动态链接库(100分)

  • 主题发起人 主题发起人 dcba
  • 开始时间 开始时间
D

dcba

Unregistered / Unconfirmed
GUEST, unregistred user!
如何使一个外部程序加载我写的动态链接库?<br>或者如何使我的程序进入到其他程序的内存空间
 
使用钩子函数把dll注入到别的进程
 
你想做木马吗?
 
不是做木马,是客户要求修改已有的exe程序,但是没有源代码<br>所以只有这样
 
(******************************************************************************<br>* &nbsp; CopyRight (c) By GanHuaXin 2002<br>* &nbsp; All Right Reserved<br>* &nbsp; Email : huiyugan@263.net<br>* &nbsp; Date &nbsp; &nbsp;:<br>* &nbsp; &nbsp; &nbsp; New Develop &nbsp; : 2002-x-x<br>* &nbsp; &nbsp; &nbsp; Modified &nbsp; &nbsp; &nbsp;: 2001-05-26<br>******************************************************************************)<br><br>unit untInjectCode;<br><br>interface<br><br>uses<br>&nbsp; Windows, Sysutils;<br><br>function LoadDllToProcess(hProcess:Thandle;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; strDllName:PChar;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; var dllHandle:HModule):BOOL;<br>function UnLoadDllFromProcess(hProcess:THandle;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hLibModule: HModule;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; var bOK:BOOL):BOOL;<br><br>implementation<br><br>type<br>&nbsp; TLoadLibraryA = function (lpLibFileName: PAnsiChar): HMODULE; stdcall;<br>&nbsp; TLoadInjectInfo = Record<br>&nbsp; &nbsp; fnLoadLibraryA : TLoadLibraryA;<br>&nbsp; &nbsp; szDllName : array[0..255] of AnsiChar;<br>&nbsp; &nbsp; hDLL : HModule;<br>&nbsp; &nbsp; InjectCode : array [0..99] of byte;<br>&nbsp; end;<br>&nbsp; PLoadInjectInfo = ^TLoadInjectInfo;<br><br>&nbsp; TMessageBeep = function (uType: UINT): BOOL; stdcall;<br>&nbsp; TFreeLibrary = function (hLibModule: HMODULE): BOOL; stdcall;<br>&nbsp; TFreeInjectInfo = Record<br>&nbsp; &nbsp; fnFreeLibrary : TFreeLibrary;<br>&nbsp; &nbsp; hLibModule : HMODULE;<br>&nbsp; &nbsp; fnMessageBeep : TMessageBeep;<br>&nbsp; &nbsp; uBeep : UINT;<br>&nbsp; &nbsp; InjectCode : array[0..99] of byte;<br>&nbsp; end;<br>&nbsp; PFreeInjectInfo = ^TFreeInjectInfo;<br><br>function RemoteLoadFunc(p : PLoadInjectInfo):DWORD;stdcall;<br>begin<br>&nbsp; Result := DWORD(p.fnLoadLibraryA(p.szDllName));<br>end;<br><br>function RemoteFreeFunc(p : PFreeInjectInfo):DWORD;stdcall;<br>begin<br>&nbsp; p.fnMessageBeep(p.uBeep);<br>&nbsp; Result := DWORD(p.fnFreeLibrary(p.hLibModule));<br>end;<br><br>function LoadDllToProcess(hProcess:THandle;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; strDllName:PChar;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; var dllHandle:HModule):BOOL;<br>var<br>&nbsp; pCode : ^Byte;<br>&nbsp; i : Integer;<br>&nbsp; InjectInfo : TLoadInjectInfo;<br>&nbsp; pRemoteCode : PLoadInjectInfo;<br>&nbsp; dwCount : DWORD;<br>&nbsp; dwThreadID : DWORD;<br>&nbsp; hThread : THandle;<br>&nbsp; dwExitCode : DWORD;<br><br>begin<br>&nbsp; result := TRUE;<br>&nbsp; dllHandle := 0;<br>try<br>&nbsp; pCode := Addr(RemoteLoadFunc);<br><br>&nbsp; for i:=0 to SizeOf(InjectInfo.InjectCode) - 1 do begin<br>&nbsp; &nbsp; InjectInfo.InjectCode := pCode^;<br>&nbsp; &nbsp; Inc(pCode);<br>&nbsp; end;<br><br>&nbsp; InjectInfo.fnLoadLibraryA := GetProcAddress(GetModuleHandle('Kernel32.dll'),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'LoadLibraryA');<br>&nbsp; for i:=0 to strlen(strDllName) do begin<br>&nbsp; &nbsp; InjectInfo.szDllName := strDllName;<br>&nbsp; end;<br>&nbsp; InjectInfo.szDllName[strlen(strDllName)] := Char(0);<br><br>&nbsp; pRemoteCode := nil;<br>&nbsp; pRemoteCode := VirtualAllocEx( hProcess,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nil,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SizeOf(TLoadInjectInfo),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MEM_COMMIT,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; PAGE_EXECUTE_READWRITE);<br>&nbsp; if (pRemoteCode = nil) then<br>&nbsp; &nbsp; RaiseLastWin32Error;<br><br>&nbsp; if not WriteProcessMemory(hProcess,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pRemoteCode,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; @InjectInfo,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SizeOf(TLoadInjectInfo),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dwCount) then<br>&nbsp; &nbsp; RaiseLastWin32Error;<br><br>&nbsp; hThread := 0;<br>&nbsp; hThread := CreateRemoteThread( hProcess,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nil,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Addr(pRemoteCode^.InjectCode[0]),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pRemoteCode,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dwThreadId);<br>&nbsp; if hThread=0 then<br>&nbsp; &nbsp; RaiseLastWin32Error;<br><br>&nbsp; WaitForSingleObject(hThread, INFINITE);<br><br>&nbsp; GetExitCodeThread(hThread, dwExitCode);<br><br>&nbsp; dllHandle := dwExitCode;<br><br>&nbsp; CloseHandle(hThread);<br>finally<br>&nbsp; if Assigned(pRemoteCode) then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;VirtualFreeEx( hProcess,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pRemoteCode,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SizeOf(TLoadInjectInfo),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MEM_RELEASE);<br>end;<br><br>end;<br><br>function UnLoadDllFromProcess(hProcess:THandle;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hLibModule: HModule;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; var bOK:BOOL):BOOL;<br>var<br>&nbsp; pCode : ^Byte;<br>&nbsp; i : Integer;<br>&nbsp; InjectInfo : TFreeInjectInfo;<br>&nbsp; pRemoteCode : PFreeInjectInfo;<br>&nbsp; dwCount : DWORD;<br>&nbsp; dwThreadID : DWORD;<br>&nbsp; hThread : THandle;<br>&nbsp; dwExitCode : DWORD;<br><br>begin<br>&nbsp; result := TRUE;<br>&nbsp; bOK := TRUE;<br>try<br>&nbsp; pCode := Addr(RemoteFreeFunc);<br><br>&nbsp; for i:=0 to SizeOf(InjectInfo.InjectCode) - 1 do begin<br>&nbsp; &nbsp; InjectInfo.InjectCode := pCode^;<br>&nbsp; &nbsp; Inc(pCode);<br>&nbsp; end;<br><br>&nbsp; InjectInfo.fnFreeLibrary := GetProcAddress(GetModuleHandle('Kernel32.dll'),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'FreeLibrary');<br>&nbsp; InjectInfo.hLibModule := hLibModule;<br>&nbsp; InjectInfo.fnMessageBeep := GetProcAddress(GetModuleHandle('User32.dll'),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'MessageBeep');<br>&nbsp; InjectInfo.uBeep := 0;<br><br>&nbsp; pRemoteCode := nil;<br>&nbsp; pRemoteCode := VirtualAllocEx( hProcess,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nil,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SizeOf(TFreeInjectInfo),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MEM_COMMIT,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; PAGE_EXECUTE_READWRITE);<br>&nbsp; if (pRemoteCode = nil) then<br>&nbsp; &nbsp; RaiseLastWin32Error;<br><br>&nbsp; if not WriteProcessMemory(hProcess,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pRemoteCode,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; @InjectInfo,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SizeOf(TFreeInjectInfo),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dwCount) then<br>&nbsp; &nbsp; RaiseLastWin32Error;<br><br>&nbsp; hThread := 0;<br>&nbsp; hThread := CreateRemoteThread( hProcess,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nil,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Addr(pRemoteCode^.InjectCode[0]),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pRemoteCode,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dwThreadId);<br>&nbsp; if hThread=0 then<br>&nbsp; &nbsp; RaiseLastWin32Error;<br><br>&nbsp; WaitForSingleObject(hThread, INFINITE);<br><br>&nbsp; GetExitCodeThread(hThread, dwExitCode);<br><br>&nbsp; bOK := BOOL(dwExitCode);<br><br>&nbsp; CloseHandle(hThread);<br>finally<br>&nbsp; if Assigned(pRemoteCode) then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;VirtualFreeEx( hProcess,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pRemoteCode,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SizeOf(TLoadInjectInfo),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MEM_RELEASE);<br>end;<br><br>end;<br><br><br>end.<br>
 
CreateRemoteThread 只适用于2000 &nbsp;
 
您必须登录或注册才可回复。

Similar threads

Ray
[转]终于可以发布Delphi下收点OSGI精髓皮毛而设计的插件框架WisdomPluginFramework
回复
4
查看
5K
chlkuei
C
A
winlogin.exe无法定位程序输入点safersetleverlinformation于动态链接库ADVAPI32.dll上。 (50分)
回复
0
查看
150
andymaomao2002
A
Z
有关动态链接库的问题(50分)
回复
11
查看
339
Redgod
R
J
在VB使用动态链接库(100分)
回复
2
查看
133
jerjoan
J
B
如何导出一个别人写的动态链接库的输出函数(100分)
回复
11
查看
197
BDFan
B
后退
顶部