program Project2;uses Windows;CONSTMainEXE:WideString='Project2.exe';

1. program Project2;
2. uses
3.   Windows;
4.  
5. CONST
6. MainEXE:WideString='Project2.exe';//name of exe(no preceding slash)
7. InjectDLL:WideString='mydll.dll';//name of dll(no preceding slash)
8.  
9. type PROCESS_BASIC_INFORMATION = Record
10. ExitStatus:Pointer;
11. PebBaseAddress:Pointer;
12. AffinityMask:Pointer;
13. BasePriority:Pointer;
14. UniqueProcessId:Pointer;
15. InheritedFromUniqueProcessId:Pointer;
16. End;
17.  
18. Function NtQueryInformationProcess(handle:THandle; ProcessInformationClass:Cardinal; ProcessInformation:Pointer; ProcessInformationLength:Cardinal;var ReturnLength:Cardinal):Cardinal; STDCALL; External 'ntdll.dll';
19.  
20. Function GetCurDir():WideString;
21. var
22. me:Array[0..1023] of wideChar;
23. Begin
24. GetCurrentDirectoryW(1024,@me[0]);
25. Result:=WideString(me);
26. End;
27.  
28. Function FileExists(fname:WideString):Boolean;
29. var
30. d:Cardinal;
31. Begin
32. d:=GetFileAttributesW(@fname[1]);
33. if (d=INVALID_FILE_ATTRIBUTES) or (d=FILE_ATTRIBUTE_DIRECTORY) then
34. result:=false
35. else
36. Result:=true;
37. End;
38.  
39. Function InjectDllW(hprocess: tHandle;  DLLPath: WideString):Boolean;
40. var
41.   TID: thandle;
42.   Parameters: pointer;
43.   BytesWritten:cardinal;
44.   pThreadStartRoutine: Pointer;
45. begin
46.   Parameters := VirtualAllocEx( hProcess, nil, Length(DLLPath)*2+1, MEM_COMMIT or MEM_RESERVE, PAGE_READWRITE);
47.   WriteProcessMemory(hProcess,Parameters,Pointer(DLLPath),Length(DLLPath)*2+1,BytesWritten);
48.   pThreadStartRoutine := GetProcAddress(GetModuleHandle('KERNEL32.DLL'), 'LoadLibraryW');
49.   CreateRemoteThread(hProcess,  nil,  0,  pThreadStartRoutine,  Parameters,  0,  TID);
50.   Result:=true;
51.   CloseHandle(hProcess);
52. end;
53.  
54. Function GetEntryPoint(fname:WideString):Cardinal;
55. var
56. fh:THandle;
57. dh:tImageDosHeader;
58. oh:TImageOptionalHeader;
59. tmp:Cardinal;
60. Begin
61. fh:=CreateFileW(@fname[1],GENERIC_READ,FILE_SHARE_READ,nil,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
62. if fh=INVALID_HANDLE_VALUE then begin
63. Result:=0;
64. exit;
65. end;
66. if ReadFile(fh,dh,sizeof(tImageDosHeader),tmp,nil)=false then begin
67. CloseHandle(fh);
68. Result:=0;
69. exit;
70. end;
71. if dh.e_magic<>23117 then begin
72. CloseHandle(fh);
73. Result:=0;
74. exit;
75. end;
76. SetFilePointer(fh,dh._lfanew+4+SizeOf(timageFileHeader),nil,FILE_BEGIN);
77. if ReadFile(fh,oh,sizeof(TImageOptionalHeader),tmp,nil)=false then begin
78. CloseHandle(fh);
79. Result:=0;
80. exit;
81. end;
82. CloseHandle(fh);
83. Result:=oh.AddressOfEntryPoint;
84. End;
85.  
86. Function GetModBase(hProcess:THandle):Cardinal;
87. var
88. imgbase,tmp:cardinal;
89. pbi:PROCESS_BASIC_INFORMATION;
90. begin
91. result:=0;
92. if NtQueryInformationProcess(hProcess,0,@pbi,sizeof(PROCESS_BASIC_INFORMATION),tmp)= 0 then begin
93. if ReadProcessMemory(hProcess,pointer(cardinal(pbi.PebBaseAddress)+8),@imgBase,4,tmp)=true then
94. result:=imgbase;
95. end;
96. End;
97.  
98. Function DebugToBeginning(hProcess:THandle;hthread:THandle; ep:Cardinal):Boolean;
99. var
100. epVA,tmp:Cardinal;
101. CTX:TContext;
102. storeBytes:Word;
103. CONST
104. jmpV:Array[0..1] of byte=($eb,$fe);
105. Begin
106. if ep=0 then begin
107. result:=false;
108. exit;
109. end;
110. epVA:= GetModBase(hProcess)+ep;
111. if ReadProcessMemory(hProcess,Pointer(epVA),@storeBytes,2,tmp)=false then begin
112. result:=false;
113. exit;
114. end;
115. if WriteProcessMemory(hProcess,Pointer(epVA),@jmpV[0],2,tmp)=false then begin
116. result:=false;
117. exit;
118. end;
119. ResumeThread(hThread);
120. ZeroMemory(@CTX,SizeOF(TContext));
121. CTX.ContextFlags:=CONTEXT_CONTROL;
122. Repeat
123. if GetThreadContext(hthread,ctx)=false then begin
124. result:=false;
125. exit;
126. end;
127. Until (CTX.Eip=epVA);
128. SuspendThread(hthread);
129. if WriteProcessMemory(hProcess,Pointer(epVA),@storeBytes,2,tmp)=false then begin
130. result:=false;
131. exit;
132. end;
133. result:=true;
134. End;
135.  
136. Procedure MainRoutine();
137. var
138.   cdir,ldll,lexe:WideString;
139.   procInfo: PROCESS_INFORMATION;
140.   startupInformation:STARTUPINFO;
141. Begin
142.   cdir:=GetCurDir+'\';
143.  
144.   lexe:=cdir+MainEXE;
145.   if FileExists(lexe)=false then begin
146.    MessageBoxW(0,'EXE does not exist in this directory!','Error',MB_OK);
147.    exit;
148.   end;
149.  
150.   ldll:=cdir+InjectDLL;
151.   if FileExists(ldll)=false then begin
152.    MessageBoxW(0,'DLL does not exist in this directory!','Error',MB_OK);
153.    exit;
154.   end;
155.  
156.   ZeroMemory(@startupInformation,sizeof(startupInformation));
157.   startupInformation.cb:=sizeof(startupInformation);
158.  
159.   if CreateProcessW(nil,@lexe[1],nil,nil,false,CREATE_SUSPENDED,
160.    nil,nil,startupInformation,procInfo)= false then begin
161.     MessageBoxW(0,'Failed to Create Process!','Error',MB_OK);
162.     exit;
163.    End;
164.  
165.   if DebugToBeginning(procInfo.hProcess,procInfo.hThread,GetEntryPoint(lexe))=false then begin
166.   TerminateProcess(procInfo.hProcess,0);
167.   CloseHandle(procInfo.hProcess);
168.   CloseHandle(procInfo.hThread);
169.   exit;
170.   end;
171.  
172.   if InjectDllW(procInfo.hProcess,ldll)=false then begin
173.    TerminateProcess(procInfo.hProcess,0);
174.    CloseHandle(procInfo.hProcess);
175.    CloseHandle(procInfo.hThread);
176.    exit;
177.   end;
178.  
179.   ResumeThread(procInfo.hThread);
180.   CloseHandle(procInfo.hProcess);
181.   CloseHandle(procInfo.hThread);
182. End;
183.  
184. begin
185. MainRoutine;
186. end.