📄 stealthunit.pas
字号:
movsd
movsb
pop esi
pop edi
end;
except
end;
end;
FindWindowWInfo.location:=GetProcAddress(user32dll,'FindWindowW');
if VirtualProtect(FindWindowWInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
FindWindowWInfo.jump[0]:=$e9;
pdword(@FindWindowWInfo.jump[1])^:=dword(@FindWindowW_Hook)-dword(FindWindowWInfo.location)-5;
try
asm
//store original
push edi
push esi
lea edi,FindWindowWInfo.original[0]
mov esi,FindWindowWInfo.location
movsd
movsb
//replace with jump
lea esi,FindWindowWInfo.jump[0]
mov edi,FindWindowWInfo.location
movsd
movsb
pop esi
pop edi
end;
except
end;
end;
GetNextWindowInfo.location:=GetProcAddress(user32dll,'GetNextWindow');
if VirtualProtect(GetNextWindowInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
GetNextWindowInfo.jump[0]:=$e9;
pdword(@GetNextWindowInfo.jump[1])^:=dword(@GetNextWindow_Hook)-dword(GetNextWindowInfo.location)-5;
try
asm
//store original
push edi
push esi
lea edi,GetNextWindowInfo.original[0]
mov esi,GetNextWindowInfo.location
movsd
movsb
//replace with jump
lea esi,GetNextWindowInfo.jump[0]
mov edi,GetNextWindowInfo.location
movsd
movsb
pop esi
pop edi
end;
except
end;
end;
GetWindowInfo.location:=GetProcAddress(user32dll,'GetWindow');
if VirtualProtect(GetWindowInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
GetWindowInfo.jump[0]:=$e9;
pdword(@GetWindowInfo.jump[1])^:=dword(@GetWindow_Hook)-dword(GetWindowInfo.location)-5;
try
asm
//store original
push edi
push esi
lea edi,GetWindowInfo.original[0]
mov esi,GetWindowInfo.location
movsd
movsb
//replace with jump
lea esi,GetWindowInfo.jump[0]
mov edi,GetWindowInfo.location
movsd
movsb
pop esi
pop edi
end;
except
end;
end;
{GetWindowTextAInfo.location:=GetProcAddress(user32dll,'GetWindowTextA');
if VirtualProtect(GetWindowTextAInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
GetWindowTextAInfo.jump[0]:=$e9;
pdword(@GetWindowTextAInfo.jump[1])^:=dword(@GetWindowTextA_Hook)-dword(GetWindowTextAInfo.location)-5;
try
asm
//store original
push edi
push esi
lea edi,GetWindowTextAInfo.original[0]
mov esi,GetWindowTextAInfo.location
movsd
movsb
//replace with jump
lea esi,GetWindowTextAInfo.jump[0]
mov edi,GetWindowTextAInfo.location
movsd
movsb
pop esi
pop edi
end;
except
end;
end;
{
GetWindowTextWInfo.location:=GetProcAddress(user32dll,'GetWindowTextW');
if VirtualProtect(GetWindowTextWInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
GetWindowTextWInfo.jump[0]:=$e9;
pdword(@GetWindowTextWInfo.jump[1])^:=dword(@GetWindowTextW_Hook)-dword(GetWindowTextWInfo.location)-5;
try
asm
//store original
push edi
push esi
lea edi,GetWindowTextWInfo.original[0]
mov esi,GetWindowTextWInfo.location
movsd
movsb
//replace with jump
lea esi,GetWindowTextWInfo.jump[0]
mov edi,GetWindowTextWInfo.location
movsd
movsb
pop esi
pop edi
end;
except
end;
end; }
end;
end;
procedure uninitializestealth;
var op: dword;
begin
//put it all back to where it was
if EnumProcessesInfo.location<>nil then
begin
if VirtualProtect(EnumProcessesInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,EnumProcessesInfo.original
mov edi,EnumProcessesInfo.location
movsd
movsb
end;
except
end;
end;
end;
if EnumThreadWindowsInfo.location<>nil then
begin
if VirtualProtect(EnumThreadWindowsInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,EnumThreadWindowsInfo.original
mov edi,EnumThreadWindowsInfo.location
movsd
movsb
end;
except
end;
end;
end;
if EnumWindowsInfo.location<>nil then
begin
if VirtualProtect(EnumWindowsInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,EnumWindowsInfo.original
mov edi,EnumWindowsInfo.location
movsd
movsb
end;
except
end;
end;
end;
if FindwindowAInfo.location<>nil then
begin
if VirtualProtect(FindwindowAInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,FindwindowAInfo.original
mov edi,FindwindowAInfo.location
movsd
movsb
end;
except
end;
end;
end;
if FindWindowWInfo.location<>nil then
begin
if VirtualProtect(FindWindowWInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,FindWindowWInfo.original
mov edi,FindWindowWInfo.location
movsd
movsb
end;
except
end;
end;
end;
if GetWindowInfo.location<>nil then
begin
if VirtualProtect(GetWindowInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,GetWindowInfo.original
mov edi,GetWindowInfo.location
movsd
movsb
end;
except
end;
end;
end;
if GetWindowTextAInfo.location<>nil then
begin
if VirtualProtect(GetWindowTextAInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,GetWindowTextAInfo.original
mov edi,GetWindowTextAInfo.location
movsd
movsb
end;
except
end;
end;
end;
if GetWindowTextWInfo.location<>nil then
begin
if VirtualProtect(GetWindowTextWInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,GetWindowTextWInfo.original
mov edi,GetWindowTextWInfo.location
movsd
movsb
end;
except
end;
end;
end;
if GetNextWindowInfo.location<>nil then
begin
if VirtualProtect(GetNextWindowInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,GetNextWindowInfo.original
mov edi,GetNextWindowInfo.location
movsd
movsb
end;
except
end;
end;
end;
if IsDebuggerPresentInfo.location<>nil then
begin
if VirtualProtect(IsDebuggerPresentInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,IsDebuggerPresentInfo.original
mov edi,IsDebuggerPresentInfo.location
movsd
movsb
end;
except
end;
end;
end;
if Process32FirstInfo.location<>nil then
begin
if VirtualProtect(Process32FirstInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,Process32FirstInfo.original
mov edi,Process32FirstInfo.location
movsd
movsb
end;
except
end;
end;
end;
if Process32FirstWInfo.location<>nil then
begin
if VirtualProtect(Process32FirstWInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,Process32FirstWInfo.original
mov edi,Process32FirstWInfo.location
movsd
movsb
end;
except
end;
end;
end;
if Process32NextInfo.location<>nil then
begin
if VirtualProtect(Process32NextInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,Process32NextInfo.original
mov edi,Process32NextInfo.location
movsd
movsb
end;
except
end;
end;
end;
if Process32NextWInfo.location<>nil then
begin
if VirtualProtect(Process32NextWInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
try
//replace with original
asm
lea esi,Process32NextWInfo.original
mov edi,Process32NextWInfo.location
movsd
movsb
end;
except
end;
end;
end;
end;
initialization
InitializeStealth;
finalization
UninitializeStealth;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -