Delphi实现DLL远线程注入
LoadLib函数返回值为Boolean型。参数一:类型DWORD型,目标进程标识(pid);参数二:类型string型,被注入的DLL路径。//DLL远程注入function LoadLib(dwPID:DWORD;DLLPath:string):Boolean;
var
dw:DWORD;
hProcess:THandle;
hThread:THandle;
lpszRemoteFiles:LPWSTR;
pfnThreadRtn:Pointer;
LibPath:LPWSTR;
begin
LibPath:=StringToOleStr(DLLPath);
hProcess:=OpenProcess(PROCESS_ALL_ACCESS,False,dwPID);
Result:=False;
if hProcess=0 then
begin
MessageBox(0,PChar('Unable OpenProcess,fail! error:'+ IntToStr(GetLastError)),'error',MB_OK+ MB_ICONERROR);
Exit;
end;
lpszRemoteFiles:=LPWSTR(VirtualAllocEx(hProcess,nil,sizeof(WCHAR)*lstrlenW(LibPath)+1,MEM_COMMIT, PAGE_READWRITE));
if lpszRemoteFiles=nil then
begin
MessageBox(0,PChar('Unable Apply Space,fail! error:'+ IntToStr(GetLastError)),'error',MB_OK+ MB_ICONERROR);
Exit;
end;
if WriteProcessMemory(hProcess,lpszRemoteFiles,LibPath,sizeof(WCHAR)*lstrlenW(LibPath)+1,dw)=False then
begin
MessageBox(0,PChar('Unable Write Adderss,fail! error:'+ IntToStr(GetLastError)),'error',MB_OK+ MB_ICONERROR);
Exit;
end;
pfnThreadRtn:=GetProcAddress(GetModuleHandle('Kernel32.dll'),'LoadLibraryW');
if pfnThreadRtn=nil then
begin
MessageBox(0,PChar('Unable Get Function Adderss,fail! error:'+ IntToStr(GetLastError)),'error',MB_OK+ MB_ICONERROR);
Exit;
end;
hThread:=CreateRemoteThread(hProcess,nil,0,pfnThreadRtn,lpszRemoteFiles,0,dw);
if hThread=0 then Exit;
WaitForSingleObject(hThread,INFINITE);
VirtualFreeEx(hProcess,lpszRemoteFiles,0,MEM_RELEASE);
CloseHandle(hThread);
CloseHandle(hProcess);
Result:=True;
end;调用方法:ifLoadLib(目标进行ID,DLL路径)=True then form.Close ; 來看下一下,~最近在學DELPHI ,目標是寫一整套登錄器 源码源码
我要源码 :$我也希望能够看到源码。 比较感兴趣 学习中。。。。支持下啊 学习下先。顶一个
页:
[1]