Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include-once
- ; #INDEX# =======================================================================================================================
- ; Title .........: Inject UDF library for AutoIt v3
- ; AutoIt Version : 3.3.4, Inject.au3 v 1.1 (1/2/2010)
- ; Language ......: English
- ; Description ...: Functions for getting process information and for in/ejecting a .dll file into/off a process
- ; Requirements ..: NomadMemory.au3, Memory.au3, WinAPI.au3, Kernel32.dll ;Script has to be compiled in x86 Mode ;#RequireAdmin
- ; Author(s) .....: Deathly Assassin (http://www.autoitbot.de)
- ; ===============================================================================================================================
- ; #REQUIRED INCLUDES# ===========================================================================================================
- #include <Memory.au3>
- #include <WinAPI.au3>
- #include <NomadMemory.au3>
- ; ===============================================================================================================================
- ; #CURRENT# =====================================================================================================================
- ;_InjectAttachDll
- ;_InjectDetachDllEx
- ;_InjectDetachDll
- ;_InjectModulInfo
- ; ===============================================================================================================================
- ; #FUNCTION# ====================================================================================================================
- ; Name...........: _InjectAttachDll
- ; Description ...: Injects a .dll file into a process
- ; Syntax.........: _InjectAttachDll($sPath, $PID)
- ; Parameters ....: $sPath - Path and filename of the .dll file to be injected
- ; $PID - A process identifier
- ; Return values .: Success - Returns hModule of the injected dll
- ; Failure - Returns @Error of the failed function and sets @Error:
- ; |@error = 1 - _MemoryOpen failed -> $PID might be wrong
- ; |@error = 2 - _MemoryWrite failed -> "SeDebugPrivilege" might not have been set. #RequireAdmin might solve this problem / $sPath might not have been found
- ; |@error = 3 - DllOpen failed -> kernel32.dll might not have been found
- ; |@error = 4 - GetExitCodeThread failed
- ; Author ........: Deathly Assassin (http://www.autoitbot.de)
- ; Modified.......:
- ; Remarks .......:
- ; Related .......:
- ; Link ..........:
- ; Example .......: Yes
- ; ===============================================================================================================================
- Func _InjectAttachDll($sPath, $PID)
- Local $hRemote, $iLen = StringLen($sPath), $hProcess, $pAllocAdresse, $vError, $hOpen, $pLoadLibraryA, $vStruct
- SetPrivilege("SeDebugPrivilege", 1)
- SetError(0)
- $hProcess = _MemoryOpen($PID)
- $vError = @error
- If $vError Then
- SetError(1)
- Return $vError
- EndIf
- $pAllocAdresse = _MemVirtualAllocEx($hProcess[1], 0, $iLen + 1, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)
- _MemoryWrite($pAllocAdresse, $hProcess, $sPath, 'char[' & $iLen & ']')
- $vError = @error
- If $vError Then
- SetError(2)
- Return $vError
- EndIf
- $hOpen = DllOpen("Kernel32.dll")
- $vError = @error
- If $vError Then
- SetError(3)
- Return $vError
- EndIf
- $pLoadLibraryA = DllCall($hOpen, "HANDLE", "GetProcAddress", "HANDLE", _WinAPI_GetModuleHandle("kernel32.dll"), "str", "LoadLibraryA")
- $hRemote = DllCall($hOpen, "HANDLE", "CreateRemoteThread", "HANDLE", $hProcess[1], "ptr", 0, "ptr", 0, "ptr", $pLoadLibraryA[0], "ptr", $pAllocAdresse, "DWORD", 0, "ptr", 0)
- _WinAPI_WaitForSingleObject($hRemote[0])
- $vStruct = DllStructCreate("HANDLE;")
- DllCall($hOpen, "BOOL", "GetExitCodeThread", "HANDLE", $hRemote[0], "ptr", DllStructGetPtr($vStruct, 1))
- $vError = DllStructGetData($vStruct, 1)
- DllClose($hOpen)
- _MemVirtualFreeEx($hProcess, $pAllocAdresse, $iLen, $MEM_DECOMMIT)
- _MemoryClose($hProcess)
- If $vError = False Then
- SetError(4)
- Return $vError
- EndIf
- Return $vError
- EndFunc ;==>_InjectAttachDll
- ; #FUNCTION# ====================================================================================================================
- ; Name...........: _InjectDetachDllEx
- ; Description ...: Ejects a .dll file off a process
- ; Syntax.........: _InjectDetachDllEx($hModule, $PID)
- ; Parameters ....: $hModule - hModule of the dll to be ejected
- ; $PID - A process identifier
- ; Return values .: Success - Returns True
- ; Failure - Returns @Error of the failed function and sets @Error:
- ; |@error = 1 - _MemoryOpen failed -> $PID might be wrong
- ; |@error = 2 - DllOpen failed -> kernel32.dll might not have been found
- ; |@error = 3 - GetExitCodeThread failed -> "SeDebugPrivilege" might not have been set. #RequireAdmin might solve this problem
- ; Author ........: Deathly Assassin (http://www.autoitbot.de)
- ; Modified.......:
- ; Remarks .......:
- ; Related .......:
- ; Link ..........:
- ; Example .......: Yes
- ; ===============================================================================================================================
- Func _InjectDetachDllEx($hModule, $PID)
- Local $hRemote, $hProcess, $vError, $hOpen, $pFreeLibrary, $vStruct
- SetPrivilege("SeDebugPrivilege", 1)
- SetError(0)
- $hProcess = _MemoryOpen($PID)
- $vError = @error
- If $vError Then
- SetError(1)
- Return $vError
- EndIf
- $hOpen = DllOpen("Kernel32.dll")
- $vError = @error
- If $vError Then
- SetError(2)
- Return $vError
- EndIf
- $pFreeLibrary = DllCall($hOpen, "HANDLE", "GetProcAddress", "HANDLE", _WinAPI_GetModuleHandle("kernel32.dll"), "str", "FreeLibrary")
- $hRemote = DllCall($hOpen, "HANDLE", "CreateRemoteThread", "HANDLE", $hProcess[1], "int", 0, "int", 0, "DWORD", $pFreeLibrary[0], "ptr", $hModule, "DWORD", 0, "DWORD*", 0)
- _WinAPI_WaitForSingleObject($hRemote[0])
- $vStruct = DllStructCreate("BOOL;")
- $vError = DllCall($hOpen, "BOOL", "GetExitCodeThread", "HANDLE", $hRemote[0], "ptr", DllStructGetPtr($vStruct, 1))
- $vError = DllStructGetData($vStruct, 1)
- DllClose($hOpen)
- _MemoryClose($hProcess)
- If $vError = False Then
- SetError(3)
- Return $vError
- EndIf
- Return $vError
- EndFunc ;==>_InjectDetachDllEx
- ; #FUNCTION# ====================================================================================================================
- ; Name...........: _InjectDetachDll
- ; Description ...: Ejects a .dll file off a process
- ; Syntax.........: _InjectDetachDll($sPath, $PID)
- ; Parameters ....: $sPath - Path of the dll to be ejected
- ; $PID - A process identifier
- ; Return values .: Success - Returns True
- ; Failure - Returns -1 and sets @Error or -1 / Returns the return of _InjectDetachDllEx and sets _InjectDetachDllEx's @Error
- ; |@error = -1 - _InjectModulInfo failed -> Return=1:Wrong PID; Return=2:DllOpen failed -> kernel32.dll might not have been found
- ; |@error = -2 - Modul wasn't found
- ; Author ........: Deathly Assassin (http://www.autoitbot.de)
- ; Modified.......:
- ; Remarks .......:
- ; Related .......:
- ; Link ..........:
- ; Example .......: Yes
- ; ===============================================================================================================================
- Func _InjectDetachDll($sPath, $PID)
- Local $aArray, $i, $vError
- $aArray = _InjectModulInfo($PID)
- $vError = @error
- If $vError Then
- SetError(-1)
- Return $vError
- EndIf
- For $i = 0 To UBound($aArray) - 1
- If $aArray[$i][9] = $sPath Then
- Return _InjectDetachDllEx($aArray[$i][7], $PID)
- EndIf
- Next
- SetError(-2)
- Return -1
- EndFunc ;==>_InjectDetachDll
- ; #FUNCTION# ====================================================================================================================
- ; Name...........: _InjectModulInfo
- ; Description ...: Returns information about every modul in the specified process
- ; Syntax.........: _InjectModulInfo($PID)
- ; Parameters ....: $PID - A process identifier
- ; Return values .: Success - Returns an 2d array with the modules and there information
- ; Failure - Returns -1 and sets @Error:
- ; |@error = 1 - Wrong PID
- ; |@error = 2 - DllOpen failed -> kernel32.dll might not have been found
- ; Author ........: Deathly Assassin (http://www.autoitbot.de)
- ; Modified.......:
- ; Remarks .......:
- ; Related .......:
- ; Link ..........:
- ; Example .......: Yes
- ; ===============================================================================================================================
- Func _InjectModulInfo($PID)
- Local $hModule, $hSnapshot, $hOpen, $iCount = 0, $aArray[1][10], $i, $vMODULEENTRY32, $vNext
- If Not ProcessExists($PID) Then
- SetError(1)
- Return -1
- EndIf
- SetPrivilege("SeDebugPrivilege", 1)
- $hOpen = DllOpen("Kernel32.dll")
- If @error Then
- SetError(2)
- Return -1
- EndIf
- $vMODULEENTRY32 = DllStructCreate("DWORD dwSize; DWORD th32ModuleID; DWORD th32ProcessID; DWORD GlblcntUsage; DWORD ProccntUsage; ptr modBaseAddr; DWORD modBaseSize; HANDLE hModule; CHAR szModule[256]; CHAR szExePath[260];")
- DllStructSetData($vMODULEENTRY32, 1, DllStructGetSize($vMODULEENTRY32))
- $hSnapshot = DllCall($hOpen, "HANDLE", "CreateToolhelp32Snapshot", "DWORD", 8, "DWORD", $PID)
- DllCall($hOpen, "BOOL", "Module32First", "HANDLE", $hSnapshot[0], "ptr", DllStructGetPtr($vMODULEENTRY32))
- Do
- ReDim $aArray[$iCount + 1][10]
- For $i = 1 To 10
- $aArray[$iCount][$i - 1] = DllStructGetData($vMODULEENTRY32, $i)
- Next
- $iCount += 1
- $vNext = DllCall($hOpen, "BOOL", "Module32Next", "HANDLE", $hSnapshot[0], "ptr", DllStructGetPtr($vMODULEENTRY32))
- Until Not $vNext[0]
- DllClose($hOpen)
- Return $aArray
- EndFunc ;==>_InjectModulInfo
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement