dEEpEst Posted July 26, 2015 Share Posted July 26, 2015 [LENGUAJE=delphi]program Inject; {$APPTYPE CONSOLE} {$IF CompilerVersion >= 21.0} {$WEAKLINKRTTI ON} {$RTTI EXPLICIT METHODS([]) PROPERTIES([]) FIELDS([])} {$IFEND} uses Winapi.Windows; Type NtCreateThreadExProc = Function(Var hThread:THandle; Access:DWORD; Attributes:Pointer; hProcess:THandle; pStart:Pointer; pParameter:Pointer; Suspended:BOOL; StackSize, u1, u2:DWORD; Unknown:Pointer):DWORD; stdcall; Function StrToInt(S: String): Integer; Var E: Integer; Begin Val(S, Result, E); End; Function CheckOs():Boolean; Var lpVersion :TOSVersionInfoW; begin Result := False; If GetVersionExW(lpVersion) Then If (lpVersion.dwPlatformId = VER_PLATFORM_WIN32_NT) then If (lpVersion.dwMajorVersion Result := True; end; Function EnableDebugPrivilege():Boolean; Var hToKen :THandle; TokenPri :TTokenPrivileges; dwRet :DWORD; begin Result := False; if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES, hToKen)) Then begin TokenPri.PrivilegeCount := 1; If LookupPrivilegeValueW(Nil, 'SeDebugPrivilege', TokenPri.Privileges[0].Luid) Then begin TokenPri.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED; Result := AdjustTokenPrivileges(hToken, False, TokenPri, SizeOf(TTokenPrivileges), Nil, dwRet); end; CloseHandle(hToKen); end; end; Function RemoteThread(hProcess:THandle; pThreadProc:Pointer; pRemote:Pointer):THandle; Label NtCreate, Create; Var pFunc :Pointer; hThread :THandle; ThreadId :DWORD; begin hThread := 0; if Not CheckOs() then begin NtCreate: pFunc := GetProcAddress(LoadLibraryW('ntdll.dll'), 'NtCreateThreadEx'); if pFunc = Nil then Goto Create; NtCreateThreadExProc(pFunc)(hThread, $1FFFFF, Nil, hProcess, pThreadProc, pRemote, False, 0, 0, 0, Nil); if hThread = 0 then Goto Create; end Else begin Create: hThread := CreateRemoteThread(hProcess, Nil, 0, pThreadProc, pRemote, 0, ThreadId); end; Result := hThread; end; Function InjectDll2Pid(szPath:PWideChar; dwPID:DWORD):Boolean; Var hProcess :THandle; hThread :THandle; szRemote :PWideChar; uSize :SIZE_T; uWrite :SIZE_T; pStartAddr:Pointer; begin Result := False; if EnableDebugPrivilege then begin hProcess := OpenProcess(PROCESS_ALL_ACCESS, false, dwPID); if hProcess > 0 then begin uSize := lstrlenW(szPath) * 2 + 4; szRemote := VirtualAllocEx(hProcess, Nil, uSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if WriteProcessMemory(hProcess, szRemote, szPath, uSize, uWrite) And (uWrite = uSize) then begin pStartAddr := GetProcAddress(LoadLibrary('Kernel32.dll'), 'LoadLibraryW'); hThread := RemoteThread(hProcess, pStartAddr, szRemote); Result := hThread 0; CloseHandle(hThread); end; end; end; end; begin If InjectDll2Pid(PWideChar(ParamStr(2)), StrToInt(ParamStr(1))) Then begin Writeln('RemoteThread Ok!'); end; end.[/LENGUAJE] Link to comment Share on other sites More sharing options...
Recommended Posts