-
Автор темы
- #1
У меня лоадер с инжектом длл в кс (32 бит) как сделать в раст? (64 бит)
Памагите
Памагите
Сам код:
#include <Windows.h>
#include <TlHelp32.h>
#include <iostream>
#include <string.h>
const wchar_t* dllPath = L"C:\\ProgramData\\pidor.dll"; // Обратите внимание на "wchar_t*" и "L" перед строкой пути
const char* processName = "RustClient.exe";
bool TrustedModeBypass(const HANDLE bypassHandle)
{
HMODULE ntdllModule = GetModuleHandleA("ntdll.dll");
if (ntdllModule)
{
FARPROC getNtOpenFileAddress = GetProcAddress(ntdllModule, "NtOpenFile");
if (getNtOpenFileAddress)
{
char originalNtOpenFileBytes[5];
memcpy(originalNtOpenFileBytes, getNtOpenFileAddress, 5);
bool bypassMemoryWrite = WriteProcessMemory(bypassHandle, getNtOpenFileAddress, originalNtOpenFileBytes, 5, 0);
if (!bypassMemoryWrite)
{
std::cout << "Failed to bypass Trusted Mode - Error code: " << GetLastError() << std::endl;
return false;
}
else
{
std::cout << "Trusted Mode Bypassed..." << std::endl;
return true;
}
}
}
return false;
}
void InjectDLL()
{
DWORD processID = 0;
PROCESSENTRY32 processesArray{ 0 };
processesArray.dwSize = sizeof(processesArray);
HANDLE findProcessID = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
BOOL processEnum = Process32First(findProcessID, &processesArray);
while (processEnum)
{
if (strcmp(processName, processesArray.szExeFile) == 0)
{
processID = processesArray.th32ProcessID;
break;
}
processEnum = Process32Next(findProcessID, &processesArray);
}
CloseHandle(findProcessID);
if (processID == 0)
{
std::cout << "Process ID could not be found - Error code: " << GetLastError() << std::endl;
exit(1);
}
else
{
std::cout << "The process ID of the target process is: " << processID << std::endl;
}
HANDLE processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID);
if (processHandle == NULL)
{
std::cout << "Failed to gain a handle to the process - Error code: " << GetLastError() << std::endl;
exit(1);
}
else
{
std::cout << "Handle to the target process acquired..." << std::endl;
TrustedModeBypass(processHandle);
}
void* memoryAddress = VirtualAllocEx(processHandle, NULL, wcslen(dllPath) * sizeof(wchar_t) + 1, MEM_COMMIT, PAGE_READWRITE);
if (!memoryAddress)
{
std::cout << "Memory space could not be allocated - Error code: " << GetLastError() << std::endl;
exit(1);
}
else
{
std::cout << "Memory space allocated..." << std::endl;
std::wcout << L"Memory address is: " << memoryAddress << std::endl;
}
bool memoryWrite = WriteProcessMemory(processHandle, memoryAddress, dllPath, wcslen(dllPath) * sizeof(wchar_t) + sizeof(wchar_t), NULL);
if (!memoryWrite)
{
std::cout << "Memory space could not be written to - Error code: " << GetLastError() << std::endl;
exit(1);
}
else
{
std::cout << "Memory space written to..." << std::endl;
}
HANDLE memoryWriteHandle = CreateRemoteThread(processHandle, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibraryW, memoryAddress, NULL, NULL);
if (!memoryWriteHandle)
{
std::cout << "DLL could not be injected - Error code: " << GetLastError() << std::endl;
exit(1);
}
else
{
std::cout << "DLL injected successfully!" << std::endl;
}
CloseHandle(memoryWriteHandle);
CloseHandle(processHandle);
exit(0);
}
int maines()
{
InjectDLL();
return 0;
}