Process InjectionThis project allows you to copy the local process into another remote process and execute it. There are no requirements for your program for this to work. All you do is call the function, and sit back and the program will run inside the remote address space just as if it was in it's own. You do not need to pass memory addresses to the thread because, the Injected program is set at it's own original address in memory so all variables and functions defined will still work.
But this will not work on all running processes because the ImageBase required by the injector executable maybe already Allocated by the process, therefore causing the VirtualAllocEx to fail. If you were to make this work on all process you would first have to rebase the injector in memory, then inject it.
The default imagebase for an executable most of the time is 0x400000 which is available in Explorer.exe, so this process was chosen as example.
/* Injection Prototypes */
BOOL InjectExecutable(DWORD dwPid, LPTHREAD_START_ROUTINE lpStartProc, LPVOID lpParam);
BOOL InjectExecutable(DWORD dwPid, LPTHREAD_START_ROUTINE lpStartProc, LPVOID lpParam)
HMODULE hModule, hNewModule;
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
if (hProcess == NULL)
hModule = GetModuleHandle(NULL);
CopyMemory(&ImageDosHeader, hModule, sizeof(ImageDosHeader));
CopyMemory(&ImageOptionalHeader, ((BYTE *)hModule + sizeof(DWORD) + ImageDosHeader.e_lfanew + sizeof(IMAGE_FILE_HEADER)), sizeof(ImageOptionalHeader));
dwSize = ImageOptionalHeader.SizeOfImage;
hNewModule = VirtualAllocEx(hProcess, hModule, dwSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (hNewModule == NULL)
WriteProcessMemory(hProcess, hNewModule, hModule, dwSize, NULL);
CreateRemoteThread(hProcess, 0, 0, lpStartProc, lpParam, 0, NULL);
DWORD WINAPI RemFunc(LPVOID lpParam);
GetWindowThreadProcessId(FindWindow("ProgMan", NULL), &dwPid);
InjectExecutable(dwPid, &RemFunc, NULL);
DWORD WINAPI RemFunc(LPVOID lpParam)
MessageBox(HWND_DESKTOP, "Greetings from the Hijacked Process!!!!nDone with ProcessInjectionn.::ANUBIS::.", "Explorer", MB_OK);