#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <TlHelp32.h>
#include <string>
#include <fstream>
#include <algorithm>
#include <vector>
#include <string.h>
#define DLL_NAME "ScrapHack.dll"
using namespace std;

string GetLastErrorAsString()
{
	DWORD errorMessageID = GetLastError();
	if (errorMessageID == 0)
		return "No error";
	LPSTR messageBuffer = NULL;
	size_t m_size = FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
								   NULL, errorMessageID, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPSTR)&messageBuffer, 0, NULL);
	string message(messageBuffer, m_size);
	LocalFree(messageBuffer);
	if (!message.empty() && message[message.length() - 1] == '\n')
	{
		message.erase(message.length() - 1);
	}
	return message;
}

string fromhex(string input)
{
	transform(input.begin(), input.end(), input.begin(), ::toupper);
	string hc = "0123456789ABCDEF";
	string o = "";
	int n = 0;
	int v = 0;
	for (unsigned char c : input)
	{
		if (hc.find(c) != size_t(-1))
		{
			if ((n++) % 2 == 0)
			{
				v = hc.find(c) << 4;
			}
			else
			{
				o += char(v + hc.find(c));
			}
		}
		else
		{
			cout << "Invalid Character in hex string" << endl;
			return "";
		}
	}
	return o;
}

vector<string> split(string str, char sep)
{
	vector<string> ret;
	string part;
	for (auto n : str)
	{
		if (n == sep)
		{
			ret.push_back(part);
			part.clear();
		}
		else
		{
			part = part + n;
		}
	}
	if (part != "")
		ret.push_back(part);
	return ret;
}

bool fexists(const char *filename)
{
	ifstream ifile(filename);
	bool ret = ifile.good();
	ifile.close();
	return ret;
}

bool HasModule(int PID, const char *modname)
{
	HANDLE hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, PID);
	MODULEENTRY32 me;
	me.dwSize = sizeof(MODULEENTRY32);
	if (hModuleSnap == INVALID_HANDLE_VALUE)
	{
		return false;
	}
	if (!Module32First(hModuleSnap, &me))
	{
		CloseHandle(hModuleSnap);
		cout << "Error reading Module Snapshot" << endl;
	}
	else
	{
		do
		{
			if (strstr((const char *)me.szModule, modname) != NULL)
				return true;
		} while (Module32Next(hModuleSnap, &me));
		CloseHandle(hModuleSnap);
	}
	return false;
}

bool ProcRunning(DWORD PID)
{
	bool ret = false;
	HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, PID);
	if (hSnap == INVALID_HANDLE_VALUE)
	{
		return false;
	}
	CloseHandle(hSnap);
	return true;
}

bool adjustPrivs(HANDLE hProc)
{
	HANDLE hToken;
	LUID luid;
	TOKEN_PRIVILEGES tkprivs;
	if (!OpenProcessToken(hProc, (TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY), &hToken))
	{
		cout << "[!] Could not Open Process Token: " << GetLastErrorAsString() << endl;
		return 0;
	}
	if (!LookupPrivilegeValue(0, SE_DEBUG_NAME, &luid))
	{
		CloseHandle(hToken);
		cout << "[!] Error Looking up Privilege Value: " << GetLastErrorAsString() << endl;
		return 0;
	}
	tkprivs.PrivilegeCount = 1;
	tkprivs.Privileges[0].Luid = luid;
	tkprivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
	bool bRet = AdjustTokenPrivileges(hToken, 0, &tkprivs, sizeof(tkprivs), NULL, NULL);
	CloseHandle(hToken);
	if (!bRet)
	{
		cout << "[!] Could Not Adjust Privileges: " << GetLastErrorAsString() << endl;
	}
	return bRet;
}

bool Injected(DWORD PID)
{
	return HasModule(PID, DLL_NAME);
}

void InjectDll(DWORD PID, bool do_resume = false)
{
	HANDLE hRemThread, hProc;
	const char *dll_name = DLL_NAME;
	char dll_full_path[MAX_PATH];
	if (!fexists(dll_name))
	{
		cout << "[!] DLL not found!" << endl;
		return;
	}
	cout << "[*] Injecting DLL " << dll_name << " into PID " << PID << endl;
	cout << "[*] Opening Process Handle" << endl;
	hProc = OpenProcess(PROCESS_ALL_ACCESS, 0, PID);
	PID = GetProcessId(hProc);
	GetFullPathNameA(dll_name, MAX_PATH, dll_full_path, 0);
	cout << "[*] Adjusting Privileges of Process" << endl;
	adjustPrivs(hProc);
	if (HasModule(PID, dll_name))
	{
		cout << "[*] DLL already Loaded" << endl;
	}
	else
	{
		if (!fexists(dll_full_path))
		{
			cout << "[!] DLL file not found!" << endl;
			return;
		}
		HINSTANCE hK32 = LoadLibraryA("kernel32");
		cout << "[*] Getting Address of LoadLibrary" << endl;
		LPVOID LoadLibrary_Address = (LPVOID)GetProcAddress(hK32, "LoadLibraryA");
		FreeLibrary(hK32);
		cout << "[+] LoadLibrary is at " << LoadLibrary_Address << endl;
		cout << "[*] Allocating " << strlen(dll_full_path) << " Bytes of Memory" << endl;
		LPVOID mem = VirtualAllocEx(hProc, NULL, strlen(dll_full_path), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
		if (mem == NULL)
		{
			cout << "[!] Could not Allocate Memory: " << GetLastErrorAsString() << endl;
			return;
		}
		cout << "[*] Writing DLL Name to Process Memory at " << mem << endl;
		WriteProcessMemory(hProc, mem, dll_full_path, strlen(dll_full_path), 0);
		cout << "[*] Creating Thread to Load DLL" << endl;
		if (do_resume)
		{
			hRemThread = CreateRemoteThread(hProc, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibrary_Address, mem, CREATE_SUSPENDED, 0);
			ResumeThread(hRemThread);
		}
		else
		{
			hRemThread = CreateRemoteThread(hProc, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibrary_Address, mem, 0, 0);
		}
		cout << "[*] Waiting for DLL to load" << endl;
		WaitForSingleObject(hRemThread, INFINITE);
		CloseHandle(hRemThread);
	}
	cout << "[*] Closing Process Handle" << endl;
	CloseHandle(hProc);
	return;
}
int main(int argc, char *argv[])
{
	string prog;
	HANDLE hProc = INVALID_HANDLE_VALUE;
	DWORD PID = 0;
	GetWindowThreadProcessId(FindWindowA("ScrapClass", NULL), &PID);
	if (PID == 0)
	{
		cout << "[*] Waiting for Scrapland to Launch..." << endl;
	}
	while (PID == 0)
	{
		Sleep(100);
		GetWindowThreadProcessId(FindWindowA("ScrapClass", NULL), &PID);
	}
	cout << "[+] Found PID: " << PID << endl;
	InjectDll(PID);
	cout << "[*] Done!" << endl;
	return 0;
}