Skip to content

Commit a31993e

Browse files
UEFI-codeUEFI-code
committed
Intergrate Feature
1 parent 1270e5f commit a31993e

22 files changed

Lines changed: 97 additions & 33 deletions

MonikaDLL/.vs/MonikaDLL/FileContentIndex/cb538d12-e3c8-42e5-8f8e-b60be95bf431.vsidx renamed to MonikaDLL/.vs/MonikaDLL/FileContentIndex/75f7d711-326f-434d-bc45-aa18ff95de93.vsidx

16.5 KB
Binary file not shown.

MonikaDLL/.vs/MonikaDLL/FileContentIndex/9f27236b-25b9-44d6-af96-7da1439eacd6.vsidx

13 KB
Binary file not shown.

MonikaDLL/.vs/MonikaDLL/FileContentIndex/ab510d59-c348-4ebc-af48-e7d15a6354df.vsidx

-10.3 KB
Binary file not shown.

MonikaDLL/.vs/MonikaDLL/v17/.suo

-2.5 KB
Binary file not shown.

MonikaDLL/.vs/MonikaDLL/v17/Browse.VC.db

0 Bytes
Binary file not shown.

MonikaDLL/.vs/MonikaDLL/v17/DocumentLayout.backup.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@
3636
"RelativeDocumentMoniker": "InjectX64Galgame.cpp",
3737
"ToolTip": "C:\\Users\\Administrator\\DDLC-MonikaInKernel\\MonikaDLL\\InjectX64Galgame.cpp",
3838
"RelativeToolTip": "InjectX64Galgame.cpp",
39-
"ViewState": "AgIAAHAAAAAAAAAAAAAvwHwAAAAFAAAAAAAAAA==",
39+
"ViewState": "AgIAANIAAAAAAAAAAAAvwKQAAAABAAAAAAAAAA==",
4040
"Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000677|",
4141
"WhenOpened": "2024-11-04T10:35:02.895Z",
4242
"EditorCaption": ""

MonikaDLL/.vs/MonikaDLL/v17/DocumentLayout.json

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -6,17 +6,17 @@
66
"AbsoluteMoniker": "D:0:0:{AE2845F2-E06C-49D4-85C0-36A962F50764}|MonikaDLL.vcxproj|C:\\Users\\Administrator\\DDLC-MonikaInKernel\\MonikaDLL\\InjectX64Galgame.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}",
77
"RelativeMoniker": "D:0:0:{AE2845F2-E06C-49D4-85C0-36A962F50764}|MonikaDLL.vcxproj|solutionrelative:InjectX64Galgame.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}"
88
},
9+
{
10+
"AbsoluteMoniker": "D:0:0:{AE2845F2-E06C-49D4-85C0-36A962F50764}|MonikaDLL.vcxproj|C:\\Users\\Administrator\\DDLC-MonikaInKernel\\MonikaDLL\\dllmain.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}",
11+
"RelativeMoniker": "D:0:0:{AE2845F2-E06C-49D4-85C0-36A962F50764}|MonikaDLL.vcxproj|solutionrelative:dllmain.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}"
12+
},
913
{
1014
"AbsoluteMoniker": "D:0:0:{AE2845F2-E06C-49D4-85C0-36A962F50764}|MonikaDLL.vcxproj|C:\\Users\\Administrator\\DDLC-MonikaInKernel\\MonikaDLL\\ProcessGadgit.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}",
1115
"RelativeMoniker": "D:0:0:{AE2845F2-E06C-49D4-85C0-36A962F50764}|MonikaDLL.vcxproj|solutionrelative:ProcessGadgit.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}"
1216
},
1317
{
1418
"AbsoluteMoniker": "D:0:0:{AE2845F2-E06C-49D4-85C0-36A962F50764}|MonikaDLL.vcxproj|C:\\Users\\Administrator\\DDLC-MonikaInKernel\\MonikaDLL\\KernelWrapper.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}",
1519
"RelativeMoniker": "D:0:0:{AE2845F2-E06C-49D4-85C0-36A962F50764}|MonikaDLL.vcxproj|solutionrelative:KernelWrapper.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}"
16-
},
17-
{
18-
"AbsoluteMoniker": "D:0:0:{AE2845F2-E06C-49D4-85C0-36A962F50764}|MonikaDLL.vcxproj|C:\\Users\\Administrator\\DDLC-MonikaInKernel\\MonikaDLL\\dllmain.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}",
19-
"RelativeMoniker": "D:0:0:{AE2845F2-E06C-49D4-85C0-36A962F50764}|MonikaDLL.vcxproj|solutionrelative:dllmain.cpp||{D0E1A5C6-B359-4E41-9B60-3365922C2A22}"
2020
}
2121
],
2222
"DocumentGroupContainers": [
@@ -36,14 +36,14 @@
3636
"RelativeDocumentMoniker": "InjectX64Galgame.cpp",
3737
"ToolTip": "C:\\Users\\Administrator\\DDLC-MonikaInKernel\\MonikaDLL\\InjectX64Galgame.cpp",
3838
"RelativeToolTip": "InjectX64Galgame.cpp",
39-
"ViewState": "AgIAAHAAAAAAAAAAAAAvwHwAAAAFAAAAAAAAAA==",
39+
"ViewState": "AgIAAKUAAAAAAAAAAAAvwKQAAAABAAAAAAAAAA==",
4040
"Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000677|",
4141
"WhenOpened": "2024-11-04T10:35:02.895Z",
4242
"EditorCaption": ""
4343
},
4444
{
4545
"$type": "Document",
46-
"DocumentIndex": 1,
46+
"DocumentIndex": 2,
4747
"Title": "ProcessGadgit.cpp",
4848
"DocumentMoniker": "C:\\Users\\Administrator\\DDLC-MonikaInKernel\\MonikaDLL\\ProcessGadgit.cpp",
4949
"RelativeDocumentMoniker": "ProcessGadgit.cpp",
@@ -55,7 +55,7 @@
5555
},
5656
{
5757
"$type": "Document",
58-
"DocumentIndex": 2,
58+
"DocumentIndex": 3,
5959
"Title": "KernelWrapper.cpp",
6060
"DocumentMoniker": "C:\\Users\\Administrator\\DDLC-MonikaInKernel\\MonikaDLL\\KernelWrapper.cpp",
6161
"RelativeDocumentMoniker": "KernelWrapper.cpp",
@@ -67,15 +67,16 @@
6767
},
6868
{
6969
"$type": "Document",
70-
"DocumentIndex": 3,
70+
"DocumentIndex": 1,
7171
"Title": "dllmain.cpp",
7272
"DocumentMoniker": "C:\\Users\\Administrator\\DDLC-MonikaInKernel\\MonikaDLL\\dllmain.cpp",
7373
"RelativeDocumentMoniker": "dllmain.cpp",
7474
"ToolTip": "C:\\Users\\Administrator\\DDLC-MonikaInKernel\\MonikaDLL\\dllmain.cpp",
7575
"RelativeToolTip": "dllmain.cpp",
76-
"ViewState": "AgIAABIAAAAAAAAAAAAAABcAAAABAAAAAAAAAA==",
76+
"ViewState": "AgIAAB4AAAAAAAAAAAAAABcAAAABAAAAAAAAAA==",
7777
"Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000677|",
78-
"WhenOpened": "2024-08-26T04:16:01.456Z"
78+
"WhenOpened": "2024-08-26T04:16:01.456Z",
79+
"EditorCaption": ""
7980
}
8081
]
8182
}

MonikaDLL/InjectX64Galgame.cpp

Lines changed: 35 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -90,20 +90,26 @@ DWORD GetProcessIdByName(const char* processName);
9090
DWORD GetMainThreadId(DWORD processId);
9191
LPVOID InjectShellcode(HANDLE hProcess, UINT8 *buf, UINT64 bufsize);
9292
HWND GetTargetWindowHandleByPID(DWORD processId);
93+
void DrawImageOnWindow(HWND hwnd, const char* imageFile);
9394

9495
// Function to hijack the main thread and set its RIP to the injected MonikaPayload
95-
static UINT8 HijackMainThread(HANDLE hProcess, DWORD mainThreadId, LPVOID remotePayloadMemory)
96+
static UINT8 HijackMainThread(HANDLE hProcess, HANDLE hThread, LPVOID remotePayloadMemory)
9697
{
97-
HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, mainThreadId);
98-
if (!hThread)
98+
if(!hProcess)
9999
{
100-
printf("Failed to open main thread with TID %lu\n", mainThreadId);
100+
printf("Invalid process handle\n");
101+
return -1;
102+
}
103+
if(!hThread)
104+
{
105+
printf("Invalid thread handle\n");
106+
return -1;
107+
}
108+
if(!remotePayloadMemory)
109+
{
110+
printf("Invalid remote memory address\n");
101111
return -1;
102112
}
103-
104-
// Suspend the thread and get its context
105-
SuspendThread(hThread);
106-
printf("Suspended main thread with TID %lu\n", mainThreadId);
107113

108114
CONTEXT ctx;
109115
ctx.ContextFlags = CONTEXT_FULL;
@@ -122,20 +128,13 @@ static UINT8 HijackMainThread(HANDLE hProcess, DWORD mainThreadId, LPVOID remote
122128

123129
// Update the thread context
124130
SetThreadContext(hThread, &ctx);
131+
return 0;
125132
}
126133
else
127134
{
128135
printf("Failed to get thread context\n");
129-
ResumeThread(hThread);
130-
CloseHandle(hThread);
131136
return -1;
132137
}
133-
134-
// Resume the thread
135-
ResumeThread(hThread);
136-
printf("Resumed main thread with TID %lu\n", mainThreadId);
137-
CloseHandle(hThread);
138-
return 0;
139138
}
140139

141140
static void GetTargetMsgBoxA_Routine(HANDLE hProcess)
@@ -165,7 +164,7 @@ static void GetTargetMsgBoxA_Routine(HANDLE hProcess)
165164
printf("MessageBoxA Address in Target: 0x%p\n", *(UINT64 *)((UINT64)Gidget_Shellcode + sizeof(Gidget_Shellcode) - 8));
166165
}
167166

168-
__declspec(dllexport) UINT8 injectX64Gal(char *targetEXE)
167+
__declspec(dllexport) UINT8 injectX64Gal(char *targetEXE, const char *bmp_path)
169168
{
170169
// Update Gidget_Shellcode with function addresses
171170
*(UINT64 *)(Gidget_Shellcode + 20) = (UINT64)LoadLibraryA;
@@ -223,13 +222,31 @@ __declspec(dllexport) UINT8 injectX64Gal(char *targetEXE)
223222
return -1;
224223
}
225224
printf("MonikaPayload injected successfully.\n");
225+
226+
// open main thread
227+
HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, mainThreadId);
228+
if (!hThread)
229+
{
230+
printf("Failed to open main thread with TID %lu\n", mainThreadId);
231+
return -1;
232+
}
233+
SuspendThread(hThread);
234+
printf("Main thread suspended.\n");
235+
236+
// Replace Target Window content with image
237+
DrawImageOnWindow(targetHwnd, bmp_path);
226238

227239
// Hijack the main thread
228-
if (HijackMainThread(hProcess, mainThreadId, remoteMemory) == 0)
240+
if (HijackMainThread(hProcess, hThread, remoteMemory) == 0)
229241
printf("Main thread hijacked successfully.\n");
230242
else
231243
printf("Failed to hijack main thread.\n");
244+
245+
// Resume the main thread
246+
ResumeThread(hThread);
247+
printf("Main thread resumed.\n");
232248

249+
CloseHandle(hThread);
233250
CloseHandle(hProcess);
234251
}
235252
}

MonikaDLL/MonikaDLL/x64/Release/InjectX64Galgame.obj

753 Bytes
Binary file not shown.

MonikaDLL/MonikaDLL/x64/Release/MonikaDLL.iobj

6.12 KB
Binary file not shown.

0 commit comments

Comments
 (0)