#include <windows.h>
#include <tlhelp32.h>
#include <psapi.h>
#include <iostream>
#include <string>
#pragma comment(lib, "Psapi.lib")
// Opredelyaem strukturu dlya peredachi argumentov
struct RunParams {
char windowTitle[256]; // Zagolovok okna
char keyName[16]; // Nazvanie klavishi
};
// Funktsiya dlya polucheniya ID protsessa po ego imeni
DWORD GetProcessID(const wchar_t* processName) {
PROCESSENTRY32W pe32;
pe32.dwSize = sizeof(PROCESSENTRY32W);
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot == INVALID_HANDLE_VALUE) return 0;
if (Process32FirstW(hSnapshot, &pe32)) {
do {
if (wcscmp(pe32.szExeFile, processName) == 0) {
CloseHandle(hSnapshot);
return pe32.th32ProcessID;
}
} while (Process32NextW(hSnapshot, &pe32));
}
CloseHandle(hSnapshot);
return 0;
}
// Funktsiya dlya in'ektsii DLL v protsess
void InjectDLL(HANDLE hProcess, const wchar_t* dllPath) {
void* pDllPath = VirtualAllocEx(hProcess, NULL, (wcslen(dllPath) + 1) * sizeof(wchar_t), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (!pDllPath) {
std::cout << "Ne udalos' vydelit' pamyat' v protsesse." << std::endl;
return;
}
WriteProcessMemory(hProcess, pDllPath, dllPath, (wcslen(dllPath) + 1) * sizeof(wchar_t), NULL);
HANDLE hLoadThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "LoadLibraryW"), pDllPath, 0, NULL);
if (hLoadThread) {
WaitForSingleObject(hLoadThread, INFINITE);
CloseHandle(hLoadThread);
std::cout << "DLL uspeshno zagruzheno v protsess." << std::endl;
}
else {
std::cout << "Ne udalos' sozdать potok dlya zagruzki DLL." << std::endl;
}
VirtualFreeEx(hProcess, pDllPath, 0, MEM_RELEASE);
}
// Funktsiya dlya vyzova funktsii Run i peredachi parametrov
void CallRunFunction(HANDLE hProcess, const wchar_t* dllPath, const char* windowTitle, const char* keyName) {
HMODULE hModule = LoadLibraryW(dllPath);
if (!hModule) {
std::cout << "Ne udalos' zagruzit' DLL v tekushchiy protsess." << std::endl;
return;
}
FARPROC pRun = GetProcAddress(hModule, "Run");
if (!pRun) {
std::cout << "Ne udalos' nayti funktsiyu Run." << std::endl;
FreeLibrary(hModule);
return;
}
// Vydelyaem pamyat' dlya struktury parametrov
void* pRunParams = VirtualAllocEx(hProcess, NULL, sizeof(RunParams), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (!pRunParams) {
std::cerr << "Ne udalos' vydelit' pamyat' dlya parametrov." << std::endl;
FreeLibrary(hModule);
return;
}
// Zapolnyaem strukturu parametrov
RunParams params;
strncpy_s(params.windowTitle, windowTitle, sizeof(params.windowTitle) - 1);
strncpy_s(params.keyName, keyName, sizeof(params.keyName) - 1);
// Zapisyvayem parametry v vydelennuyu pamyat'
WriteProcessMemory(hProcess, pRunParams, ¶ms, sizeof(RunParams), NULL);
// Sozdaem potok dlya vyzova funktsii Run
HANDLE hRunThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pRun, pRunParams, 0, NULL);
if (hRunThread) {
WaitForSingleObject(hRunThread, INFINITE);
CloseHandle(hRunThread);
std::cout << "Funktsiya Run uspeshno vyzvana." << std::endl;
}
else {
std::cout << "Ne udalos' sozdать potok dlya vyzova funktsii Run." << std::endl;
}
// Osvobozhdaem pamyat'
VirtualFreeEx(hProcess, pRunParams, 0, MEM_RELEASE);
FreeLibrary(hModule);
}
int main() {
const wchar_t* processName = L"dota2.exe";
const wchar_t* dllPath = L"C:\\Users\\sun\\source\\repos\\lua_loader_dll\\x64\\Debug\\lua_loader_dll.dll";
const char* windowTitle = "Dota 2"; // Nazvanie okna, kuda budet in'ektirovatsya DLL
const char* keyName = "B"; // Nazvanie klavishi dlya nazhatiya
DWORD processID = GetProcessID(processName);
if (processID == 0) {
std::cout << "Cannot find process Dota 2" << std::endl;
return 1;
}
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID);
if (!hProcess) {
std::cout << "Cannot open process." << std::endl;
return 1;
}
InjectDLL(hProcess, dllPath);
CallRunFunction(hProcess, dllPath, windowTitle, keyName);
CloseHandle(hProcess);
return 0;
}