forked from Cr4sh/KernelForge
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dll_inject_shellcode.h
45 lines (32 loc) · 1.23 KB
/
dll_inject_shellcode.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
// hash sums for dll_inject_CalcHash()
#define DLL_INJECT_HASH_KERNEL32 0x4b1ffe8e // "kernel32.dll"
#define DLL_INJECT_HASH_LOAD_LIBRARY_A 0xc8ac8026 // "LoadLibraryA"
#define DLL_INJECT_HASH_GET_PROC_ADDRESS 0x1fc0eaee // "GetProcAddress"
typedef PVOID (WINAPI * dll_inject_LoadLibraryA)(char *lpLibFileName);
typedef PVOID (WINAPI * dll_inject_GetProcAddress)(PVOID hModule, char *lpProcName);
#ifdef _X86_
#define DLL_INJECT_PEB_IMAGE_BASE_OFFEST 0x08
#define DLL_INJECT_PEB_LDR_TABLE_OFFSET 0x0C
#else _AMD64_
#define DLL_INJECT_PEB_IMAGE_BASE_OFFEST 0x10
#define DLL_INJECT_PEB_LDR_TABLE_OFFSET 0x18
#endif
#pragma pack(1)
typedef struct _DLL_INJECT_STRUCT
{
// DLL image base
PVOID ModuleBase;
// DLL load shellcode
UCHAR Shellcode[];
} DLL_INJECT_STRUCT,
*PDLL_INJECT_STRUCT;
#pragma pack()
extern "C"
{
DWORD WINAPI dll_inject_Entry(PDLL_INJECT_STRUCT Struct);
DWORD WINAPI dll_inject_CalcHash(char *lpszString);
PVOID WINAPI dll_inject_GetModuleAddressByHash(ULONG ModuleHash);
PVOID WINAPI dll_inject_GetProcAddressByHash(PVOID Image, ULONG ProcHash);
BOOL WINAPI dll_inject_ProcessImports(PVOID Image);
void WINAPI dll_inject_End(void);
};