..........:
; Example .......: Yes
; ===============================================================================================================================
Func _InjectDetachDllEx($PID, $hModule)
Local $hRemote, $hProcess, $vError, $hOpen, $pFreeLibrary, $vStruct
SetPrivilege("SeDebugPrivilege", 1)
SetError(0)
$hProcess = _MemoryOpen($PID)
$vError = @error
If $vError Then
SetError(1)
Return $vError
EndIf
$hOpen = DllOpen("Kernel32.dll")
$vError = @error
If $vError Then
SetError(2)
Return $vError
EndIf
$pFreeLibrary = DllCall($hOpen, "HANDLE", "GetProcAddress", "HANDLE", _WinAPI_GetModuleHandle("kernel32.dll"), "str", "FreeLibrary")
$hRemote = DllCall($hOpen, "HANDLE", "CreateRemoteThread", "HANDLE", $hProcess[1], "int", 0, "int", 0, "DWORD", $pFreeLibrary[0], "ptr", $hModule, "DWORD", 0, "DWORD*", 0)
_WinAPI_WaitForSingleObject($hRemote[0])
$vStruct = DllStructCreate("BOOL;")
$vError = DllCall($hOpen, "BOOL", "GetExitCodeThread", "HANDLE", $hRemote[0], "ptr", DllStructGetPtr($vStruct, 1))
$vError = DllStructGetData($vStruct, 1)
DllClose($hOpen)
_MemoryClose($hProcess)
If $vError = False Then
SetError(3)
Return $vError
EndIf
Return $vError
EndFunc ;==>_InjectDetachDllEx
; #FUNCTION# ====================================================================================================================
; Name...........: _InjectDetachDll
; Description ...: Ejects a .dll file off a process
; Syntax.........: _InjectDetachDll($sPath, $PID)
; Parameters ....: $sPath - Path of the dll to be ejected
; $PID - A process identifier
; Return values .: Success - Returns True
; Failure - Returns -1 and sets @Error or -1 / Returns the return of _InjectDetachDllEx and sets _InjectDetachDllEx's @Error
; |@error = -1 - _InjectModulInfo failed -> Return=1:Wrong PID; Return=2:DllOpen failed -> kernel32.dll might not have been found
; |@error = -2 - Modul wasn't found
; Author ........: Deathly Assassin (http://www.*************)
; Modified.......:
; Remarks .......:
; Related .......:
; Link ..........:
; Example .......: Yes
; ===============================================================================================================================
Func _InjectDetachDll($sPath, $PID)
Local $aArray, $i, $vError
$aArray = _InjectModulInfo($PID)
$vError = @error
If $vError Then
SetError(-1)
Return $vError
EndIf
For $i = 0 To UBound($aArray) - 1
If $aArray[$i][9] = $sPath Then
Return _InjectDetachDllEx($aArray[$i][7], $PID)
EndIf
Next
SetError(-2)
Return -1
EndFunc ;==>_InjectDetachDll
; #FUNCTION# ====================================================================================================================
; Name...........: _InjectModulInfo
; Description ...: Returns information about every modul in the specified process
; Syntax.........: _InjectModulInfo($PID)
; Parameters ....: $PID - A process identifier
; Return values .: Success - Returns an 2d array with the modules and there information
; Failure - Returns -1 and sets @Error:
; |@error = 1 - Wrong PID
; |@error = 2 - DllOpen failed -> kernel32.dll might not have been found
; Author ........: Deathly Assassin (http://www.*************)
; Modified.......:
; Remarks .......:
; Related .......:
; Link ..........:
; Example .......: Yes
; ===============================================================================================================================
Func _InjectModulInfo($PID)
Local $hModule, $hSnapshot, $hOpen, $iCount = 0, $aArray[1][10], $i, $vMODULEENTRY32, $vNext
If Not ProcessExists($PID) Then
SetError(1)
Return -1
EndIf
SetPrivilege("SeDebugPrivilege", 1)
$hOpen = DllOpen("Kernel32.dll")
If @error Then
SetError(2)
Return -1
EndIf
$vMODULEENTRY32 = DllStructCreate("DWORD dwSize; DWORD th32ModuleID; DWORD th32ProcessID; DWORD GlblcntUsage; DWORD ProccntUsage; ptr modBaseAddr; DWORD modBaseSize; HANDLE hModule; CHAR szModule[256]; CHAR szExePath[260];")
DllStructSetData($vMODULEENTRY32, 1, DllStructGetSize($vMODULEENTRY32))
$hSnapshot = DllCall($hOpen, "HANDLE", "CreateToolhelp32Snapshot", "DWORD", 8, "DWORD", $PID)
DllCall($hOpen, "BOOL", "Module32First", "HANDLE", $hSnapshot[0], "ptr", DllStructGetPtr($vMODULEENTRY32))
Do
ReDim $aArray[$iCount + 1][10]
For $i = 1 To 10
$aArray[$iCount][$i - 1] = DllStructGetData($vMODULEENTRY32, $i)
Next
$iCount += 1
$vNext = DllCall($hOpen, "BOOL", "Module32Next", "HANDLE", $hSnapshot[0], "ptr", DllStructGetPtr($vMODULEENTRY32))
Until Not $vNext[0]
DllClose($hOpen)
Return $aArray
EndFunc ;==>_InjectModulInfo
