newkernelhandler.pas

冒险岛吸怪源码ＵＣＥ的制作材料 用于冒险岛游戏的外挂

    GetIDTCurrentThread:=GetProcAddress(DarkByteKernel,'GetIDTCurrentThread');
    MakeWritable:=GetProcAddress(DarkByteKernel,'MakeWritable');
    GetLoadedState:=GetProcAddress(darkbytekernel,'GetLoadedState');
    DBKTest:=GetProcAddress(darkbytekernel,'test');
    useIOCTL:=GetProcAddress(darkbytekernel,'useIOCTL');

    DBKResumeThread:=GetProcAddress(darkByteKernel,'DBKResumeThread');
    DBKSuspendThread:=GetProcAddress(darkByteKernel,'DBKSuspendThread');

    DBKResumeProcess:=GetProcAddress(darkByteKernel,'DBKResumeProcess');
    DBKSuspendProcess:=GetProcAddress(darkByteKernel,'DBKSuspendProcess');

    KernelAlloc:=GetProcAddress(darkbyteKernel,'KernelAlloc');
    GetKProcAddress:=GetProcAddress(darkbytekernel,'GetKProcAddress');
    Protect2:=GetProcAddress(darkbytekernel,'Protect2');


    CreateRemoteAPC:=GetProcAddress(darkByteKernel,'CreateRemoteAPC');
  end;
end;

Procedure ProtectProcess(processid: dword);
var list:pointer;
    listsize:pointer;
begin
  LoadDBK32;
  If DarkByteKernel=0 then LoadDBK32;
  If DarkByteKernel=0 then exit;

  ProtectMe:=GetProcAddress(DarkByteKernel,'ProtectMe');
  ProtectMe(processid,denylist,DenyListGlobal,modulelist,modulelistsize);
end;


Procedure ProtectCE;
var list:pointer;
    listsize:pointer;
begin
  LoadDBK32;
  If DarkByteKernel=0 then LoadDBK32;
  If DarkByteKernel=0 then exit;

  ProtectMe:=GetProcAddress(DarkByteKernel,'ProtectMe');
  ProtectMe(getcurrentprocessid,denylist,DenyListGlobal,modulelist,modulelistsize);
end;

procedure DBKFileAsMemory; overload;
begin
  UseFileAsMemory:=true;
  usephysical:=false;
  ReadProcessMemory:=@ReadProcessMemoryFile;
  WriteProcessMemory:=@WriteProcessMemoryFile;
  VirtualQueryEx:=@VirtualQueryExFile;
end;

procedure DBKFileAsMemory(filename:string); overload;
begin
  filehandle:=CreateFile(pchar(filename),GENERIC_READ	or GENERIC_WRITE,FILE_SHARE_READ or FILE_SHARE_WRITE,nil,OPEN_EXISTING,FILE_FLAG_RANDOM_ACCESS,0);
  if filehandle=0 then raise exception.create(filename+' couldn''t be opened');
  DBKFileAsMemory;
end;

function VirtualQueryExPhysical(hProcess: THandle; lpAddress: Pointer; var lpBuffer: TMemoryBasicInformation; dwLength: DWORD): DWORD; stdcall;
var buf:_MEMORYSTATUS;
begin
  GlobalMemoryStatus(buf);

  lpBuffer.BaseAddress:=pointer((dword(lpAddress) div $1000)*$1000);
  lpbuffer.AllocationBase:=lpbuffer.BaseAddress;
  lpbuffer.AllocationProtect:=PAGE_EXECUTE_READWRITE;
  lpbuffer.RegionSize:=buf.dwTotalPhys-dword(lpBuffer.BaseAddress);
  lpbuffer.RegionSize:=lpbuffer.RegionSize+($1000-lpbuffer.RegionSize mod $1000);

  lpbuffer.State:=mem_commit;
  lpbuffer.Protect:=PAGE_EXECUTE_READWRITE;
  lpbuffer.Type_9:=MEM_PRIVATE;

  if (dword(lpAddress)>buf.dwTotalPhys) //bigger than the total ammount of memory
  then
  begin
    zeromemory(@lpbuffer,dwlength);
    result:=0
  end
  else
    result:=dwlength;

end;

procedure DBKPhysicalMemory;
begin
  LoadDBK32;
  If DarkByteKernel=0 then exit;

  UsePhysical:=true;
  if usefileasmemory then closehandle(filehandle);
  usefileasmemory:=false;
  ReadProcessMemory:=GetProcAddress(DarkByteKernel,'ReadPhysicalMemory');
  WriteProcessMemory:=GetProcAddress(DarkByteKernel,'WritePhysicalMemory');
  VirtualQueryEx:=@VirtualQueryExPhysical;
end;

procedure DBKProcessMemory;
begin
  if dbkreadwrite then
    UseDBKReadWriteMemory
  else
    dontUseDBKReadWriteMemory;

  if usedbkquery then
    Usedbkquerymemoryregion
  else
    dontusedbkquerymemoryregion;

  usephysical:=false;

  if usefileasmemory then closehandle(filehandle);
  usefileasmemory:=false;

end;



procedure DontUseDBKQueryMemoryRegion;
begin
  VirtualQueryEx:=GetProcAddress(WindowsKernel,'VirtualQueryEx');
  usedbkquery:=false;
  if usephysical then DbkPhysicalMemory;
  if usefileasmemory then dbkfileasmemory;
end;

procedure UseDBKQueryMemoryRegion;
begin
  LoadDBK32;
  If DarkByteKernel=0 then exit;
  UseDBKOpenProcess;
  VirtualQueryEx:=GetProcAddress(DarkByteKernel,'VQE');
  usedbkquery:=true;

  if usephysical then DbkPhysicalMemory;
  if usefileasmemory then dbkfileasmemory;
end;

procedure DontUseDBKReadWriteMemory;
begin
  DBKReadWrite:=false;
  ReadProcessMemory:=GetProcAddress(WindowsKernel,'ReadProcessMemory');
  WriteProcessMemory:=GetProcAddress(WindowsKernel,'WriteProcessMemory');
  VirtualAllocEx:=GetProcAddress(WindowsKernel,'VirtualAllocEx');
  if usephysical then DbkPhysicalMemory;
  if usefileasmemory then dbkfileasmemory;
end;

procedure UseDBKReadWriteMemory;
begin
  LoadDBK32;
  If DarkByteKernel=0 then exit;
  UseDBKOpenProcess;
  ReadProcessMemory:=GetProcAddress(DarkByteKernel,'RPM');
  WriteProcessMemory:=GetProcAddress(DarkByteKernel,'WPM');
  VirtualAllocEx:=GetProcAddress(DarkByteKernel,'VAE');
  DBKReadWrite:=true;
  if usephysical then DbkPhysicalMemory;
  if usefileasmemory then dbkfileasmemory;

end;

procedure DontUseDBKOpenProcess;
begin
  OpenProcess:=GetProcAddress(WindowsKernel,'OpenProcess');
end;

procedure UseDBKOpenProcess;
var x: pointer;
begin
  LoadDBK32;
  If DarkByteKernel=0 then exit;
  OpenProcess:=GetProcAddress(DarkByteKernel,'OP'); //gives back the real handle, or if it fails it gives back a value only valid for the dll
  OpenThread:=GetProcAddress(DarkByteKernel,'OT');
end;

initialization
  DarkByteKernel:=0;

  usephysical:=false;
  usefileasmemory:=false;
  usedbkquery:=false;

  DenyList:=true;
  DenyListGlobal:= false;
  ModuleListSize:= 0;
  ModuleList:= nil;
  Denylist:= false;
  //globaldenylist:= false;

  WindowsKernel:=LoadLibrary('Kernel32.dll'); //there is no kernel33.dll
  if WindowsKernel=0 then Raise Exception.create('Something is really messed up on your computer! You don''t seems to have a kernel!!!!');

  //by default point to these exports:
  ReadProcessMemory:=GetProcAddress(WindowsKernel,'ReadProcessMemory');
  WriteProcessMemory:=GetProcAddress(WindowsKernel,'WriteProcessMemory');
  OpenProcess:=GetProcAddress(WindowsKernel,'OpenProcess');
  VirtualQueryEx:=GetProcAddress(WindowsKernel,'VirtualQueryEx');


  GetThreadContext:=GetProcAddress(WindowsKernel,'GetThreadContext');
  SetThreadContext:=GetProcAddress(WindowsKernel,'SetThreadContext');
  SuspendThread:=GetProcAddress(WindowsKernel,'SuspendThread');
  ResumeThread:=GetProcAddress(WindowsKernel,'ResumeThread');
  WaitForDebugEvent:=GetProcAddress(WindowsKernel,'WaitForDebugEvent');
  ContinueDebugEvent:=GetProcAddress(WindowsKernel,'ContinueDebugEvent');
  DebugActiveProcess:=GetProcAddress(WindowsKernel,'DebugActiveProcess');
  VirtualProtect:=GetProcAddress(WindowsKernel,'VirtualProtect');
  VirtualProtectEx:=GetProcAddress(WindowsKernel,'VirtualProtectEx');
  CreateRemoteThread:=GetProcAddress(WindowsKernel,'CreateRemoteThread');
  OpenThread:=GetProcAddress(WindowsKernel,'OpenThread');

finalization
  FreeLibrary(WindowsKernel);
  FreeLibrary(DarkByteKernel);
end.