1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <wchar.h>
4 #include <windows.h>
5 #include <shellapi.h>
6 #include <stdbool.h>
7 #include "../obfuscate.h"
8 #include "../inject-library.h"
9
10 #if defined(_MSC_VER) && !defined(inline)
11 #define inline __inline
12 #endif
13
load_debug_privilege(void)14 static void load_debug_privilege(void)
15 {
16 const DWORD flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY;
17 TOKEN_PRIVILEGES tp;
18 HANDLE token;
19 LUID val;
20
21 if (!OpenProcessToken(GetCurrentProcess(), flags, &token)) {
22 return;
23 }
24
25 if (!!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &val)) {
26 tp.PrivilegeCount = 1;
27 tp.Privileges[0].Luid = val;
28 tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
29
30 AdjustTokenPrivileges(token, false, &tp, sizeof(tp), NULL,
31 NULL);
32 }
33
34 CloseHandle(token);
35 }
36
open_process(DWORD desired_access,bool inherit_handle,DWORD process_id)37 static inline HANDLE open_process(DWORD desired_access, bool inherit_handle,
38 DWORD process_id)
39 {
40 HANDLE(WINAPI * open_process_proc)(DWORD, BOOL, DWORD);
41 open_process_proc = get_obfuscated_func(GetModuleHandleW(L"KERNEL32"),
42 "HxjcQrmkb|~",
43 0xc82efdf78201df87);
44
45 return open_process_proc(desired_access, inherit_handle, process_id);
46 }
47
inject_library(HANDLE process,const wchar_t * dll)48 static inline int inject_library(HANDLE process, const wchar_t *dll)
49 {
50 return inject_library_obf(process, dll, "E}mo|d[cefubWk~bgk",
51 0x7c3371986918e8f6, "Rqbr`T{cnor{Bnlgwz",
52 0x81bf81adc9456b35, "]`~wrl`KeghiCt",
53 0xadc6a7b9acd73c9b, "Zh}{}agHzfd@{",
54 0x57135138eb08ff1c, "DnafGhj}l~sX",
55 0x350bfacdf81b2018);
56 }
57
inject_library_safe(DWORD thread_id,const wchar_t * dll)58 static inline int inject_library_safe(DWORD thread_id, const wchar_t *dll)
59 {
60 return inject_library_safe_obf(thread_id, dll, "[bs^fbkmwuKfmfOvI",
61 0xEAD293602FCF9778ULL);
62 }
63
inject_library_full(DWORD process_id,const wchar_t * dll)64 static inline int inject_library_full(DWORD process_id, const wchar_t *dll)
65 {
66 HANDLE process = open_process(PROCESS_ALL_ACCESS, false, process_id);
67 int ret;
68
69 if (process) {
70 ret = inject_library(process, dll);
71 CloseHandle(process);
72 } else {
73 ret = INJECT_ERROR_OPEN_PROCESS_FAIL;
74 }
75
76 return ret;
77 }
78
inject_helper(wchar_t * argv[],const wchar_t * dll)79 static int inject_helper(wchar_t *argv[], const wchar_t *dll)
80 {
81 DWORD id;
82 DWORD use_safe_inject;
83
84 use_safe_inject = wcstol(argv[2], NULL, 10);
85
86 id = wcstol(argv[3], NULL, 10);
87 if (id == 0) {
88 return INJECT_ERROR_INVALID_PARAMS;
89 }
90
91 return use_safe_inject ? inject_library_safe(id, dll)
92 : inject_library_full(id, dll);
93 }
94
95 #define UNUSED_PARAMETER(x) ((void)(x))
96
main(int argc,char * argv_ansi[])97 int main(int argc, char *argv_ansi[])
98 {
99 wchar_t dll_path[MAX_PATH];
100 LPWSTR pCommandLineW;
101 LPWSTR *argv;
102 int ret = INJECT_ERROR_INVALID_PARAMS;
103
104 SetErrorMode(SEM_FAILCRITICALERRORS);
105 load_debug_privilege();
106
107 pCommandLineW = GetCommandLineW();
108 argv = CommandLineToArgvW(pCommandLineW, &argc);
109 if (argv && argc == 4) {
110 DWORD size = GetModuleFileNameW(NULL, dll_path, MAX_PATH);
111 if (size) {
112 ret = inject_helper(argv, argv[1]);
113 }
114 }
115 LocalFree(argv);
116
117 UNUSED_PARAMETER(argv_ansi);
118 return ret;
119 }
120