mirror of
https://github.com/Auties00/Reboot-Launcher.git
synced 2026-01-13 11:12:23 +01:00
92 lines
2.2 KiB
Dart
92 lines
2.2 KiB
Dart
// ignore_for_file: non_constant_identifier_names
|
|
|
|
import 'dart:ffi';
|
|
|
|
import 'package:win32/win32.dart';
|
|
import 'package:ffi/ffi.dart';
|
|
|
|
final _kernel32 = DynamicLibrary.open('kernel32.dll');
|
|
final _CreateRemoteThread = _kernel32.lookupFunction<
|
|
IntPtr Function(
|
|
IntPtr hProcess,
|
|
Pointer<SECURITY_ATTRIBUTES> lpThreadAttributes,
|
|
IntPtr dwStackSize,
|
|
Pointer loadLibraryAddress,
|
|
Pointer lpParameter,
|
|
Uint32 dwCreationFlags,
|
|
Pointer<Uint32> lpThreadId),
|
|
int Function(
|
|
int hProcess,
|
|
Pointer<SECURITY_ATTRIBUTES> lpThreadAttributes,
|
|
int dwStackSize,
|
|
Pointer loadLibraryAddress,
|
|
Pointer lpParameter,
|
|
int dwCreationFlags,
|
|
Pointer<Uint32> lpThreadId)>('CreateRemoteThread');
|
|
int CreateRemoteThread(
|
|
int hProcess,
|
|
Pointer<SECURITY_ATTRIBUTES> lpThreadAttributes,
|
|
int dwStackSize,
|
|
Pointer loadLibraryAddress,
|
|
Pointer lpParameter,
|
|
int dwCreationFlags,
|
|
Pointer<Uint32> lpThreadId) =>
|
|
_CreateRemoteThread(hProcess, lpThreadAttributes, dwStackSize,
|
|
loadLibraryAddress, lpParameter, dwCreationFlags, lpThreadId);
|
|
|
|
Future<void> injectDll(int pid, String dll) async {
|
|
var process = OpenProcess(
|
|
0x43A,
|
|
0,
|
|
pid
|
|
);
|
|
|
|
var processAddress = GetProcAddress(
|
|
GetModuleHandle("KERNEL32".toNativeUtf16()),
|
|
"LoadLibraryA".toNativeUtf8()
|
|
);
|
|
|
|
if (processAddress == nullptr) {
|
|
throw Exception("Cannot get process address for pid $pid");
|
|
}
|
|
|
|
var dllAddress = VirtualAllocEx(
|
|
process,
|
|
nullptr,
|
|
dll.length + 1,
|
|
0x3000,
|
|
0x4
|
|
);
|
|
|
|
var writeMemoryResult = WriteProcessMemory(
|
|
process,
|
|
dllAddress,
|
|
dll.toNativeUtf8(),
|
|
dll.length,
|
|
nullptr
|
|
);
|
|
|
|
if (writeMemoryResult != 1) {
|
|
throw Exception("Memory write failed");
|
|
}
|
|
|
|
var createThreadResult = CreateRemoteThread(
|
|
process,
|
|
nullptr,
|
|
0,
|
|
processAddress,
|
|
dllAddress,
|
|
0,
|
|
nullptr
|
|
);
|
|
|
|
if (createThreadResult == -1) {
|
|
throw Exception("Thread creation failed");
|
|
}
|
|
|
|
var closeResult = CloseHandle(process);
|
|
if(closeResult != 1){
|
|
throw Exception("Cannot close handle");
|
|
}
|
|
}
|