delphi 写DLL注入器


本文整理自网络,侵删。

 delphi 写DLL注入器

unit Unit1;

interface

uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls,tlhelp32;

type
TForm1 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;

var
Form1: TForm1;

implementation

{$R *.dfm}
{注入开始}


procedure FindAProcess(const AFilename: string; const PathMatch: Boolean; var ProcessID: DWORD); //查找进程
var
lppe: TProcessEntry32;
SsHandle: Thandle;
FoundAProc, FoundOK: boolean;
begin
ProcessID :=0;
SsHandle := CreateToolHelp32SnapShot(TH32CS_SnapProcess, 0);
FoundAProc := Process32First(Sshandle, lppe);
while FoundAProc do
begin
if PathMatch then
FoundOK := AnsiStricomp(lppe.szExefile, PChar(AFilename)) = 0
else
FoundOK := AnsiStricomp(PChar(ExtractFilename(lppe.szExefile)), PChar(ExtractFilename(AFilename))) = 0;
if FoundOK then
begin
ProcessID := lppe.th32ProcessID;
break;
end;
FoundAProc := Process32Next(SsHandle, lppe);
end;
CloseHandle(SsHandle);
end;

function Debugger(const bEnabled: Boolean): Boolean; //提升DeBug
var
hToken: THandle;
tp: TOKEN_PRIVILEGES;
a: DWORD;
const
SE_DEBUG_NAME = 'SeDebugPrivilege';
begin
Result := False;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, hToken)) then
begin
tp.PrivilegeCount := 1;
LookupPrivilegeValue(nil, SE_DEBUG_NAME, tp.Privileges[0].Luid);
if bEnabled then
tp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else
tp.Privileges[0].Attributes := 0;
a := 0;
AdjustTokenPrivileges(hToken, False, tp, SizeOf(tp), nil, a);
Result := GetLastError = ERROR_SUCCESS;
CloseHandle(hToken);
end;
end;

function charu(const HostFile, GuestFile: string; const PID: DWORD = 0): DWORD; //插入线程
var
hRemoteProcess: THandle;
dwRemoteProcessId: DWORD;
cb: DWORD;
pszLibFileRemote: Pointer;
iReturnCode: Boolean;
TempVar: DWORD;
pfnStartAddr: TFNThreadStartRoutine;
pszLibAFilename: PwideChar;
begin
Result := 0;
Debugger(True);
Getmem(pszLibAFilename, Length(GuestFile) * 2 + 1);
StringToWideChar(GuestFile, pszLibAFilename, Length(GuestFile) * 2 + 1);
if PID > 0 then
dwRemoteProcessID := PID
else
FindAProcess(HostFile, False, dwRemoteProcessID);
hRemoteProcess := OpenProcess(PROCESS_CREATE_THREAD + {允许远程创建线程}
PROCESS_VM_OPERATION + {允许远程VM操作}
PROCESS_VM_WRITE, {允许远程VM写}
FALSE, dwRemoteProcessId);
cb := (1 + lstrlenW(pszLibAFilename)) * sizeof(WCHAR);
pszLibFileRemote := PWIDESTRING(VirtualAllocEx(hRemoteProcess, nil, cb, MEM_COMMIT, PAGE_READWRITE));
TempVar := 0;
iReturnCode := WriteProcessMemory(hRemoteProcess, pszLibFileRemote, pszLibAFilename, cb, TempVar);
if iReturnCode then
begin
pfnStartAddr := GetProcAddress(GetModuleHandle('Kernel32'), 'LoadLibraryW');
TempVar := 0;
Result := CreateRemoteThread(hRemoteProcess, nil, 0, pfnStartAddr, pszLibFileRemote, 0, TempVar);
end;
Freemem(pszLibAFilename);
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
charu('Explorer.exe',extractfilepath(paramstr(0))+'test.dll');
end;

end.


charu('Explorer.exe',extractfilepath(paramstr(0))+'test.dll');
'Explorer.exe'是进程名,'test.dll' 是要注入的DLL文件名 这么写 我就不说了 很简单

相关阅读 >>

Delphi设置ie代理的方法

Delphi里动态创建access的交叉表视图

Delphi edit右键系统菜单加自定义菜单项

Delphi中使用flash控件

Delphi 自我拷贝复制

Delphi 使用tmemorystream保存多张图片到文件,并读取

Delphi 自动填表代码

Delphi文件监视主单元文件

Delphi 窗体内控件实现滚动字母

Delphi 得到 winrar 处理解压缩文件的返回值 ?

更多相关阅读请进入《Delphi》频道 >>



打赏

取消

感谢您的支持,我会继续努力的!

扫码支持
扫码打赏,您说多少就多少

打开支付宝扫一扫,即可进行扫码打赏哦

分享从这里开始,精彩与您同在

评论

管理员已关闭评论功能...