Code:
#include <windows.h>
#include <iostream>
#include <string>
#include <conio.h>
const std::string strMod = "easy.dll";
int main()
{
HWND hWnd = FindWindow(NULL,"Calculator);
if(hWnd == 0)
{
std::cout << "Unable to find Calculator";
return 0;
}
DWORD dwProc;
GetWindowThreadProcessId(hWnd,&dwProc);
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProc);
if(hProc == 0)
{
std::cout << "Unable to open process";
return 0;
}
HMODULE hKern = GetModuleHandle("kernel32.dll");
if(hKern == 0)
{
std::cout << "Unable to get Kernel32 Handle";
return 0;
}
WNDPROC lpfLoadLibraryA = reinterpret_cast<WNDPROC>
(GetProcAddress(hKern,"LoadLibraryA"));
if(lpfLoadLibraryA == 0)
{
std::cout << "Unable to get LoadLibrary Func";
return 0;
}
LPVOID lpMemAddress = VirtualAllocEx(hProc,0,strMod.length() + 1,
MEM_COMMIT,PAGE_READWRITE);
if(lpMemAddress == 0)
{
std::cout << "Unable to alloc memory";
return 0;
}
SIZE_T stBytesWritten;
if(!WriteProcessMemory(hProc,lpMemAddress, (LPVOID) strMod.c_str(),
strMod.length() + 1,&stBytesWritten))
{
std::cout << "Unable to write memory";
return 0;
}
DWORD dwThreadID;
HANDLE hRemThread = CreateRemoteThread(hProc,0,0,
reinterpret_cast<LPTHREAD_START_ROUTINE>(lpfLoadLibraryA),
lpMemAddress,0,&dwThreadID);
if(hRemThread == 0)
{
std::cout << "Unable to create thread";
return 0;
}
//This returns once the thread has a signaled state, ie, when it terminates
//The remote thread, LoadLibraryA, terminates when DLLEntryPoint returns
std::cout << "Waiting for single object" << std::endl;
WaitForSingleObject(hRemThread,INFINITE);
std::cout << "Thread terminated" << std::endl;
getch();
return 0;
}
Code:
#include <windows.h>
BOOL WINAPI DllMain(HANDLE,DWORD,LPVOID);
LRESULT CALLBACK WndProc(HWND,UINT,WPARAM,LPARAM);
char *chHookWindow="Calculator"; //window name of target window
char *chHookClass=NULL; //class name of target window
WNDPROC wpOriginal;
UINT iMsg;
//Any code executed here is in the context of the remotely created thread, which means any windows
//will be destroyed when DllMain returns (because that is when LoadLibraryA terminates)
BOOL WINAPI DllMain(HANDLE hinstDLL,DWORD dwReason,LPVOID lpReserved)
{
switch (dwReason)
{
case DLL_PROCESS_ATTACH: //Dll is attaching to process
{
HWND hFind=NULL;
DWORD dwThisProcessId=GetCurrentProcessId();
DWORD dwFindWindowProcessId;
//Loop through every valid window until we get one in the same process
do
{
hFind=FindWindowEx(NULL, hFind, chHookClass, chHookWindow);
GetWindowThreadProcessId(hFind,&dwFindWindowProcessId);
} while ( (dwFindWindowProcessId!=dwThisProcessId) && (hFind) );
//Subclass
wpOriginal=(WNDPROC)SetWindowLong(hFind, GWL_WNDPROC, (LONG) WndProc);
//Grab us a unique window message, so we can start doing things in the right context
iMsg=RegisterWindowMessage("HookProjectUniqueInitializationWindowMessage");
//Run the intialization code
PostMessage(hFind,iMsg,NULL,NULL);
break;
}
default:
break;
}
return TRUE;
}
//Any code executed here is in the context of the original thread
LRESULT CALLBACK WndProc(HWND hwnd,UINT msg,WPARAM wParam,LPARAM lParam)
{
if (msg==iMsg)
{
//Initialization code
SetWindowText(hwnd,"Ben's Calculator");
return 0;
}
switch (msg)
{
case WM_CREATE:
break;
case WM_COMMAND:
break;
default:
break;
}
return CallWindowProc(wpOriginal,hwnd,msg,wParam,lParam);
}
Capeesh?