// inject.cpp — load leakfix.dll into a running acclient.exe PID. // // Usage: inject.exe // // Mechanism: OpenProcess + VirtualAllocEx + WriteProcessMemory + // CreateRemoteThread(LoadLibraryA). Standard Win32 DLL injection. #include #include #include #include int main(int argc, char** argv) { if (argc != 3) { std::printf("usage: %s \n", argv[0]); return 1; } DWORD pid = (DWORD)std::strtoul(argv[1], nullptr, 10); const char* dll = argv[2]; HANDLE h = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, pid); if (!h) { std::printf("OpenProcess(%lu) failed err=%lu\n", pid, GetLastError()); return 2; } size_t path_len = std::strlen(dll) + 1; void* remote = VirtualAllocEx(h, nullptr, path_len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); if (!remote) { std::printf("VirtualAllocEx failed err=%lu\n", GetLastError()); CloseHandle(h); return 3; } SIZE_T written = 0; if (!WriteProcessMemory(h, remote, dll, path_len, &written)) { std::printf("WriteProcessMemory failed err=%lu\n", GetLastError()); VirtualFreeEx(h, remote, 0, MEM_RELEASE); CloseHandle(h); return 4; } HMODULE k32 = GetModuleHandleA("kernel32.dll"); LPTHREAD_START_ROUTINE loadlib = (LPTHREAD_START_ROUTINE)GetProcAddress(k32, "LoadLibraryA"); if (!loadlib) { std::printf("GetProcAddress(LoadLibraryA) failed err=%lu\n", GetLastError()); VirtualFreeEx(h, remote, 0, MEM_RELEASE); CloseHandle(h); return 5; } DWORD tid = 0; HANDLE thr = CreateRemoteThread(h, nullptr, 0, loadlib, remote, 0, &tid); if (!thr) { std::printf("CreateRemoteThread failed err=%lu\n", GetLastError()); VirtualFreeEx(h, remote, 0, MEM_RELEASE); CloseHandle(h); return 6; } std::printf("injected; remote tid=%lu, waiting for LoadLibraryA to return...\n", tid); WaitForSingleObject(thr, 30000); DWORD exit_code = 0; GetExitCodeThread(thr, &exit_code); std::printf("LoadLibraryA returned 0x%08lx (non-zero = HMODULE)\n", exit_code); CloseHandle(thr); VirtualFreeEx(h, remote, 0, MEM_RELEASE); CloseHandle(h); return exit_code ? 0 : 7; }