PureBoard
http://forums.purebasic.com/german/

CTRL+ALT+DEL Disable und DLL Injection
http://forums.purebasic.com/german/viewtopic.php?f=8&t=13074
Seite 4 von 4

Autor:  Thorium [ 27.05.2007 11:12 ]
Betreff des Beitrags: 

Kaeru Gaman hat geschrieben:
Thorium hat geschrieben:
hardfalcon hat geschrieben:
Ich glaube, er hat den andern Thread gemeint, Thorium... :wink:


Ah, jetzt ja.
:)

Eine Insel? :?

Leisure Suit Larry 8)

Autor:  Syr2 [ 13.11.2020 15:38 ]
Betreff des Beitrags:  Re: CTRL+ALT+DEL Disable und DLL Injection

Hab nach ewigem rumprobieren mal eine Version auf Stand gebracht.
x64 PureBasic 5.72 (Windows - x64)


Code:
#PROCESS32LIB = 9999

Procedure GetPidByName(p_name$)

NewList Process32.PROCESSENTRY32 ()

If OpenLibrary (#PROCESS32LIB, "kernel32.dll")
    snap = CallFunction (#PROCESS32LIB, "CreateToolhelp32Snapshot", #TH32CS_SNAPPROCESS, 0)
    If snap
        Define.PROCESSENTRY32 Proc32
        Proc32\dwSize = SizeOf (PROCESSENTRY32)
        If CallFunction (#PROCESS32LIB, "Process32First", snap, @Proc32)
            AddElement (Process32 ())
            CopyMemory (@Proc32, @Process32 (), SizeOf (PROCESSENTRY32))
            If PeekS (@Process32 ()\szExeFile,-1,#PB_UTF8) = p_name$
              ProcedureReturn Proc32\th32ProcessID
            EndIf
            While CallFunction (#PROCESS32LIB, "Process32Next", snap, @Proc32)
              AddElement (Process32 ())
              CopyMemory (@Proc32, @Process32 (), SizeOf (PROCESSENTRY32))
              If PeekS (@Process32 ()\szExeFile,-1,#PB_UTF8) = p_name$
                ProcedureReturn Proc32\th32ProcessID
              EndIf
            Wend
        EndIf   
        CloseHandle_ (snap)
    EndIf
    CloseLibrary (#PROCESS32LIB)
EndIf
 
EndProcedure

; Both DLL and process must be unicode
; For ASCII: change LoadLibraryW > LoadLibraryA, and modify strings related to pszLibFile$
Procedure InjectLibW(dwProcessId, pszLibFile$)
   Protected hProcess, hThread, lzLibFileRemote, endSize, lsThreadRtn
   
   hProcess = OpenProcess_(#PROCESS_QUERY_INFORMATION | #PROCESS_CREATE_THREAD | #PROCESS_VM_OPERATION | #PROCESS_VM_WRITE, 0, dwProcessId)
   
   If hProcess = 0 : Goto ErrHandle : EndIf
   endSize = 1 + StringByteLength(pszLibFile$)
   
   lzLibFileRemote = VirtualAllocEx_(hProcess, #Null, endSize, #MEM_COMMIT, #PAGE_READWRITE)
   
   If lzLibFileRemote = 0 : Goto ErrHandle : EndIf
   
   If (WriteProcessMemory_(hProcess, lzLibFileRemote, pszLibFile$, endSize, #Null) = 0) : Goto ErrHandle : EndIf
   
   OpenLibrary(0, "Kernel32.dll") : lsThreadRtn = GetFunction(0, "LoadLibraryW") : CloseLibrary(0)
   
   If lsThreadRtn = 0 : Goto ErrHandle : EndIf
   
   hThread = CreateRemoteThread_(hProcess, #Null, #Null, lsThreadRtn, lzLibFileRemote, #Null, #Null)
   
   If (hThread = 0) : Goto ErrHandle : EndIf
   
   WaitForSingleObject_(hThread, #INFINITE)
   
   If lzLibFileRemote<>0
      VirtualFreeEx_(hProcess, lzLibFileRemote, 0, #MEM_RELEASE)
      MessageRequester("Inject Status", "Injection Suceeded", 0)
   Else
      VirtualFreeEx_(hProcess, lzLibFileRemote, 0, #MEM_RELEASE)
      MessageRequester("Inject Status", "Injection Failed !!!", 0)
   EndIf
   End
   
   ErrHandle:
   CloseHandle_(hThread)
   CloseHandle_(hProcess)
EndProcedure


;------------------------------------

InjectLibW( GetPidByName("notepad.exe"), "64.dll")


dll code:
ProcedureDLL AttachProcess(Instance)
MessageRequester("aha","YEY")
EndProcedure

Läuft nur unter x64 mit x64 DLL.
Bekanntes Problem ist dass es nur einmal klappt. Vor dem Neustart muss der Prozess neugestartet werden. Geht übrigens ohne Adminrechte :lurk:

Seite 4 von 4 Alle Zeiten sind UTC + 1 Stunde [ Sommerzeit ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/