#include "StdAfx.h"
#include "Injection.h"

CInjection::CInjection(DWORD dwPid, LPCTSTR lpDynamicLibraryPath)
:m_dwInjectionPID(dwPid),
m_hInjectionProcess(NULL),
m_lpPathData(NULL),
m_hInjectThread(NULL),
m_hUnInjectThread(NULL),
m_dwPathLen(0)
{
	ASSERT(dwPid!=0);
	ASSERT(lpDynamicLibraryPath!=NULL);

	memset(m_szDllPath, 0, sizeof(m_szDllPath));
	_tcscpy_s(m_szDllPath,lpDynamicLibraryPath);
	m_hInjectionProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, m_dwInjectionPID);
}

CInjection::~CInjection(void)
{
	FreeInjection();
}

int CInjection::ProcessInjection()
{
	ASSERT(m_hInjectionProcess!=NULL);

	m_dwPathLen = _tcslen(m_szDllPath)*sizeof(TCHAR);
	m_lpPathData = VirtualAllocEx(m_hInjectionProcess,NULL, m_dwPathLen, MEM_COMMIT, PAGE_READWRITE);
	if (NULL == m_lpPathData)
		return -1;

	if (WriteProcessMemory(m_hInjectionProcess, m_lpPathData, m_szDllPath, m_dwPathLen, NULL) == 0)
	{
		VirtualFreeEx(m_hInjectionProcess, m_lpPathData, m_dwPathLen, MEM_DECOMMIT);
		return -1;
	}

	HMODULE hk32 = GetModuleHandle(_T("kernel32.dll"));
	// 注意：微信使用的是W版本;
	LPVOID lpAddr = GetProcAddress(hk32,"LoadLibraryW");

	m_hInjectThread = CreateRemoteThread(m_hInjectionProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpAddr, m_lpPathData, 0, NULL);
	if (NULL == m_hInjectThread)
		return -1;

	return 0;
}

int CInjection::FreeInjection()
{
	ASSERT(m_hInjectionProcess!=NULL);

	TString str = m_szDllPath;
	int nIndex = str.find_last_of(_T('\\'));
	if (nIndex != TString::npos)
		str = str.substr(nIndex+1);

	MODULEENTRY32 me32 = FindModule(str.c_str(), m_dwInjectionPID);
	if (me32.hModule == NULL )
	{
		MessageBox(NULL, _T("xxxxx"), _T("dfdf"), MB_OK);
		return -1;
	}

	LPVOID lpAddr = GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "FreeLibrary");//FreeLibraryAndExitThread//FreeLibrary

	m_hUnInjectThread = CreateRemoteThread(m_hInjectionProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpAddr, me32.hModule, 0, NULL);

	WaitForSingleObject(m_hUnInjectThread, INFINITE);

	// 释放所有资源;
	if (m_hInjectThread)
		CloseHandle(m_hInjectThread);
	if (m_hUnInjectThread)
		CloseHandle(m_hUnInjectThread);
	if (m_lpPathData)
		VirtualFreeEx(m_hInjectionProcess, m_lpPathData, m_dwPathLen, MEM_DECOMMIT);
	
	if (m_hInjectionProcess)
		CloseHandle(m_hInjectionProcess);

	return 0;
}

void CInjection::InjectionExistProcess()
{
	// 查找现在的进程;
	vector<DWORD> vtPID = FindAllProcess(WECHAT);
}