Malware Development 7 : Advanced Code Injection

Code Injection: The Next Level — Techniques for the Modern Hacker”

Hello everyone,

When I was developing my injector, I wanted to know how to find processes by their names. When creating code or DLL injectors, it’s useful to locate all running processes and attempt to inject into the ones started by the administrator. To begin with, I’ll solve a basic problem: finding a process ID by its name.

Luckily, the Win32 API has some great functions.

Let’s understand the code :

#include <windows.h>
#include <stdio.h>
#include <string.h>
#include <tlhelp32.h>

// Find process ID by process name
DWORD findProcessID(const char *procname) {
    HANDLE hSnapshot;
    PROCESSENTRY32 pe;
    DWORD pid = 0;
    
    // Snapshot of all processes in the system
    hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (hSnapshot == INVALID_HANDLE_VALUE) 
        return 0;

    // Initializing size: needed for using Process32First
    pe.dwSize = sizeof(PROCESSENTRY32);

    // Info about the first process encountered in a system snapshot
    if (!Process32First(hSnapshot, &pe)) {
        CloseHandle(hSnapshot);
        return 0;
    }

    // Retrieve information about the processes and exit if unsuccessful
    do {
        // If we find the process, return process ID
        if (strcmp(procname, pe.szExeFile) == 0) {
            pid = pe.th32ProcessID;
            break;
        }
    } while (Process32Next(hSnapshot, &pe));

    //…