边
边尘浪子
Unregistered / Unconfirmed
GUEST, unregistred user!
procedure TForm1.Button1Click(Sender: TObject);<br>var<br> b:boolean;<br> processlistHandle:THandle;<br> processStruct:TprocessEntry32;<br> pid
word;<br> th:THandle;<br> dll_filename
WideChar; // dll 文件名的指针<br> guest_file:String; // DLL 文件名<br> cb:integer; // dll 路径名所需要的空间<br> dll_file_remoteointer;<br> tmp_return:dword;<br> tfnaddress:TFNThreadStartRoutine;<br>begin<br> processlistHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);<br> b:=Process32First(processlistHandle,processStruct);<br> while b do<br> begin<br> Memo1.Lines.Add(IntToStr(processStruct.th32ProcessID)+' - '+processStruct.szExeFile);<br> if processStruct.szExeFile='explorer.exe' then<br> begin<br> pid:=processStruct.th32ProcessID;<br> break;<br> end;<br> b:=Process32Next(processlistHandle,processStruct);<br> end;<br><br><br> th:=OpenProcess(PROCESS_CREATE_THREAD+<br> PROCESS_VM_OPERATION+<br> PROCESS_VM_WRITE,<br> FALSE,pid);<br> if th<=0 then exit;<br><br> //划一块内存<br> guest_file:='project1.dll';<br> GetMem(dll_filename,Length(guest_file)*2+1);<br> StringToWideChar(guest_file,dll_filename,Length(guest_file)*2+1);<br><br> cb:= (lstrlenW(dll_filename)+1)*SizeOf(WChar);<br> dll_file_remote:=PWideString(VirtualAllocEx(th,nil,cb,MEM_COMMIT,PAGE_READWRITE));<br><br> b:=WriteProcessMemory(th,dll_file_remote,dll_filename,cb,tmp_return);<br><br> if not b then exit;<br><br> tfnaddress:=GetProcAddress(GetModuleHandle('Kernel32'),'LoadLibraryW');<br> tmp_return:=0;<br> CreateRemoteThread(th,nil,0,tfnaddress,dll_file_remote,0,tmp_return);<br> FreeMem(dll_filename);<br>end;
word;<br> th:THandle;<br> dll_filenameWideChar; // dll 文件名的指针<br> guest_file:String; // DLL 文件名<br> cb:integer; // dll 路径名所需要的空间<br> dll_file_remoteointer;<br> tmp_return:dword;<br> tfnaddress:TFNThreadStartRoutine;<br>begin<br> processlistHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);<br> b:=Process32First(processlistHandle,processStruct);<br> while b do<br> begin<br> Memo1.Lines.Add(IntToStr(processStruct.th32ProcessID)+' - '+processStruct.szExeFile);<br> if processStruct.szExeFile='explorer.exe' then<br> begin<br> pid:=processStruct.th32ProcessID;<br> break;<br> end;<br> b:=Process32Next(processlistHandle,processStruct);<br> end;<br><br><br> th:=OpenProcess(PROCESS_CREATE_THREAD+<br> PROCESS_VM_OPERATION+<br> PROCESS_VM_WRITE,<br> FALSE,pid);<br> if th<=0 then exit;<br><br> //划一块内存<br> guest_file:='project1.dll';<br> GetMem(dll_filename,Length(guest_file)*2+1);<br> StringToWideChar(guest_file,dll_filename,Length(guest_file)*2+1);<br><br> cb:= (lstrlenW(dll_filename)+1)*SizeOf(WChar);<br> dll_file_remote:=PWideString(VirtualAllocEx(th,nil,cb,MEM_COMMIT,PAGE_READWRITE));<br><br> b:=WriteProcessMemory(th,dll_file_remote,dll_filename,cb,tmp_return);<br><br> if not b then exit;<br><br> tfnaddress:=GetProcAddress(GetModuleHandle('Kernel32'),'LoadLibraryW');<br> tmp_return:=0;<br> CreateRemoteThread(th,nil,0,tfnaddress,dll_file_remote,0,tmp_return);<br> FreeMem(dll_filename);<br>end;