diff --git a/injector/src/inject.c b/injector/src/inject.c index ea85020..704aa8a 100644 --- a/injector/src/inject.c +++ b/injector/src/inject.c @@ -21,15 +21,12 @@ static inline void write_protected_process_memory(HANDLE process, void *address, DWORD oldProtect; VirtualProtectEx(process, address, size, PAGE_EXECUTE_READWRITE, &oldProtect); - size_t bytesWritten; - WriteProcessMemory(process, address, buf, size, &bytesWritten); + WriteProcessMemory(process, address, buf, size, NULL); VirtualProtectEx(process, address, size, oldProtect, &oldProtect); } void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar_t *dllPath) { - size_t _; // Contrary to the docs, {Write,Read}ProcessMemory likes to crash if the last arg is NULL - // Find the EXE header in the process char exeHeader[1024]; IMAGE_DOS_HEADER *dosHeader = NULL; @@ -38,7 +35,7 @@ void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar MEMORY_BASIC_INFORMATION memoryInfo; char *currentAddress = 0x0; while (VirtualQueryEx(process, currentAddress, &memoryInfo, sizeof(memoryInfo))) { - ReadProcessMemory(process, currentAddress, exeHeader, sizeof(exeHeader), &_); + ReadProcessMemory(process, currentAddress, exeHeader, sizeof(exeHeader), NULL); dosHeader = (IMAGE_DOS_HEADER*)exeHeader; @@ -84,8 +81,8 @@ void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar char *remoteAlloc = VirtualAllocEx(process, NULL, allocSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); // Write the assembly payload and dll path - WriteProcessMemory(process, remoteAlloc, payload, payloadSize, &_); - WriteProcessMemory(process, remoteAlloc + payloadSize, dllPath, dllPathSize, &_); + WriteProcessMemory(process, remoteAlloc, payload, payloadSize, NULL); + WriteProcessMemory(process, remoteAlloc + payloadSize, dllPath, dllPathSize, NULL); // Modify the executable to run the assembly payload @@ -97,7 +94,7 @@ void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar // Save the original entry point address and bytes rd.entryPointAddress = entryPoint; - ReadProcessMemory(process, rd.entryPointAddress, rd.entryPointData, sizeof(rd.entryPointData), &_); + ReadProcessMemory(process, rd.entryPointAddress, rd.entryPointData, sizeof(rd.entryPointData), NULL); // Replace the entry point with a jump to the assembly payload write_protected_process_memory(process, entryPoint, JUMP_INST, sizeof(JUMP_INST)); @@ -110,7 +107,7 @@ void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar // Save the original descriptor address and bytes rd.importDescriptorAddress = importDescriptors; - ReadProcessMemory(process, rd.importDescriptorAddress, &rd.importDescriptorData, sizeof(rd.importDescriptorData), &_); + ReadProcessMemory(process, rd.importDescriptorAddress, &rd.importDescriptorData, sizeof(rd.importDescriptorData), NULL); // Overwrite with zeroes IMAGE_IMPORT_DESCRIPTOR firstDescriptor; @@ -122,12 +119,12 @@ void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar // Save the original value rd.sizeFieldAddress = ddAddr; - ReadProcessMemory(process, rd.sizeFieldAddress, &rd.sizeFieldData, sizeof(rd.sizeFieldData), &_); + ReadProcessMemory(process, rd.sizeFieldAddress, &rd.sizeFieldData, sizeof(rd.sizeFieldData), NULL); // Set to 0 DWORD newSize = 0; write_protected_process_memory(process, ddAddr, &newSize, sizeof(newSize)); // Write recovery data to the allocation - WriteProcessMemory(process, remoteAlloc + payloadSize + dllPathSize, &rd, sizeof(rd), &_); + WriteProcessMemory(process, remoteAlloc + payloadSize + dllPathSize, &rd, sizeof(rd), NULL); }