Code:
public class cl_Injector
'platform calls to perform dll injection
Private Const PROCESS_VM_OPERATION As Int32 = &H8
Private Const PROCESS_VM_WRITE As Int32 = &H20
Private Const PROCESS_VM_READ As Int32 = &H10
Private Const MEM_COMMIT As Int32 = &H1000
Private Const MEM_RELEASE As Int32 = &H8000
Private Const PAGE_READWRITE As Int32 = &H4
'CreateRemoteThread for calling loadlibrary in the target process address space to load our Dll
Private Declare Function CreateRemoteThread Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpThreadAttributes As Int32, ByVal dwStackSize As Int32, ByVal lpStartAddress As Int32, ByVal lpParameter As Int32, ByVal dwCreationFlags As Int32, ByRef lpThreadId As Int32) As Int32
'VirtualAllocEx to allocate space in our target process so that we can write the path to our Dll
Private Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpAddress As Int32, ByVal dwSize As Int32, ByVal flAllocationType As Int32, ByVal flProtect As Int32) As Int32
'WriteProcessMemory to write the path to our Dll in the target process address space
Private Declare Function WriteProcessMemory Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpBaseAddress As Int32, ByVal lpBuffer As String, ByVal nSize As Int32, ByRef lpNumberOfBytesWritten As Int32) As Int32
'VirtualFreeEx to clean up when done
Private Declare Function VirtualFreeEx Lib "kernel32.dll" (ByVal hProcess As Int32, ByVal lpAddress As Int32, ByRef dwSize As Int32, ByVal dwFreeType As Int32) As Int32
'Get ModuleHandle to get a handle to LoadLibrary so we can use the Handle to get its Address in the target Process' space
Private Declare Function GetModuleHandle Lib "kernel32.dll" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Int32
'GetProcAddress to get the address that LoadLibraryA resides at
Private Declare Function GetProcAddress Lib "kernel32.dll" (ByVal hModule As Int32, ByVal lpProcName As String) As Int32
'OpenProcess to get a handle to our target process and open it with the rights we require
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Int32, ByVal bInheritHandle As Int32, ByVal dwProcessId As Int32) As Int32
'CloseHandle to Close all open handles we needed
Private Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As Int32) As Int32
Public Enum eDllInjectStatus
GenerelError = 0
NoHandleToKernel
NoHandleToTargetProc
NoSpaceInTargetProc
ErrorWriteToTargetProc
ErrorCreateRemoteThread
OK
End Enum
Public Function InjectSingleDll(ByVal PID As Integer, ByVal DllPath As String) As eDllInjectStatus
Dim ProcHandle As Int32 ' Handle to our Process
Dim DllVirtLoc As Int32 ' The Location we will end up writing out Dll's Path to
Dim Inject As Int32 ' For Error Checking
Dim CreateThread As Int32 ' For Error Cheacking
Dim ThreadID As Int32 ' The ThreadID our created thread
Dim MHandle As Int32 ' Handle to LoadLibrary
MHandle = GetModuleHandle("Kernel32.dll") 'Handle to Kernel32.dll
If MHandle = Nothing Then
Return eDllInjectStatus.NoHandleToKernel
Else
ProcHandle = OpenProcess(PROCESS_VM_READ Or PROCESS_VM_WRITE Or PROCESS_VM_OPERATION, 0, PID) 'Gets Handle to Target process with required rights
If ProcHandle = 0 Then
CloseHandle(MHandle) ' Closes our Handle to Kernel32.dll because we could not open Target Process
Return eDllInjectStatus.NoHandleToTargetProc
Else
DllVirtLoc = VirtualAllocEx(ProcHandle, 0, DllPath.Length + 1, MEM_COMMIT, PAGE_READWRITE) ' Returns the Address of our Dll's Path in the target Process
If DllVirtLoc = 0 Then
CloseHandle(MHandle) ' Closes Handle to Kernel32.dll because we could not allocate space in Target Process
CloseHandle(ProcHandle) ' Closes Handle to Target Process because we could not allocate space in Target Process
Return eDllInjectStatus.NoSpaceInTargetProc
Else
Inject = WriteProcessMemory(ProcHandle, DllVirtLoc, DllPath, DllPath + 1, Nothing) ' Writes Our Dll's Path to our allocated Space
If Inject = 0 Then
VirtualFreeEx(ProcHandle, DllVirtLoc, 0, MEM_RELEASE) ' Frees Allocated Space in Target Process because we could not write our Dll's Path
CloseHandle(MHandle) ' Closes Handle to Kernel32.dll because we could not write our Dll's Path to Target Process
CloseHandle(ProcHandle) ' Closes Handle to Target Process because we could not write our Dll's Path to it
Return eDllInjectStatus.ErrorWriteToTargetProc
Else
CreateThread = CreateRemoteThread(ProcHandle, 0, 0, GetProcAddress(MHandle, "LoadLibraryA"), DllVirtLoc, 0, ThreadID) ' Calls LoadLibraryA in Target Process to load our Dll
If CreateThread = 0 Then
VirtualFreeEx(ProcHandle, DllVirtLoc, 0, MEM_RELEASE) ' Frees Allocated Space in Target Process because we could not create our remote thread
CloseHandle(MHandle) ' Closes handle to Kernel32.dll because we could not create our remote thread
CloseHandle(ProcHandle) ' Closes handle to Target Process because we could not create our remote thread
Return eDllInjectStatus.ErrorCreateRemoteThread
End If
End If
End If
End If
End If
VirtualFreeEx(ProcHandle, DllVirtLoc, 0, MEM_RELEASE) 'Frees Allocated space because we are done
CloseHandle(MHandle) ' Closes handle to Kernel32.dll because we are done
CloseHandle(ProcHandle) ' Closes handle to Target Process because we are done
Return eDllInjectStatus.OK
End Function
End Class