-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathInjector.asm
211 lines (145 loc) · 4.3 KB
/
Injector.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
.386
.model flat,stdcall
option casemap:none
WinMain proto :DWORD,:DWORD,:DWORD,:DWORD
Inject proto :DWORD,:DWORD
include\masm32\include\windows.inc
include\masm32\include\kernel32.inc
include\masm32\include\user32.inc
include\masm32\include\comdlg32.inc
include Globals.inc
includelib\masm32\lib\kernel32.lib
includelib\masm32\lib\user32.lib
includelib\masm32\lib\comdlg32.lib
.data
.code
start:
push NULL
call GetModuleHandle
mov hInst,eax
invoke WinMain,eax,NULL,NULL,SW_SHOWDEFAULT
invoke ExitProcess,0
WinMain proc hInstance:HINSTANCE, hPrevInstance:HINSTANCE, cmdLine:LPSTR, cmdShow:DWORD
mov wnd.cbSize,sizeof WNDCLASSEX
mov ebx,CS_HREDRAW
or ebx,CS_VREDRAW
mov wnd.style, ebx
mov wnd.lpfnWndProc, offset WndProc
mov ebx,hInstance
mov wnd.hInstance,ebx
mov wnd.hbrBackground,COLOR_BTNSHADOW
mov wnd.lpszClassName, offset ClassName
push IDC_ARROW
push NULL
call LoadCursor
mov wnd.hCursor,eax
invoke RegisterClassEx,addr wnd
invoke CreateWindowEx, NULL,addr ClassName,addr AppName,WS_OVERLAPPEDWINDOW,300,300,300,150,NULL,NULL,hInstance,NULL
mov hwnd,eax
invoke ShowWindow,eax,cmdShow
;FILL OPENFILENAME STRUCT
mov fileDialog.lStructSize,sizeof fileDialog
push hwnd
pop fileDialog.hwndOwner
push hInstance
pop fileDialog.hInstance
mov fileDialog.lpstrFile,offset buffer
mov fileDialog.lpstrFilter,offset filter
mov fileDialog.nMaxFile,1024
.while TRUE
invoke GetMessage,addr msg,NULL,NULL,NULL
.break .if eax==NULL
invoke TranslateMessage, addr msg
invoke DispatchMessage, addr msg
.endw
mov eax,msg.wParam
Ret
WinMain endp
WndProc proc hWnd:HWND, Msg:UINT ,wParam:WPARAM, lParam:LPARAM
.if Msg==WM_CREATE
mov ebx,WS_CHILD
or ebx,WS_VISIBLE
or ebx, WS_BORDER
or ebx,ES_AUTOHSCROLL
invoke CreateWindowEx,NULL,addr editClass,NULL,ebx,70,30,100,20,hWnd,0,hInst,NULL ;DLL textbox
mov textbox1,eax
mov ebx,WS_CHILD
or ebx,WS_VISIBLE
or ebx, BS_DEFPUSHBUTTON
invoke CreateWindowEx,NULL,addr buttonClass,addr button2Text,ebx,190,30,60,20,hWnd,1,hInst,NULL ;browse button
mov ebx,WS_CHILD
or ebx,WS_VISIBLE
or ebx, WS_BORDER
or ebx,ES_AUTOHSCROLL
invoke CreateWindowEx,NULL,addr editClass,NULL,ebx,70,60,100,20,hWnd,0,hInst,NULL ;process textbox
mov textbox2,eax
mov ebx,WS_CHILD
or ebx,WS_VISIBLE
or ebx, BS_DEFPUSHBUTTON
invoke CreateWindowEx,NULL,addr buttonClass,addr button1Text,ebx,190,60,60,20,hWnd,2,hInst,NULL ;inject button
mov ebx,WS_CHILD
or ebx,WS_VISIBLE
invoke CreateWindowEx,NULL,addr staticClass,addr label1Text,ebx,5,60,60,20,hWnd,0,hInst,NULL ; process label
mov ebx,WS_CHILD
or ebx,WS_VISIBLE
invoke CreateWindowEx,NULL,addr staticClass,addr label2Text,ebx,35,30,30,20,hWnd,0,hInst,NULL ; DLL label
.endif
.if Msg==WM_COMMAND
mov eax,wParam
.if eax==1
invoke GetOpenFileName, addr fileDialog
.if eax != NULL
invoke SendMessage,textbox1,WM_SETTEXT,0,addr buffer
.endif
.endif
.if eax==2
invoke GetWindowText,textbox2,addr processBuffer,1024
invoke Inject, addr buffer,addr processBuffer
.endif
.endif
.if Msg==WM_CLOSE
invoke PostQuitMessage,0
.endif
invoke DefWindowProc,hWnd,Msg,wParam,lParam
Ret
WndProc EndP
Inject proc dllpath:DWORD,processName:DWORD
mov pEntry.dwSize,sizeof pEntry
invoke CreateToolhelp32Snapshot,TH32CS_SNAPALL,0
.if eax
mov snapshot,eax
invoke Process32First,snapshot,addr pEntry
.while eax != NULL
mov ebx,offset pEntry.szExeFile
invoke lstrcmpi ,processName,ebx
.if eax==0
jmp processFound
.endif
invoke Process32Next,snapshot,addr pEntry
.endw
invoke MessageBox,NULL,addr error_1,addr error,MB_OK
Ret
processFound:
mov ebx,pEntry.th32ProcessID
invoke OpenProcess,PROCESS_ALL_ACCESS,0,ebx
mov pHandle,eax
.if eax != NULL
invoke GetModuleHandle,addr kernel32dll
invoke GetProcAddress,eax,addr floadlibrary
.if eax != NULL
mov ebx,eax
invoke VirtualAllocEx,pHandle,0,sizeof dllpath,MEM_COMMIT,PAGE_EXECUTE_READWRITE
mov allocMem,eax
invoke lstrlen,dllpath
mov edx,eax
invoke WriteProcessMemory, pHandle,allocMem,dllpath,edx,0
.if eax != NULL
mov ecx,allocMem
invoke CreateRemoteThread,pHandle,0,0,ebx,ecx,0,0
.endif
.endif
.endif
.endif
Ret
Inject EndP
end start