脚本源码 如何写一个简单的注入器？

[千束喵]

如题如何写一个简单的注入器？
只需要Copy即可，注入逻辑用的内存注入，并未做内存卸载，可以在结尾自己增加语句，进程取PID：CS2.exe , DLL取子目录\\qssaty.dll，（以上内容均可以自行修改），所有注释都已标注

使用教程：
1.运行游戏
2.将DLL名字改为qssaty.dll （根据代码自行修改）
3.运行注入器即可完成注入

编译教程：
1.下载 Visual Studio 2022
2. 创建新项目，选择为控制台程序启动，记住此新项目创建的文件夹（也就是位置）
3.打开新项目将里面内容全部删除，将以下代码全部复制
4.打开刚刚新项目的文件夹（位置）里复制所需注入的DLL,DLL改名为qssaty.dll
5.将运行测试项目旁边的bit改为X64，测试是否成功注入
6.测试编译无问题按住ctrl+shift+b 生成应用程序
7.点击即可注入

更改条件：
1.您可以自行更改注入进程名称例如（1234.exe）
2.自定义您的DLL名字例如（千束喵.dll）
3.您可以自己更改输出语句（例如 std::wcout << L"千束喵~" << std::endl;）

#include <iostream>
#include <windows.h>
#include <tlhelp32.h>
#include <string>
/// <summary>
/// (环境)
/// </summary>
/// <param name="processName"></param>
/// <returns></returns>
DWORD GetProcessId(const std::wstring& processName) {
    DWORD processId = 0;
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (hSnapshot == INVALID_HANDLE_VALUE) {
        std::wcerr << L"ERROR: Unable to create process snapshot." << std::endl;
        return 0;
    }

    PROCESSENTRY32W pe;
    pe.dwSize = sizeof(PROCESSENTRY32W);

    if (Process32FirstW(hSnapshot, &pe)) {
        do {
            if (processName == pe.szExeFile) {
                processId = pe.th32ProcessID;
                break;
            }
        } while (Process32NextW(hSnapshot, &pe));
    }

    CloseHandle(hSnapshot);
    return processId;
}
/// <summary>
/// inject（注入模块）
/// </summary>
/// <param name="processId"></param>
/// <param name="dllPath"></param>
/// <returns></returns>
bool InjectDLL(DWORD processId, const std::wstring& dllPath) {
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processId);
    if (!hProcess) {
        std::wcerr << L"ERROR: Unable to open target process. Error: " << GetLastError() << std::endl;
        return false;
    }
    std::wcout << L"Target process opened successfully." << std::endl;

    LPVOID pRemoteMemory = VirtualAllocEx(hProcess, nullptr, (dllPath.size() + 1) * sizeof(wchar_t), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
    if (!pRemoteMemory) {
        std::wcerr << L"ERROR: Unable to allocate memory in target process. Error: " << GetLastError() << std::endl;
        CloseHandle(hProcess);
        return false;
    }
    std::wcout << L"Memory allocated in target process." << std::endl;

    if (!WriteProcessMemory(hProcess, pRemoteMemory, dllPath.c_str(), (dllPath.size() + 1) * sizeof(wchar_t), nullptr)) {
        std::wcerr << L"ERROR: Unable to write DLL path to target process memory. Error: " << GetLastError() << std::endl;
        VirtualFreeEx(hProcess, pRemoteMemory, 0, MEM_RELEASE);
        CloseHandle(hProcess);
        return false;
    }
    std::wcout << L"DLL path written to target process memory." << std::endl;

    LPVOID pLoadLibraryW = reinterpret_cast<LPVOID>(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "LoadLibraryW"));
    if (!pLoadLibraryW) {
        std::wcerr << L"ERROR: Unable to get address of LoadLibraryW. Error: " << GetLastError() << std::endl;
        VirtualFreeEx(hProcess, pRemoteMemory, 0, MEM_RELEASE);
        CloseHandle(hProcess);
        return false;
    }
    std::wcout << L"Obtained the address of LoadLibraryW function." << std::endl;

    HANDLE hThread = CreateRemoteThread(hProcess, nullptr, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(pLoadLibraryW), pRemoteMemory, 0, nullptr);
    if (!hThread) {
        std::wcerr << L"ERROR: Unable to create remote thread. Error: " << GetLastError() << std::endl;
        VirtualFreeEx(hProcess, pRemoteMemory, 0, MEM_RELEASE);
        CloseHandle(hProcess);
        return false;
    }
    std::wcout << L"Remote thread has been created." << std::endl;

    WaitForSingleObject(hThread, INFINITE);
    std::wcout << L"Remote thread execution completed." << std::endl;

    VirtualFreeEx(hProcess, pRemoteMemory, 0, MEM_RELEASE);
    CloseHandle(hThread);
    CloseHandle(hProcess);

    std::wcout << L"DLL injection successful!" << std::endl;
    return true;
}
/// <summary>
///  into (输出)
/// </summary>
/// <returns></returns>
int main() {
    SetConsoleOutputCP(CP_UTF8);
    std::wstring processName = L[COLOR=rgb(243, 121, 52)]"cs2.exe";[/COLOR]

    wchar_t exePath[MAX_PATH];
    GetModuleFileNameW(nullptr, exePath, MAX_PATH);
    std::wstring dllPath = std::wstring(exePath).substr(0, std::wstring(exePath).find_last_of(L"\\/")) + L"\[COLOR=rgb(243, 121, 52)]\qssaty.dll";[/COLOR]

    std::wcout << L"Searching for target process: " << processName << std::endl;
    DWORD processId = GetProcessId(processName);
    if (!processId) {
        std::wcerr << L"Target process not found: " << processName << std::endl;
        std::wcout << L"Press any key to exit..." << std::endl;
        std::wcin.get();
        return 1;
    }
    std::wcout << L"Target process found, PID: " << processId << std::endl;

    std::wcout << L"Attempting to inject DLL: " << dllPath << std::endl;
    if (!InjectDLL(processId, dllPath)) {
        std::wcerr << L"Injection failed!" << std::endl;
        std::wcout << L"Press any key to exit..." << std::endl;
        std::wcin.get();
        return 1;
    }

    std::wcout << L"" << std::endl;
    std::wcout << L"..#######..####....###....##....##..######..##.....##.##.....##" << std::endl;
    std::wcout << L".##.....##..##....##.##...###...##.##....##.##.....##.##.....##" << std::endl;
    std::wcout << L".##.....##..##...##...##..####..##.##.......##.....##.##.....##" << std::endl;
    std::wcout << L".##.....##..##..##.....##.##.##.##..######..#########.##.....##" << std::endl;
    std::wcout << L".##..##.##..##..#########.##..####.......##.##.....##.##.....##" << std::endl;
    std::wcout << L".##....##...##..##.....##.##...###.##....##.##.....##.##.....##" << std::endl;
    std::wcout << L"..#####.##.####.##.....##.##....##..######..##.....##..#######." << std::endl;
    std::wcout << L"" << std::endl;
    std::wcout << L"CS2 INJECT BY QIANSHU1337 v0.37 64BIT CS2.EXE " << std::endl;
    std::wcout << L"CS2 INJECT BY QIANSHU1337 v0.37 64BIT CS2.EXE " << std::endl;
    std::wcout << L"Press any key to exit..." << std::endl;
    ///按键结束进程()
    std::wcin.get();
    return 0;
}