Título: Inyeccion dll: [ Delphi ] - [ C++ ] - [ VB ] - [ Masm32 ] - [ C# ??? ]
Publicado por: XSaMuXPH *-* Traigo uno encima! =D! en 18 Septiembre 2009, 01:23 am
En VB: Private Const PAGE_READWRITE As Long = &H4 Private Const MEM_RELEASE As Long = &H8000 Private Const MEM_COMMIT As Long = &H1000 Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000 Private Const SYNCHRONIZE As Long = &H100000 Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF) Private Const INFINITE As Long = &HFFFFFF Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long Public Function Inyecta(RutaDll As String, Pid As Long) As Integer Dim proc As Long Dim nload As Long Dim rems As Long Dim longi As Long Dim RemThread As Long Dim Tid As Long On Error GoTo Error proc = OpenProcess(PROCESS_ALL_ACCESS, False, Pid) nload = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA") rems = VirtualAllocEx(proc, 0, Len(RutaDll), MEM_COMMIT, PAGE_READWRITE) WriteProcessMemory proc, ByVal rems, ByVal RutaDll, Len(RutaDll), longi CreateRemoteThread proc, ByVal 0, 0, ByVal nload, ByVal rems, 0, Tid WaitForSingleObject rems, INFINITE CloseHandle proc CloseHandle rems Inyecta = 0 Exit Function Error: Inyecta = 1 End Function '----------------------------------------------------------------------------------' Private Sub Form_Load() Dim ruta As Long Dim resultado As Integer ruta = Shell("notepad.exe") resultado = Inyecta("C:\ladll.dll", ruta) If resultado = 0 Then MsgBox "Dll Inyectada con éxito!!!", , "Información" Else MsgBox "A ocurrido un error", vbCritical, "Información" End If End End Sub
:o En Delphi: Procedure InjectDll(Dll:string); var Thread,HandleWindow: THandle; DMod,Lib: Pointer; ThreadID,Written: Cardinal; WindowName,ProcessId: DWORD; begin WindowName := FindWindow(nil, 'Tester'); ThreadId := GetWindowThreadProcessId(WindowName, @ProcessId); HandleWindow := OpenProcess(PROCESS_ALL_ACCESS, False, ProcessId); Lib := GetProcAddress(GetModuleHandle(PChar('kernel32.dll')), PChar('LoadLibraryA')); DMod := VirtualAllocEx(HandleWindow, nil, Length(Dll) + 1, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE); if WriteProcessMemory(HandleWindow, DMod, @Dll[1>, Length(Dll), Written) then Thread := CreateRemoteThread(HandleWindow, nil, 0, Lib, DMod, 0, ThreadID); WaitForSingleObject(Thread, INFINITE); CloseHandle(HandleWindow); CloseHandle(Thread); end;
:o En Masm: .386 .model flat,stdcall option casemap:none include \masm32\include\windows.inc include \masm32\include\kernel32.inc includelib \masm32\lib\kernel32.lib .const ID_proceso EQU 2964 ;La ID del proceso q sea .data Kernel32 db "kernel32.dll", 0 LoadLibrary_nombre db "LoadLibraryA", 0 DLL db "C:\DLL.dll", 0 .data? Proceso_ID DWORD ? Proceso_handle DWORD ? Kernel32_offset DWORD ? LoadLibrary_offset DWORD ? String DWORD ? Proceso PROCESSENTRY32 <?> .code Start: invoke GetModuleHandle, addr Kernel32 mov Kernel32_offset, eax invoke GetProcAddress, Kernel32_offset, addr LoadLibrary_nombre mov LoadLibrary_offset, eax mov Proceso.dwSize, 296 invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, ID_proceso mov Proceso_handle, eax invoke VirtualAllocEx, Proceso_handle, NULL, 64, MEM_COMMIT + MEM_RESERVE, PAGE_READWRITE mov String, eax invoke WriteProcessMemory, Proceso_handle, String, addr DLL, 64, NULL invoke CreateRemoteThread, Proceso_handle, NULL, NULL, LoadLibrary_offset, String, NULL, NULL invoke CloseHandle, Proceso_handle invoke ExitProcess, 0 End Start
En C++ [Sin Dll :-X]: #include <windows.h> #include <tlhelp32.h> #include <stdio.h> typedef int (WINAPI *datMessageBoxA) (HWND, LPCTSTR, LPCTSTR, UINT); struct datos { datMessageBoxA apiMessageBoxA; char titulo [20]; char mensaje [20]; }; DWORD GetAdres(char *module, char *function); DWORD inyectada (datos *data) { data -> apiMessageBoxA (0, data->mensaje, data->titulo, 0); return 0; } void inyectora() { int pid; HANDLE proc; datos dat; DWORD TamFun; void* esp; HANDLE handle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); PROCESSENTRY32 procinfo = { sizeof(PROCESSENTRY32) }; while(Process32Next(handle, &procinfo)) { if(!strcmp(procinfo. szExeFile, "notepad.exe")) { CloseHandle(handle); pid = procinfo.th32ProcessID; } } CloseHandle(handle); proc = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, false, pid); dat.apiMessageBoxA = (datMessageBoxA) GetAdres ("USER32.DLL", "MessageBoxA"); sprintf(dat. mensaje,"holaaaaaa!!!"); datos *dat_ = (datos*) VirtualAllocEx(proc, 0, sizeof(datos), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); WriteProcessMemory(proc, dat_, &dat, sizeof(datos), NULL); TamFun = (long unsigned int) inyectora - (long unsigned int)inyectada; esp = VirtualAllocEx(proc, 0, TamFun, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE); WriteProcessMemory(proc, esp, (void*)inyectada, TamFun, NULL); CreateRemoteThread(proc, NULL, 0, (LPTHREAD_START_ROUTINE) esp, dat_, 0, NULL); } void main() { inyectora(); } DWORD GetAdres(char *module, char *function) { HMODULE dh = LoadLibrary(module); DWORD pf = (DWORD)GetProcAddress(dh,function); FreeLibrary(dh); return pf; }
Wowww! en todos los lenguajes que se pueden no :P? Pero y en C# :-\? Alguien tiene alguno :xD? Hasta luego :P.
Título: Re: Inyeccion dll: [ Delphi ] - [ C++ ] - [ VB ] - [ Masm32 ] - [ C# ??? ]
Publicado por: raul338 en 18 Septiembre 2009, 01:44 am
En VB: Private Const PAGE_READWRITE As Long = &H4 Private Const MEM_RELEASE As Long = &H8000 Private Const MEM_COMMIT As Long = &H1000 Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000 Private Const SYNCHRONIZE As Long = &H100000 Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF) Private Const INFINITE As Long = &HFFFFFF Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long Public Function Inyecta(RutaDll As String, Pid As Long) As Integer Dim proc As Long Dim nload As Long Dim rems As Long Dim longi As Long Dim RemThread As Long Dim Tid As Long On Error GoTo Error proc = OpenProcess(PROCESS_ALL_ACCESS, False, Pid) nload = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA") rems = VirtualAllocEx(proc, 0, Len(RutaDll), MEM_COMMIT, PAGE_READWRITE) WriteProcessMemory proc, ByVal rems, ByVal RutaDll, Len(RutaDll), longi CreateRemoteThread proc, ByVal 0, 0, ByVal nload, ByVal rems, 0, Tid WaitForSingleObject rems, INFINITE CloseHandle proc CloseHandle rems Inyecta = 0 Exit Function Error: Inyecta = 1 End Function '----------------------------------------------------------------------------------' Private Sub Form_Load() Dim ruta As Long Dim resultado As Integer ruta = Shell("notepad.exe") resultado = Inyecta("C:\ladll.dll", ruta) If resultado = 0 Then MsgBox "Dll Inyectada con éxito!!!", , "Información" Else MsgBox "A ocurrido un error", vbCritical, "Información" End If End End Sub
Wowww! en todos los lenguajes que se pueden no :P? Pero y en C# :-\? Alguien tiene alguno :xD? Hasta luego :P. ejem. Si lo tienes en vb, es facilmente convertible a .net (sea vb.net o C#), si sabes y usas un poquito de logica, lo sacas en seguida. Total, en vb.net un 90% del codigo seguira intacto ^^ EDIT: Para usar las APIs, busca la declaracion en www.pInvoke.net
Título: Re: Inyeccion dll: [ Delphi ] - [ C++ ] - [ VB ] - [ Masm32 ] - [ C# ??? ]
Publicado por: XSaMuXPH *-* Traigo uno encima! =D! en 18 Septiembre 2009, 07:31 am
Ops! error, pInvoke.net VS 2003-2005, yo uso 2008 :huh:
Título: Re: Inyeccion dll: [ Delphi ] - [ C++ ] - [ VB ] - [ Masm32 ] - [ C# ??? ]
Publicado por: raul338 en 18 Septiembre 2009, 19:07 pm
jeje...dije busca la declaracion, no es necesario el plugin. Igual funciona en el 2008 (no te fijaste bien, tiene una version para el 2008 o capaz es la misma) pero junto con el plugin te viene otra de sus utilidades pero en version de prueba. yo no lo tengo instalado, solo usa el buscador: pones el nombre de la api o la dll y te sale una lista de las declaraciones en C#, vb.net (no todas, pero son convertibles) y la clasica vb6
Título: Re: Inyeccion dll: [ Delphi ] - [ C++ ] - [ VB ] - [ Masm32 ] - [ C# ??? ]
Publicado por: MANULOMM en 19 Septiembre 2009, 00:40 am
En VB: Private Const PAGE_READWRITE As Long = &H4 Private Const MEM_RELEASE As Long = &H8000 Private Const MEM_COMMIT As Long = &H1000 Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000 Private Const SYNCHRONIZE As Long = &H100000 Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF) Private Const INFINITE As Long = &HFFFFFF Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long Public Function Inyecta(RutaDll As String, Pid As Long) As Integer Dim proc As Long Dim nload As Long Dim rems As Long Dim longi As Long Dim RemThread As Long Dim Tid As Long On Error GoTo Error proc = OpenProcess(PROCESS_ALL_ACCESS, False, Pid) nload = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA") rems = VirtualAllocEx(proc, 0, Len(RutaDll), MEM_COMMIT, PAGE_READWRITE) WriteProcessMemory proc, ByVal rems, ByVal RutaDll, Len(RutaDll), longi CreateRemoteThread proc, ByVal 0, 0, ByVal nload, ByVal rems, 0, Tid WaitForSingleObject rems, INFINITE CloseHandle proc CloseHandle rems Inyecta = 0 Exit Function Error: Inyecta = 1 End Function '----------------------------------------------------------------------------------' Private Sub Form_Load() Dim ruta As Long Dim resultado As Integer ruta = Shell("notepad.exe") resultado = Inyecta("C:\ladll.dll", ruta) If resultado = 0 Then MsgBox "Dll Inyectada con éxito!!!", , "Información" Else MsgBox "A ocurrido un error", vbCritical, "Información" End If End End Sub
Wowww! en todos los lenguajes que se pueden no :P? Pero y en C# :-\? Alguien tiene alguno :xD? Hasta luego :P. ejem. Si lo tienes en vb, es facilmente convertible a .net (sea vb.net o C#), si sabes y usas un poquito de logica, lo sacas en seguida. Total, en vb.net un 90% del codigo seguira intacto ^^ EDIT: Para usar las APIs, busca la declaracion en www.pInvoke.net como te atreves a decir eso..... El framework te cambia radiclamente todo, que puedas hacer lo mismo de antes de forma parecida es algo muy diferente, pero hasta la administracion de memoria es toalemente diferente en .net, lo que debes hacer es er que clases son las que te sirven para las tareas en vez de usar la APIS, ese es el objetivo del framewrok. Atentamente, Juan Manuel Lombana Medellín - Colombia
Título: Re: Inyeccion dll: [ Delphi ] - [ C++ ] - [ VB ] - [ Masm32 ] - [ C# ??? ]
Publicado por: raul338 en 19 Septiembre 2009, 01:03 am
como te atreves a decir eso.....
El framework te cambia radiclamente todo, que puedas hacer lo mismo de antes de forma parecida es algo muy diferente, pero hasta la administracion de memoria es toalemente diferente en .net, lo que debes hacer es er que clases son las que te sirven para las tareas en vez de usar la APIS, ese es el objetivo del framewrok.
Atentamente,
Juan Manuel Lombana Medellín - Colombia
Ejem, me referi a que el codigo quedaria intacto, ovbiamente cambia radicalmente todo, pero el codigo se mantiene practicamente parecido (ni hablar de MSIL :laugh: ahi si te creo que cambia todo) Que yo sepa, .net no tiene clases para manejar la memoria con "libre albedrio" :-\
Título: Re: Inyeccion dll: [ Delphi ] - [ C++ ] - [ VB ] - [ Masm32 ] - [ C# ??? ]
Publicado por: XSaMuXPH *-* Traigo uno encima! =D! en 3 Octubre 2009, 01:57 am
Listo!, lo logre :P, en mi siguiente post posteare el code tal vez sea de utilidad para muchos :P.
Título: Re: Inyeccion dll: [ Delphi ] - [ C++ ] - [ VB ] - [ Masm32 ] - [ C# ??? ]
Publicado por: jackl007 en 11 Octubre 2009, 14:06 pm
como funciona? lo compile en C++, y todo normal, lo ejecuto por consola y no muestra nada ni hace nada... abro el notepad y todo normal...
entonces que hace? no inyecta nada ni codigo
Título: Re: Inyeccion dll: [ Delphi ] - [ C++ ] - [ VB ] - [ Masm32 ] - [ C# ??? ]
Publicado por: XSaMuXPH *-* Traigo uno encima! =D! en 14 Octubre 2009, 04:57 am
como funciona? lo compile en C++, y todo normal, lo ejecuto por consola y no muestra nada ni hace nada... abro el notepad y todo normal...
entonces que hace? no inyecta nada ni codigo
Compilialo en consola de C++, antes abre el block de notas y luego veras que aparecera un mensaje, esto no es inyeccion dll esto es inyeccion dll sin dll osea inyecta un messagebox como si fuese el la dll, a mi me funciona.
Título: Re: Inyeccion dll: [ Delphi ] - [ C++ ] - [ VB ] - [ Masm32 ] - [ C# ??? ]
Publicado por: elrasta17 en 7 Noviembre 2009, 21:40 pm
En VB: Private Const PAGE_READWRITE As Long = &H4 Private Const MEM_RELEASE As Long = &H8000 Private Const MEM_COMMIT As Long = &H1000 Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000 Private Const SYNCHRONIZE As Long = &H100000 Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF) Private Const INFINITE As Long = &HFFFFFF Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long Public Function Inyecta(RutaDll As String, Pid As Long) As Integer Dim proc As Long Dim nload As Long Dim rems As Long Dim longi As Long Dim RemThread As Long Dim Tid As Long On Error GoTo Error proc = OpenProcess(PROCESS_ALL_ACCESS, False, Pid) nload = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA") rems = VirtualAllocEx(proc, 0, Len(RutaDll), MEM_COMMIT, PAGE_READWRITE) WriteProcessMemory proc, ByVal rems, ByVal RutaDll, Len(RutaDll), longi CreateRemoteThread proc, ByVal 0, 0, ByVal nload, ByVal rems, 0, Tid WaitForSingleObject rems, INFINITE CloseHandle proc CloseHandle rems Inyecta = 0 Exit Function Error: Inyecta = 1 End Function '----------------------------------------------------------------------------------' Private Sub Form_Load() Dim ruta As Long Dim resultado As Integer ruta = Shell("notepad.exe") resultado = Inyecta("C:\ladll.dll", ruta) If resultado = 0 Then MsgBox "Dll Inyectada con éxito!!!", , "Información" Else MsgBox "A ocurrido un error", vbCritical, "Información" End If End End Sub
salu2 a todoz bueno tengo una pequeña duda con respecto a este scritp... yo recien estoy aprendiendo a utilizar el VB 0.6 me he propuesto la meta de aprenderlo solo estudiando de los foros nada de profes -.-" pero al verme topado con esta pregunta.. quisiera pedir ayuda a uds que dominan mas del tema.. estoy usando el scritp de arriba llego a crear mi proyecto.. denominado [inyector xD].. llega a inyectar la *.dll que quiero al programa*.exe que quiero .. pero aqui viene mi duda... al scanear mi [inyector xD].exe en virustotal.com me detecta un virus o algo asi T_T quisiera saber xq ocurre eso o como hago para quitarle ese troyano o virus al programa que he creado y en que momento le meti ese virus o.O" ? ploop!!! aver si alguien me da alguna respuesta T_T grax de antemando chaito ...!!
Título: Re: Inyeccion dll: [ Delphi ] - [ C++ ] - [ VB ] - [ Masm32 ] - [ C# ??? ]
Publicado por: luigymax en 10 Noviembre 2010, 18:41 pm
Muchas Gracias Amigo por la información, me sirvió de mucho... Pero Podrías Traducir el código en C++ a DELPHI si es posible.... Ahora es que estoy aprendiendo sobre el tema, y solo se un poco en DELPHI, Ya logre inyectar una DLL, pero quiero inyectar código directamente. Gracias de antemano...
|