├── .gitmodules ├── .vscode └── settings.json ├── LICENSE ├── Makefile ├── README.md ├── config.json ├── console.png ├── frames ├── 000001.bmp ├── 000002.bmp ├── 000003.bmp ├── 000004.bmp └── 000005.bmp ├── image.gif └── src ├── dll ├── dllmain.cpp └── pattern.hpp └── injector └── main.cpp /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "src/dll/libs/libmem"] 2 | path = src/dll/libs/libmem 3 | url = https://github.com/rdbo/libmem 4 | [submodule "src/dll/libs/rapidjson"] 5 | path = src/dll/libs/rapidjson 6 | url = https://github.com/Tencent/rapidjson 7 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "files.associations": { 3 | "ostream": "cpp" 4 | } 5 | } -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | This is free and unencumbered software released into the public domain. 2 | 3 | Anyone is free to copy, modify, publish, use, compile, sell, or 4 | distribute this software, either in source code form or as a compiled 5 | binary, for any purpose, commercial or non-commercial, and by any 6 | means. 7 | 8 | In jurisdictions that recognize copyright laws, the author or authors 9 | of this software dedicate any and all copyright interest in the 10 | software to the public domain. We make this dedication for the benefit 11 | of the public at large and to the detriment of our heirs and 12 | successors. We intend this dedication to be an overt act of 13 | relinquishment in perpetuity of all present and future rights to this 14 | software under copyright law. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR 20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 22 | OTHER DEALINGS IN THE SOFTWARE. 23 | 24 | For more information, please refer to 25 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | CC = g++ 2 | all: dll injector 3 | dll:src/dll/dllmain.cpp 4 | $(CC) -shared -fPIC -Isrc/dll/libs/rapidjson/include src/dll/dllmain.cpp src/dll/libs/libmem/libmem/libmem.c -o dllmain.dll -lPsapi -lgdi32 -lVersion -lShlwapi -Wall 5 | 6 | injector: src/injector/main.cpp 7 | $(CC) .\src\injector\main.cpp -lshlwapi -lz -static -o injector.exe -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | NOTE: this project is archived and probably will not work. 2 | ![](image.gif) 3 | # Taskmanager 4 | Enables you to alter the heatmap(by spoofing in the number of logical cores) in taskmanager to draw bitmaps. 5 | No this will not magically give you more computing power. 6 | This will on work on the following task manager builds: 7 | ``` 8 | 10.0.22000.1 9 | 10.0.22000.65 10 | 10.0.19041.84 11 | 10.0.19041.844 12 | 10.0.19041.746 13 | 10.0.18362.1316 14 | 10.0.19041.1202 15 | 10.0.18362.1 - UNTESTED 16 | ``` 17 | 18 | ## Compiling & Executing 19 | Make sure you have [git](https://git-scm.com/downloads) and [mingw-w64](https://sourceforge.net/projects/mingw-w64/files/mingw-w64/)(x86_64,posix) setup properly. 20 | NOTE: This will only work with x64 mingw,install the x64 version of it. 21 | #### Compiling 22 | Execute the following commands in CMD or PowerShell or in MYSYS2: 23 | ``` 24 | git clone --recurse-submodules https://github.com/turtiustrek/taskmanager 25 | cd taskmanager 26 | mingw32-make.exe 27 | ``` 28 | This will compile the injector and the dll as injector.exe and dllmain.dll respectively. 29 | #### Executing 30 | Launch the ```Task Manager``` and then run the ```injector.exe``` as **admin**. 31 | This should inject the dll into the ```Task Manager``` and spawn a console in ```Task Manager```. 32 | If all the checks passes then, switch over to the ```Preformance``` tab and set the update speed to ```High``` by navigating to ```View>Update Speed``` in task manager. 33 | Switch over to ```Logical Processors``` in task manager by right clicking on the CPU graph and navigate to ```Change graph to > Logical Processors``` and it should display the bitmap. 34 | If the bitmap seems distorted, adjust the ```BlockWidth``` by using the commmands in the console untill all of the blocks in task manager are on the screen and make sure that it does not scroll. 35 | ![](console.png) 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /config.json: -------------------------------------------------------------------------------- 1 | { 2 | "fake_cpu_count": 1024, 3 | "block_width": 43, 4 | "modifed_time":5 5 | } -------------------------------------------------------------------------------- /console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turtiustrek/taskmanager/4fa9e2262e1973227f04b0d73611bdab1a2e22fd/console.png -------------------------------------------------------------------------------- /frames/000001.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turtiustrek/taskmanager/4fa9e2262e1973227f04b0d73611bdab1a2e22fd/frames/000001.bmp -------------------------------------------------------------------------------- /frames/000002.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turtiustrek/taskmanager/4fa9e2262e1973227f04b0d73611bdab1a2e22fd/frames/000002.bmp -------------------------------------------------------------------------------- /frames/000003.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turtiustrek/taskmanager/4fa9e2262e1973227f04b0d73611bdab1a2e22fd/frames/000003.bmp -------------------------------------------------------------------------------- /frames/000004.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turtiustrek/taskmanager/4fa9e2262e1973227f04b0d73611bdab1a2e22fd/frames/000004.bmp -------------------------------------------------------------------------------- /frames/000005.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turtiustrek/taskmanager/4fa9e2262e1973227f04b0d73611bdab1a2e22fd/frames/000005.bmp -------------------------------------------------------------------------------- /image.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turtiustrek/taskmanager/4fa9e2262e1973227f04b0d73611bdab1a2e22fd/image.gif -------------------------------------------------------------------------------- /src/dll/dllmain.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | Written by: turtius 3 | Description: DLL for task manager which draws bitmaps 4 | Repo: https://github.com/turtiustrek/taskmanager 5 | */ 6 | 7 | #include 8 | #include "libs/libmem/libmem/libmem.hpp" 9 | #include "pattern.hpp" 10 | #include "rapidjson/document.h" 11 | #include "rapidjson/writer.h" 12 | #include "rapidjson/stringbuffer.h" 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | using namespace rapidjson; 23 | 24 | uint16_t fakeCores = 0; 25 | uint32_t blockWidth = 0; 26 | 27 | mem_voidptr_t UpdateData = (mem_voidptr_t)MEM_BAD; 28 | mem_voidptr_t GetBlockWidth = (mem_voidptr_t)MEM_BAD; 29 | mem_voidptr_t IsServer = (mem_voidptr_t)MEM_BAD; 30 | mem_voidptr_t SetRefreshRate = (mem_voidptr_t)MEM_BAD; 31 | 32 | mem_voidptr_t handler = (mem_voidptr_t)MEM_BAD; 33 | mem_voidptr_t GlobalSettings = (mem_voidptr_t)MEM_BAD; 34 | 35 | int32_t __fastcall (*GetBlockColors)(void *, int core, long *background, long *border); 36 | int32_t __fastcall (*SetBlockData)(void *, int, const wchar_t *string, long background, long border); 37 | //Position inside the GLOBAL_SETTINGS_TASKMGR 38 | #define GLOBAL_SETTINGS_CPU_OFFSET 0x944 //not relative to BaseAdress but GLOBAL_SETTINGS_TASKMGR 39 | //Global 40 | uint32_t actualTime; 41 | uint32_t modifedTime; 42 | mem_voidptr_t timeHandle; 43 | //task manager handle 44 | mem_module_t mod = {0}; 45 | mem_tstring_t process_path = (mem_tstring_t)NULL; 46 | 47 | wchar_t dllDir[MAX_PATH]; 48 | //JSON file 49 | /* \\.. is used since dllDir is pointed to current DLL file*/ 50 | wchar_t config[MAX_PATH] = L"\\..\\config.json"; 51 | wchar_t configpath[MAX_PATH]; 52 | //bitmaps 53 | WIN32_FIND_DATAW data; 54 | wchar_t bitmapDir[MAX_PATH]; 55 | wchar_t frame[] = L"\\..\\frames\\*.bmp"; 56 | int frames = 0; 57 | int currentFrame = 0; 58 | int commandFrame = 0; 59 | char *bitmapPixels = (char *)MEM_BAD; 60 | 61 | int64_t __fastcall UpdateDataHook(void *ret) 62 | { 63 | 64 | handler = ret; 65 | switch (commandFrame) 66 | { 67 | case 0: 68 | currentFrame++; 69 | if (currentFrame >= frames) 70 | { 71 | currentFrame = 0; 72 | } 73 | break; 74 | case 1: 75 | break; 76 | default: 77 | break; 78 | } 79 | long v10; 80 | long v11; 81 | wchar_t w[5]; 82 | char pixel; 83 | for (int i = 0; i < fakeCores; i++) 84 | { 85 | pixel = *(bitmapPixels + (i + (currentFrame * fakeCores))); 86 | swprintf_s(w, L"%d%%", pixel); 87 | GetBlockColors(ret, pixel, &v11, &v10); 88 | SetBlockData(ret, i, w, v11, v10); 89 | } 90 | 91 | return 1; 92 | } 93 | //This function alters the draw timer. 94 | //This also wrties to a global variable apparently, so on the next re-launch this value would be used for the timer instead in the task manager 95 | typedef bool (*SetRefreshRateOrig_t)(void *ret, uint32_t time); 96 | SetRefreshRateOrig_t SetRefreshRateOrig; 97 | int64_t __fastcall SetRefreshRateHook(void *ret, uint32_t time) 98 | { 99 | actualTime = time; 100 | if (modifedTime != 0) 101 | { 102 | return SetRefreshRateOrig(ret, modifedTime); 103 | } 104 | else 105 | { 106 | return SetRefreshRateOrig(ret, time); 107 | } 108 | } 109 | //Used to alter the size of the block 110 | int64_t __fastcall GetBlockWidthHook(void *ret) 111 | { 112 | 113 | return blockWidth; 114 | } 115 | //Used to get GlobalSettings 116 | //TODO: not do this? 117 | bool __fastcall IsServerHook(void *ret) 118 | { 119 | GlobalSettings = ret; 120 | return false; 121 | } 122 | //Console printing 123 | void printDone(HANDLE console) 124 | { 125 | SetConsoleTextAttribute(console, 10); 126 | std::cout << "Done" << std::endl; 127 | SetConsoleTextAttribute(console, 7); 128 | } 129 | void printFail(HANDLE console) 130 | { 131 | SetConsoleTextAttribute(console, 12); 132 | std::cout << "Fail" << std::endl; 133 | SetConsoleTextAttribute(console, 7); 134 | } 135 | void printnullptr(HANDLE console, void *ptr) 136 | { 137 | if (ptr == (mem_voidptr_t)MEM_BAD) 138 | { 139 | printFail(console); 140 | } 141 | else 142 | { 143 | printDone(console); 144 | } 145 | } 146 | int map(int x, int in_min, int in_max, int out_min, int out_max) 147 | { 148 | return (x - in_min) * (out_max - out_min) / (in_max - in_min) + out_min; 149 | } 150 | 151 | bool compareFunction(std::wstring &a, std::wstring &b) { return StrCmpLogicalW(a.c_str(), b.c_str()) < 0; } 152 | //main thread of dllmain 153 | DWORD WINAPI attach(LPVOID dllHandle) 154 | 155 | { 156 | AllocConsole(); 157 | 158 | FILE *fDummy; 159 | //Re-allocate console 160 | freopen_s(&fDummy, "CONIN$", "r", stdin); 161 | freopen_s(&fDummy, "CONOUT$", "w", stderr); 162 | freopen_s(&fDummy, "CONOUT$", "w", stdout); 163 | HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE); 164 | 165 | //process(taskmgr) path 166 | mem_in_get_process_path(&process_path); 167 | mod = mem_in_get_module(process_path); 168 | 169 | std::cout << "Base address " << (void *)mod.base << std::endl; 170 | std::cout << "DLL address " << (void *)attach << std::endl; 171 | DWORD verHandle = 0; 172 | UINT size = 0; 173 | LPBYTE lpBuffer = NULL; 174 | DWORD verSize = GetFileVersionInfoSize(process_path, &verHandle); 175 | 176 | if (verSize != (DWORD)NULL) 177 | { 178 | LPSTR verData = new char[verSize]; 179 | 180 | if (GetFileVersionInfo(process_path, verHandle, verSize, verData)) 181 | { 182 | if (VerQueryValueW(verData, L"\\", (VOID FAR * FAR *)&lpBuffer, &size)) 183 | { 184 | if (size) 185 | { 186 | VS_FIXEDFILEINFO *verInfo = (VS_FIXEDFILEINFO *)lpBuffer; 187 | if (verInfo->dwSignature == 0xfeef04bd) 188 | { 189 | SetConsoleTextAttribute(hConsole, 14); 190 | std::cout << "Process Version: " << ((verInfo->dwFileVersionMS >> 16) & 0xffff) << '.' << ((verInfo->dwFileVersionMS >> 0) & 0xffff) << '.' << ((verInfo->dwFileVersionLS >> 16) & 0xffff) << '.' << ((verInfo->dwFileVersionLS >> 0) & 0xffff) << std::endl; 191 | SetConsoleTextAttribute(hConsole, 7); 192 | } 193 | } 194 | } 195 | } 196 | delete[] verData; 197 | } 198 | //Choose the table that is going to be used to find the functions 199 | for (int i = 0; i < (int)(sizeof(table) / sizeof(table[0])); i++) 200 | { 201 | std::cout << "Table task manager version:"; 202 | SetConsoleTextAttribute(hConsole, 11); 203 | std::cout << table[i].version << std::endl; 204 | SetConsoleTextAttribute(hConsole, 7); 205 | std::cout << "Finding UpdateData function..."; 206 | UpdateData = mem::in::scan(table[i].UpdateDataPattern, PATTERN_BYTES, mod.base, mod.end); 207 | printnullptr(hConsole, UpdateData); 208 | std::cout << "Finding GetBlockWidth function..."; 209 | GetBlockWidth = mem::in::scan(table[i].GetBlockWidthPattern, PATTERN_BYTES, mod.base, mod.end); 210 | printnullptr(hConsole, GetBlockWidth); 211 | std::cout << "Finding GetBlockColors function..."; 212 | GetBlockColors = (decltype(GetBlockColors))(mem::in::scan(table[i].GetBlockColorsPattern, PATTERN_BYTES, mod.base, mod.end)); 213 | printnullptr(hConsole, (void *)GetBlockColors); 214 | std::cout << "Finding SetBlockData function..."; 215 | SetBlockData = (decltype(SetBlockData))(mem::in::scan(table[i].SetBlockDataPattern, PATTERN_BYTES, mod.base, mod.end)); 216 | printnullptr(hConsole, (void *)SetBlockData); 217 | std::cout << "Finding IsServer function..."; 218 | IsServer = mem::in::scan(table[i].IsServerPattern, PATTERN_BYTES, mod.base, mod.end); 219 | printnullptr(hConsole, IsServer); 220 | std::cout << "Finding SetRefreshRate function..."; 221 | SetRefreshRate = (decltype(SetRefreshRate))(mem::in::scan(table[i].SetRefreshRatePattern, PATTERN_BYTES, mod.base, mod.end)); 222 | printnullptr(hConsole, (void *)SetRefreshRate); 223 | if (UpdateData == (mem_voidptr_t)MEM_BAD || GetBlockWidth == (mem_voidptr_t)MEM_BAD || IsServer == (mem_voidptr_t)MEM_BAD || GetBlockColors == (mem_voidptr_t)MEM_BAD || SetBlockData == (mem_voidptr_t)MEM_BAD || SetRefreshRate == (mem_voidptr_t)MEM_BAD) 224 | { 225 | //break if all tables have been checked 226 | if (i == (sizeof(table) / sizeof(table[0])) - 1) 227 | { 228 | break; 229 | } 230 | else 231 | { 232 | SetConsoleTextAttribute(hConsole, 12); 233 | std::cout << "One or more functions were not found, attempting alternative table" << std::endl; 234 | SetConsoleTextAttribute(hConsole, 7); 235 | } 236 | } 237 | else 238 | { 239 | break; 240 | } 241 | } 242 | if (UpdateData == (mem_voidptr_t)MEM_BAD || GetBlockWidth == (mem_voidptr_t)MEM_BAD || IsServer == (mem_voidptr_t)MEM_BAD || GetBlockColors == (mem_voidptr_t)MEM_BAD || SetBlockData == (mem_voidptr_t)MEM_BAD || SetRefreshRate == (mem_voidptr_t)MEM_BAD) 243 | { 244 | SetConsoleTextAttribute(hConsole, 12); 245 | std::cout << "One or more functions were not found, waiting for exit" << std::endl; 246 | SetConsoleTextAttribute(hConsole, 7); 247 | return 0; 248 | } 249 | GetModuleFileNameW((HMODULE)dllHandle, dllDir, sizeof(dllDir)); //popluate the dllDir path 250 | wcsncpy(configpath, dllDir, MAX_PATH); 251 | wcsncat(configpath, config, MAX_PATH); 252 | //Read the JSON file for the config 253 | char *fileptr; 254 | HANDLE hFile = CreateFileW(configpath, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); 255 | if (hFile != INVALID_HANDLE_VALUE) 256 | { 257 | int filesize = GetFileSize(hFile, NULL); 258 | fileptr = (char *)malloc(filesize); 259 | DWORD readfilesize; 260 | if (ReadFile(hFile, fileptr, filesize, &readfilesize, NULL)) 261 | { 262 | Document configs; 263 | if (configs.Parse(fileptr).HasParseError()) 264 | { 265 | SetConsoleTextAttribute(hConsole, 12); 266 | std::cout << "config parsing error has occured, falling back to default values" << std::endl; 267 | SetConsoleTextAttribute(hConsole, 7); 268 | fakeCores = 1024; 269 | blockWidth = 47; 270 | modifedTime = 50; 271 | } 272 | else 273 | { 274 | fakeCores = configs["fake_cpu_count"].GetInt(); 275 | blockWidth = configs["block_width"].GetInt(); 276 | modifedTime = configs["modifed_time"].GetInt(); 277 | } 278 | if (fakeCores > 65535) 279 | { 280 | fakeCores = 65535; 281 | } 282 | else if (fakeCores < 64) 283 | { 284 | fakeCores = 64; 285 | } 286 | 287 | if (blockWidth < 1) 288 | { 289 | blockWidth = 1; 290 | } 291 | 292 | if (modifedTime < 1) 293 | { 294 | modifedTime = actualTime; 295 | } 296 | free(fileptr); 297 | fileptr = NULL; 298 | } 299 | else 300 | { 301 | SetConsoleTextAttribute(hConsole, 12); 302 | std::cout << "cannot read file, waiting for exit" << std::endl; 303 | SetConsoleTextAttribute(hConsole, 7); 304 | return 0; 305 | } 306 | } 307 | else 308 | { 309 | SetConsoleTextAttribute(hConsole, 12); 310 | std::cout << "config file not found, waiting for exit" << std::endl; 311 | SetConsoleTextAttribute(hConsole, 7); 312 | return 0; 313 | } 314 | if (fileptr != NULL) 315 | { 316 | free(fileptr); 317 | } 318 | CloseHandle(hFile); 319 | std::cout << "Fake core count: " << fakeCores << std::endl; 320 | std::cout << "Block width: " << blockWidth << std::endl; 321 | std::cout << "Modified Time: " << modifedTime << "ms" << std::endl; 322 | //Gateway is NOT used! IsServer might be problamatic 323 | mem::in::detour_trampoline(UpdateData, (void *)UpdateDataHook, mem::in::detour_size(MEM_ASM_x86_JMP64), MEM_ASM_x86_JMP64); 324 | mem::in::detour_trampoline(IsServer, (void *)IsServerHook, mem::in::detour_size(MEM_ASM_x86_JMP64), MEM_ASM_x86_JMP64); 325 | mem::in::detour_trampoline(GetBlockWidth, (void *)GetBlockWidthHook, mem::in::detour_size(MEM_ASM_x86_JMP64), MEM_ASM_x86_JMP64); 326 | SetRefreshRateOrig = (SetRefreshRateOrig_t)mem::in::detour_trampoline(SetRefreshRate, (void *)SetRefreshRateHook, mem::in::detour_size(MEM_ASM_x86_JMP64) + 2, MEM_ASM_x86_JMP64); 327 | std::cout << "Waiting for GlobalSettings to populate..."; 328 | while (GlobalSettings == (mem_voidptr_t)MEM_BAD) 329 | { 330 | }; 331 | printDone(hConsole); 332 | std::cout << "Altering CPU count..."; 333 | //Cast it as a unsigned short since the CPU 'settings' expects two bytes 334 | unsigned short *cpu_count = (unsigned short *)((char *)GlobalSettings + GLOBAL_SETTINGS_CPU_OFFSET); 335 | *cpu_count = fakeCores; 336 | printDone(hConsole); 337 | std::cout << "Scanning bitmaps and loading in memory..." << std::endl; 338 | memcpy(bitmapDir, dllDir, sizeof(dllDir)); 339 | wcsncat(bitmapDir, frame, MAX_PATH); 340 | std::wcout << "Bitmap scan at: " << bitmapDir << std::endl; 341 | HANDLE hFind = FindFirstFileW(bitmapDir, &data); 342 | if (hFind != INVALID_HANDLE_VALUE) 343 | { 344 | wchar_t files[MAX_PATH]; 345 | HDC hdc; 346 | COLORREF col; 347 | HBITMAP oldbitmap; 348 | BITMAP bm = {0}; 349 | int allocate = 0; 350 | int average = 0; 351 | int byte = 0; 352 | std::vector bitmaps; 353 | do 354 | { 355 | //TODO: Fix this bodge 356 | swprintf_s(files, MAX_PATH, L"%s\\..\\frames\\%s", dllDir, data.cFileName); 357 | HBITMAP hBitMap = (HBITMAP)::LoadImageW(NULL, files, IMAGE_BITMAP, 0, 0, LR_LOADFROMFILE); 358 | GetObject(hBitMap, sizeof(bm), &bm); 359 | SetConsoleTextAttribute(hConsole, 11); 360 | std::wcout << L"Loading: " << data.cFileName << L" Size W:" << bm.bmWidth << L" L:" << bm.bmHeight << std::endl; 361 | SetConsoleTextAttribute(hConsole, 7); 362 | bitmaps.push_back(data.cFileName); 363 | allocate += bm.bmWidth * bm.bmHeight; 364 | } while (FindNextFileW(hFind, &data)); 365 | FindClose(hFind); 366 | std::cout << "Sorting bitmaps..."; 367 | std::sort(bitmaps.begin(), bitmaps.end(), compareFunction); 368 | printDone(hConsole); 369 | std::cout << "Total bitmaps: " << bitmaps.size() << std::endl; 370 | std::cout << "Occupying " << allocate << " bytes..."; 371 | bitmapPixels = (char *)malloc(allocate); 372 | if (bitmapPixels == (mem_voidptr_t)MEM_BAD) 373 | { 374 | printFail(hConsole); 375 | SetConsoleTextAttribute(hConsole, 12); 376 | std::cout << "malloc failed! waiting for exit" << std::endl; 377 | SetConsoleTextAttribute(hConsole, 7); 378 | return 0; 379 | } 380 | else 381 | { 382 | printDone(hConsole); 383 | } 384 | std::cout << "Processing region " << std::endl; 385 | for (std::wstring &s : bitmaps) 386 | { 387 | //how dare thy repeat code like this! 388 | //will fix later calm down 389 | //TODO: Fix this bodge 390 | swprintf_s(files, L"%s\\..\\frames\\%s", dllDir, s.c_str()); 391 | HBITMAP hBitMap = (HBITMAP)::LoadImageW(NULL, files, IMAGE_BITMAP, 0, 0, LR_LOADFROMFILE); 392 | GetObject(hBitMap, sizeof(bm), &bm); 393 | hdc = CreateCompatibleDC(NULL); 394 | oldbitmap = (HBITMAP)SelectObject(hdc, hBitMap); 395 | for (int y = 0; y < bm.bmHeight; y++) 396 | { 397 | for (int x = 0; x < bm.bmWidth; x++) 398 | { 399 | //TODO: avoid this 400 | col = GetPixel(hdc, x, y); 401 | average = ((GetRValue(col) + GetGValue(col) + GetBValue(col)) / 3); 402 | *(bitmapPixels + byte) = (char)map(average, 255, 0, 0, 100); 403 | byte++; 404 | } 405 | } 406 | // Clean up 407 | SelectObject(hdc, oldbitmap); 408 | DeleteDC(hdc); 409 | frames++; 410 | std::cout << "\r" << frames << "/" << bitmaps.size(); 411 | } 412 | } 413 | std::cout << std::endl; 414 | if (frames > 0) 415 | { 416 | SetConsoleTextAttribute(hConsole, 11); 417 | std::cout << "Found frames: " << frames << std::endl; 418 | SetConsoleTextAttribute(hConsole, 7); 419 | } 420 | else 421 | { 422 | SetConsoleTextAttribute(hConsole, 12); 423 | std::cout << "No frames found, waiting for exit" << std::endl; 424 | return 0; 425 | } 426 | 427 | std::cout << "Waiting for handler to populate{Switch over to the performance tab}..."; 428 | while (handler == (mem_voidptr_t)MEM_BAD) 429 | { 430 | }; 431 | printDone(hConsole); 432 | SetConsoleTextAttribute(hConsole, 10); 433 | std::cout << "Loaded sucessfully" << std::endl; 434 | 435 | SetConsoleTextAttribute(hConsole, 6); 436 | std::cout << "Press 'h' to see help" << std::endl; 437 | SetConsoleTextAttribute(hConsole, 7); 438 | while (true) 439 | { 440 | 441 | switch (getch()) 442 | { 443 | case ('H'): 444 | case ('h'): 445 | std::cout << "--------------------------" << std::endl; 446 | std::cout << "Key - Description" << std::endl; 447 | std::cout << "H - View this help screen" << std::endl; 448 | std::cout << "I- View current values" << std::endl; 449 | std::cout << "D - Increment BlockWidth" << std::endl; 450 | std::cout << "A - Decrement BlockWidth" << std::endl; 451 | std::cout << "O - Play frame" << std::endl; 452 | std::cout << "P - Pause frame" << std::endl; 453 | std::cout << "W - Increment frame" << std::endl; 454 | std::cout << "S- Decrement frame" << std::endl; 455 | std::cout << "--------------------------" << std::endl; 456 | break; 457 | case ('D'): 458 | case ('d'): 459 | blockWidth++; 460 | if (blockWidth <= 1) 461 | { 462 | blockWidth = 1; 463 | } 464 | std::cout << "--------------------------" << std::endl; 465 | std::cout << "Current Block Width:" << blockWidth << std::endl; 466 | std::cout << "--------------------------" << std::endl; 467 | break; 468 | case ('A'): 469 | case ('a'): 470 | blockWidth--; 471 | if (blockWidth <= 1) 472 | { 473 | blockWidth = 1; 474 | } 475 | std::cout << "--------------------------" << std::endl; 476 | std::cout << "Current Block Width:" << blockWidth << std::endl; 477 | std::cout << "--------------------------" << std::endl; 478 | break; 479 | case ('I'): 480 | case ('i'): 481 | std::cout << "--------------------------" << std::endl; 482 | std::cout << "Current Block Width:" << blockWidth << std::endl; 483 | std::cout << "Current frame:" << currentFrame << std::endl; 484 | std::cout << "--------------------------" << std::endl; 485 | break; 486 | case ('O'): 487 | case ('o'): 488 | commandFrame = 0; 489 | std::cout << "--------------------------" << std::endl; 490 | std::cout << "Playing Frames" << std::endl; 491 | std::cout << "--------------------------" << std::endl; 492 | break; 493 | case ('P'): 494 | case ('p'): 495 | commandFrame = 1; 496 | std::cout << "--------------------------" << std::endl; 497 | std::cout << "Pausing Frames" << std::endl; 498 | std::cout << "--------------------------" << std::endl; 499 | break; 500 | 501 | case ('W'): 502 | case ('w'): 503 | currentFrame++; 504 | if (currentFrame >= frames) 505 | { 506 | currentFrame = frames - 1; 507 | } 508 | std::cout << "--------------------------" << std::endl; 509 | std::cout << "Current frame:" << currentFrame << std::endl; 510 | std::cout << "--------------------------" << std::endl; 511 | break; 512 | 513 | case ('S'): 514 | case ('s'): 515 | currentFrame--; 516 | if (currentFrame <= 0) 517 | { 518 | currentFrame = 0; 519 | } 520 | std::cout << "--------------------------" << std::endl; 521 | std::cout << "Current frame:" << currentFrame << std::endl; 522 | std::cout << "--------------------------" << std::endl; 523 | break; 524 | default: 525 | std::cout << "Invalid keypress.Press 'h' to see help" << std::endl; 526 | break; 527 | } 528 | } 529 | return true; 530 | } 531 | extern "C" BOOL APIENTRY DllMain(HMODULE hModule, 532 | DWORD ul_reason_for_call, 533 | LPVOID lpReserved) 534 | 535 | { 536 | switch (ul_reason_for_call) 537 | { 538 | DWORD dwThreadId; 539 | case DLL_PROCESS_ATTACH: 540 | CreateThread(NULL, 0, attach, hModule, 0, &dwThreadId); 541 | break; 542 | case DLL_THREAD_ATTACH: 543 | break; 544 | case DLL_THREAD_DETACH: 545 | break; 546 | case DLL_PROCESS_DETACH: 547 | if (bitmapPixels != (char *)MEM_BAD) 548 | { 549 | free(bitmapPixels); 550 | } 551 | MessageBoxW(NULL, L"DLL exited successfully", L"Info", MB_ICONINFORMATION); 552 | break; 553 | } 554 | return TRUE; 555 | } -------------------------------------------------------------------------------- /src/dll/pattern.hpp: -------------------------------------------------------------------------------- 1 | #ifndef PATTERN_HPP 2 | #define PATTERN_HPP 3 | #define PATTERN_BYTES 40 4 | #include 5 | #include 6 | #include "libs/libmem/libmem/libmem.hpp" 7 | //these are the functions in taskmanager where the first 40 bytes are used as a lookup to find them in memory without using an offset 8 | struct LookupPatternTable 9 | { 10 | mem_byte_t UpdateDataPattern[PATTERN_BYTES]; //{__int64 __fastcall CpuHeatMap::UpdateData(CpuHeatMap *this)} 11 | mem_byte_t GetBlockWidthPattern[PATTERN_BYTES]; // {__int64 __fastcall CpuHeatMap::GetBlockWidth(CpuHeatMap *this)} 12 | mem_byte_t GetBlockColorsPattern[PATTERN_BYTES]; //{void __fastcall CpuHeatMap::GetBlockColors(CpuHeatMap *this, int a2, unsigned int *a3, unsigned int *a4)} 13 | mem_byte_t SetBlockDataPattern[PATTERN_BYTES]; //{__int64 __fastcall CpuHeatMap::SetBlockData(CpuHeatMap *this, unsigned int a2, const unsigned __int16 *a3, unsigned int a4, unsigned int a5)} 14 | mem_byte_t IsServerPattern[PATTERN_BYTES]; //{bool __fastcall RunTimeSettings::IsServer(RunTimeSettings *this)} 15 | mem_byte_t SetRefreshRatePattern[PATTERN_BYTES]; //{__int64 __fastcall TmTraceControl::SetRefreshRate(__int64 a1, UINT time)} 16 | std::string version; //verison of task manager running; can be found under the details of TaskMgr.exe. 17 | }; 18 | LookupPatternTable table[] = { 19 | {{0x48, 0x89, 0x5C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x55, 0x57, 0x41, 0x56, 0x48, 0x8D, 0x6C, 0x24, 0xC0, 0x48, 0x81, 0xEC, 0x40, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0x87, 0xD1, 0x04, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x45, 0x30}, 20 | {0x48, 0x83, 0xEC, 0x58, 0x48, 0x8B, 0x05, 0xA9, 0xDB, 0x04, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x44, 0x24, 0x48, 0x66, 0x0F, 0x6F, 0x05, 0x49, 0xC2, 0x02, 0x00, 0x66, 0x0F, 0x6F, 0x0D, 0x31, 0xC2, 0x02, 0x00, 0x8B, 0x05, 0x23, 0x09, 0x05}, 21 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x74, 0x24, 0x10, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x65, 0x48, 0x8B, 0x04, 0x25, 0x58, 0x00, 0x00, 0x00, 0x8B, 0xDA, 0xBA, 0x04, 0x00, 0x00, 0x00, 0x49, 0x8B, 0xF9, 0x49, 0x8B, 0xF0, 0x48, 0x8B, 0x08}, 22 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83, 0xEC, 0x30, 0x48, 0x8B, 0x41, 0x28, 0x48, 0x8B, 0xF9, 0x44, 0x8B, 0xDA, 0x41, 0x8B, 0xE9, 0x8B, 0xF2, 0x4D}, 23 | {0x40, 0x53, 0x48, 0x81, 0xEC, 0x60, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0xB4, 0xDB, 0x0F, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x84, 0x24, 0x50, 0x01, 0x00, 0x00, 0x83, 0xB9, 0x2C, 0x09, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xD9, 0x74, 0x24, 0x83}, 24 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0x15, 0x2E, 0x9E, 0x0B, 0x00, 0x48, 0x8B, 0xE9, 0x48, 0x8B, 0x59, 0x60, 0x8B, 0xFA, 0x48, 0x8B, 0xCB, 0x33, 0xF6}, 25 | "10.0.19041.844"}, 26 | {{0x48, 0x89, 0x5C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x55, 0x57, 0x41, 0x56, 0x48, 0x8D, 0x6C, 0x24, 0xC0, 0x48, 0x81, 0xEC, 0x40, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0xB7, 0xD4, 0x04, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x45, 0x30}, 27 | {0x48, 0x83, 0xEC, 0x58, 0x48, 0x8B, 0x05, 0xD9, 0xDE, 0x04, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x44, 0x24, 0x48, 0x66, 0x0F, 0x6F, 0x05, 0x99, 0xC5, 0x02, 0x00, 0x66, 0x0F, 0x6F, 0x0D, 0x81, 0xC5, 0x02, 0x00, 0x8B, 0x05, 0x53, 0x0C, 0x05}, 28 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x74, 0x24, 0x10, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x65, 0x48, 0x8B, 0x04, 0x25, 0x58, 0x00, 0x00, 0x00, 0x8B, 0xDA, 0xBA, 0x04, 0x00, 0x00, 0x00, 0x49, 0x8B, 0xF9, 0x49, 0x8B, 0xF0, 0x48, 0x8B, 0x08}, 29 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83, 0xEC, 0x30, 0x48, 0x8B, 0x41, 0x28, 0x48, 0x8B, 0xF9, 0x44, 0x8B, 0xDA, 0x41, 0x8B, 0xE9, 0x8B, 0xF2, 0x4D}, 30 | {0x40, 0x53, 0x48, 0x81, 0xEC, 0x60, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0xB4, 0xDB, 0x0F, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x84, 0x24, 0x50, 0x01, 0x00, 0x00, 0x83, 0xB9, 0x2C, 0x09, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xD9, 0x74, 0x24, 0x83}, 31 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0x15, 0x1E, 0xA1, 0x0B, 0x00, 0x48, 0x8B, 0xE9, 0x48, 0x8B, 0x59, 0x60, 0x8B, 0xFA, 0x48, 0x8B, 0xCB, 0x33, 0xF6}, 32 | "10.0.19041.746"}, 33 | {{0x48, 0x89, 0x5C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x55, 0x57, 0x41, 0x56, 0x48, 0x8D, 0x6C, 0x24, 0xC0, 0x48, 0x81, 0xEC, 0x40, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0x37, 0xB5, 0x04, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x45, 0x30}, 34 | {0x48, 0x83, 0xEC, 0x58, 0x48, 0x8B, 0x05, 0x69, 0xBE, 0x04, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x44, 0x24, 0x48, 0x66, 0x0F, 0x6F, 0x05, 0xC9, 0xF4, 0x02, 0x00, 0x66, 0x0F, 0x6F, 0x0D, 0xB1, 0xF4, 0x02, 0x00, 0x8B, 0x05, 0x8B, 0xEB, 0x04}, 35 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x74, 0x24, 0x10, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x65, 0x48, 0x8B, 0x04, 0x25, 0x58, 0x00, 0x00, 0x00, 0x8B, 0xDA, 0xBA, 0x04, 0x00, 0x00, 0x00, 0x49, 0x8B, 0xF9, 0x49, 0x8B, 0xF0, 0x48, 0x8B, 0x08}, 36 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83, 0xEC, 0x30, 0x48, 0x8B, 0x41, 0x28, 0x48, 0x8B, 0xF9, 0x8B, 0xF2, 0x41, 0x8B, 0xE9, 0x44, 0x8B, 0xDA, 0x4D}, 37 | {0x40, 0x53, 0x48, 0x81, 0xEC, 0x60, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0x4C, 0x9D, 0x0E, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x84, 0x24, 0x50, 0x01, 0x00, 0x00, 0x83, 0xB9, 0x2C, 0x09, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xD9, 0x0F, 0x85, 0x83}, 38 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0x15, 0xF6, 0x81, 0x0B, 0x00, 0x48, 0x8B, 0xE9, 0x48, 0x8B, 0x59, 0x60, 0x8B, 0xFA, 0x48, 0x8B, 0xCB, 0x33, 0xF6}, 39 | "10.0.18362.1316"}, 40 | {{0x48, 0x89, 0x5C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x55, 0x57, 0x41, 0x56, 0x48, 0x8D, 0x6C, 0x24, 0xC0, 0x48, 0x81, 0xEC, 0x40, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0x87, 0xB4, 0x04, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x45, 0x30}, 41 | {0x48, 0x83, 0xEC, 0x58, 0x48, 0x8B, 0x05, 0xB9, 0xBD, 0x04, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x44, 0x24, 0x48, 0x66, 0x0F, 0x6F, 0x05, 0xA9, 0xF5, 0x02, 0x00, 0x66, 0x0F, 0x6F, 0x0D, 0x91, 0xF5, 0x02, 0x00, 0x8B, 0x05, 0xDB, 0xEA, 0x04}, 42 | {0x40, 0x53, 0x48, 0x81, 0xEC, 0x60, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0x4C, 0xAD, 0x0E, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x84, 0x24, 0x50, 0x01, 0x00, 0x00, 0x83, 0xB9, 0x2C, 0x09, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xD9, 0x0F, 0x85, 0x83}, 43 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83, 0xEC, 0x30, 0x48, 0x8B, 0x41, 0x28, 0x48, 0x8B, 0xF9, 0x8B, 0xF2, 0x41, 0x8B, 0xE9, 0x44, 0x8B, 0xDA, 0x4D}, 44 | {0x40, 0x53, 0x48, 0x81, 0xEC, 0x60, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0x4C, 0xAD, 0x0E, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x84, 0x24, 0x50, 0x01, 0x00, 0x00, 0x83, 0xB9, 0x2C, 0x09, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xD9, 0x0F, 0x85, 0x83}, 45 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0x15, 0x96, 0x87, 0x0B, 0x00, 0x48, 0x8B, 0xE9, 0x48, 0x8B, 0x59, 0x60, 0x8B, 0xFA, 0x48, 0x8B, 0xCB, 0x33, 0xF6}, 46 | "10.0.18362.1 - UNTESTED"}, 47 | {{0x48, 0x89, 0x5C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x55, 0x57, 0x41, 0x56, 0x48, 0x8D, 0x6C, 0x24, 0xC0, 0x48, 0x81, 0xEC, 0x40, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0xB7, 0x28, 0x06, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x45, 0x30}, 48 | {0x48, 0x83, 0xEC, 0x58, 0x48, 0x8B, 0x05, 0xA5, 0x32, 0x06, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x44, 0x24, 0x48, 0x66, 0x0F, 0x6F, 0x05, 0x75, 0x99, 0x03, 0x00, 0x66, 0x0F, 0x6F, 0x0D, 0x5D, 0x99, 0x03, 0x00, 0x8B, 0x05, 0x2F, 0x61, 0x06}, 49 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x74, 0x24, 0x10, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x65, 0x48, 0x8B, 0x04, 0x25, 0x58, 0x00, 0x00, 0x00, 0x8B, 0xDA, 0xBA, 0x04, 0x00, 0x00, 0x00, 0x49, 0x8B, 0xF9, 0x49, 0x8B, 0xF0, 0x48, 0x8B, 0x08}, 50 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83, 0xEC, 0x30, 0x48, 0x8B, 0x41, 0x28, 0x48, 0x8B, 0xF9, 0x44, 0x8B, 0xDA, 0x41, 0x8B, 0xE9, 0x8B, 0xF2, 0x4D}, 51 | {0x40, 0x53, 0x48, 0x81, 0xEC, 0x60, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0x28, 0x0C, 0x13, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x84, 0x24, 0x50, 0x01, 0x00, 0x00, 0x83, 0xB9, 0x2C, 0x09, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xD9, 0x74, 0x24, 0x83}, 52 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x48, 0x63, 0xFA, 0x48, 0x8B, 0xE9, 0x89, 0x3D, 0x88, 0xFD, 0x0B, 0x00, 0x33, 0xF6, 0xE8, 0xCD, 0x4F, 0xFA, 0xFF, 0x4C}, 53 | "10.0.22000.1"}, 54 | {{0x48, 0x89, 0x5C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x55, 0x57, 0x41, 0x56, 0x48, 0x8D, 0x6C, 0x24, 0xC0, 0x48, 0x81, 0xEC, 0x40, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0xB7, 0xD6, 0x04, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x45, 0x30}, 55 | {0x48, 0x83, 0xEC, 0x58, 0x48, 0x8B, 0x05, 0xD9, 0xE0, 0x04, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x44, 0x24, 0x48, 0x66, 0x0F, 0x6F, 0x05, 0x99, 0xC6, 0x02, 0x00, 0x66, 0x0F, 0x6F, 0x0D, 0x81, 0xC6, 0x02, 0x00, 0x8B, 0x05, 0x53, 0x0E, 0x05}, 56 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x74, 0x24, 0x10, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x65, 0x48, 0x8B, 0x04, 0x25, 0x58, 0x00, 0x00, 0x00, 0x8B, 0xDA, 0xBA, 0x04, 0x00, 0x00, 0x00, 0x49, 0x8B, 0xF9, 0x49, 0x8B, 0xF0, 0x48, 0x8B, 0x08}, 57 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83, 0xEC, 0x30, 0x48, 0x8B, 0x41, 0x28, 0x48, 0x8B, 0xF9, 0x44, 0x8B, 0xDA, 0x41, 0x8B, 0xE9, 0x8B, 0xF2, 0x4D}, 58 | {0x40, 0x53, 0x48, 0x81, 0xEC, 0x60, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0xB4, 0xDC, 0x0F, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x84, 0x24, 0x50, 0x01, 0x00, 0x00, 0x83, 0xB9, 0x2C, 0x09, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xD9, 0x74, 0x24, 0x83}, 59 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0x15, 0x7E, 0xA2, 0x0B, 0x00, 0x48, 0x8B, 0xE9, 0x48, 0x8B, 0x59, 0x60, 0x8B, 0xFA, 0x48, 0x8B, 0xCB, 0x33, 0xF6}, 60 | "10.0.19041.84"}, 61 | {{0x48, 0x89, 0x5C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x55, 0x57, 0x41, 0x56, 0x48, 0x8D, 0x6C, 0x24, 0xC0, 0x48, 0x81, 0xEC, 0x40, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0x97, 0xD4, 0x04, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x45, 0x30}, 62 | {0x48, 0x83, 0xEC, 0x58, 0x48, 0x8B, 0x05, 0xB9, 0xDE, 0x04, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x44, 0x24, 0x48, 0x66, 0x0F, 0x6F, 0x05, 0x69, 0xC5, 0x02, 0x00, 0x66, 0x0F, 0x6F, 0x0D, 0x51, 0xC5, 0x02, 0x00, 0x8B, 0x05, 0x33, 0x0C, 0x05}, 63 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x74, 0x24, 0x10, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x65, 0x48, 0x8B, 0x04, 0x25, 0x58, 0x00, 0x00, 0x00, 0x8B, 0xDA, 0xBA, 0x04, 0x00, 0x00, 0x00, 0x49, 0x8B, 0xF9, 0x49, 0x8B, 0xF0, 0x48, 0x8B, 0x08}, 64 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83, 0xEC, 0x30, 0x48, 0x8B, 0x41, 0x28, 0x48, 0x8B, 0xF9, 0x44, 0x8B, 0xDA, 0x41, 0x8B, 0xE9, 0x8B, 0xF2, 0x4D}, 65 | {0x40, 0x53, 0x48, 0x81, 0xEC, 0x60, 0x01, 0x00, 0x00, 0x48, 0x8B, 0x05, 0xB4, 0xDB, 0x0F, 0x00, 0x48, 0x33, 0xC4, 0x48, 0x89, 0x84, 0x24, 0x50, 0x01, 0x00, 0x00, 0x83, 0xB9, 0x2C, 0x09, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xD9, 0x74, 0x24, 0x83}, 66 | {0x48, 0x89, 0x5C, 0x24, 0x08, 0x48, 0x89, 0x6C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0x15, 0x1E, 0xA1, 0x0B, 0x00, 0x48, 0x8B, 0xE9, 0x48, 0x8B, 0x59, 0x60, 0x8B, 0xFA, 0x48, 0x8B, 0xCB, 0x33, 0xF6}, 67 | "10.0.19041.1202"}}; 68 | 69 | #endif -------------------------------------------------------------------------------- /src/injector/main.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | Written by: SaEeD 3 | Description: Injecting DLL to Target process using Process Id or Process name 4 | Repo: https://github.com/saeedirha/DLL-Injector 5 | */ 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | //Library needed by Linker to check file existance 14 | #pragma comment(lib, "Shlwapi.lib") 15 | 16 | using namespace std; 17 | 18 | int getProcID(const wstring &p_name); 19 | bool InjectDLL(const int &pid, const wstring &DLL_Path); 20 | void usage(); 21 | 22 | int main(int argc, char **argv) 23 | { 24 | wchar_t full_path[MAX_PATH]; 25 | _setmode(_fileno(stdout), _O_U16TEXT); 26 | GetFullPathNameW(L"dllmain.dll",MAX_PATH,full_path,NULL); 27 | if (PathFileExistsW(full_path) == FALSE) 28 | { 29 | cerr << "[!]DLL file does NOT exist!" << endl; 30 | system("pause"); 31 | return EXIT_FAILURE; 32 | } 33 | wcout << "[+]DLL Path: " << full_path << endl; 34 | InjectDLL(getProcID(L"Taskmgr.exe"), full_path); 35 | system("pause"); 36 | return EXIT_SUCCESS; 37 | } 38 | //----------------------------------------------------------- 39 | // Get Process ID by its name 40 | //----------------------------------------------------------- 41 | int getProcID(const wstring &p_name) 42 | { 43 | HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 44 | PROCESSENTRY32W structprocsnapshot = {0}; 45 | 46 | structprocsnapshot.dwSize = sizeof(PROCESSENTRY32W); 47 | 48 | if (snapshot == INVALID_HANDLE_VALUE) 49 | return 0; 50 | if (Process32FirstW(snapshot, &structprocsnapshot) == FALSE) 51 | return 0; 52 | while (Process32NextW(snapshot, &structprocsnapshot)) 53 | { 54 | if (!wcscmp(structprocsnapshot.szExeFile, p_name.c_str())) 55 | { 56 | CloseHandle(snapshot); 57 | wcout << L"[+]Process name is: " << p_name << L"\n[+]Process ID: " << structprocsnapshot.th32ProcessID << endl; 58 | return structprocsnapshot.th32ProcessID; 59 | } 60 | } 61 | CloseHandle(snapshot); 62 | cerr << "[!]Unable to find Process ID" << endl; 63 | return 0; 64 | } 65 | //----------------------------------------------------------- 66 | // Inject DLL to target process 67 | //----------------------------------------------------------- 68 | bool InjectDLL(const int &pid, const wstring &DLL_Path) 69 | { 70 | 71 | long dll_size = DLL_Path.size()*sizeof(wchar_t) + sizeof(wchar_t); 72 | HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); 73 | 74 | if (hProc == NULL) 75 | { 76 | cerr << "[!]Fail to open target process!" << endl; 77 | return false; 78 | } 79 | cout << "[+]Opening Target Process..." << endl; 80 | 81 | LPVOID MyAlloc = VirtualAllocEx(hProc, NULL, dll_size, MEM_COMMIT, PAGE_EXECUTE_READWRITE); 82 | if (MyAlloc == NULL) 83 | { 84 | cerr << "[!]Fail to allocate memory in Target Process." << endl; 85 | return false; 86 | } 87 | 88 | cout << "[+]Allocating memory in Target Process." << endl; 89 | int IsWriteOK = WriteProcessMemory(hProc, MyAlloc, DLL_Path.c_str(), dll_size, 0); 90 | if (IsWriteOK == 0) 91 | { 92 | cerr << "[!]Fail to write in Target Process memory." << endl; 93 | return false; 94 | } 95 | cout << "[+]Creating Remote Thread in Target Process" << endl; 96 | 97 | DWORD dWord; 98 | LPTHREAD_START_ROUTINE addrLoadLibrary = (LPTHREAD_START_ROUTINE)GetProcAddress(LoadLibraryW(L"kernel32"), "LoadLibraryW"); 99 | HANDLE ThreadReturn = CreateRemoteThread(hProc, NULL, 0, addrLoadLibrary, MyAlloc, 0, &dWord); 100 | if (ThreadReturn == NULL) 101 | { 102 | cerr << "[!]Fail to create Remote Thread" << endl; 103 | return false; 104 | } 105 | 106 | if ((hProc != NULL) && (MyAlloc != NULL) && (IsWriteOK != ERROR_INVALID_HANDLE) && (ThreadReturn != NULL)) 107 | { 108 | cout << "[+]DLL Successfully Injected :)" << endl; 109 | return true; 110 | } 111 | 112 | return false; 113 | } 114 | //----------------------------------------------------------- 115 | // Usage help 116 | //----------------------------------------------------------- 117 | void usage() 118 | { 119 | cout << "Usage: DLL_Injector.exe " << endl; 120 | } --------------------------------------------------------------------------------