⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 unit1.dfm

📁 一个经典的Delphi远程注入
💻 DFM
📖 第 1 页 / 共 2 页
字号:
🔍
12 
      '  pszLibAFilename: PwideChar;'
      '  pfnStartAddr : TFNThreadStartRoutine;'
      '  memSize, WriteSize, lpThreadId : Cardinal;'
      'begin'
      '  result := FALSE;'
      '  // '#35843#25972#26435#38480#65292#20351#31243#24207#21487#20197#35775#38382#20854#20182#36827#31243#30340#20869#23384#31354#38388
      '  if EnableDebugPriv then'
      '  begin'
      '    //'#25171#24320#36828#31243#32447#31243' PROCESS_ALL_ACCESS '#21442#25968#34920#31034#25171#24320#25152#26377#30340#26435#38480
      '    hRemoteProcess := OpenProcess(PROCESS_ALL_ACCESS, FALSE, '
      'dwRemoteProcessId );'
      ''
      '    try'
      ''
      '      // '#20026#27880#20837#30340'dll'#25991#20214#36335#24452#20998#37197#20869#23384#22823#23567','#30001#20110#20026'WideChar,'#25925#35201
      #20056'2'
      '      GetMem(pszLibAFilename, Length(DllFullPath) * 2 + 1);'
      '      // '#20043#25152#20197#35201#36716#25442#25104' WideChar, '#26159#22240#20026#24403'DLL'#20301#20110#26377#20013#25991#23383#31526
      #30340#36335#24452#19979#26102#19981#20250#20986#38169
      '      StringToWideChar(DllFullPath, pszLibAFilename, Length'
      '(DllFullPath) * 2 + 1);'
      '      // '#35745#31639' pszLibAFilename '#30340#38271#24230#65292#27880#24847#65292#26159#20197#23383#33410#20026#21333#20803#30340
      #38271#24230
      '      memSize := (1 + lstrlenW(pszLibAFilename)) * sizeof'
      '(WCHAR);'
      ''
      '      //'#20351#29992'VirtualAllocEx'#20989#25968#22312#36828#31243#36827#31243#30340#20869#23384#22320#22336#31354#38388#20998#37197
      'DLL'#25991#20214#21517#31354#38388
      '      pszLibFileRemote := VirtualAllocEx( hRemoteProcess, '
      'nil, memSize, MEM_COMMIT, PAGE_READWRITE);'
      ''
      '      if Assigned(pszLibFileRemote) then'
      '      begin'
      ''
      '        //'#20351#29992'WriteProcessMemory'#20989#25968#23558'DLL'#30340#36335#24452#21517#20889#20837#21040#36828#31243
      #36827#31243#30340#20869#23384#31354#38388
      '        if WriteProcessMemory(hRemoteProcess, '
      'pszLibFileRemote, pszLibAFilename, memSize, WriteSize) and '
      '(WriteSize = memSize) then'
      '        begin'
      ''
      '          lpThreadId := 0;'
      '          // '#35745#31639'LoadLibraryW'#30340#20837#21475#22320#22336
      '          pfnStartAddr := GetProcAddress(LoadLibrary'
      '('#39'Kernel32.dll'#39'), '#39'LoadLibraryW'#39');'
      '          // '#21551#21160#36828#31243#32447#31243'LoadLbraryW,'#36890#36807#36828#31243#32447#31243#35843#29992#21019#24314#26032
      #30340#32447#31243
      '          hRemoteThread := CreateRemoteThread'
      '(hRemoteProcess, nil, 0, pfnStartAddr, pszLibFileRemote, 0, '
      'lpThreadId);'
      ''
      '          // '#22914#26524#25191#34892#25104#21151#36820#22238#12288'True;'
      '          if (hRemoteThread <> 0) then'
      '            result := TRUE;'
      ''
      '          // '#37322#25918#21477#26564
      '          CloseHandle(hRemoteThread);'
      '        end;'
      '      end;'
      '    finally'
      '      // '#37322#25918#21477#26564
      '      CloseHandle(hRemoteProcess);'
      '    end;'
      '  end;          '
      'end;'
      ''
      #25509#19979#26469#35201#35828#30340#26159#22914#20309#21368#36733#27880#20837#30446#26631#36827#31243#20013#30340'DLL'#65292#20854#23454#21407#29702#21644#27880#20837'DLL'
      #26159#23436#20840#30456#21516#30340#65292#21482#26159#36828#31243#35843#29992#35843#29992#30340#20989#25968#19981#21516#32780#24050#65292#36825#37324#35201#35843#29992#30340#26159
      'FreeLibrary'#65294#20195#30721#22914#19979#65306
      ''
      'function UnInjectDll(const DllFullPath : string;  const '
      'dwRemoteProcessId : Cardinal) : Boolean;'
      '// '#36827#31243#27880#20837#21644#21462#28040#27880#20837#20854#23454#37117#24046#19981#22810#65292#21482#26159#36816#34892#30340#20989#25968#19981#21516#32780#24050
      'var'
      '  hRemoteProcess, hRemoteThread : THANDLE;'
      '  pszLibFileRemote : pchar;'
      '  pszLibAFilename: PwideChar;'
      '  pfnStartAddr : TFNThreadStartRoutine;'
      '  memSize, WriteSize, lpThreadId, dwHandle : Cardinal;'
      'begin'
      '  result := FALSE;'
      ''
      '  // '#35843#25972#26435#38480#65292#20351#31243#24207#21487#20197#35775#38382#20854#20182#36827#31243#30340#20869#23384#31354#38388
      '  if EnableDebugPriv then'
      '  begin'
      '    //'#25171#24320#36828#31243#32447#31243' PROCESS_ALL_ACCESS '#21442#25968#34920#31034#25171#24320#25152#26377#30340#26435#38480
      '    hRemoteProcess := OpenProcess(PROCESS_ALL_ACCESS, FALSE, '
      'dwRemoteProcessId );'
      ''
      '    try'
      ''
      '      // '#20026#27880#20837#30340'dll'#25991#20214#36335#24452#20998#37197#20869#23384#22823#23567','#30001#20110#20026'WideChar,'#25925#35201
      #20056'2'
      '      GetMem(pszLibAFilename, Length(DllFullPath) * 2 + 1);'
      '      // '#20043#25152#20197#35201#36716#25442#25104' WideChar, '#26159#22240#20026#24403'DLL'#20301#20110#26377#20013#25991#23383#31526
      #30340#36335#24452#19979#26102#19981#20250#20986#38169
      '      StringToWideChar(DllFullPath, pszLibAFilename, Length'
      '(DllFullPath) * 2 + 1);'
      '      // '#35745#31639' pszLibAFilename '#30340#38271#24230#65292#27880#24847#65292#26159#20197#23383#33410#20026#21333#20803#30340
      #38271#24230
      '      memSize := (1 + lstrlenW(pszLibAFilename)) * sizeof'
      '(WCHAR);'
      ''
      '      //'#20351#29992'VirtualAllocEx'#20989#25968#22312#36828#31243#36827#31243#30340#20869#23384#22320#22336#31354#38388#20998#37197
      'DLL'#25991#20214#21517#31354#38388
      '      pszLibFileRemote := VirtualAllocEx( hRemoteProcess, '
      'nil, memSize,  MEM_COMMIT, PAGE_READWRITE);'
      ''
      '      if Assigned(pszLibFileRemote) then'
      '      begin'
      ''
      '        //'#20351#29992'WriteProcessMemory'#20989#25968#23558'DLL'#30340#36335#24452#21517#20889#20837#21040#36828#31243
      #36827#31243#30340#20869#23384#31354#38388
      '        if WriteProcessMemory(hRemoteProcess, '
      'pszLibFileRemote, pszLibAFilename, memSize, WriteSize) and '
      '(WriteSize = memSize) then'
      '        begin'
      ''
      '          // '#35745#31639'GetModuleHandleW'#30340#20837#21475#22320#22336
      '          pfnStartAddr := GetProcAddress(LoadLibrary'
      '('#39'Kernel32.dll'#39'), '#39'GetModuleHandleW'#39');'
      '          //'#20351#30446#26631#36827#31243#35843#29992'GetModuleHandleW'#65292#33719#24471'DLL'#22312#30446#26631#36827
      #31243#20013#30340#21477#26564
      '          hRemoteThread := CreateRemoteThread'
      '(hRemoteProcess, nil, 0,'
      '            pfnStartAddr, pszLibFileRemote, 0, lpThreadId);'
      '          // '#31561#24453'GetModuleHandle'#36816#34892#23436#27605
      '          WaitForSingleObject(hRemoteThread,INFINITE);'
      '          // '#33719#24471'GetModuleHandle'#30340#36820#22238#20540','#23384#22312'dwHandle'#21464#37327#20013
      '          GetExitCodeThread(hRemoteThread, dwHandle);'
      ''
      '          // '#35745#31639'FreeLibrary'#30340#20837#21475#22320#22336
      '          pfnStartAddr := GetProcAddress(LoadLibrary'
      '('#39'Kernel32.dll'#39'), '#39'FreeLibrary'#39');'
      '          // '#20351#30446#26631#36827#31243#35843#29992'FreeLibrary'#65292#21368#36733'DLL'
      '          hRemoteThread := CreateRemoteThread'
      '(hRemoteProcess, nil, 0,'
      '            pfnStartAddr, Pointer(dwHandle), 0, lpThreadId);'
      '          // '#31561#24453'FreeLibrary'#21368#36733#23436#27605
      '          WaitForSingleObject( hRemoteThread, INFINITE );'
      ''
      '          // '#22914#26524#25191#34892#25104#21151#36820#22238#12288'True;'
      '          if hRemoteProcess<>0 then'
      '            result := TRUE;'
      ''
      '          // '#37322#25918#30446#26631#36827#31243#20013#30003#35831#30340#31354#38388
      '          VirtualFreeEx(hRemoteProcess, pszLibFileRemote, '
      'Length(DllFullPath)+1, MEM_DECOMMIT);'
      '          // '#37322#25918#21477#26564
      '          CloseHandle(hRemoteThread);'
      '        end;'
      '      end;'
      '    finally'
      '      // '#37322#25918#21477#26564
      '      CloseHandle(hRemoteProcess);'
      '    end;'
      '  end;'
      'end;')
    ParentFont = False
    ReadOnly = True
    ScrollBars = ssVertical
    TabOrder = 2
  end
  object Edit1: TEdit
    Left = 77
    Top = 240
    Width = 378
    Height = 21
    TabOrder = 3
    Text = 'C:\WINDOWS\explorer.exe'
  end
end
12

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -