afx good code
来源:互联网 发布:ug看图软件 编辑:程序博客网 时间:2024/05/22 05:27
mad
program Project1;
{$APPTYPE CONSOLE}
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{ by fc 2003 Now works on all versions from windows
function CreateProcessEx( lpApplicationName: PChar; lpCommandLine: PChar; lpProcessAttributes: PSecurityAttributes;
lpThreadAttributes: PSecurityAttributes; bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
lpCurrentDirectory: PChar; const lpStartupInfo: TStartupInfo; var lpProcessInformation:
TProcessInformatfunctionfunctionion; DLLPath: pchar ): Boolean; stdcall;
function InjectLibrary( Process: LongWord; DLLPath: PChar ): Boolean;
function InjectLibraryEx( Process: LongWord; Src: Pointer ): Boolean;
function InjectExe( Process: LongWord; EntryPoint: Pointer ): Boolean;
function HookCode( TargetModule: string; TargetProc: string; NewProc: Pointer; var OldProc: Pointer ): integer;
function UnhookCode( NewProc: Pointer; OldProc: Pointer ): integer; }
unit afxCodeHook;
{$IMAGEBASE $13140000}
interface uses Windows;
{$L 'SRT.obj'}
function CreateProcessEx(lpApplicationName: PChar; lpCommandLine: PChar;
lpProcessAttributes, lpThreadAttributes:
PSecurityAttributes; bInheritHandles: BOOL; dwCreationFlags: DWORD;
lpEnvironment: Pointer; lpCurrentDirectory: PChar;
const lpStartupInfo: TStartupInfo; var lpProcessInformation:
TProcessInformation; DLLPath: pchar): Boolean; stdcall;
function InjectLibrary(Process: LongWord; DLLPath: PChar): Boolean;
function InjectLibraryEx(Process: LongWord; Src: Pointer): Boolean;
function InjectExe(Process: LongWord; EntryPoint: Pointer): Boolean;
function HookCode(TargetModule, TargetProc: string; NewProc: Pointer; var
OldProc: Pointer): integer;
function UnhookCode(NewProc, OldProc: Pointer): integer;
implementation type
TImportFunction = packed record JumpInstruction: Word;
AddressOfPointerToFunction: ^Pointer;
end;
TImageImportEntry = record Characteristics: dword;
TimeDateStamp: dword;
MajorVersion: word;
MinorVersion: word; Name:
dword;
LookupTable: dword;
end;
type
TModuleList = array of cardinal;
type
TImportItem = record Name: string;
PProcVar: ^Pointer;
end;
TwordArr = array[0..0] of word;
PwordArr = ^TwordArr;
TdwordArr = array[0..0] of dword;
PdwordArr = ^TdwordArr;
PImageImportDescriptor = ^TImageImportDescriptor;
TImageImportDescriptor = packed record
OriginalFirstThunk: dword;
TimeDateStamp: dword;
ForwarderChain: dword; Name: dword;
FirstThunk: dword;
end;
PImageBaseRelocation = ^TImageBaseRelocation;
TImageBaseRelocation = packed record VirtualAddress: cardinal;
SizeOfBlock: cardinal;
end;
TDllEntryProc = function(hinstDLL: HMODULE; dwReason: dword; lpvReserved:
Pointer):
Boolean; stdcall;
TStringArray = array of string;
TLibInfo = record ImageBase: Pointer;
ImageSize: longint;
DllProc:
TDllEntryProc;
DllProcAddress: Pointer;
LibsUsed: TStringArray;
end;
PLibInfo = ^TLibInfo;
PPointer = ^Pointer;
TSections = array[0..100000] of TImageSectionHeader;
const
IMPORTED_NAME_OFFSET = $00000002;
IMAGE_ORDINAL_FLAG32 = $80000000;
IMAGE_ORDINAL_MASK32 = $0000FFFF
;
function RT_GetVersion(pReserved: Pointer): LongWord; stdcall; external;
function xVirtualAllocEx(hProcess: LongWord; lpAddress: Pointer; dwSize:
LongWord; flAllocationType: LongWord;
flProtect: LongWord): Pointer; stdcall; external
;
function xVirtualFreeEx(hProcess: LongWord; lpAddress: Pointer;
dwSize: LongWord; dwFreeType: LongWord): Boolean; stdcall; external
;
function xCreateRemoteThread(hProcess: LongWord;
lpThreadAttributes: Pointer; dwStackSize: LongWord; lpStartAddress: Pointer;
lpParameter: Pointer; dwCreationFlags:
LongWord; lpThreadId: Pointer): LongWord; stdcall; external
;
function GetModuleList: TModuleList;
var
Module, Base:
pointer;
ModuleCount: integer;
lpModuleName: array[0..MAX_PATH] of char;
MemoryBasicInformation:
TMemoryBasicInformation;
begin
SetLength(Result, 10);
ModuleCount := 0;
Module := nil;
Base := nil;
while
VirtualQueryEx(GetCurrentProcess, Module, MemoryBasicInformation,
SizeOf(MemoryBasicInformation)) =
SizeOf(MemoryBasicInformation) do
begin
if (MemoryBasicInformation.State = MEM_COMMIT)
and (MemoryBasicInformation.AllocationBase <> Base) and
(MemoryBasicInformation.AllocationBase =
MemoryBasicInformation.BaseAddress) and
(GetModuleFileName(dword(MemoryBasicInformation.AllocationBase),
lpModuleName,
MAX_PATH) > 0) then
begin
if ModuleCount = Length(Result) then
SetLength(Result, ModuleCount * 2);
Result[ModuleCount]
:= dword(MemoryBasicInformation.AllocationBase);
Inc(ModuleCount);
end;
Base := MemoryBasicInformation.AllocationBase;
dword(Module) := dword(Module) + MemoryBasicInformation.RegionSize;
end;
SetLength(result, ModuleCount);
end
;
function
FunctionAddress(Code: Pointer): Pointer;
begin
Result := Code;
if TImportFunction(Code^).JumpInstruction = $25FF then
Result := TImportFunction(Code^).AddressOfPointerToFunction^;
end
;
function HookModules(ImageDosHeader:
PImageDosHeader; TargetAddress, NewAddress: Pointer; var OldAddress: Pointer):
integer;
var
ImageNTHeaders:
PImageNtHeaders;
ImageImportEntry: ^TImageImportEntry;
ImportCode: ^Pointer;
OldProtect: dword;
EndofImports: dword;
begin
Result := 0;
OldAddress := FunctionAddress(TargetAddress);
if ImageDosHeader.e_magic <> IMAGE_DOS_SIGNATURE then
Exit;
ImageNTHeaders := Pointer(integer(ImageDosHeader) + ImageDosHeader._lfanew);
;
if ImageNTHeaders <> nil then
begin
with
ImageNTHeaders^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]
do
begin
ImageImportEntry :=
Pointer(dword(ImageDosHeader) + VirtualAddress);
EndofImports := VirtualAddress + Size;
end;
if ImageImportEntry <>
nil then
begin
while ImageImportEntry^.Name <> 0 do
begin
if ImageImportEntry^.LookUpTable > EndofImports then
break;
if ImageImportEntry^.LookUpTable <> 0 then
begin
ImportCode := Pointer(dword(ImageDosHeader) +
ImageImportEntry^.LookUpTable);
while ImportCode^ <> nil do
begin
if (ImportCode^ = TargetAddress) and
VirtualProtect(ImportCode, 4, PAGE_EXECUTE_READWRITE, @OldProtect)
then
ImportCode^ := NewAddress;
inc(ImportCode);
end;
end;
Inc(ImageImportEntry);
end;
end;
end;
end
;
function HookCode(TargetModule, TargetProc: string; NewProc:
Pointer; var OldProc: Pointer): integer;
var
ModuleLoop: integer;
Modules: TModuleList;
Module: hModule;
Target:
pointer;
begin
Result := 0;
Module := GetModuleHandle(pchar(TargetModule));
Modules := GetModuleList;
if Module = 0
then
begin
Module := LoadLibrary(pchar(TargetModule));
end;
Target := GetProcAddress(Module, pchar(TargetProc));
if
Target = nil then
Exit;
for ModuleLoop := 0 to High(Modules) do
begin
if (GetVersion and $80000000 = 0) or
(Modules[ModuleLoop] < $80000000) then
begin
Result := HookModules(Pointer(Modules[ModuleLoop]), Target, NewProc,
OldProc);
end;
end;
end
;
function UnhookCode(NewProc, OldProc: Pointer): integer;
var
ModuleLoop: integer;
Modules:
TModuleList;
begin
Result := 0;
Modules := GetModuleList;
for ModuleLoop := 0 to High(Modules) do
begin
if (GetVersion
and $80000000 = 0) or (Modules[ModuleLoop] < $80000000) then
begin
Result := HookModules(Pointer(Modules[ModuleLoop]),
NewProc, OldProc, NewProc);
end;
end;
end
;
function CreateProcessEx(lpApplicationName: PChar; lpCommandLine: PChar;
lpProcessAttributes, lpThreadAttributes: PSecurityAttributes; bInheritHandles:
BOOL; dwCreationFlags: DWORD;
lpEnvironment: Pointer; lpCurrentDirectory: PChar; const lpStartupInfo:
TStartupInfo; var lpProcessInformation:
TProcessInformation; DLLPath: pchar): Boolean; stdcall;
var
Parameters: Pointer;
BytesWritten, Thread, ThreadID:
dword;
begin
Result := False;
if not CreateProcess(lpApplicationName, lpCommandLine, lpProcessAttributes,
lpThreadAttributes, bInheritHandles, dwCreationFlags or CREATE_SUSPENDED,
lpEnvironment, lpCurrentDirectory,
lpStartupInfo, lpProcessInformation) then
Exit;
Parameters := xVirtualAllocEx(lpProcessInformation.hProcess, nil,
4096, MEM_COMMIT, PAGE_READWRITE);
if Parameters = nil then
Exit;
WriteProcessMemory(lpProcessInformation.hProcess,
Parameters, Pointer(DLLPath), 4096, BytesWritten);
Thread := xCreateRemoteThread(lpProcessInformation.hProcess, nil,
0, GetProcAddress(GetModuleHandle('KERNEL32.DLL'), 'LoadLibraryA'),
Parameters, 0, @ThreadId);
WaitForSingleObject(Thread, INFINITE);
xVirtualFreeEx(lpProcessInformation.hProcess, Parameters, 0, MEM_RELEASE);
if
Thread = 0 then
Exit;
CloseHandle(Thread);
ResumeThread(lpProcessInformation.hThread);
Result := True;
end
;
function
InjectLibrary(Process: LongWord; DLLPath: PChar): Boolean;
var
Parameters: Pointer;
BytesWritten, Thread, ThreadID:
dword;
begin
Result := False;
Parameters := xVirtualAllocEx(Process, nil, 4096, MEM_COMMIT, PAGE_READWRITE);
if
Parameters = nil then
Exit;
WriteProcessMemory(Process, Parameters, Pointer(DLLPath), 4096, BytesWritten);
Thread :=
xCreateRemoteThread(Process, nil, 0,
GetProcAddress(GetModuleHandle('KERNEL32.DLL'), 'LoadLibraryA'), Parameters,
0,
@ThreadId);
WaitForSingleObject(Thread, INFINITE);
xVirtualFreeEx(Process, Parameters, 0, MEM_RELEASE);
if Thread = 0
then
Exit;
CloseHandle(Thread);
Result := True;
end
;
function RemoteGetProcAddress(Process: LongWord; lpModuleName,
lpProcName: pchar): pointer;
type
TGetProcAddrInfo = record pExitThread: pointer;
pGetProcAddress: pointer;
pGetModuleHandle: pointer;
lpModuleName: pointer;
lpProcName: pointer;
end;
var
GetProcAddrInfo: TGetProcAddrInfo;
ExitCode, BytesWritten, TID: longword;
pGetProcAddr, pGetProcAddrInfo: Pointer;
hThread: THandle;
procedure
GetProcAddr(lpParameter: pointer); stdcall;
var
GetProcAddrInfo: TGetProcAddrInfo;
begin
GetProcAddrInfo :=
TGetProcAddrInfo(lpParameter^);
asm push GetProcAddrInfo.lpModuleName call GetProcAddrInfo.pGetModuleHandle push
GetProcAddrInfo.lpProcName push eax call GetProcAddrInfo.pGetProcAddress push eax call GetProcAddrInfo.pExitThread
end;
end;
begin
Result := nil;
if ((RT_GetVersion(nil) shr 31) = 1) then
Exit;
pGetProcAddrInfo :=
xVirtualAllocEx(Process, nil, SizeOf(GetProcAddrInfo), MEM_COMMIT or
MEM_RESERVE, PAGE_EXECUTE_READWRITE);
pGetProcAddr := xVirtualAllocEx(Process, nil, 1024, MEM_COMMIT or MEM_RESERVE,
PAGE_EXECUTE_READWRITE);
if
pGetProcAddr = nil then
Exit;
GetProcAddrInfo.pGetModuleHandle :=
GetProcAddress(GetModuleHandle('kernel32'),
'GetModuleHandleA');
GetProcAddrInfo.pGetProcAddress := GetProcAddress(GetModuleHandle('kernel32'),
'GetProcAddress');
GetProcAddrInfo.pExitThread := GetProcAddress(GetModuleHandle('kernel32'),
'ExitThread');
GetProcAddrInfo.lpProcName
:= xVirtualAllocEx(Process, nil, Length(string(lpProcName)) + 1, MEM_COMMIT or
MEM_RESERVE, PAGE_EXECUTE_READWRITE);
GetProcAddrInfo.lpModuleName := xVirtualAllocEx(Process, nil,
Length(string(lpModuleName)) + 1, MEM_COMMIT or
MEM_RESERVE, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(Process, pGetProcAddrInfo, @GetProcAddrInfo,
SizeOf(GetProcAddrInfo), BytesWritten);
WriteProcessMemory(Process, GetProcAddrInfo.lpProcName, lpProcName,
Length(lpProcName), BytesWritten);
WriteProcessMemory(Process, GetProcAddrInfo.lpModuleName, lpModuleName,
Length(lpModuleName), BytesWritten);
WriteProcessMemory(Process, pGetProcAddr, @GetProcAddr, 1024, BytesWritten);
hThread := xCreateRemoteThread(Process, nil, 0, pGetProcAddr,
pGetProcAddrInfo, 0, @TID);
if hThread <> 0 then
begin
WaitForSingleObject(hThread, INFINITE);
GetExitCodeThread(hThread, ExitCode);
Result := pointer(ExitCode);
ZeroMemory(@GetProcAddrInfo, SizeOf(GetProcAddrInfo));
ReadProcessMemory(Process, pGetProcAddrInfo, @GetProcAddrInfo,
SizeOf(GetProcAddrInfo), BytesWritten);
xVirtualFreeEx(Process, pGetProcAddr, 0, MEM_RELEASE);
xVirtualFreeEx(Process,
GetProcAddrInfo.lpProcName, 0, MEM_RELEASE);
xVirtualFreeEx(Process, GetProcAddrInfo.lpModuleName, 0, MEM_RELEASE);
xVirtualFreeEx(Process, pGetProcAddrInfo, 0, MEM_RELEASE);
end;
end
;
function MapLibrary(Process: LongWord; Dest, Src:
Pointer): TLibInfo;
var
ImageBase: pointer;
ImageBaseDelta: integer;
ImageNtHeaders: PImageNtHeaders;
PSections:
^TSections;
SectionLoop: integer;
SectionBase: pointer;
VirtualSectionSize, RawSectionSize: cardinal;
OldProtect:
cardinal;
NewLibInfo: TLibInfo;
function StrToInt(S: string): integer;
begin
Val(S, Result, Result);
end;
procedure
Add(Strings: TStringArray; Text: string);
begin
SetLength(Strings, Length(Strings) + 1);
Strings[Length(Strings) - 1]
:= Text;
end;
function Find(Strings: array of string; Text: string; var Index: integer):
boolean;
var
StringLoop:
integer;
begin
Result := False;
for StringLoop := 0 to Length(Strings) - 1 do
begin
if
lstrcmpi(pchar(Strings[StringLoop]), pchar(Text)) = 0 then
begin
Index := StringLoop;
Result := True;
end;
end;
end;
function GetSectionProtection(ImageScn: cardinal): cardinal;
begin
Result := 0;
if (ImageScn and
IMAGE_SCN_MEM_NOT_CACHED) <> 0 then
begin
Result := Result or PAGE_NOCACHE;
end;
if (ImageScn and
IMAGE_SCN_MEM_EXECUTE) <> 0 then
begin
if (ImageScn and IMAGE_SCN_MEM_READ) <> 0 then
begin
if (ImageScn and
IMAGE_SCN_MEM_WRITE) <> 0 then
begin
Result := Result or PAGE_EXECUTE_READWRITE
end
else
begin
Result := Result or
PAGE_EXECUTE_READ
end;
end
else if (ImageScn and IMAGE_SCN_MEM_WRITE) <> 0 then
begin
Result := Result or
PAGE_EXECUTE_WRITECOPY
end
else
begin
Result := Result or PAGE_EXECUTE
end;
end
else if (ImageScn and
IMAGE_SCN_MEM_READ) <> 0 then
begin
if (ImageScn and IMAGE_SCN_MEM_WRITE) <> 0 then
begin
Result := Result or
PAGE_READWRITE
end
else
begin
Result := Result or PAGE_READONLY
end
end
else if (ImageScn and IMAGE_SCN_MEM_WRITE) <>
0 then
begin
Result := Result or PAGE_WRITECOPY
end
else
begin
Result := Result or PAGE_NOACCESS;
end;
end;
procedure
ProcessRelocs(PRelocs: PImageBaseRelocation);
var
PReloc: PImageBaseRelocation;
RelocsSize: cardinal;
Reloc: PWord;
ModCount: cardinal;
RelocLoop: cardinal;
begin
PReloc := PRelocs;
RelocsSize :=
ImageNtHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
while cardinal(PReloc) -
cardinal(PRelocs) < RelocsSize do
begin
ModCount := (PReloc.SizeOfBlock - Sizeof(PReloc^)) div 2;
Reloc :=
pointer(cardinal(PReloc) + sizeof(PReloc^));
for RelocLoop := 0 to ModCount - 1 do
begin
if Reloc^ and $F000 <> 0 then
Inc(pdword(cardinal(ImageBase) + PReloc.VirtualAddress + (Reloc^ and
$0FFF))^, ImageBaseDelta);
Inc(Reloc);
end;
PReloc := pointer(Reloc);
end;
end;
procedure ProcessImports(PImports: PImageImportDescriptor);
var
PImport:
PImageImportDescriptor;
Import: LPDword;
PImportedName: pchar;
ProcAddress: pointer;
PLibName: pchar;
ImportLoop:
integer;
function IsImportByOrdinal(ImportDescriptor: dword): boolean;
begin
Result := (ImportDescriptor and
IMAGE_ORDINAL_FLAG32) <> 0;
end;
begin
PImport := PImports;
while PImport.Name <> 0 do
begin
PLibName :=
pchar(cardinal(PImport.Name) + cardinal(ImageBase));
if not Find(NewLibInfo.LibsUsed, PLibName, ImportLoop) then
begin
InjectLibrary(Process, PLibName);
Add(NewLibInfo.LibsUsed, PLibName);
end;
if PImport.TimeDateStamp = 0 then
begin
Import := LPDword(pImport.FirstThunk + cardinal(ImageBase))
end
else
begin
Import :=
LPDword(pImport.OriginalFirstThunk + cardinal(ImageBase));
end;
while Import^ <> 0 do
begin
if
IsImportByOrdinal(Import^) then
begin
ProcAddress := RemoteGetProcAddress(Process, PLibName, pchar(Import^
and $FFFF))
end
else
begin
PImportedName := pchar(Import^ + cardinal(ImageBase) +
IMPORTED_NAME_OFFSET);
ProcAddress :=
RemoteGetProcAddress(Process, PLibName, PImportedName);
end;
PPointer(Import)^ := ProcAddress;
Inc(Import);
end;
Inc(PImport);
end;
end;
begin
ImageNtHeaders := pointer(int64(cardinal(Src)) +
PImageDosHeader(Src)._lfanew);
ImageBase := VirtualAlloc(Dest, ImageNtHeaders.OptionalHeader.SizeOfImage,
MEM_RESERVE, PAGE_NOACCESS);
ImageBaseDelta
:= cardinal(ImageBase) - ImageNtHeaders.OptionalHeader.ImageBase;
SectionBase := VirtualAlloc(ImageBase,
ImageNtHeaders.OptionalHeader.SizeOfHeaders, MEM_COMMIT, PAGE_READWRITE);
Move(Src^, SectionBase^,
ImageNtHeaders.OptionalHeader.SizeOfHeaders);
VirtualProtect(SectionBase, ImageNtHeaders.OptionalHeader.SizeOfHeaders,
PAGE_READONLY, OldProtect);
PSections := pointer(pchar(@(ImageNtHeaders.OptionalHeader)) +
ImageNtHeaders.FileHeader.SizeOfOptionalHeader);
for SectionLoop := 0 to ImageNtHeaders.FileHeader.NumberOfSections -
1 do
begin
VirtualSectionSize := PSections[SectionLoop].Misc.VirtualSize;
RawSectionSize :=
PSections[SectionLoop].SizeOfRawData;
if VirtualSectionSize < RawSectionSize then
begin
VirtualSectionSize :=
VirtualSectionSize xor RawSectionSize;
RawSectionSize := VirtualSectionSize xor RawSectionSize;
VirtualSectionSize :=
VirtualSectionSize xor RawSectionSize;
end;
SectionBase := VirtualAlloc(PSections[SectionLoop].VirtualAddress +
pchar(ImageBase), VirtualSectionSize, MEM_COMMIT, PAGE_READWRITE);
FillChar(SectionBase^, VirtualSectionSize, 0);
Move((pchar(src) + PSections[SectionLoop].PointerToRawData)^, SectionBase^,
RawSectionSize);
end;
NewLibInfo.DllProc
:= TDllEntryProc(ImageNtHeaders.OptionalHeader.AddressOfEntryPoint +
cardinal(ImageBase));
NewLibInfo.DllProcAddress
:= pointer(ImageNtHeaders.OptionalHeader.AddressOfEntryPoint +
cardinal(ImageBase));
NewLibInfo.ImageBase :=
ImageBase;
NewLibInfo.ImageSize := ImageNtHeaders.OptionalHeader.SizeOfImage;
SetLength(NewLibInfo.LibsUsed, 0);
if
ImageNtHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress <> 0 then
ProcessRelocs(pointer(ImageNtHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress +
cardinal(ImageBase)));
if
ImageNtHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress <>
0 then
ProcessImports(pointer(ImageNtHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress
+ cardinal(ImageBase)));
for SectionLoop := 0 to ImageNtHeaders.FileHeader.NumberOfSections - 1 do
begin
VirtualProtect(PSections[SectionLoop].VirtualAddress + pchar(ImageBase),
PSections[SectionLoop].Misc.VirtualSize,
GetSectionProtection(PSections[SectionLoop].Characteristics), OldProtect);
end;
Result := NewLibInfo;
end
;
function
InjectLibraryEx(Process: LongWord; Src: Pointer): Boolean;
type
TDllLoadInfo = record Module: Pointer;
EntryPoint:
Pointer;
end;
var
Lib: TLibInfo;
DllLoadInfo: TDllLoadInfo;
BytesWritten, TID: longword;
ImageNtHeaders:
PImageNtHeaders;
pDllEntryPoint, pDllLoadInfo, pModule: Pointer;
procedure DllEntryPoint(lpParameter: pointer);
stdcall;
var
LoadInfo: TDllLoadInfo;
begin
LoadInfo := TDllLoadInfo(lpParameter^);
asm xor eax, eax push eax push
DLL_PROCESS_ATTACH push LoadInfo.Module call LoadInfo.EntryPoint
end;
end;
begin
Result := False;
if
((RT_GetVersion(nil) shr 31) = 1) then
Exit;
ImageNtHeaders := pointer(int64(cardinal(Src)) +
PImageDosHeader(Src)._lfanew);
pModule := xVirtualAllocEx(Process,
pointer(ImageNtHeaders.OptionalHeader.ImageBase +
$20000000), ImageNtHeaders.OptionalHeader.SizeOfImage, MEM_COMMIT or
MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if pModule
= nil then
Exit;
Lib := MapLibrary(Process, pModule, Src);
pDllLoadInfo := xVirtualAllocEx(Process, nil,
SizeOf(DllLoadInfo), MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
pDllEntryPoint := xVirtualAllocEx(Process,
nil, 1024, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if pDllEntryPoint = nil then
Exit;
DllLoadInfo.Module
:= Lib.ImageBase;
DllLoadInfo.EntryPoint := Lib.DllProcAddress;
WriteProcessMemory(Process, pModule, Lib.ImageBase,
Lib.ImageSize, BytesWritten);
WriteProcessMemory(Process, pDllLoadInfo, @DllLoadInfo, SizeOf(DllLoadInfo),
BytesWritten);
WriteProcessMemory(Process, pDllEntryPoint, @DllEntryPoint, 1024,
BytesWritten);
if
xCreateRemoteThread(Process, nil, 0, pDllEntryPoint, pDllLoadInfo, 0, @TID) <>
0 then
Result := True;
end
;
function
InjectExe(Process: LongWord; EntryPoint: Pointer): Boolean;
var
Module, NewModule: Pointer;
Size, BytesWritten, TID:
longword;
begin
Result := False;
if ((RT_GetVersion(nil) shr 31) = 1) then
Exit;
Module :=
Pointer(GetModuleHandle(nil));
Size := PImageOptionalHeader(Pointer(integer(Module) +
PImageDosHeader(Module)._lfanew
+ SizeOf(dword) + SizeOf(TImageFileHeader))).SizeOfImage;
xVirtualFreeEx(Process, Module, 0, MEM_RELEASE);
NewModule
:= xVirtualAllocEx(Process, Module, Size, MEM_COMMIT or MEM_RESERVE,
PAGE_EXECUTE_READWRITE);
WriteProcessMemory(Process, NewModule, Module, Size, BytesWritten);
if xCreateRemoteThread(Process, nil, 0,
EntryPoint, Module, 0, @TID) <> 0 then
Result := True;
end;
end.
- afx good code
- Afx
- afx
- AFX
- java good code
- scala good code
- Code Jam--Good Luck
- Good and Bad PHP Code
- A return to Good Code
- A return to Good Code
- A return to Good Code
- How Do You Define "Good Code"?
- (zz)Good and Bad PHP Code
- A return to Good Code【ZT】
- A good code base of Microsoft C#
- Weka source code sample good website
- 5-tips-for-creating-good-code-every
- Google Code Jam Notes - Good Luck - Java
- 解析Linux环境下的ReiserFS文件系统 (ZT)
- 强制点击广告JavaScript
- why Reiser4 is great for you ? (ZT)
- Step by Step 配置Eclipse 3.1 + JBoss 4.0.3SP1 + Lomboz 3.1RC2
- 我对于未来搜索的看法
- afx good code
- Compuware Softice的烦恼
- 2006年1月13日
- inject的讨论
- asp使用wmi远程执行命令
- 项目进展二
- Oracle简单的逻辑备份
- 数据结构实习报告
- 新手遇到VBSCRIPT问题,求救
