人
人在昆明
Unregistered / Unconfirmed
GUEST, unregistred user!
不要 那个高人sdk写的 那段代码。
人
人在昆明
Unregistered / Unconfirmed
GUEST, unregistred user!
up...
人
人在昆明
Unregistered / Unconfirmed
GUEST, unregistred user!
up
L
ligia
Unregistered / Unconfirmed
GUEST, unregistred user!
up这么多干什么。
你指的是远程线程注入DLL对吧,函数当然有了。
你指的是远程线程注入DLL对吧,函数当然有了。
人
人在昆明
Unregistered / Unconfirmed
GUEST, unregistred user!
source code ??? txyqbf_gxx@163.com
L
ligia
Unregistered / Unconfirmed
GUEST, unregistred user!
分.....
人
人在昆明
Unregistered / Unconfirmed
GUEST, unregistred user!
收到代码 另开贴 300 分, 我不想 浪费
L
ligia
Unregistered / Unconfirmed
GUEST, unregistred user!
unit krprocess;
//[UNIT]/[REMOTE]/[PROCESS]
interface
uses Windows,Sysutils,TLHelp32;
//-------------------------------------------------------
type //[远程函数定义][---------------KERNEL32.DLL]
DF_LoadLibraryA= function (lpLibFileName: PAnsiChar): HMODULE; stdcall;
DF_FreeLibrary= function (hLibModule: HMODULE): BOOL; stdcall;
DF_GetProcAddress= function (hModule: HMODULE; lpProcName: LPCSTR): FARPROC; stdcall;
DF_GetModuleHandleA=function (lpModuleName: PAnsiChar): HMODULE; stdcall;
type //[远程进程插入Dll结构:所有类型使用 Pointer 类型 ]
DR_RProcInsDll=record
fLoadLibraryA
F_LoadLibraryA;
fFreeLibraryF_FreeLibrary;
fGetProcAddressF_GetProcAddress;
aDll:Array[0..256] of AnsiChar; END;
DP_RProcInsDll=^DR_RProcInsDll;
//-----------------------------------------------------------
var
GS_EXEFILE:STRING;
GS_DLLFILE:STRING;
GD_DLLMDLWORD;
GD_THDHDLWORD;
//--------------------------------------------------------------------
//[COMMON FUNC]
FUNCTION FkProcessPrivilegeSet(vEnable:BOOL):BOOL;
FUNCTION FkProcessIDGet(vFileName:STRING;vPathCheck:BOOL)WORD;
//[REMOTE FUNC]
FUNCTION FkRProcInsDll(vExe,vDll:STRING;var vThdHdlWORD;vWait:BOOL):BOOL;
//[REMOTE THREAD]
FUNCTION FtRProcInsDllCode(vpDataP_RProcInsDll)WORD;stdcall;
implementation
//------------------------------------------------------------
//------------------------------------------------------------
FUNCTION FtRProcInsDllCode(vpDataP_RProcInsDll)WORD; stdcall;
BEGIN
Result:=DWORD(vpData.fLoadLibraryA(vpData.aDll) );
END;
//------------------------------------------------------------
//------------------------------------------------------------
FUNCTION FkRProcInsDll(vExe,vDll:STRING;var vThdHdlWORD;vWait:BOOL):BOOL;
VAR
dProcessIDWORD;
hProcess:THandle;
i:INTEGER;
dLength,dReturnWORD;
rDataR_RProcInsDll;
pData,pThread
ointer;
BEGIN
Result:=FALSE; dReturn:=0;
//[设置进程权限]
IF NOT FkProcessPrivilegeSet(TRUE) THEN Exit;
//[获得进程ID]
dProcessID:=FkProcessIDGet(vExe,FALSE);
IF dProcessID<=0 THEN Exit;
//[打开此进程]
hProcess:=OpenProcess(PROCESS_CREATE_THREAD+
PROCESS_VM_OPERATION+
PROCESS_VM_WRITE,FALSE,dProcessID);
IF hProcess<=0 THEN Exit;
//[写线程需要的数据到远程进程]
rData.fLoadLibraryA:= GetProcAddress(GetModuleHandle('Kernel32.dll'),'LoadLibraryA');
rData.fFreeLibrary:= GetProcAddress(GetModuleHandle('Kernel32.dll'),'FreeLibrary');
rData.fGetProcAddress:=GetProcAddress(GetModuleHandle('Kernel32.dll'),'GetProcAddress');
FOR i:=0 TO Length(vDll)-1 DO rData.aDll:=vDll[i+1];
rData.aDll[Length(vDll)]:=CHAR(0);
dLength:=SizeOf(DR_RProcInsDll);
pData:=VirtualAllocEx(hProcess,NIL,dLength,
MEM_COMMIT,
PAGE_READWRITE);
IF NOT WriteProcessMemory(hProcess,
pData,@rData,
dLength,dReturn) THEN Exit;
//[写线程执行代码到远程]
dLength:=1024*4;
pThread:=VirtualAllocEx(hProcess,NIL,dLength,
MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
IF NOT WriteProcessMemory(hProcess,
pThread,@FtRProcInsDllCode,
dLength,dReturn) THEN Exit;
//[创建远程线程]
vThdHdl:=CreateRemoteThread(hProcess,nil,0,
pThread,pData,
0,dReturn);
//[获得返回值即DLL的模块地址]
IF vWait AND (vThdHdl>0) THEN
BEGIN
WaitForSingleObject(vThdHdl,INFINITE);
//[释放内存]
VirtualFreeEx(hProcess,pData,
SizeOf(DR_RProcInsDll),
MEM_RELEASE);
VirtualFreeEx(hProcess,pThread,
1024*4,
MEM_RELEASE);
END;
Result:=TRUE; CloseHandle(hProcess);
END;
//------------------------------------------------------------
//----------------[获得进程ID]------------------------------------------
FUNCTION FkProcessIDGet(vFileName:STRING;vPathCheck:BOOL)WORD;
var
tpeTemp:TProcessEntry32; hFind:Thandle;
oFind,oFound:BOOL;
begin
hFind := CreateToolHelp32SnapShot(TH32CS_SNAPALL,0);
oFind := Process32First(hFind,tpeTemp);
WHILE oFind DO
BEGIN
IF vPathCheck
THEN oFound:=AnsiStricomp(tpeTemp.szExefile,PChar(vFilename))=0
ELSE oFound:=AnsiStricomp(PChar(ExtractFilename(tpeTemp.szExefile)),PChar(ExtractFilename(vFilename)))=0;
IF oFound THEN BEGIN Result:=tpeTemp.th32ProcessID; break; END;
oFind:=Process32Next(hFind,tpeTemp);
END;
CloseHandle(hFind);
END;
//-----------------------------------------------------------
//-------------[设置进程权限]-------------------------------------------
FUNCTION FkProcessPrivilegeSet(vEnable:BOOL):BOOL;
VAR hToken: THandle; tp: TOKEN_PRIVILEGES; dw: DWORD;
CONST SE_DEBUG_NAME = 'SeDebugPrivilege';
BEGIN
Result:=False;
IF (OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,hToken)) THEN
BEGIN
tp.PrivilegeCount :=1;
LookupPrivilegeValue(nil,SE_DEBUG_NAME ,tp.Privileges[0].Luid);
IF vEnable
THEN tp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
ELSE tp.Privileges[0].Attributes := 0;
dw:=0;
AdjustTokenPrivileges(hToken,False,tp,SizeOf(tp),nil,dw);
CloseHandle(hToken); Result:=TRUE;
END;
END;
//---------------------------------------------------------
//---------------------------------------------------------
end.
//[UNIT]/[REMOTE]/[PROCESS]
interface
uses Windows,Sysutils,TLHelp32;
//-------------------------------------------------------
type //[远程函数定义][---------------KERNEL32.DLL]
DF_LoadLibraryA= function (lpLibFileName: PAnsiChar): HMODULE; stdcall;
DF_FreeLibrary= function (hLibModule: HMODULE): BOOL; stdcall;
DF_GetProcAddress= function (hModule: HMODULE; lpProcName: LPCSTR): FARPROC; stdcall;
DF_GetModuleHandleA=function (lpModuleName: PAnsiChar): HMODULE; stdcall;
type //[远程进程插入Dll结构:所有类型使用 Pointer 类型 ]
DR_RProcInsDll=record
fLoadLibraryA
F_LoadLibraryA;fFreeLibrary
F_FreeLibrary;fGetProcAddress
F_GetProcAddress;aDll:Array[0..256] of AnsiChar; END;
DP_RProcInsDll=^DR_RProcInsDll;
//-----------------------------------------------------------
var
GS_EXEFILE:STRING;
GS_DLLFILE:STRING;
GD_DLLMDL
WORD;GD_THDHDL
WORD;//--------------------------------------------------------------------
//[COMMON FUNC]
FUNCTION FkProcessPrivilegeSet(vEnable:BOOL):BOOL;
FUNCTION FkProcessIDGet(vFileName:STRING;vPathCheck:BOOL)
WORD;//[REMOTE FUNC]
FUNCTION FkRProcInsDll(vExe,vDll:STRING;var vThdHdl
WORD;vWait:BOOL):BOOL;//[REMOTE THREAD]
FUNCTION FtRProcInsDllCode(vpData
P_RProcInsDll)WORD;stdcall;implementation
//------------------------------------------------------------
//------------------------------------------------------------
FUNCTION FtRProcInsDllCode(vpData
P_RProcInsDll)WORD; stdcall;BEGIN
Result:=DWORD(vpData.fLoadLibraryA(vpData.aDll) );
END;
//------------------------------------------------------------
//------------------------------------------------------------
FUNCTION FkRProcInsDll(vExe,vDll:STRING;var vThdHdl
WORD;vWait:BOOL):BOOL;VAR
dProcessID
WORD;hProcess:THandle;
i:INTEGER;
dLength,dReturn
WORD;rData
R_RProcInsDll;pData,pThread
ointer;BEGIN
Result:=FALSE; dReturn:=0;
//[设置进程权限]
IF NOT FkProcessPrivilegeSet(TRUE) THEN Exit;
//[获得进程ID]
dProcessID:=FkProcessIDGet(vExe,FALSE);
IF dProcessID<=0 THEN Exit;
//[打开此进程]
hProcess:=OpenProcess(PROCESS_CREATE_THREAD+
PROCESS_VM_OPERATION+
PROCESS_VM_WRITE,FALSE,dProcessID);
IF hProcess<=0 THEN Exit;
//[写线程需要的数据到远程进程]
rData.fLoadLibraryA:= GetProcAddress(GetModuleHandle('Kernel32.dll'),'LoadLibraryA');
rData.fFreeLibrary:= GetProcAddress(GetModuleHandle('Kernel32.dll'),'FreeLibrary');
rData.fGetProcAddress:=GetProcAddress(GetModuleHandle('Kernel32.dll'),'GetProcAddress');
FOR i:=0 TO Length(vDll)-1 DO rData.aDll:=vDll[i+1];
rData.aDll[Length(vDll)]:=CHAR(0);
dLength:=SizeOf(DR_RProcInsDll);
pData:=VirtualAllocEx(hProcess,NIL,dLength,
MEM_COMMIT,
PAGE_READWRITE);
IF NOT WriteProcessMemory(hProcess,
pData,@rData,
dLength,dReturn) THEN Exit;
//[写线程执行代码到远程]
dLength:=1024*4;
pThread:=VirtualAllocEx(hProcess,NIL,dLength,
MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
IF NOT WriteProcessMemory(hProcess,
pThread,@FtRProcInsDllCode,
dLength,dReturn) THEN Exit;
//[创建远程线程]
vThdHdl:=CreateRemoteThread(hProcess,nil,0,
pThread,pData,
0,dReturn);
//[获得返回值即DLL的模块地址]
IF vWait AND (vThdHdl>0) THEN
BEGIN
WaitForSingleObject(vThdHdl,INFINITE);
//[释放内存]
VirtualFreeEx(hProcess,pData,
SizeOf(DR_RProcInsDll),
MEM_RELEASE);
VirtualFreeEx(hProcess,pThread,
1024*4,
MEM_RELEASE);
END;
Result:=TRUE; CloseHandle(hProcess);
END;
//------------------------------------------------------------
//----------------[获得进程ID]------------------------------------------
FUNCTION FkProcessIDGet(vFileName:STRING;vPathCheck:BOOL)
WORD;var
tpeTemp:TProcessEntry32; hFind:Thandle;
oFind,oFound:BOOL;
begin
hFind := CreateToolHelp32SnapShot(TH32CS_SNAPALL,0);
oFind := Process32First(hFind,tpeTemp);
WHILE oFind DO
BEGIN
IF vPathCheck
THEN oFound:=AnsiStricomp(tpeTemp.szExefile,PChar(vFilename))=0
ELSE oFound:=AnsiStricomp(PChar(ExtractFilename(tpeTemp.szExefile)),PChar(ExtractFilename(vFilename)))=0;
IF oFound THEN BEGIN Result:=tpeTemp.th32ProcessID; break; END;
oFind:=Process32Next(hFind,tpeTemp);
END;
CloseHandle(hFind);
END;
//-----------------------------------------------------------
//-------------[设置进程权限]-------------------------------------------
FUNCTION FkProcessPrivilegeSet(vEnable:BOOL):BOOL;
VAR hToken: THandle; tp: TOKEN_PRIVILEGES; dw: DWORD;
CONST SE_DEBUG_NAME = 'SeDebugPrivilege';
BEGIN
Result:=False;
IF (OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,hToken)) THEN
BEGIN
tp.PrivilegeCount :=1;
LookupPrivilegeValue(nil,SE_DEBUG_NAME ,tp.Privileges[0].Luid);
IF vEnable
THEN tp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
ELSE tp.Privileges[0].Attributes := 0;
dw:=0;
AdjustTokenPrivileges(hToken,False,tp,SizeOf(tp),nil,dw);
CloseHandle(hToken); Result:=TRUE;
END;
END;
//---------------------------------------------------------
//---------------------------------------------------------
end.
人
人在昆明
Unregistered / Unconfirmed
GUEST, unregistred user!
测试后给分,大约要明天晚上,明天要上班,今天太累了,谢谢兄弟!
L
ligia
Unregistered / Unconfirmed
GUEST, unregistred user!
哎。。。。。。。。。。。。。。。。。。。。。。
L
ligia
Unregistered / Unconfirmed
GUEST, unregistred user!
都3天了还不给分!!!!!!!!!!!!!!!
人
人在昆明
Unregistered / Unconfirmed
GUEST, unregistred user!
兄弟,分给了