hook.pas

delphi编写LPK注入文件的源代码。。。。写补丁很实用

unit hook;

interface

uses
  Windows, SysUtils, TlHelp32;

var
  LibID       : Dword ;
  patch1      : Pchar ;
  patch2      : Pchar ;
  patch3      : Pchar ;
  patch4      : Pchar ;
  patch5      : Pchar ;
  patch6      : Pchar ;
  patch7      : Pchar ;

  hInstance   : Dword ;
  Pid         : Dword ;
  lpbaseaddr  : Dword ;
  hProcess    : Dword ;
  hDlg        : Dword ;

procedure Starthook ;

implementation

Function GetShell32Base(RemoteProid:dword ; ModName:Pchar ): Dword;
var
  FindIt   : bool ;
  hSnapshot: dword         ;
  modinfo  : MODULEENTRY32 ;
begin
  modinfo.dwSize :=sizeof(MODULEENTRY32);
  hSnapshot :=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,remoteproid);
  FindIt := Module32First(hSnapshot,modinfo);
  while FindIt do
  begin
    if lstrcmpi(modinfo.szModule,modname)<>0 then
      begin
        Result := dword(modinfo.modBaseAddr) ;
        break ;
      end;
     FindIt := Module32Next(hSnapshot,modinfo);
  end;
  FindIt :=lstrcmpi(modname,modinfo.szModule)<>0;
  if  FindIt then
    begin
      MessageBox(hDlg,'你运行的主程序不是EPEV220071201加壳的程序。',
                      '提示', MB_OK or MB_ICONEXCLAMATION);
      ExitProcess(10);
    end ;
  CloseHandle(hSnapshot);

end;

procedure Process ;
var
  meminfo: MEMORY_BASIC_INFORMATION ;
begin
  pid       := GetCurrentProcessId();
  hProcess  := OpenProcess(PROCESS_ALL_ACCESS,TRUE,pid);
  lpbaseaddr:= GetShell32Base(Pid,'V220071201.EPE');
{
  asm
    push edi
    mov    edi,lpbaseaddr
    add    edi,0E61E8H
    invoke lstrcpyn,edi,addr patch1,2
    mov    edi,lpbaseaddr
    add    edi,0E61FEH
    invoke lstrcpyn,edi,addr patch1,2
    mov    edi,lpbaseaddr
    add    edi,0E873FH
    invoke lstrcpyn,edi,addr patch1,2
    mov    edi,lpbaseaddr
    add    edi,0E8755H
    invoke lstrcpyn,edi,addr patch1,2
    mov    edi,lpbaseaddr
    add    edi,0DDC23H
    invoke lstrcpyn,edi,addr patch2,4
    mov    edi,lpbaseaddr
    add    edi,0E9182H
    invoke lstrcpyn,edi,addr patch2,4
    mov    edi,lpbaseaddr
    add    edi,0EB83DH
    invoke lstrcpyn,edi,addr patch2,4
    mov    edi,lpbaseaddr
    add    edi,0DC214H
    invoke lstrcpyn,edi,addr patch3,2
    mov    edi,lpbaseaddr
    add    edi,0E59F0H
    invoke lstrcpyn,edi,addr patch4,6
    mov    edi,lpbaseaddr
    add    edi,0E645FH
    invoke lstrcpyn,edi,addr patch5,7
    pop edi
  end;
}

end ;

procedure HookProc ;
begin
  Process ;
end;

procedure Starthook ;
var
  thd: Dword ;
  tmp: Dword ;
begin
    thd := CreateThread(nil,0,@HookProc,nil,CREATE_SUSPENDED,tmp);
    ResumeThread(thd);
    CloseHandle(thd) ;
end;

end.