📄 autoassembler.pas.svn-base
字号:
//unprotectmemory
for i:=0 to length(fullaccess)-1 do
begin
virtualprotectex(processhandle,pointer(fullaccess[i].address),fullaccess[i].size,PAGE_EXECUTE_READWRITE,op);
if (fullaccess[i].address>80000000) and (DarkByteKernel<>0) then
MakeWritable(fullaccess[i].address,(fullaccess[i].size div 4096)*4096,false);
end;
//load binaries
if length(loadbinary)>0 then
for i:=0 to length(loadbinary)-1 do
begin
ok1:=true;
try
testdword:=symhandler.getAddressFromName(loadbinary[i].address);
except
ok1:=false;
end;
if not ok1 then
for j:=0 to length(labels)-1 do
if uppercase(labels[j].labelname)=uppercase(loadbinary[i].address) then
begin
ok1:=true;
testdword:=labels[j].address;
break;
end;
if not ok1 then
for j:=0 to length(allocs)-1 do
if uppercase(allocs[j].varname)=uppercase(loadbinary[i].address) then
begin
ok1:=true;
testdword:=allocs[j].address;
break;
end;
if not ok1 then
for j:=0 to length(kallocs)-1 do
if uppercase(kallocs[j].varname)=uppercase(loadbinary[i].address) then
begin
ok1:=true;
testdword:=kallocs[j].address;
break;
end;
if not ok1 then
for j:=0 to length(defines)-1 do
if uppercase(defines[j].name)=uppercase(loadbinary[i].address) then
begin
try
testdword:=symhandler.getAddressFromName(defines[j].whatever);
ok1:=true;
except
end;
break;
end;
if ok1 then
begin
binaryfile:=tmemorystream.Create;
try
binaryfile.LoadFromFile(loadbinary[i].filename);
ok2:=writeprocessmemory(processhandle,pointer(testdword),binaryfile.Memory,binaryfile.Size,bw);
finally
binaryfile.free;
end;
end;
end;
//we're still here so, inject it
for i:=0 to length(assembled)-1 do
begin
virtualprotectex(processhandle,pointer(assembled[i].address),length(assembled[i].bytes),PAGE_EXECUTE_READWRITE,op);
ok1:=WriteProcessMemory(processhandle,pointeR(assembled[i].address),@assembled[i].bytes[0],length(assembled[i].bytes),op2);
virtualprotectex(processhandle,pointer(assembled[i].address),length(assembled[i].bytes),op,op2);
if not ok1 then ok2:=false;
end;
if not ok2 then
begin
if popupmessages then showmessage('Not all instructions could be injected')
end
else
begin
//if ceallocarray<>nil then
begin
//see if all allocs are deallocated
if length(dealloc)=length(ceallocarray) then //free everything
begin
baseaddress:=$FFFFFFFF;
for i:=0 to length(dealloc)-1 do
begin
if ceallocarray[i].address<baseaddress then
baseaddress:=dealloc[i];
end;
virtualfreeex(processhandle,pointer(baseaddress),0,MEM_RELEASE);
end;
setlength(ceallocarray,length(allocs));
for i:=0 to length(allocs)-1 do
ceallocarray[i]:=allocs[i];
end;
//check the addsymbollist array and deletesymbollist array
//first delete
for i:=0 to length(deletesymbollist)-1 do
symhandler.DeleteUserdefinedSymbol(deletesymbollist[i]);
//now scan the addsymbollist array and add them to the userdefined list
for i:=0 to length(addsymbollist)-1 do
begin
ok1:=false;
for j:=0 to length(allocs)-1 do
if uppercase(addsymbollist[i])=uppercase(allocs[j].varname) then
begin
try
symhandler.DeleteUserdefinedSymbol(addsymbollist[i]); //delete old one so you can add the new one
symhandler.AddUserdefinedSymbol(allocs[j].address,addsymbollist[i]);
ok1:=true;
except
//don't crash when it's already defined or address=0
end;
break;
end;
if not ok1 then
for j:=0 to length(labels)-1 do
if uppercase(addsymbollist[i])=uppercase(labels[j].labelname) then
begin
try
symhandler.DeleteUserdefinedSymbol(addsymbollist[i]); //delete old one so you can add the new one
symhandler.AddUserdefinedSymbol(labels[j].address,addsymbollist[i]);
ok1:=true;
except
//don't crash when it's already defined or address=0
end;
end;
end;
//still here, so create threads if needed
//load binaries
if length(createthread)>0 then
for i:=0 to length(createthread)-1 do
begin
ok1:=true;
try
testdword:=symhandler.getAddressFromName(createthread[i]);
except
ok1:=false;
end;
if not ok1 then
for j:=0 to length(labels)-1 do
if uppercase(labels[j].labelname)=uppercase(createthread[i]) then
begin
ok1:=true;
testdword:=labels[j].address;
break;
end;
if not ok1 then
for j:=0 to length(allocs)-1 do
if uppercase(allocs[j].varname)=uppercase(createthread[i]) then
begin
ok1:=true;
testdword:=allocs[j].address;
break;
end;
if not ok1 then
for j:=0 to length(kallocs)-1 do
if uppercase(kallocs[j].varname)=uppercase(createthread[i]) then
begin
ok1:=true;
testdword:=kallocs[j].address;
break;
end;
if not ok1 then
for j:=0 to length(defines)-1 do
if uppercase(defines[j].name)=uppercase(createthread[i]) then
begin
try
testdword:=symhandler.getAddressFromName(defines[j].whatever);
ok1:=true;
except
end;
break;
end;
if ok1 then //address found
begin
binaryfile:=tmemorystream.Create;
try
ok2:=createremotethread(processhandle,nil,0,pointer(testdword),nil,0,bw)>0;
finally
binaryfile.free;
end;
end;
end;
if popupmessages then
begin
s1:='';
for i:=0 to length(allocs)-1 do
s1:=s1+#13#10+allocs[i].varname+'='+IntToHex(allocs[i].address,8);
if length(kallocs)>0 then
begin
s1:=#13#10+'The following kernel addresses where allocated:';
for i:=0 to length(kallocs)-1 do
s1:=s1+#13#10+kallocs[i].varname+'='+IntToHex(kallocs[i].address,8);
end;
showmessage('The code injection was successfull'+s1);
end;
end;
result:=ok2;
finally
for i:=0 to length(assembled)-1 do
setlength(assembled[i].bytes,0);
setlength(assembled,0);
tokens.free;
end;
end;
procedure getenableanddisablepos(code:tstrings;var enablepos,disablepos: integer);
var i,j: integer;
currentline: string;
begin
enablepos:=-1;
disablepos:=-1;
for i:=0 to code.Count-1 do
begin
currentline:=code[i];
j:=pos('//',currentline);
if j>0 then
currentline:=copy(currentline,1,j-1);
while (length(currentline)>0) and (currentline[1]=' ') do currentline:=copy(currentline,2,length(currentline)-1);
while (length(currentline)>0) and (currentline[length(currentline)]=' ') do currentline:=copy(currentline,1,length(currentline)-1);
if length(currentline)=0 then continue;
if copy(currentline,1,2)='//' then continue; //skip
if (uppercase(currentline))='[ENABLE]' then
begin
if enablepos<>-1 then
begin
enablepos:=-2;
exit;
end;
enablepos:=i;
end;
if (uppercase(currentline))='[DISABLE]' then
begin
if disablepos<>-1 then
begin
disablepos:=-2;
exit;
end;
disablepos:=i;
end;
end;
end;
function autoassemble(code: Tstrings; popupmessages,enable,syntaxcheckonly, targetself: boolean;var CEAllocarray: TCEAllocArray): boolean; overload;
{
targetself defines if the process that gets injected to is CE itself or the target process
}
var tempstrings: tstringlist;
i,j: integer;
currentline: string;
enablepos,disablepos: integer;
begin
getenableanddisablepos(code,enablepos,disablepos);
result:=false;
if enablepos=-2 then
begin
if not popupmessages then exit;
raise exception.Create('You can only have one enable section');
end;
if disablepos=-2 then
begin
if not popupmessages then exit;
raise exception.Create('You can only have one disable section');
end;
tempstrings:=tstringlist.create;
try
if (enablepos=-1) and (disablepos=-1) then
begin
//everything
tempstrings.AddStrings(code);
end
else
begin
if (enablepos=-1) then
begin
if not popupmessages then exit;
raise exception.Create('You havn''t specified a enable section');
end;
if (disablepos=-1) then
begin
if not popupmessages then exit;
raise exception.Create('You havn''t specified a disable section');
end;
if enable then
begin
if enablepos>disablepos then
begin
//copy everything from enablepos to end
for i:=enablepos+1 to code.count-1 do
tempstrings.add(code[i]);
end
else
begin
for i:=enablepos+1 to disablepos-1 do
tempstrings.add(code[i]);
end;
end
else
begin
if disablepos>enablepos then
begin
//copy everything from disablepos to end
for i:=disablepos+1 to code.count-1 do
tempstrings.add(code[i]);
end
else
begin
for i:=disablepos+1 to enablepos-1 do
tempstrings.add(code[i]);
end;
end;
end;
result:=autoassemble2(tempstrings,popupmessages,syntaxcheckonly,targetself,ceallocarray);
finally
tempstrings.Free;
end;
end;
function autoassemble(code: tstrings;popupmessages: boolean):boolean; overload;
var aa: TCEAllocArray;
begin
setlength(aa,0);
result:=autoassemble(code,popupmessages,true,false,false,aa);
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -