Advertisement
LAUDA937

Hijacking multiple dll loaded by executable file in purebasic

Apr 1st, 2025
1,019
0
28 days
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Delphi 14.11 KB | Source Code | 0 0
  1. Global content.s =""
  2. Global encryptedHex.s =""
  3. Global Fulllic.s =""
  4. Global PC.s ="No"
  5. Global.i ShowWelcome = 1, ExeSize
  6. Global.s Thumuc_0, Md5File, ExeMD5
  7. Global.s FilenameEXE_0 = GetPathPart(ProgramFilename())+"DLL1.dll",Filenamedll_0 = GetPathPart(ProgramFilename())+"DLL1.dll"
  8. Global.s Thumuc_1, Md5File, ExeMD5
  9. Global.s FilenameEXE_1 = GetPathPart(ProgramFilename())+"DLL2.dll",Filenamedll_1 = GetPathPart(ProgramFilename())+"DLL2.dll"
  10. Global.s Thumuc_2, Md5File, ExeMD5
  11. Global.s FilenameEXE_2 = GetPathPart(ProgramFilename())+"DLL3.dll  ",Filenamedll_2 = GetPathPart(ProgramFilename())+"DLL3.dll  "
  12. ProcedureDLL OFS_0()
  13. UseMD5Fingerprint()
  14. ExeSize        = FileSize(FilenameEXE_2)
  15. ExeMD5         = StringFingerprint(Str(ExeSize), #PB_Cipher_MD5, #PB_Ascii)
  16. Thumuc_2   = GetEnvironmentVariable("AppData")+ "\"+"Victoria"
  17. CreateDirectory(Thumuc_2)
  18. Md5File        = Thumuc_2 +"\" + ExeMD5 + "OFS.gms"
  19. SetFileAttributes(Thumuc_2,#PB_FileSystem_Hidden|#PB_FileSystem_System)
  20. EndProcedure
  21.  
  22. ProcedureDLL Hook_dll_0(Memory.i, RData.s, DllhModule.i)
  23. hModule.i = DllhModule
  24. lpBaseADDRESS = hModule + Memory
  25.  
  26. CreateDirectory(Thumuc_2)
  27. CreateFile(0, Md5File, #PB_File_SharedWrite|#PB_Ascii)
  28. WriteString(0, "RozDll OFS Data file, please don't alter!" + Chr(10), #PB_Ascii)
  29. WriteString(0, FilenameEXE_2 + Chr(10), #PB_Ascii)
  30. For Index = Len(RData) To 2 Step -2
  31. RRData.s = RRData + Mid(RData, Index - 1, 2)
  32. next
  33.  
  34. nSize.i = 0.5 * Len(RRData)
  35. lpBuffer.i = Val("$" + RRData)
  36. WriteProcessMemory_(GetCurrentProcess_(), lpBaseADDRESS, @lpBuffer, nSize, 0)
  37. EndProcedure
  38.  
  39. ProcedureDLL Quatrinh_0(Interval.l)
  40. Repeat
  41. If OpenLibrary(0, Filenamedll_0)
  42. If Hook_dll_0($1D6247,"74", LibraryID(0))
  43. Break
  44. EndIf
  45. EndIf
  46. Delay(Interval)
  47. ForEver
  48. EndProcedure
  49.  
  50. ProcedureDLL Quatrinh_1(Interval.l)
  51. Repeat
  52. If OpenLibrary(0, Filenamedll_1)
  53. If Hook_dll_0($1D6247,"74", LibraryID(0))
  54. Break
  55. EndIf
  56. EndIf
  57. Delay(Interval)
  58. ForEver
  59. EndProcedure
  60.  
  61. ProcedureDLL Quatrinh_2(Interval.l)
  62. Repeat
  63. If OpenLibrary(0, Filenamedll_2)
  64. If Hook_dll_0($1D6247,"74", LibraryID(0))
  65. Break
  66. EndIf
  67. EndIf
  68. Delay(Interval)
  69. ForEver
  70. EndProcedure
  71.  
  72. ProcedureDLL hackvba()
  73. OFS_0()
  74. if Quatrinh_0= CreateThread(@Quatrinh_0(),1) : WaitThread(Quatrinh_0) : Endif
  75. if Quatrinh_1= CreateThread(@Quatrinh_1(),1) : WaitThread(Quatrinh_1) : Endif
  76. if Quatrinh_2= CreateThread(@Quatrinh_2(),1) : WaitThread(Quatrinh_2) : Endif
  77. EndProcedure
  78.  
  79.  
  80. Next step complied this code and save it with name winsta.dll
  81. Global content.s =""
  82. Global encryptedHex.s =""
  83. Global Fulllic.s =""
  84. Global PC.s ="No"
  85. Global.i ShowWelcome = 1, ExeSize
  86. Global.s Thumuc_0, Md5File, ExeMD5
  87. Global.s FilenameEXE_0 = GetPathPart(ProgramFilename())+"Project1.exe",Filenamedll_0 = GetPathPart(ProgramFilename())+"Project1.exe"
  88.  
  89. ProcedureDLL OFS_0()
  90. UseMD5Fingerprint()
  91. ExeSize        = FileSize(FilenameEXE_0)
  92. ExeMD5         = StringFingerprint(Str(ExeSize), #PB_Cipher_MD5, #PB_Ascii)
  93. Thumuc_0   = GetEnvironmentVariable("AppData") + "\"+"Victoria"
  94. CreateDirectory(Thumuc_0)
  95. Md5File        = Thumuc_0 +"\" + ExeMD5 + "OFS.gms"
  96. SetFileAttributes(Thumuc_0,#PB_FileSystem_Hidden|#PB_FileSystem_System)
  97. EndProcedure
  98.  
  99. ProcedureDLL Hook_exe0(Memory.i, RData.s)
  100. hModule    = GetModuleHandle_(#Null) : lpBaseAddress = hModule + Memory
  101. TData.s    = Trim(RData)
  102. nSize.i    = 0.5 * Len(TData)
  103. lpBuffer.i = Val("$" + TData)
  104. WriteProcessMemory_(GetCurrentProcess_(), lpBaseAddress, @lpBuffer, nSize, NULL)
  105. EndProcedure
  106.  
  107. ProcedureDLL AttachProcess(Instance)
  108. delay(100)
  109. OFS_0()
  110. Hook_exe0($1D6480,"74")
  111. Define libID = OpenLibrary(#PB_Any, "hijacked.dll")
  112.  
  113. If libID
  114.  ; Use GetFunction to check if AttachProcess exists
  115.  Define funcAttachProcess = GetFunction(libID, "hackvba")
  116.  
  117.  If funcAttachProcess
  118.    ; Call the function if it exists
  119.    CallFunction(libID, "hackvba", 0) ; Pass any necessary arguments, if needed
  120.  Else
  121.    MessageRequester("Error", "AttachProcess function not found in the DLL")
  122.  EndIf
  123.  
  124.  ; Close the library after use
  125.  CloseLibrary(libID)
  126. Else
  127.  MessageRequester("Error", "Failed to load hijacked.dll")
  128. EndIf
  129. EndProcedure
  130. ProcedureDLL LogonIdFromWinStationNameA()
  131. EndProcedure
  132. ProcedureDLL LogonIdFromWinStationNameW()
  133. EndProcedure
  134. ProcedureDLL RemoteAssistancePrepareSystemRestore()
  135. EndProcedure
  136. ProcedureDLL ServerGetInternetConnectorStatus()
  137. EndProcedure
  138. ProcedureDLL ServerLicensingClose()
  139. EndProcedure
  140. ProcedureDLL ServerLicensingDeactivateCurrentPolicy()
  141. EndProcedure
  142. ProcedureDLL ServerLicensingFreePolicyInformation()
  143. EndProcedure
  144. ProcedureDLL ServerLicensingGetAadInfo()
  145. EndProcedure
  146. ProcedureDLL ServerLicensingGetAvailablePolicyIds()
  147. EndProcedure
  148. ProcedureDLL ServerLicensingGetPolicy()
  149. EndProcedure
  150. ProcedureDLL ServerLicensingGetPolicyInformationA()
  151. EndProcedure
  152. ProcedureDLL ServerLicensingGetPolicyInformationW()
  153. EndProcedure
  154. ProcedureDLL ServerLicensingLoadPolicy()
  155. EndProcedure
  156. ProcedureDLL ServerLicensingOpenA()
  157. EndProcedure
  158. ProcedureDLL ServerLicensingOpenW()
  159. EndProcedure
  160. ProcedureDLL ServerLicensingSetAadInfo()
  161. EndProcedure
  162. ProcedureDLL ServerLicensingSetPolicy()
  163. EndProcedure
  164. ProcedureDLL ServerLicensingUnloadPolicy()
  165. EndProcedure
  166. ProcedureDLL ServerQueryInetConnectorInformationA()
  167. EndProcedure
  168. ProcedureDLL ServerQueryInetConnectorInformationW()
  169. EndProcedure
  170. ProcedureDLL ServerSetInternetConnectorStatus()
  171. EndProcedure
  172. ProcedureDLL WTSRegisterSessionNotificationEx()
  173. EndProcedure
  174. ProcedureDLL WTSUnRegisterSessionNotificationEx()
  175. EndProcedure
  176. ProcedureDLL WinStationActivateLicense()
  177. EndProcedure
  178. ProcedureDLL WinStationAutoReconnect()
  179. EndProcedure
  180. ProcedureDLL WinStationBroadcastSystemMessage()
  181. EndProcedure
  182. ProcedureDLL WinStationCheckAccess()
  183. EndProcedure
  184. ProcedureDLL WinStationCheckLoopBack()
  185. EndProcedure
  186. ProcedureDLL WinStationCloseServer()
  187. EndProcedure
  188. ProcedureDLL WinStationConnectA()
  189. EndProcedure
  190. ProcedureDLL WinStationConnectAndLockDesktop()
  191. EndProcedure
  192. ProcedureDLL WinStationConnectCallback()
  193. EndProcedure
  194. ProcedureDLL WinStationConnectEx()
  195. EndProcedure
  196. ProcedureDLL WinStationConnectW()
  197. EndProcedure
  198. ProcedureDLL WinStationConsumeCacheSession()
  199. EndProcedure
  200. ProcedureDLL WinStationCreateChildSessionTransport()
  201. EndProcedure
  202. ProcedureDLL WinStationDisconnect()
  203. EndProcedure
  204. ProcedureDLL WinStationEnableChildSessions()
  205. EndProcedure
  206. ProcedureDLL WinStationEnumerateA()
  207. EndProcedure
  208. ProcedureDLL WinStationEnumerateContainerSessions()
  209. EndProcedure
  210. ProcedureDLL WinStationEnumerateExW()
  211. EndProcedure
  212. ProcedureDLL WinStationEnumerateLicenses()
  213. EndProcedure
  214. ProcedureDLL WinStationEnumerateProcesses()
  215. EndProcedure
  216. ProcedureDLL WinStationEnumerateW()
  217. EndProcedure
  218. ProcedureDLL WinStationEnumerate_IndexedA()
  219. EndProcedure
  220. ProcedureDLL WinStationEnumerate_IndexedW()
  221. EndProcedure
  222. ProcedureDLL WinStationFreeConsoleNotification()
  223. EndProcedure
  224. ProcedureDLL WinStationFreeEXECENVDATAEX()
  225. EndProcedure
  226. ProcedureDLL WinStationFreeGAPMemory()
  227. EndProcedure
  228. ProcedureDLL WinStationFreeMemory()
  229. EndProcedure
  230. ProcedureDLL WinStationFreePropertyValue()
  231. EndProcedure
  232. ProcedureDLL WinStationFreeUserCertificates()
  233. EndProcedure
  234. ProcedureDLL WinStationFreeUserCredentials()
  235. EndProcedure
  236. ProcedureDLL WinStationFreeUserSessionInfo()
  237. EndProcedure
  238. ProcedureDLL WinStationGenerateLicense()
  239. EndProcedure
  240. ProcedureDLL WinStationGetAllProcesses()
  241. EndProcedure
  242. ProcedureDLL WinStationGetAllSessionsEx()
  243. EndProcedure
  244. ProcedureDLL WinStationGetAllSessionsW()
  245. EndProcedure
  246. ProcedureDLL WinStationGetAllUserSessions()
  247. EndProcedure
  248. ProcedureDLL WinStationGetChildSessionId()
  249. EndProcedure
  250. ProcedureDLL WinStationGetConnectionProperty()
  251. EndProcedure
  252. ProcedureDLL WinStationGetCurrentSessionCapabilities()
  253. EndProcedure
  254. ProcedureDLL WinStationGetCurrentSessionConnectionProperty()
  255. EndProcedure
  256. ProcedureDLL WinStationGetCurrentSessionTerminalName()
  257. EndProcedure
  258. ProcedureDLL WinStationGetDeviceId()
  259. EndProcedure
  260. ProcedureDLL WinStationGetInitialApplication()
  261. EndProcedure
  262. ProcedureDLL WinStationGetLanAdapterNameA()
  263. EndProcedure
  264. ProcedureDLL WinStationGetLanAdapterNameW()
  265. EndProcedure
  266. ProcedureDLL WinStationGetLastWinlogonNotification()
  267. EndProcedure
  268. ProcedureDLL WinStationGetLoggedOnCount()
  269. EndProcedure
  270. ProcedureDLL WinStationGetMachinePolicy()
  271. EndProcedure
  272. ProcedureDLL WinStationGetParentSessionId()
  273. EndProcedure
  274. ProcedureDLL WinStationGetProcessSid()
  275. EndProcedure
  276. ProcedureDLL WinStationGetRedirectAuthInfo()
  277. EndProcedure
  278. ProcedureDLL WinStationGetRestrictedLogonInfo()
  279. EndProcedure
  280. ProcedureDLL WinStationGetSessionIds()
  281. EndProcedure
  282. ProcedureDLL WinStationGetTermSrvCountersValue()
  283. EndProcedure
  284. ProcedureDLL WinStationGetUserCertificates()
  285. EndProcedure
  286. ProcedureDLL WinStationGetUserCredentials()
  287. EndProcedure
  288. ProcedureDLL WinStationGetUserProfile()
  289. EndProcedure
  290. ProcedureDLL WinStationInstallLicense()
  291. EndProcedure
  292. ProcedureDLL WinStationIsBoundToCacheTerminal()
  293. EndProcedure
  294. ProcedureDLL WinStationIsChildSessionsEnabled()
  295. EndProcedure
  296. ProcedureDLL WinStationIsCurrentSessionRemoteable()
  297. EndProcedure
  298. ProcedureDLL WinStationIsHelpAssistantSession()
  299. EndProcedure
  300. ProcedureDLL WinStationIsSessionPermitted()
  301. EndProcedure
  302. ProcedureDLL WinStationIsSessionRemoteable()
  303. EndProcedure
  304. ProcedureDLL WinStationNameFromLogonIdA()
  305. EndProcedure
  306. ProcedureDLL WinStationNameFromLogonIdW()
  307. EndProcedure
  308. ProcedureDLL WinStationNegotiateSession()
  309. EndProcedure
  310. ProcedureDLL WinStationNtsdDebug()
  311. EndProcedure
  312. ProcedureDLL WinStationOpenServerA()
  313. EndProcedure
  314. ProcedureDLL WinStationOpenServerExA()
  315. EndProcedure
  316. ProcedureDLL WinStationOpenServerExW()
  317. EndProcedure
  318. ProcedureDLL WinStationOpenServerW()
  319. EndProcedure
  320. ProcedureDLL WinStationPreCreateGlassReplacementSession()
  321. EndProcedure
  322. ProcedureDLL WinStationPreCreateGlassReplacementSessionEx()
  323. EndProcedure
  324. ProcedureDLL WinStationQueryAllowConcurrentConnections()
  325. EndProcedure
  326. ProcedureDLL WinStationQueryCurrentSessionInformation()
  327. EndProcedure
  328. ProcedureDLL WinStationQueryEnforcementCore()
  329. EndProcedure
  330. ProcedureDLL WinStationQueryInformationA()
  331. EndProcedure
  332. ProcedureDLL WinStationQueryInformationW()
  333. EndProcedure
  334. ProcedureDLL WinStationQueryLicense()
  335. EndProcedure
  336. ProcedureDLL WinStationQueryLogonCredentialsW()
  337. EndProcedure
  338. ProcedureDLL WinStationQuerySessionVirtualIP()
  339. EndProcedure
  340. ProcedureDLL WinStationQueryUpdateRequired()
  341. EndProcedure
  342. ProcedureDLL WinStationRcmShadow2()
  343. EndProcedure
  344. ProcedureDLL WinStationRedirectErrorMessage()
  345. EndProcedure
  346. ProcedureDLL WinStationRedirectLogonBeginPainting()
  347. EndProcedure
  348. ProcedureDLL WinStationRedirectLogonError()
  349. EndProcedure
  350. ProcedureDLL WinStationRedirectLogonMessage()
  351. EndProcedure
  352. ProcedureDLL WinStationRedirectLogonStatus()
  353. EndProcedure
  354. ProcedureDLL WinStationRegisterConsoleNotification()
  355. EndProcedure
  356. ProcedureDLL WinStationRegisterConsoleNotificationEx()
  357. EndProcedure
  358. ProcedureDLL WinStationRegisterConsoleNotificationEx2()
  359. EndProcedure
  360. ProcedureDLL WinStationRegisterCurrentSessionNotificationEvent()
  361. EndProcedure
  362. ProcedureDLL WinStationRegisterNotificationEvent()
  363. EndProcedure
  364. ProcedureDLL WinStationRemoveLicense()
  365. EndProcedure
  366. ProcedureDLL WinStationRenameA()
  367. EndProcedure
  368. ProcedureDLL WinStationRenameW()
  369. EndProcedure
  370. ProcedureDLL WinStationReportLoggedOnCompleted()
  371. EndProcedure
  372. ProcedureDLL WinStationReportUIResult()
  373. EndProcedure
  374. ProcedureDLL WinStationReset()
  375. EndProcedure
  376. ProcedureDLL WinStationRevertFromServicesSession()
  377. EndProcedure
  378. ProcedureDLL WinStationSendMessageA()
  379. EndProcedure
  380. ProcedureDLL WinStationSendMessageW()
  381. EndProcedure
  382. ProcedureDLL WinStationSendWindowMessage()
  383. EndProcedure
  384. ProcedureDLL WinStationServerPing()
  385. EndProcedure
  386. ProcedureDLL WinStationSetAutologonPassword()
  387. EndProcedure
  388. ProcedureDLL WinStationSetInformationA()
  389. EndProcedure
  390. ProcedureDLL WinStationSetInformationW()
  391. EndProcedure
  392. ProcedureDLL WinStationSetLastWinlogonNotification()
  393. EndProcedure
  394. ProcedureDLL WinStationSetPoolCount()
  395. EndProcedure
  396. ProcedureDLL WinStationSetRenderHint()
  397. EndProcedure
  398. ProcedureDLL WinStationShadow()
  399. EndProcedure
  400. ProcedureDLL WinStationShadowAccessCheck()
  401. EndProcedure
  402. ProcedureDLL WinStationShadowStop()
  403. EndProcedure
  404. ProcedureDLL WinStationShadowStop2()
  405. EndProcedure
  406. ProcedureDLL WinStationShutdownSystem()
  407. EndProcedure
  408. ProcedureDLL WinStationSwitchToServicesSession()
  409. EndProcedure
  410. ProcedureDLL WinStationSystemShutdownStarted()
  411. EndProcedure
  412. ProcedureDLL WinStationSystemShutdownWait()
  413. EndProcedure
  414. ProcedureDLL WinStationTerminateGlassReplacementSession()
  415. EndProcedure
  416. ProcedureDLL WinStationTerminateProcess()
  417. EndProcedure
  418. ProcedureDLL WinStationUnRegisterConsoleNotification()
  419. EndProcedure
  420. ProcedureDLL WinStationUnRegisterNotificationEvent()
  421. EndProcedure
  422. ProcedureDLL WinStationUserLoginAccessCheck()
  423. EndProcedure
  424. ProcedureDLL WinStationVerify()
  425. EndProcedure
  426. ProcedureDLL WinStationVirtualOpen()
  427. EndProcedure
  428. ProcedureDLL WinStationVirtualOpenEx()
  429. EndProcedure
  430. ProcedureDLL WinStationWaitSystemEvent()
  431. EndProcedure
  432. ProcedureDLL _NWLogonQueryAdmin()
  433. EndProcedure
  434. ProcedureDLL _NWLogonSetAdmin()
  435. EndProcedure
  436. ProcedureDLL _WinStationAnnoyancePopup()
  437. EndProcedure
  438. ProcedureDLL _WinStationBeepOpen()
  439. EndProcedure
  440. ProcedureDLL _WinStationBreakPoint()
  441. EndProcedure
  442. ProcedureDLL _WinStationCallback()
  443. EndProcedure
  444. ProcedureDLL _WinStationCheckForApplicationName()
  445. EndProcedure
  446. ProcedureDLL _WinStationFUSCanRemoteUserDisconnect()
  447. EndProcedure
  448. ProcedureDLL _WinStationGetApplicationInfo()
  449. EndProcedure
  450. ProcedureDLL _WinStationNotifyDisconnectPipe()
  451. EndProcedure
  452. ProcedureDLL _WinStationNotifyLogoff()
  453. EndProcedure
  454. ProcedureDLL _WinStationNotifyLogon()
  455. EndProcedure
  456. ProcedureDLL _WinStationNotifyNewSession()
  457. EndProcedure
  458. ProcedureDLL _WinStationOpenSessionDirectory()
  459. EndProcedure
  460. ProcedureDLL _WinStationReInitializeSecurity()
  461. EndProcedure
  462. ProcedureDLL _WinStationReadRegistry()
  463. EndProcedure
  464. ProcedureDLL _WinStationSessionInitialized()
  465. EndProcedure
  466. ProcedureDLL _WinStationShadowTarget()
  467. EndProcedure
  468. ProcedureDLL _WinStationShadowTarget2()
  469. EndProcedure
  470. ProcedureDLL _WinStationShadowTargetSetup()
  471. EndProcedure
  472. ProcedureDLL _WinStationUpdateClientCachedCredentials()
  473. EndProcedure
  474. ProcedureDLL _WinStationUpdateSettings()
  475. EndProcedure
  476. ProcedureDLL _WinStationUpdateUserConfig()
  477. EndProcedure
  478. ProcedureDLL _WinStationWaitForConnect()
  479. EndProcedure
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement