stealthunit.pas

冒险岛吸怪源码ＵＣＥ的制作材料 用于冒险岛游戏的外挂

unit stealthunit;

interface

uses windows,globals,sysutils,tlhelp32,psapi;

//type TIsDebuggerPresent=function:boolean; stdcall;

var EnumProcessesInfo:TAPIInfo;
    EnumThreadWindowsInfo: TAPIInfo;
    EnumWindowsInfo:TAPIInfo;
    FindwindowAInfo:TAPIInfo;
    FindWindowWInfo:TAPIInfo;
    GetWindowInfo: TAPIInfo;
    GetWindowTextAInfo: TAPIInfo;
    GetWindowTextWInfo: TAPIInfo;
    GetNextWindowInfo: TAPIInfo;
    IsDebuggerPresentInfo: TAPIInfo;
    Process32FirstInfo:TAPIInfo;
    Process32FirstWInfo:TAPIInfo;
    Process32NextInfo:TAPIInfo;
    Process32NextWInfo:TAPIInfo;


    alreadystealth: boolean;

//    IsDebuggerPresent: TIsDebuggerPresent;
    executablebuffer: pointer;


procedure InitializeStealth;

function EnumProcesses_Hook(lpidProcess: LPDWORD; cb: DWORD; var cbNeeded: DWORD): BOOL stdcall;
function EnumThreadWindows_Hook(dwThreadId:DWORD; lpfn: pointer; lParam:LPARAM):BOOL; stdcall;
function EnumWindows_Hook(lpEnumFunc: pointer; lParam: LPARAM): BOOL; stdcall;
function FindWindowA_hook(lpClassName, lpWindowName: PAnsiChar): HWND; stdcall;
function FindWindowW_hook(lpClassName, lpWindowName: PWideChar): HWND; stdcall;
function GetNextWindow_Hook(hwnd:HWND;wcmd:UINT):HWND; stdcall;
function GetWindowTextA_hook(hwnd:HWND; lpString:PAnsiChar; nMaxCount:integer):integer; stdcall;
function GetWindowTextW_hook(hwnd:HWND; lpString:PWideChar; nMaxCount:integer):integer; stdcall;
function GetWindow_hook(h:HWND; cmd:UINT):HWND; stdcall;
function IsDebuggerPresent_Hook:boolean; stdcall;
function Process32First_hook(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL; stdcall;
function Process32FirstW_hook(hSnapshot: THandle; var lppe: TProcessEntry32W): BOOL; stdcall;
function Process32Next_hook(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL; stdcall;
function Process32NextW_hook(hSnapshot: THandle; var lppe: TProcessEntry32W): BOOL; stdcall;

implementation

{
prototype:

functioncall
jmp myfunction
nop's if needed
..
..
..



oldfunction:
[originalcode]
jmp functioncall+5

myfunction (sameparams as hooked api)
begin
  //do your stuff and checking here
  //if you want to call the unhooked function call oldfunction(params)

end;

}


function EnumProcesses_Hook(lpidProcess: LPDWORD; cb: DWORD; var cbNeeded: DWORD): BOOL stdcall;
var p,p2: LPDWORD;
    i,j: integer;
begin
  asm
    push esi
    push edi
    lea esi,EnumProcessesInfo.original[0]
    mov edi,EnumProcessesInfo.location
    movsd
    movsb

    pop edi
    pop esi
  end;
  result:=EnumProcesses(lpidProcess,cb,cbNeeded);

  p:=lpidProcess;
  for i:=0 to (cbneeded div 4)-1 do
  begin
    if p^=scansettings.CEProcessID then
    begin
      //found and remove it from the list
      p2:=p;
      inc(p2);
      for j:=i to (cbneeded div 4)-2 do
      begin
        p^:=p2^;
        inc(p);
        inc(p2);
      end;

      p^:=0;

      dec(cbNeeded,4);
      break;
    end;

    inc(p);
  end;

  asm
    push esi
    push edi
    lea esi,EnumProcessesInfo.jump[0]
    mov edi,EnumProcessesInfo.location
    movsd
    movsb
    pop edi
    pop esi
  end;
end;


type tenumw=function (hwnd:HWND; lParam: LPARAM):BOOL; stdcall;

type Tenumwindowsstruct=record
  lparam:LPARAM;
  lpEnumFunc: tenumw;
end;

function EnumWindows2_Hook(hwnd:HWND; lParam: LPARAM): BOOL; stdcall;
var x:^Tenumwindowsstruct;
    winprocesS:dword;
begin
  result:=true;
  x:=pointer(lParam);


  GetWindowThreadProcessId(hwnd,@winprocess);
  //ignore it if it is one of the protected windows
  if not ((hwnd=scansettings.hyperscanwindow) or ((scansettings.CEProcessID<>0) and (winprocess=scansettings.CEProcessID))) then
    result:=x^.lpEnumFunc(hwnd,x.lparam);
end;

function EnumWindows_Hook(lpEnumFunc: pointer; lParam: LPARAM): BOOL; stdcall;
var x: Tenumwindowsstruct;
begin
  asm
    push esi
    push edi
    lea esi,EnumWindowsInfo.original[0]
    mov edi,EnumWindowsInfo.location
    movsd
    movsb

    pop edi
    pop esi
  end;
  x.lparam:=lparam;
  x.lpEnumFunc:=lpenumfunc;
  result:=EnumWindows(@EnumWindows2_Hook,dword(@x));
  asm
    push esi
    push edi
    lea esi,EnumWindowsInfo.jump[0]
    mov edi,EnumWindowsInfo.location
    movsd
    movsb
    pop edi
    pop esi
  end;
end;

function EnumThreadWindows_Hook(dwThreadId:DWORD; lpfn:pointer; lParam:LPARAM):BOOL; stdcall;
begin
  asm
    push esi
    push edi
    lea esi,EnumThreadWindowsInfo.original[0]
    mov edi,EnumThreadWindowsInfo.location
    movsd
    movsb

    pop edi
    pop esi
  end;
  if (dwThreadID=hyperscanthreadid) or (dwthreadid=scansettings.CEMainThreadID) then
    result:=false
  else
    result:=EnumThreadWindows(dwThreadID,lpfn,lParam);

  asm
    push esi
    push edi
    lea esi,EnumThreadWindowsInfo.jump[0]
    mov edi,EnumThreadWindowsInfo.location
    movsd
    movsb
    pop edi
    pop esi
  end;
end;

function FindWindowA_hook(lpClassName, lpWindowName: PAnsiChar): HWND; stdcall;
var winprocesS:dword;
begin
  asm
    push esi
    push edi
    lea esi,FindWindowAInfo.original[0]
    mov edi,FindWindowAInfo.location
    movsd
    movsb

    pop edi
    pop esi
  end;
  result:=FindWindowA(lpClassName,lpWindowName);
  GetWindowThreadProcessID(result,@winprocess);

  if (result=scansettings.hyperscanwindow) or ((scansettings.CEProcessID<>0) and (winprocess=scansettings.CEProcessID)) then
    result:=0;

  asm
    push esi
    push edi
    lea esi,FindWindowAInfo.jump[0]
    mov edi,FindWindowAInfo.location
    movsd
    movsb
    pop edi
    pop esi
  end;
end;

function FindWindowW_hook(lpClassName, lpWindowName: PWideChar): HWND; stdcall;
var winprocesS:dword;
begin
  asm
    push esi
    push edi
    lea esi,FindWindowWInfo.original[0]
    mov edi,FindWindowWInfo.location
    movsd
    movsb

    pop edi
    pop esi
  end;
  result:=FindWindowW(lpClassName,lpWindowName);
  GetWindowThreadProcessID(result,@winprocess);

  if (result=scansettings.hyperscanwindow) or ((scansettings.CEProcessID<>0) and (winprocess=scansettings.CEProcessID)) then
    result:=0;

  asm
    push esi
    push edi
    lea esi,FindWindowWInfo.jump[0]
    mov edi,FindWindowWInfo.location
    movsd
    movsb
    pop edi
    pop esi
  end;
end;


function GetNextWindow_Hook(hwnd:HWND;wcmd:UINT):HWND; stdcall;
var winprocess:dword;
begin
  asm
    push esi
    push edi
    lea esi,GetNextWindowInfo.original[0]
    mov edi,GetNextWindowInfo.location
    movsd
    movsb

    pop edi
    pop esi
  end;
  result:=GetNextWindow(hwnd,wcmd);

  GetWindowThreadProcessId(result,@winprocess);
  while (result<>0) and (result=scansettings.hyperscanwindow) or ((scansettings.CEProcessID<>0) and (winprocess=scansettings.CEProcessID)) do
  begin
    result:=GetNextWindow(result,wcmd);
    GetWindowThreadProcessId(result,@winprocess);
  end;

  asm
    push esi
    push edi
    lea esi,GetNextWindowInfo.jump[0]
    mov edi,GetNextWindowInfo.location
    movsd
    movsb
    pop edi
    pop esi
  end;
end;

function GetWindowTextA_hook(hwnd:HWND; lpString:PAnsiChar; nMaxCount:integer):integer; stdcall;
var winprocess: dword;
begin
  asm
    push esi
    push edi
    lea esi,GetWindowTextAInfo.original[0]
    mov edi,GetWindowTextAInfo.location
    movsd
    movsb

    pop edi
    pop esi
  end;
 // GetWindowThreadProcessId(hwnd,@winprocess);
//  if (winprocess=0) or ((hwnd=scansettings.hyperscanwindow) or ((scansettings.CEProcessID<>0) and (winprocess=scansettings.CEProcessID))) then
//    result:=0
//  else
    result:=GetWindowTextA(hwnd,lpString,nMaxCount);

  asm
    push esi
    push edi
    lea esi,GetWindowTextAInfo.jump[0]
    mov edi,GetWindowTextAInfo.location
    movsd
    movsb
    pop edi
    pop esi
  end;
end;

function GetWindowTextW_hook(hwnd:HWND; lpString:PWideChar; nMaxCount:integer):integer; stdcall;
var winprocess: dword;
    i: integer;
begin
  asm
    push esi
    push edi
    lea esi,GetWindowTextWInfo.original[0]
    mov edi,GetWindowTextWInfo.location
    movsd
    movsb

    pop edi
    pop esi
  end;
  GetWindowThreadProcessId(hwnd,@winprocess);
  if (winprocess=0) or ((hwnd=scansettings.hyperscanwindow) or ((scansettings.CEProcessID<>0) and (winprocess=scansettings.CEProcessID))) then
  begin
    for i:=0 to nmaxcount-1 do
      lpString[i]:=#0;
    result:=0;
  end else result:=GetWindowTextW(hwnd,lpString,nMaxCount);

  asm
    push esi
    push edi
    lea esi,GetWindowTextWInfo.jump[0]
    mov edi,GetWindowTextWInfo.location
    movsd
    movsb
    pop edi
    pop esi
  end;
end;


function GetWindow_hook(h:HWND; cmd:UINT):HWND; stdcall;
var winprocess: dword;
    bug: dword;
begin
  asm
    push esi
    push edi
    lea esi,GetWindowInfo.original[0]
    mov edi,GetWindowInfo.location
    movsd
    movsb

    pop edi
    pop esi
  end;

  result:=GetWindow(h,cmd);
  winprocess:=0;
  GetWindowThreadProcessId(result,@winprocess);

 // messagebox(0,pchar('winprocess='+IntToHex(winprocess,8)),pchar('winprocess='+IntToHex(scansettings.CEProcessID,8)),mb_ok);

  bug:=0;
  while (bug<1000) and (result<>0) and ((winprocess=0) or ((result=scansettings.hyperscanwindow) or ((scansettings.CEProcessID<>0) and (winprocess=scansettings.CEProcessID)))) do
  begin
    inc(bug);

    case cmd of
      GW_HWNDFIRST,GW_HWNDNEXT:
      begin
        result:=getwindow(result,GW_HWNDNEXT);
        winprocess:=0;
        GetWindowThreadProcessId(result,@winprocess);
      end;

      else result:=0;
    end;
  end;


  asm
    push esi
    push edi
    lea esi,GetWindowInfo.jump[0]
    mov edi,GetWindowInfo.location
    movsd
    movsb
    pop edi
    pop esi
  end;
end;

function IsDebuggerPresent_Hook:boolean; stdcall;
begin
  result:=false;
end;


function Process32First_hook(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL; stdcall;
begin
  asm
    push esi