'VB DLL injector
'By Reckless Youth
'All the shit it takes to make VB to inject dlls...
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal fAllocType As Long, FlProtect As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal ProcessHandle As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Any, ByVal lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadID As Long) As Long
Public ProsH As Long
'The Injection Function
Public Function InjectDll(DllPath As String, ProsH As Long)
Dim DLLVirtLoc As Long, DllLength, Inject As Long, LibAddress As Long
Dim CreateThread As Long, ThreadID As Long
'STEP 1 - The easy part...Putting the bitch in the process' memory
Form1.Label1.Caption = "Injecting......"
'Find a nice spot for your DLL to chill using VirtualAllocEx
DllLength = Len(DllPath)
DLLVirtLoc = VirtualAllocEx(ProsH, ByVal 0, DllLength, &H1000, ByVal &H4)
If DLLVirtLoc = 0 Then Form1.Label1.Caption = "VirtualAllocEx API failed!" & Form1.Timer1.Enabled = True: Exit Function
'Inject the Dll into that spot
Inject = WriteProcessMemory(ProsH, DLLVirtLoc, ByVal DllPath, DllLength, vbNull)
If Inject = 0 Then Form1.Label1.Caption = "Failed to Write DLL to Process!"
Form1.Label1.Caption = "Dll Injected...Creating Thread....."
'STEP 2 - Loading it in the process
'This is where it gets a little interesting....
'Just throwing our Dll into the process isnt going to do shit unless you
'Load it into the precess address using LoadLibrary. The LoadLibrary function
'maps the specified executable module into the address space of the
'calling process. You call LoadLibrary by using CreateRemoteThread to
'create a thread(no shit) that runs in the address space of another process.
'First we find the LoadLibrary API function and store it
LibAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
If LibAddress = 0 Then Form1.Label1.Caption = "Can't find LoadLibrary API from kernel32.dll": Exit Function
'Next, the part the took me damn near 2 hours to figure out - using CreateRemoteThread
'We set a pointer to LoadLibrary(LibAddress) in our process, LoadLibrary then puts
'our Dll(DLLVirtLoc) into the process address. Easy enough right?
CreateThread = CreateRemoteThread(ProsH, vbNull, 0, LibAddress, DLLVirtLoc, 0, ThreadID)
If CreateThread = 0 Then
Form1.Label1.Caption = "Failed to Create Thead!"
Form1.Timer1.Enabled = True
Else
Form1.Label1.Caption = "Dll Injection Successful!"
End
End If
End Function