Форум: "Сети";
Текущий архив: 2005.02.20;
Скачать: [xml.tar.bz2];

Вниз

Pomogite razobratca s DLL...   Найти похожие ветки 

← →
Biryk   (2004-12-05 22:06) [0]

Uvazhaemie Mastera, u menya voznikla problema s DLL svyazanaya s vnedreniem v chuzhoy proces. Vnedrit dll v process ya znau kak, problema v tom chto vo vremya zagruzki biblioteki mne nado shtob ona mogla sama uznat adres procecesa v ktoriy ona zagruzhena.
Problemu udalos reshit s ispolzovaniem HOOK dlya sobitiy windows (kliki mishi, menu...), no eto ne sovsem udachnoe reshenie.

Takzhe interesno, kak mne zastavit chuzhuu programu vizvat functiou s moey DLL (krome varianta s HOOK) (chota CreateRemoteThread ne udalos raobratca, potok zozdauotca v programe injectore a ne programe "paciente")

Zachem eto vse nado:
Dlya podmeni funciy WSOCK, chtobi mogti perehvatovat vse (tocnhnee s ukazanogo porta) UDP (BrodCast, MCAST)danie s opredelenoy programi i peredavat ih na ukazaniy TCP/IP server, kotoriy potom napravit eti danie snova v set na ukazaniy port ( v drugoy podseti, kotoraya zakrita faervolom ot UDP).

---

← →
Игорь Шевченко ©   (2004-12-05 22:17) [1]

Шпиона пишем ?

---

← →
Biryk   (2004-12-05 22:33) [2]

Ta net, u menya po rayonu lokalnaya set, kotoraya sostoit iz podsetey, ktorie v svou ochired soideneni programiruemimi svichami (komutatorami) blokiruisimi UDP paketi. Vot i poyavilas ideya v napisanie takoy programi kotoraya pozlolit rabotat vsem chatam, igram (hot v bolshinstve slucheev takie igri ispolzuut UDP tolko dlya poiska serverov -- vseravno ohata zaiti v igru i uvidit de v shas igraut :) ), i t.d. programam cherez taku fignu.

Ne proshe pereprogamirovat svichi? :) K sozheleniu zlie admini otkazuutca dazhe ot otkritiya pari portov dlya UDP.

---

← →
Xaker ©   (2004-12-05 23:10) [3]

Biryk   (05.12.04 22:33) [2]
внедрение:  (код не совсем мой)

program loader;
uses
 Windows,SysUtils,Tlhelp32;

function SetDebugPriv: Boolean;
var
Token: THandle;
tkp: TTokenPrivileges;
begin
Result := false;
if OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, Token) then
begin
 if LookupPrivilegeValue(nil, PChar("SeDebugPrivilege"), tkp.Privileges[0].Luid) then
 begin
   tkp.PrivilegeCount := 1;
   tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
   Result := AdjustTokenPrivileges(Token, false, tkp, 0, PTokenPrivileges(nil)^, PDWord(nil)^);
 end;
end;
end;

function Start(ProcessID: Cardinal; DllFileName: string): Boolean;
var
hProcess, hTh: THandle;
BytesWritten, ThreadID, DllNameLen: Cardinal;
LoadLibraryProc, MemPtr: Pointer;
ExitCode: DWord;
begin
Result := false;

SetDebugPriv();

hProcess := OpenProcess(PROCESS_CREATE_THREAD or PROCESS_VM_OPERATION or PROCESS_VM_WRITE,true, ProcessID);

if hProcess <> 0 then
begin
 DllNameLen := Length(DllFileName) + 1;
 
 MemPtr := VirtualAllocEx(hProcess, nil, DllNameLen, MEM_COMMIT, PAGE_READWRITE);

 if MemPtr <> nil then
 begin
   if WriteProcessMemory(hProcess, MemPtr, PChar(DllFileName), DllNameLen, BytesWritten) then
   begin
     LoadLibraryProc := GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");

     hTh := CreateRemoteThread(hProcess, nil, 0, LoadLibraryProc, MemPtr, 0, ThreadID);

     if hTh <> 0 then
     begin
       if (WaitForSingleObject(hTh, INFINITE) = WAIT_OBJECT_0) and
         GetExitCodeThread(hTh, ExitCode) then
         Result := ExitCode <> 0;

       CloseHandle(hTh);
     end;
   end;

   VirtualFreeEx(hProcess, MemPtr, 0, MEM_RELEASE);
 end;

 CloseHandle(hProcess);
end;

end;

var
ProcessID: Cardinal;
DllName,ppp: string;
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
ProcessID:=0;
FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);

ContinueLoop := Process32First(FSnapshotHandle,FProcessEntry32);
while integer(ContinueLoop) <> 0 do
 begin
ppp:=FProcessEntry32.szExeFile;
if (pos("CSRSS",UpperCase(ppp))>0) then  ProcessID:=FProcessEntry32.th32ProcessID;
ContinueLoop := Process32Next(FSnapshotHandle,  FProcessEntry32);
 end;
CloseHandle(FSnapshotHandle);

DllName:="A:\test.dll";

if ProcessID <> 0 then Start(ProcessID, DllName);

end.


---

← →
Xaker ©   (2004-12-05 23:17) [4]

Biryk   (05.12.04 22:33) [2]
кстати, если нужен, пример "самовыгружающийся" DLL :

library Project1;

uses
 Windows;

Var
r:textfile;
ThreadID,id:cardinal;

function thread:integer; stdcall;
begin
CreateThread(nil,0,GetProcAddress(GetModuleHandle("kernel32"),"FreeLibrary"),pointer(hInstance),0,id);
end;

begin
AssignFile(r,"a:\f1");
Rewrite(r);
CloseFile(r);
CreateThread(nil,0,@Thread,nil,0,ThreadID);
end.


---

← →
Biryk   (2004-12-06 00:22) [5]

Xaker ©, spasiba za sovet, zavtra budu probovat. Nu na perviy vzglyad eto to chto nuzhno. Tak zhe spasiba za primer avtovigruzheniya.

---

← →
Xaker ©   (2004-12-06 00:30) [6]

Biryk   (06.12.04 0:22) [5]
не за что  :))
я раньше сам с этим долго парился ;)))

---

← →
Biryk   (2004-12-10 23:27) [7]

Vrobibi v primere vnedreniya DLL est oshibka. Poka deystviya v DLL ispolnyautca -- vse norma (naprimer -- otrkitie modalnogo okana, i prosto dialoga MessageBOX). A potom... stashno smotret na spisok zagruzhenih DLL, cho tam toka ne poyavlyaetca -- *.NLS, Ssilka na nesushistvuvushuu DLL bez imeni i prochey informacii, Index.DAT -- etot ya vobshe ne poymu prichom tut.
Nu a tak rabotayet... prosto metamarfozi pugaut, i nayti oshibku pokashto ne poluchilos.

---

← →
Xaker ©   (2004-12-11 01:36) [8]

Biryk   (10.12.04 23:27) [7]
так и не понял ..  ладно, главное работает, а остальноее не важно :))
- забей :)

---

← →
Biryk   (2004-12-11 16:54) [9]

Uzhe zrabotala, oshibka v stroke
DllNameLen := Length(DllFileName) + 1;
Pri kopirovanie +1 poteryal :)
Eshe raz spasiba.

---

Страницы: 1 вся ветка

Форум: "Сети";
Текущий архив: 2005.02.20;
Скачать: [xml.tar.bz2];

Наверх

Память: 0.48 MB
Время: 0.038 c