Ir para conteúdo
Faça parte da equipe! (2024) ×
Conheça nossa Beta Zone! Novas áreas a caminho! ×
  • Quem está por aqui   0 membros estão online

    • Nenhum usuário registrado visualizando esta página.

[TUTORIAL]Criando Injetor DLL


FoemaPc
 Compartilhar

Posts Recomendados

Aii vaii custei pra fazer mais ta aii::

Lembrando que é em Visual Basic 6

Vamos precisar de :

3 CommandButton

4 Label

1 Timer

2 TextBox

1 Microsoft Common Dialog Control 6.0

3 Module

2 Option

Vamos começar:

No Form Load declare o Seguinte código :

Option1(0).Value = True

Text2.Text = Load("HProcess", "Box2")

If Text2.Text = Check Then Text2.Text = ""

Text1.Text = Load("DllPath", "Box1")

If Text1.Text = Check Then Text1.Text = ""

Feito isso vamos proceguir.

 

2° Adicione os CommandButton e dê o nome De :

 

Command1 = cmdInjetar

Command2 = cmdprocurar

Command3 = cmdprocurar2

 

 

Agora Adicione o Seguinte Código no "cmdInjetar"

 

If ExeName = 1 Then

ProsH = GetHProcExe(Text2.Text)

If ProsH = 0 Then Label1.Caption = "Cant find process!": Exit Sub

DllPath = Text1.Text

InjectDll DllPath, ProsH

Else

ProsH = FindProc(Text2.Text)

If ProsH = 0 Then Label1.Caption = "Cant find process!": Exit Sub

DllPath = Text1.Text

InjectDll DllPath, ProsH

End If

 

 

Agora Adicione os Seguintes Códigos no "cmdprocurar"

 

CommonDialog1.Filter = "Application|*.EXE"

CommonDialog1.ShowOpen

Text2.Text = CommonDialog1.FileTitle

Text2.SetFocus

 

 

 

Agora os Códigos no "cmdprocurar2"

 

CommonDialog1.Filter = "Library|*.DLL"

CommonDialog1.ShowOpen

Text1.Text = CommonDialog1.FileName

Text1.SetFocus

 

Agora Adicione o Componente Microsoft Common Dialog Control 6.0 pressionando CTRL+T, e Declare o Segunte Código :

 

Private Declare Function GetAsyncKeyState Lib "USER32" (ByVal vKey As Long) As Integer

Dim Content As String

Dim DllPath As String

 

 

Agora feito isso Adicione um Timer e ponhe o seguinte código :

 

keyresult = GetAsyncKeyState(96)

If keyresult = -32767 Then

If ExeName = 1 Then

ProsH = GetHProcExe(Text2.Text)

If ProsH = 0 Then Label1.Caption = "Cant find process!": Exit Sub

DllPath = Text1.Text

InjectDll DllPath, ProsH

Else

ProsH = FindProc(Text2.Text)

If ProsH = 0 Then Label1.Caption = "Cant find process!": Exit Sub

DllPath = Text1.Text

InjectDll DllPath, ProsH

End If

End If

 

 

Agora Adicione as Label e dê o nome no Caption de "Processo.EXE" e "DLL Patch"

 

Adicione os 2 "Option" e para o "Option0" Mude o Nome do Caption para "Nome EXE" e ponhe o seguinte código:

 

Private Sub Option0_Click(Index As Integer)

Select Case Index

Case 0

Label4.Caption = "Process EXE name:"

Command3.Enabled = True

ExeName = 1

Case 1

Label4.Caption = "Process Window Name:"

Command3.Enabled = False

ExeName = 2

End Select

End Sub

 

 

No "Option1" de o nome do Caption para "Nome da Janela" e adicione o código abaixo:

 

Private Sub Option1_Click(Index As Integer)

Select Case Index

Case 0

Label4.Caption = "Process EXE name:"

Command3.Enabled = True

ExeName = 1

Case 1

Label4.Caption = "Process Window Name:"

Command3.Enabled = False

ExeName = 2

End Select

End Sub

 

 

Declare também esse Código em Sua "Form"

 

Private Sub Form_Unload(Cancel As Integer)

Call Save("HProcess", "Box2", Text2.Text)

Call Save("DllPath", "Box1", Text1.Text)

End Sub

 

 

 

Adicione mais 2 Label e de o Nome do Caption para : "Status da Injeção" e "Esperando..."

 

Agora Adicione 3 Modules e renomeias para :

 

Module1 = DllInjector

Module2 = modGetHProcExe

Module3 = SaveSets

 

 

 

Adicione os seguintes Códigos no Module "DllInjector"

 

'VB DLL injector

'By RodrigoEviL

 

'All the shit it takes to make VB to inject dlls...

Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long

Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long

Private Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long

Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal fAllocType As Long, FlProtect As Long) As Long

Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal ProcessHandle As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Any, ByVal lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadID As Long) As Long

Public ProsH As Long

 

'The Injection Function

Public Function InjectDll(DllPath As String, ProsH As Long)

Dim DLLVirtLoc As Long, DllLength, Inject As Long, LibAddress As Long

Dim CreateThread As Long, ThreadID As Long

 

'STEP 1 - The easy part...Putting the bitch in the process' memory

Form1.Label1.Caption = "Injecting......"

'Find a nice spot for your DLL to chill using VirtualAllocEx

DllLength = Len(DllPath)

DLLVirtLoc = VirtualAllocEx(ProsH, ByVal 0, DllLength, &H1000, ByVal &H4)

If DLLVirtLoc = 0 Then Form1.Label1.Caption = "VirtualAllocEx API failed!": Exit Function

'Inject the Dll into that spot

Inject = WriteProcessMemory(ProsH, DLLVirtLoc, ByVal DllPath, DllLength, vbNull)

If Inject = 0 Then Form1.Label1.Caption = "Failed to Write DLL to Process!"

Form1.Label1.Caption = "Dll Injected...Creating Thread....."

 

 

'STEP 2 - Loading it in the process

'This is where it gets a little interesting....

'Just throwing our Dll into the process isnt going to do shit unless you

'Load it into the precess address using LoadLibrary. The LoadLibrary function

'maps the specified executable module into the address space of the

'calling process. You call LoadLibrary by using CreateRemoteThread to

'create a thread(no shit) that runs in the address space of another process.

'First we find the LoadLibrary API function and store it

LibAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")

If LibAddress = 0 Then Form1.Label1.Caption = "Can't find LoadLibrary API from kernel32.dll": Exit Function

'Next, the part the took me damn near 2 hours to figure out - using CreateRemoteThread

'We set a pointer to LoadLibrary(LibAddress) in our process, LoadLibrary then puts

'our Dll(DLLVirtLoc) into the process address. Easy enough right?

CreateThread = CreateRemoteThread(ProsH, vbNull, 0, LibAddress, DLLVirtLoc, 0, ThreadID)

If CreateThread = 0 Then Form1.Label1.Caption = "Failed to Create Thead!"

Form1.Label1.Caption = "Dll Injection Successful!"

End Function

 

 

No Module2 "modGetHProcExe" Adicione o Código:

 

'I DID NOT CREATE THIS MODULE! Im in love with who ever did though

Public Const PROCESS_ALL_ACCESS As Long = &H1F0FFF

 

Option Explicit

Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long

Public Declare Function FindWindow Lib "USER32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) As Long

Public Declare Function GetWindowThreadProcessId Lib "USER32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long

Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long

Private Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long

Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long

Private Declare Sub CloseHandle Lib "kernel32" (ByVal hPass As Long)

 

 

Private Type PROCESSENTRY32

dwSize As Long

cntUsage As Long

th32ProcessID As Long

th32DefaultHeapID As Long

th32ModuleID As Long

cntThreads As Long

th32ParentProcessID As Long

pcPriClassBase As Long

dwFlags As Long

szExeFile As String * 260

End Type

 

Public Function GetHProcExe(strExeName As String) As Long

Dim hSnap As Long

'Create a snapshot of all of the processes, and information

'about them (saving the handle so we can iterate through the

'processes)

hSnap = CreateToolhelpSnapshot(2, 0)

 

Dim peProcess As PROCESSENTRY32

peProcess.dwSize = LenB(peProcess)

 

Dim nProcess As Long

nProcess = Process32First(hSnap, peProcess)

 

'Loop through the processes until we find the one we want

'and return its process handle

Do While nProcess

If StrComp(Trim$(peProcess.szExeFile), strExeName, vbTextCompare) _

= 0 Then

GetHProcExe = OpenProcess(PROCESS_ALL_ACCESS, False, peProcess.th32ProcessID)

Exit Function

End If

peProcess.szExeFile = vbNullString

nProcess = Process32Next(hSnap, peProcess)

Loop

CloseHandle hSnap

End Function

Public Function FindProc(ProcName As String) As Long

Dim hwnd As Long

Dim ProcessID As Long

Dim ProcessHandle As Long

hwnd = FindWindow(vbNullString, ProcName)

GetWindowThreadProcessId hwnd, ProcessID

ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessID)

FindProc = ProcessHandle

End Function

 

No Module3 "SaveSets" Adicione :

 

Declare Function WritePrivateProfileString Lib "kernel32" Alias "WritePrivateProfileStringA" (ByVal lpApplicationname As String, ByVal lpKeyName As Any, ByVal lsString As Any, ByVal lplFilename As String) As Long

Declare Function GetPrivateProfileString Lib "kernel32" Alias "GetPrivateProfileStringA" (ByVal lpApplicationname As String, ByVal lpKeyName As String, ByVal lpDefault As String, ByVal lpReturnedString As String, ByVal nSize As Long, ByVal lpFileName As String) As Long

Public Check As String

 

Public Function Load(Section As String, Key As String) As String

Dim lngResult As Long

Dim strFileName

Dim strResult As String * 300

strFileName = App.Path & "\sets.ini"

lngResult = GetPrivateProfileString(Section, Key, strFileName, strResult, Len(strResult), strFileName)

Check = App.Path & "\sets.ini"

Load = Trim(strResult)

End Function

 

Public Function Save(Section As String, Key As String, Content As String)

Dim lngResult As Long

Dim strFileName

strFileName = App.Path & "\sets.ini"

lngResult = WritePrivateProfileString(Section, Key, Content, strFileName)

End Function

 

 

Feito Tudo isso você terminou Seu Injetor de DLL's

Créditos :

FoemaPc

[/i]

Link para o comentário
Compartilhar em outros sites

Este tópico está impedido de receber novos posts.
 Compartilhar

×
×
  • Criar Novo...

Informação Importante

Nós fazemos uso de cookies no seu dispositivo para ajudar a tornar este site melhor. Você pode ajustar suas configurações de cookies , caso contrário, vamos supor que você está bem para continuar.