phantom.dpr

PhantOm,Ollydbg隐藏调试的辅助插件代码！

library PhantOm;

{ Important note about DLL memory management: ShareMem must be the
  first unit in your library's USES clause AND your project's (select
  Project-View Source) USES clause if your DLL exports any procedures or
  functions that pass strings as parameters or function results. This
  applies to all strings passed to and from your DLL--even those that
  are nested in records and classes. ShareMem is the interface unit to
  the BORLNDMM.DLL shared memory manager, which must be deployed along
  with your DLL. To avoid using BORLNDMM.DLL, pass string information
  using PChar or ShortString parameters. }

uses
  Windows,
  SysUtils,
  ShellAPI,
  System,
  Plugin;

var
  g_hwndOlly: HWND;
  g_hmodOlly: HMODULE;

  //
  g_hmodPlugin     :HMODULE;
  g_strPluginName  :string;

  g_dwCount : DWORD;

  //
  g_hmodNTDLL: HMODULE;
  g_hmodKERNEL: HMODULE;

  g_procDbgBreakPoint : Pointer;
  g_procRtlRaiseException:Pointer;

resourcestring
  PLUGIN_NAME     = 'PhantOm';
  PLUGIN_VER      = '1.20';
  PLUGIN_DEV      = 'Hellsp@wn &Archer';

  
//--------------------------------------------------------------------------------------------------------
//
function  mg_GetTickCount():Integer;
var
  lppercount : Int64;
begin
   if( Integer(QueryPerformanceCounter(lppercount)) <> 0 ) then
   begin
      Result := Integer(lppercount);
      g_dwCount := Result;
      Exit;
   end;
   Result := GetTickCount();
   g_dwCount := Result;
end;

function  mg_GetModuleName( {hModule:HMODULE} ):string;
var name:array[0..MAX_PATH] of Char;
begin
  FillChar(name,MAX_PATH + 1 , 0 );
  GetModuleFileName( 0 ,name ,MAX_PATH + 1 );

  Result := name;
end;


//--------------------------------------------------------------------------------------------------------
//
function ODBG_Plugindata(name: PChar): Integer; cdecl;
begin
  StrLCopy(name, 'PhantOm',32);//PChar(PLUGIN_NAME), 32); // Name of plugin
  Result := PLUGIN_VERSION;
end;

//--------------------------------------------------------------------------------------------------------
//
function ODBG_Plugininit(ollydbgversion: Integer; hWndOlly: HWND; features: PULONG): Integer; cdecl;
begin

  if (ollydbgversion < PLUGIN_VERSION) then
  begin
    Addtolist(0, 1, 'Only for OllyDbg 1.10');
    Result := -1;
    Exit;
  end;

  if ( Win32MajorVersion <> 2 ) then
  begin
    Addtolist(0, 1, 'Only for Windows 2000/XP/NT');
    Result := -1;
    Exit;
  end;

  //保存句柄:
  g_hwndOlly := hWndOlly;
  Addtolist(0, 1, '');
  Addtolist(0, 1, 'PhantOm plugin %s','1.20');//PLUGIN_VER);
  Addtolist(0, -1, '    by %s','Hellsp@wn &Archer');//PLUGIN_DEV);

  g_strPluginName := ExtractFilePath( mg_GetModuleName( ) );
  g_hmodPlugin := GetModuleHandle( PChar(g_strPluginName) );
  Result := 0;
end;


//--------------------------------------------------------------------------------------------------------
//
function ODBG_Pluginmenu(origin: Integer; pData: PChar; pItem: Pointer): Integer; cdecl;
begin
  case origin of
    PM_MAIN:
      begin
        // Plugin menu in main window
        StrCopy(pData, '0 Options, | 1 About');
        Result := 1;
      end;
  else
    Result := 0; // Any other window
  end;
end;

function  _lpOptinDlgProc( hdlg :HWND ; msg :MSG ; wParam :WPARAM ;lParam :LPARAM):LRESULT;stdcall;
begin
Result := 0;
end;


//--------------------------------------------------------------------------------------------------------
//
procedure ODBG_Pluginaction(origin: Integer; action: Integer; pItem: Pointer); cdecl;
begin
  if (origin = PM_MAIN) then
  begin
    case action of
      0:
      begin
      CreateDialog( HInstance ,'dlgid' ,Plugingetvalue( VAL_HWMAIN ),@_lpOptinDlgProc);
      end;
      1:
      begin
      MessageBox(g_hwndOlly ,'PhantOm 1.20 本程序为逆向而来,并无其他,只供学习研究用,请勿它用!\n感谢原作者~! -By EasyStudy',
                    'About PhantOm ',MB_OK or MB_ICONASTERISK);
      end;
    end;
  end;
end;


//--------------------------------------------------------------------------------------------------------
//
exports
  ODBG_Plugindata   name '_ODBG_Plugindata',
  ODBG_Plugininit   name '_ODBG_Plugininit',
  ODBG_Pluginmenu   name '_ODBG_Pluginmenu',
  ODBG_Pluginaction name '_ODBG_Pluginaction';
{$R *.res}


//--------------------------------------------------------------------------------------------------------
//
procedure DLLExit(dwReason: DWORD);
begin
  case dwReason of  DLL_PROCESS_ATTACH:
    begin
    mg_GetTickCount();

    g_hmodNTDLL := GetModuleHandle('ntdll.dll');
    g_hmodKERNEL:= GetModuleHandle('Kernel32.dll');

    g_procRtlRaiseException   := GetProcAddress( g_hmodNTDLL , 'RtlRaiseException');
    g_procDbgBreakPoint := GetProcAddress( g_hmodNTDLL , 'DbgBreakPoint');
    end;
  end;

  {
  DLL_PROCESS_DETACH:
  begin

  end;
  }
  Exit;
end;


//--------------------------------------------------------------------------------------------------------
//
var
  ss:String;
begin
// Initialize code here
    ss := '';   //原始中是有不初始化变量的习惯T_T
    DllProc := @DLLExit;
    DllProc(1);
    Exit;
//g_hmodOlly := GetModuleHandle(nil);
end.