Private Const PAGE_READWRITE As Long = &H4
Private Const MEM_RELEASE As Long = &H8000
Private Const MEM_COMMIT As Long = &H1000
Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Private Const SYNCHRONIZE As Long = &H100000
Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Private Const INFINITE As Long = &HFFFFFF
 
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
 
 
Public Function Inyecta(RutaDll As String, Pid As Long) As Integer
Dim proc As Long
Dim nload As Long
Dim rems As Long
Dim longi As Long
Dim RemThread As Long
Dim Tid As Long
 
On Error GoTo Error
proc = OpenProcess(PROCESS_ALL_ACCESS, False, Pid)
nload = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
rems = VirtualAllocEx(proc, 0, Len(RutaDll), MEM_COMMIT, PAGE_READWRITE)
WriteProcessMemory proc, ByVal rems, ByVal RutaDll, Len(RutaDll), longi
CreateRemoteThread proc, ByVal 0, 0, ByVal nload, ByVal rems, 0, Tid
WaitForSingleObject rems, INFINITE
CloseHandle proc
CloseHandle rems
Inyecta = 0
Exit Function
Error:
Inyecta = 1
End Function
 
'----------------------------------------------------------------------------------'
 
Private Sub Form_Load()
Dim ruta As Long
Dim resultado As Integer
 
ruta = Shell("notepad.exe")
resultado = Inyecta("C:\ladll.dll", ruta)
 
If resultado = 0 Then
MsgBox "Dll Inyectada con éxito!!!", , "Información"
Else
MsgBox "A ocurrido un error", vbCritical, "Información"
End If
End
End Sub

Procedure InjectDll(Dll:string);
var
   Thread,HandleWindow: THandle;
   DMod,Lib: Pointer;
   ThreadID,Written: Cardinal;
   WindowName,ProcessId: DWORD;
begin
   WindowName := FindWindow(nil, 'Tester');
   ThreadId := GetWindowThreadProcessId(WindowName, @ProcessId);
   HandleWindow := OpenProcess(PROCESS_ALL_ACCESS, False, ProcessId);
   Lib := GetProcAddress(GetModuleHandle(PChar('kernel32.dll')), PChar('LoadLibraryA'));
   DMod := VirtualAllocEx(HandleWindow, nil, Length(Dll) + 1, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
   if WriteProcessMemory(HandleWindow, DMod, @Dll[1>, Length(Dll), Written) then
   Thread := CreateRemoteThread(HandleWindow, nil, 0, Lib, DMod, 0, ThreadID);
   WaitForSingleObject(Thread, INFINITE);
   CloseHandle(HandleWindow);
   CloseHandle(Thread);
end;

.386
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
 
.const
ID_proceso EQU 2964   ;La ID del proceso q sea
 
.data
Kernel32 db "kernel32.dll", 0
LoadLibrary_nombre db "LoadLibraryA", 0
DLL db "C:\DLL.dll", 0
 
.data?
Proceso_ID DWORD ?
Proceso_handle DWORD ?
Kernel32_offset DWORD ?
LoadLibrary_offset DWORD ?
String DWORD ?
Proceso PROCESSENTRY32 <?>
 
.code
Start:
invoke GetModuleHandle, addr Kernel32
mov Kernel32_offset, eax
invoke GetProcAddress, Kernel32_offset, addr LoadLibrary_nombre
mov LoadLibrary_offset, eax
 
mov Proceso.dwSize, 296
invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, ID_proceso
mov Proceso_handle, eax
invoke VirtualAllocEx, Proceso_handle, NULL, 64, MEM_COMMIT + MEM_RESERVE, PAGE_READWRITE
mov String, eax
invoke WriteProcessMemory, Proceso_handle, String, addr DLL, 64, NULL
invoke CreateRemoteThread, Proceso_handle, NULL, NULL, LoadLibrary_offset, String, NULL, NULL
invoke CloseHandle, Proceso_handle
invoke ExitProcess, 0
End Start

#include <windows.h>
#include <tlhelp32.h>
#include <stdio.h>
 
typedef int (WINAPI *datMessageBoxA) (HWND, LPCTSTR, LPCTSTR, UINT);
 
struct datos
{
datMessageBoxA apiMessageBoxA;
char titulo [20];
char mensaje [20];
};
 
 
DWORD GetAdres(char *module, char *function);
 
DWORD inyectada (datos *data)
{
data -> apiMessageBoxA (0, data->mensaje, data->titulo, 0);
return 0;
}
 
void inyectora()
{
int pid;
HANDLE proc;
datos dat;
DWORD TamFun;
void* esp;
 
HANDLE handle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); 
PROCESSENTRY32 procinfo = { sizeof(PROCESSENTRY32) };
while(Process32Next(handle, &procinfo))
{
if(!strcmp(procinfo.szExeFile, "notepad.exe"))
{
CloseHandle(handle);
pid = procinfo.th32ProcessID;
}
}
CloseHandle(handle);
 
proc = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, false, pid);
 
dat.apiMessageBoxA = (datMessageBoxA) GetAdres ("USER32.DLL", "MessageBoxA");
 
sprintf(dat.mensaje,"holaaaaaa!!!");
sprintf(dat.titulo,"titulo!!!");
 
 
datos *dat_ = (datos*) VirtualAllocEx(proc, 0, sizeof(datos), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(proc, dat_, &dat, sizeof(datos), NULL);
 
TamFun = (long unsigned int) inyectora - (long unsigned int)inyectada;
 
esp = VirtualAllocEx(proc, 0, TamFun, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(proc, esp, (void*)inyectada, TamFun, NULL);
CreateRemoteThread(proc, NULL, 0, (LPTHREAD_START_ROUTINE) esp, dat_, 0, NULL);
}
 
void main()
{
inyectora();
}
 
DWORD GetAdres(char *module, char *function)
{
HMODULE dh = LoadLibrary(module);
DWORD pf = (DWORD)GetProcAddress(dh,function);
FreeLibrary(dh);
return pf;
}