#include <string.h>
#include <stdlib.h>
#include <windows.h>
#include <strsafe.h>
#include <io.h>

BOOLEAN
InjectDll(
	__in HANDLE Process,
	__in CONST CHAR *DllName
	)
{
	SIZE_T Written;
	PVOID  Buf;
	HANDLE Thread;

	Buf = VirtualAllocEx(
		Process,
		0,
		4096,
		MEM_COMMIT,
		PAGE_EXECUTE_READWRITE
		);

	if (!Buf)
	{
		wprintf(L"Couldn't allocate memory (%lu).\n",
			GetLastError());
		return FALSE;
	}

	if (!WriteProcessMemory(
		Process,
		Buf,
		DllName,
		strlen( DllName ) + 1,
		&Written))
	{
		wprintf(L"Couldn't write process memory (%lu).\n",
			GetLastError());

		return FALSE;
	}

	Thread = CreateRemoteThread(
		Process,
		0,
		0,
		(LPTHREAD_START_ROUTINE)LoadLibraryA,
		Buf,
		0,
		0
		);

	if (!Thread)
	{
		wprintf(L"Couldn't create thread (%lu).\n",
			GetLastError());

		VirtualFreeEx(
			Process,
			Buf,
			0,
			MEM_RELEASE
			);

		return FALSE;
	}

	WaitForSingleObject(
		Thread,
		INFINITE
		);

	CloseHandle(
		Thread
		);

	VirtualFreeEx(
		Process,
		Buf,
		0,
		MEM_RELEASE
		);

	return TRUE;
}

int
__cdecl
main(
	int ac,
	char **av
	)
{
	HANDLE  Process;
	BOOLEAN Success;

	if (ac != 3)
	{
		wprintf(L"Usage: %S <pid> <dll>\n",
			av[0]);

		return 1;
	}

	if (_access(
		av[2],
		00))
	{
		wprintf(L"%S doesn't appear to exist.\n",
			av[2]);

		return 1;
	}

	Process = OpenProcess(
		PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION | PROCESS_CREATE_THREAD | PROCESS_SET_INFORMATION | PROCESS_QUERY_INFORMATION,
		FALSE,
		strtoul(av[1], 0, 0));

	if (!Process)
	{
		wprintf(L"OpenProcess fails (%lu).  Ensure that you provided a correct process id that you have full rights to.\n",
			GetLastError());

		return 1;
	}

	if (!InjectDll(
		Process,
		av[2]))
	{
		wprintf(L"Failed to inject DLL.  Ensure that you have full access to the process.\n");

		CloseHandle(
			Process
			);

		return 1;
	}

	CloseHandle(
		Process
		);

	wprintf(L"OK\n");

	return 0;
}