From 4d8617022230198d737c589bb92647941974e5b0 Mon Sep 17 00:00:00 2001
From: Jake <newgmobile@gmail.com>
Date: Wed, 22 Dec 2021 13:18:21 -0500
Subject: [PATCH] added some injection methods

added NtCreateThreadEx and LoadLibrary options to InjectDll. UNTESTED
---
 Memory/Structures/Imports.cs | 35 +++++++++++++++++++++++++++++++++++
 Memory/memory.cs             | 20 +++++++++++++++-----
 2 files changed, 50 insertions(+), 5 deletions(-)

diff --git a/Memory/Structures/Imports.cs b/Memory/Structures/Imports.cs
index b46050f..06e96ba 100644
--- a/Memory/Structures/Imports.cs
+++ b/Memory/Structures/Imports.cs
@@ -177,6 +177,25 @@ out IntPtr lpThreadId
         [DllImport("kernel32", SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)]
         static extern bool Process32Next([In] IntPtr hSnapshot, ref PROCESSENTRY32 lppe);
 
+        /*
+         typedef NTSTATUS (WINAPI *LPFUN_NtCreateThreadEx)
+            (
+              OUT PHANDLE hThread,
+              IN ACCESS_MASK DesiredAccess,
+              IN LPVOID ObjectAttributes,
+              IN HANDLE ProcessHandle,
+              IN LPTHREAD_START_ROUTINE lpStartAddress,
+              IN LPVOID lpParameter,
+              IN BOOL CreateSuspended,
+              IN ULONG StackZeroBits,
+              IN ULONG SizeOfStackCommit,
+              IN ULONG SizeOfStackReserve,
+              OUT LPVOID lpBytesBuffer
+            );
+         */
+        [DllImport("ntdll.dll", SetLastError = true)]
+        internal static extern NTSTATUS NtCreateThreadEx(out IntPtr hProcess, AccessMask desiredAccess, IntPtr objectAttributes, UIntPtr processHandle, IntPtr startAddress, IntPtr parameter, ThreadCreationFlags inCreateSuspended, Int32 stackZeroBits, Int32 sizeOfStack, Int32 maximumStackSize, IntPtr attributeList);
+
         // privileges
         public const int PROCESS_CREATE_THREAD = 0x0002;
         public const int PROCESS_QUERY_INFORMATION = 0x0400;
@@ -203,6 +222,22 @@ out IntPtr lpThreadId
         public const uint MEM_PRIVATE = 0x20000;
         public const uint MEM_IMAGE = 0x1000000;
 
+        internal enum NTSTATUS
+        {
+            Success = 0x00
+        }
+
+        internal enum AccessMask
+        {
+            SpecificRightsAll = 0xFFFF,
+            StandardRightsAll = 0x1F0000
+        }
+        internal enum ThreadCreationFlags
+        {
+            CreateSuspended = 0x01,
+            HideFromDebugger = 0x04
+        }
+
         internal enum MINIDUMP_TYPE
         {
             MiniDumpNormal = 0x00000000,
diff --git a/Memory/memory.cs b/Memory/memory.cs
index 05da64d..5df4151 100644
--- a/Memory/memory.cs
+++ b/Memory/memory.cs
@@ -576,8 +576,10 @@ public void CloseProcess()
         /// <summary>
         /// Inject a DLL file.
         /// </summary>
-        /// <param name="strDllName">path and name of DLL file.</param>
-        public bool InjectDll(String strDllName)
+        /// <param name="strDllName">path and name of DLL file. Ex: "C:\MyTrainer\inject.dll" or "inject.dll" if the DLL file is in the same directory as the trainer.</param>
+        /// <param name="Execute">execute dll method on injection. Default: false</param>
+        /// <param name="LoadLibrary">library load method. Options: LoadLibraryA, LoadLibraryExA, LoadLibraryW, LoadLibraryExW. Default: LoadLibraryA</param>
+        public bool InjectDll(String strDllName, bool Execute = false, string LoadLibrary = "LoadLibraryA")
         {
             IntPtr bytesout;
 
@@ -594,13 +596,21 @@ public bool InjectDll(String strDllName)
             UIntPtr allocMem = VirtualAllocEx(mProc.Handle, (UIntPtr)null, (uint)lenWrite, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
 
             WriteProcessMemory(mProc.Handle, allocMem, strDllName, (UIntPtr)lenWrite, out bytesout);
-            UIntPtr injector = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
+            UIntPtr injector = GetProcAddress(GetModuleHandle("kernel32.dll"), LoadLibrary);
 
             if (injector == null)
                 return false;
 
-            IntPtr hThread = CreateRemoteThread(mProc.Handle, (IntPtr)null, 0, injector, allocMem, 0, out bytesout);
-            if (hThread == null)
+            IntPtr hThread = (IntPtr)null;
+
+            if (!Execute)
+                hThread = CreateRemoteThread(mProc.Handle, (IntPtr)null, 0, injector, allocMem, 0, out bytesout);
+            else
+            {
+                NTSTATUS status = NtCreateThreadEx(out hThread, AccessMask.StandardRightsAll, (IntPtr)null, injector, mProc.MainModule.BaseAddress, (IntPtr)null, ThreadCreationFlags.HideFromDebugger, 0, 0, 0, (IntPtr)null);
+            }
+
+            if (hThread == (IntPtr)null)
                 return false;
 
             int Result = WaitForSingleObject(hThread, 10 * 1000);