the abomination you are looking at here is my first project in the realm of malware development, and the first C program that i have ever written without having a guide up on my other monitor. not saying i did not consult external sources, but i tried my best to not just "code along".
This program will serve as a base for other programs that i want to write, and the more techniques i learn, the more this program will change. for example: the next planned evolution for this thing is rewriting it to work with the ntapi instead of the win32 api. naturally other minor improvements will be made along the way as i learn more about C and low level programming in general.
if anyone actually decides to read this at some point, i really want to hear your feedback. flame me even, i want to know where i can improve and what i need to focus on learning next.
ps. when i rewrite this thing to use the NTAPI, i will include my header file so others can use it, since i couldn't find any online (there is a chance that i just didn't look hard enough though).
this program injects a binary payload into a given process, identified by its (you guessed it) Process ID which needs to be passed to the program as an argument. quick rundown of how the program functions:
- open a handle to the provided process using the PID (with all_access, i know it's a huge red flag but i thought it was good enough for a demonstration)
- open a handle to wininet
- open a handle with the URL of the specified payload
- allocate memory for a temporary buffer (1024 bytes)
- read the payload
- save read data to the temporary buffer (max of 1024 bytes)
- record the amount of bytes read
- set size value for the final buffer
- allocate memory for the final buffer, the amount of memory allocated to the final buffer is determined by the amount of bytes read by InternetReadFile()
- write contents of the temporary buffer to the final buffer
- copy the final payload buffer to a new variable *
- copy the size of the payload buffer to a new variable as well *
- clean up
- allocate memory in the memory space of the specified process
- write the payload to the previously allocated memory
- create a thread to run the payload
- wait until created thread completes execution
- clean up and exit
to be able to compile this you will need to add wininet.lib to your build configuration:
- open your solution's properties
- go to Linker -> input
- append this
;wininet.libto the end of theAdditional Dependenciesfield
this lets the application build properly, though who knows maybe it's included in the .sln file and this works as long as you clone this repo. Visual Studio is weird.
discord: notsido
telegram: notsido
you can shit on my shitty programming skills here