GWToolbox now inject dll

Author: ldufr

GWToolbox/Inject.cpp

@@ -15,7 +15,7 @@ bool InjectWindow::AskInjectProcess(Process *target_process)
     }
 
     if (processes.empty()) {
-        MessageBoxW(0, L"Error: Guild Wars not running",  L"GWToolbox++", MB_ICONERROR);
+        // MessageBoxW(0, L"Error: Guild Wars not running",  L"GWToolbox++", MB_ICONERROR);
         return false;
     }
 
@@ -232,3 +232,109 @@ void InjectWindow::OnEvent(HWND hwnd, LONG control_id, LONG notification_code)
         SetEvent(m_event);
     }
 }
+
+static LPVOID GetLoadLibrary()
+{
+    HMODULE Kernel32 = GetModuleHandleW(L"Kernel32.dll");
+    if (Kernel32 == NULL)
+    {
+        fprintf(stderr, "GetModuleHandleW failed (%lu)\n", GetLastError());
+        return NULL;
+    }
+
+    LPVOID pLoadLibraryW = GetProcAddress(Kernel32, "LoadLibraryW");
+    if (pLoadLibraryW == NULL)
+    {
+        fprintf(stderr, "GetProcAddress failed (%lu)\n", GetLastError());
+        return NULL;
+    }
+
+    return pLoadLibraryW;
+}
+
+bool InjectRemoteThread(Process& process, LPCWSTR ImagePath, LPDWORD lpExitCode)
+{
+    *lpExitCode = 0;
+
+    HANDLE ProcessHandle = process.GetHandle();
+    if (ProcessHandle == NULL)
+    {
+        fprintf(stderr, "Can't inject a dll in a process which is not open\n");
+        return FALSE;
+    }
+
+    LPVOID pLoadLibraryW = GetLoadLibrary();
+    if (pLoadLibraryW == NULL)
+        return FALSE;
+
+    size_t ImagePathLength = wcslen(ImagePath);
+    size_t ImagePathSize = (ImagePathLength * 2) + 2;
+
+    LPVOID ImagePathAddress = VirtualAllocEx(
+        ProcessHandle,
+        NULL,
+        ImagePathSize,
+        MEM_COMMIT | MEM_RESERVE,
+        PAGE_READWRITE);
+
+    if (ImagePathAddress == NULL)
+    {
+        fprintf(stderr, "VirtualAllocEx failed (%lu)\n", GetLastError());
+        return FALSE;
+    }
+
+    SIZE_T BytesWritten;
+    BOOL Success = WriteProcessMemory(
+        ProcessHandle,
+        ImagePathAddress,
+        ImagePath,
+        ImagePathSize,
+        &BytesWritten);
+
+    if (!Success || (ImagePathSize != BytesWritten))
+    {
+        fprintf(stderr, "WriteProcessMemory failed (%lu)\n", GetLastError());
+        VirtualFreeEx(ProcessHandle, ImagePathAddress, 0, MEM_RELEASE);
+        return FALSE;
+    }
+
+    DWORD ThreadId;
+    HANDLE hThread = CreateRemoteThreadEx(
+        ProcessHandle,
+        NULL,
+        0,
+        reinterpret_cast<LPTHREAD_START_ROUTINE>(pLoadLibraryW),
+        ImagePathAddress,
+        0,
+        NULL,
+        &ThreadId);
+
+    if (hThread == NULL)
+    {
+        fprintf(stderr, "CreateRemoteThreadEx failed (%lu)\n", GetLastError());
+        return FALSE;
+    }
+
+    DWORD Reason = WaitForSingleObject(hThread, INFINITE);
+    if (Reason != WAIT_OBJECT_0)
+    {
+        fprintf(stderr, "WaitForSingleObject failed {reason: %lu, error: %lu}\n", Reason, GetLastError());
+        CloseHandle(hThread);
+        return FALSE;
+    }
+
+    VirtualFreeEx(ProcessHandle, ImagePathAddress, 0, MEM_RELEASE);
+
+    DWORD ExitCode;
+    Success = GetExitCodeThread(hThread, &ExitCode);
+    CloseHandle(hThread);
+
+    if (Success == FALSE)
+    {
+        fprintf(stderr, "GetExitCodeThread failed (%lu)\n", GetLastError());
+        return FALSE;
+    }
+
+    *lpExitCode = ExitCode;
+    return TRUE;
+}

GWToolbox/Inject.h

@@ -45,3 +45,5 @@ class InjectWindow
 
     int m_selected;
 };
+
+bool InjectRemoteThread(Process& process, LPCWSTR ImagePath, LPDWORD lpExitCode);

GWToolbox/Options.cpp

@@ -38,7 +38,7 @@ void ParseCommandLine(int argc, char *argv[])
             options.uninstall = true;
         } else if (strcmp(arg, "--reinstall") == 0) {
             options.reinstall = true;
-        } else if (strcmp(arg, "--pid")) {
+        } else if (strcmp(arg, "--pid") == 0) {
             fprintf(stderr, "Process id\n");
             if (++i == argc) {
                 fprintf(stderr, "'--pid' must be followed by a process id\n");

GWToolbox/Process.h

@@ -50,9 +50,10 @@ class Process
     bool GetModule(ProcessModule *module, const wchar_t *module_name);
     bool GetModules(std::vector<ProcessModule>& modules);
 
+    HANDLE GetHandle() { return m_hProcess; }
     uint32_t GetProcessId();
 private:
-    void *m_hProcess;
+    HANDLE m_hProcess;
 };
 
 bool GetProcesses(std::vector<Process>& processes, const wchar_t *name, DWORD rights = PROCESS_ALL_ACCESS);

GWToolbox/main.cpp

@@ -42,7 +42,7 @@ bool IsRunningAsAdmin()
     }
 
     FreeSid(AdministratorsGroup);
-    return true;
+    return (IsRunAsAdmin != FALSE);
 }
 
 static bool CreateProcessAsAdmin(const wchar_t *path, const wchar_t *args, const wchar_t *workdir)
@@ -146,18 +146,34 @@ int main(int argc, char *argv[])
         }
     } else {
         if (!InjectWindow::AskInjectProcess(&proc)) {
-            fprintf(stderr, "InjectWindow::AskInjectName failed\n");
-            return 1;
+            if (IsRunningAsAdmin()) {
+                fprintf(stderr, "InjectWindow::AskInjectName failed\n");
+                return 1;
+            } else {
+                wchar_t args[64];
+                swprintf(args, 64, L"--pid %lu", proc.GetProcessId());
+                RestartAsAdmin(args);
+                return 0;
+            }
         }
     }
 
     if (!EnableDebugPrivilege() && !IsRunningAsAdmin()) {
         wchar_t args[64];
         swprintf(args, 64, L"--pid %lu", proc.GetProcessId());
         RestartAsAdmin(args);
+        return 0;
     }
 
-    // InjectRemoteThread(proc, L"");
+    DWORD ExitCode;
+    if (!InjectRemoteThread(proc, L"D:\\GWToolboxpp\\Debug\\GWToolboxdll.dll", &ExitCode)) {
+        if (!IsRunningAsAdmin()) {
+            wchar_t args[64];
+            swprintf(args, 64, L"--pid %lu", proc.GetProcessId());
+            RestartAsAdmin(args);
+            return 0;
+        }
+    }
 
     return 0;
 }