闹
闹海金蛟
Unregistered / Unconfirmed
GUEST, unregistred user!
我试着把如下代码写成组件:
unit UnitRemoteInject;
interface
uses
SysUtils, Classes, Controls,
Windows,TlHelp32,Dialogs;
type
TRemoteInject = class(TComponent)
//type //
//TProcessName = (Explorer,Smss,Winlogon);
private
{ Private declarations }
protected
procedure FindAProcess(const AFileName:string;const PathMatch:Boolean;
var ProcessIDWORD);
function EnableDebugPrivilege(const bEnabled:Boolean):Boolean;
function AttachToProcess(const HostFile,GuestFile:string;
const PIDWORD=0)WORD;
{ Protected declarations }
{ Public declarations }
strict private
procedure SetEnabled(value: Boolean);
procedure SetDllName(value:string);
procedure SetTargetProcess(value : String);
var
FTargetProcess:String;
FDllName:string;
FEnabled:Boolean;
//EnableState:True;
{ Published declarations }
published
property TargetProcess : String read FTargetProcess write SetTargetProcess;
property DllName:string read FDllName write SetDllName;
property Enabled:Boolean read FEnabled write SetEnabled;
public
constructor Create(AOwner: TComponent);override;
destructor Destroy; override;
procedure Start;
end;
procedure Register;
implementation
procedure Register;
begin
RegisterComponents('lukui', [TRemoteInject]);
end;
procedure TRemoteInject.SetTargetProcess(value : String);
begin
if(value<>'')and(value<>FTargetProcess)then
//if(value<>FTargetProcess)then
FTargetProcess:=value;
{case value of
Explorer:FTargetProcess:='Explorer.exe';
Smss:FTargetProcess:='Smss.exe';
Winlogon:FTargetProcess:='Winlogon.exe';
end; }
end;
procedure TRemoteInject.SetDllName(value: string);
begin
if(value<>'')and(value<>FDllName)then
begin
FDllName:=value;
end;
end;
procedure TRemoteInject.SetEnabled(value: Boolean);
begin
if(value<>FEnabled) then
FEnabled:=value;
end;
constructor TRemoteInject.Create(AOwner: TComponent);
begin
inherited Create(AOwner);
FEnabled:=True;
FTargetProcess:='explorer.exe';
FDllName:='guest.dll';
end;
destructor TRemoteInject.Destroy;
begin
FEnabled:=False;
inherited Destroy;
end;
procedure TRemoteInject.FindAProcess(const AFileName:string;const PathMatch:Boolean;
var ProcessIDWORD);
var
lpPe:TProcessEntry32;
sHandle:THandle;
foundAProc,foundOK:Boolean;
begin
ProcessID:=0;
sHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
foundAProc:=Process32First(sHandle,lpPe);
while foundAProc do
begin
if(PathMatch)then
foundOK:=AnsiStrIComp(lppe.szExeFile,PChar(AFileName))=0
else
begin
foundOK:=AnsiStrIComp(PChar(ExtractFileName(lpPe.szExeFile)),
PChar(ExtractFileName(AFileName)))=0;
end;
if(foundOK)then
begin
ProcessID:=lpPe.th32ProcessID;
Break;
end;
foundAProc:=Process32Next(sHandle,lpPe);
end;
CloseHandle(sHandle);
end;
function TRemoteInject.EnableDebugPrivilege(const bEnabled:Boolean):Boolean;
var
hToken:THandle;
tp:TOKEN_PRIVILEGES;
aWORD;
const
se_debug_name='seDebugPrivilege';
begin
Result:=False;
if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,hToken))then
begin
tp.PrivilegeCount:=1;
LookupPrivilegeValue(nil,se_debug_name,tp.privileges[0].luid);
if(bEnabled)then
tp.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED
else
tp.Privileges[0].Attributes:=0;
a:=0;
AdjustTokenPrivileges(hToken,False,tp,SizeOf(tp),nil,a);
Result:=GetLastError=ERROR_SUCCESS;
CloseHandle(hToken);
end;
end;
function TRemoteInject.AttachToProcess(const HostFile,GuestFile:string;
const PIDWORD=0)WORD;
var
hRemoteProcess:THandle;
dwRemoteProcessIDWORD;
cbWORD;
pszLibFileRemoteointer;
iReturnCode:Boolean;
tempVarWORD;
pfnStartAddr:TFNThreadStartRoutine;
pszLibAFileNameWideChar;
begin
Result:=0;
EnableDebugPrivilege(True);
GetMem(pszLibAFileName,length(GuestFile)*2+1);
StringToWideChar(GuestFile,pszLibAFileName,Length(GuestFile)*2+1);
if(PID>0)then
dwRemoteProcessID:=PID
else
FindAProcess(HostFile,False,dwRemoteProcessID);
hRemoteProcess:=OpenProcess(PROCESS_CREATE_THREAD+
PROCESS_VM_OPERATION+PROCESS_VM_WRITE,
False,
dwRemoteProcessID);
cb:=(1+lstrlenw(pszLibAFileName))*SizeOf(wchar);
pszLibFileRemote:=pwidestring(VirtualAllocEx(hRemoteProcess,
nil,cb,MEM_COMMIT,page_readwrite));
tempVar:=0;
iReturnCode:=WriteProcessMemory(hRemoteProcess,
pszLibFileRemote,
pszLibAFileName,
cb,
tempVar);
if(iReturnCode)then
begin
pfnStartAddr:=GetProcAddress(GetModuleHandle('kernel32.dll'),
'LoadLibraryW');
tempVar:=0;
Result:=CreateRemoteThread(hRemoteProcess,
nil,0,pfnStartAddr,pszLibFileRemote,0,tempVar);
end;
FreeMem(pszLibAFileName);
end;
procedure TRemoteInject.Start;
//var
//Target:String;
begin
{
case FTargetProcess of
Explorer:Target:='Explorer.exe';
Smss: Target:='Smss.exe';
Winlogon: Target:='Winlogon.exe';
end; }
ShowMessage(FTargetProcess);
ShowMessage(FDllName);
if FEnabled then
AttachToProcess(FTargetProcess,FDllName);
end;
end.
但是,为什么生成的组件放到窗体中运行的时候会提示TargetProcess是非法属性呢?
unit UnitRemoteInject;
interface
uses
SysUtils, Classes, Controls,
Windows,TlHelp32,Dialogs;
type
TRemoteInject = class(TComponent)
//type //
//TProcessName = (Explorer,Smss,Winlogon);
private
{ Private declarations }
protected
procedure FindAProcess(const AFileName:string;const PathMatch:Boolean;
var ProcessIDWORD);
function EnableDebugPrivilege(const bEnabled:Boolean):Boolean;
function AttachToProcess(const HostFile,GuestFile:string;
const PIDWORD=0)WORD;
{ Protected declarations }
{ Public declarations }
strict private
procedure SetEnabled(value: Boolean);
procedure SetDllName(value:string);
procedure SetTargetProcess(value : String);
var
FTargetProcess:String;
FDllName:string;
FEnabled:Boolean;
//EnableState:True;
{ Published declarations }
published
property TargetProcess : String read FTargetProcess write SetTargetProcess;
property DllName:string read FDllName write SetDllName;
property Enabled:Boolean read FEnabled write SetEnabled;
public
constructor Create(AOwner: TComponent);override;
destructor Destroy; override;
procedure Start;
end;
procedure Register;
implementation
procedure Register;
begin
RegisterComponents('lukui', [TRemoteInject]);
end;
procedure TRemoteInject.SetTargetProcess(value : String);
begin
if(value<>'')and(value<>FTargetProcess)then
//if(value<>FTargetProcess)then
FTargetProcess:=value;
{case value of
Explorer:FTargetProcess:='Explorer.exe';
Smss:FTargetProcess:='Smss.exe';
Winlogon:FTargetProcess:='Winlogon.exe';
end; }
end;
procedure TRemoteInject.SetDllName(value: string);
begin
if(value<>'')and(value<>FDllName)then
begin
FDllName:=value;
end;
end;
procedure TRemoteInject.SetEnabled(value: Boolean);
begin
if(value<>FEnabled) then
FEnabled:=value;
end;
constructor TRemoteInject.Create(AOwner: TComponent);
begin
inherited Create(AOwner);
FEnabled:=True;
FTargetProcess:='explorer.exe';
FDllName:='guest.dll';
end;
destructor TRemoteInject.Destroy;
begin
FEnabled:=False;
inherited Destroy;
end;
procedure TRemoteInject.FindAProcess(const AFileName:string;const PathMatch:Boolean;
var ProcessIDWORD);
var
lpPe:TProcessEntry32;
sHandle:THandle;
foundAProc,foundOK:Boolean;
begin
ProcessID:=0;
sHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
foundAProc:=Process32First(sHandle,lpPe);
while foundAProc do
begin
if(PathMatch)then
foundOK:=AnsiStrIComp(lppe.szExeFile,PChar(AFileName))=0
else
begin
foundOK:=AnsiStrIComp(PChar(ExtractFileName(lpPe.szExeFile)),
PChar(ExtractFileName(AFileName)))=0;
end;
if(foundOK)then
begin
ProcessID:=lpPe.th32ProcessID;
Break;
end;
foundAProc:=Process32Next(sHandle,lpPe);
end;
CloseHandle(sHandle);
end;
function TRemoteInject.EnableDebugPrivilege(const bEnabled:Boolean):Boolean;
var
hToken:THandle;
tp:TOKEN_PRIVILEGES;
aWORD;
const
se_debug_name='seDebugPrivilege';
begin
Result:=False;
if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,hToken))then
begin
tp.PrivilegeCount:=1;
LookupPrivilegeValue(nil,se_debug_name,tp.privileges[0].luid);
if(bEnabled)then
tp.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED
else
tp.Privileges[0].Attributes:=0;
a:=0;
AdjustTokenPrivileges(hToken,False,tp,SizeOf(tp),nil,a);
Result:=GetLastError=ERROR_SUCCESS;
CloseHandle(hToken);
end;
end;
function TRemoteInject.AttachToProcess(const HostFile,GuestFile:string;
const PIDWORD=0)WORD;
var
hRemoteProcess:THandle;
dwRemoteProcessIDWORD;
cbWORD;
pszLibFileRemoteointer;
iReturnCode:Boolean;
tempVarWORD;
pfnStartAddr:TFNThreadStartRoutine;
pszLibAFileNameWideChar;
begin
Result:=0;
EnableDebugPrivilege(True);
GetMem(pszLibAFileName,length(GuestFile)*2+1);
StringToWideChar(GuestFile,pszLibAFileName,Length(GuestFile)*2+1);
if(PID>0)then
dwRemoteProcessID:=PID
else
FindAProcess(HostFile,False,dwRemoteProcessID);
hRemoteProcess:=OpenProcess(PROCESS_CREATE_THREAD+
PROCESS_VM_OPERATION+PROCESS_VM_WRITE,
False,
dwRemoteProcessID);
cb:=(1+lstrlenw(pszLibAFileName))*SizeOf(wchar);
pszLibFileRemote:=pwidestring(VirtualAllocEx(hRemoteProcess,
nil,cb,MEM_COMMIT,page_readwrite));
tempVar:=0;
iReturnCode:=WriteProcessMemory(hRemoteProcess,
pszLibFileRemote,
pszLibAFileName,
cb,
tempVar);
if(iReturnCode)then
begin
pfnStartAddr:=GetProcAddress(GetModuleHandle('kernel32.dll'),
'LoadLibraryW');
tempVar:=0;
Result:=CreateRemoteThread(hRemoteProcess,
nil,0,pfnStartAddr,pszLibFileRemote,0,tempVar);
end;
FreeMem(pszLibAFileName);
end;
procedure TRemoteInject.Start;
//var
//Target:String;
begin
{
case FTargetProcess of
Explorer:Target:='Explorer.exe';
Smss: Target:='Smss.exe';
Winlogon: Target:='Winlogon.exe';
end; }
ShowMessage(FTargetProcess);
ShowMessage(FDllName);
if FEnabled then
AttachToProcess(FTargetProcess,FDllName);
end;
end.
但是,为什么生成的组件放到窗体中运行的时候会提示TargetProcess是非法属性呢?