Pomogite razobratca s DLL...

← →
Biryk (2004-12-05 22:06) [0]

Uvazhaemie Mastera, u menya voznikla problema s DLL svyazanaya s vnedreniem v chuzhoy proces. Vnedrit dll v process ya znau kak, problema v tom chto vo vremya zagruzki biblioteki mne nado shtob ona mogla sama uznat adres procecesa v ktoriy ona zagruzhena.
Problemu udalos reshit s ispolzovaniem HOOK dlya sobitiy windows (kliki mishi, menu...), no eto ne sovsem udachnoe reshenie.

Takzhe interesno, kak mne zastavit chuzhuu programu vizvat functiou s moey DLL (krome varianta s HOOK) (chota CreateRemoteThread ne udalos raobratca, potok zozdauotca v programe injectore a ne programe "paciente")

Zachem eto vse nado:
Dlya podmeni funciy WSOCK, chtobi mogti perehvatovat vse (tocnhnee s ukazanogo porta) UDP (BrodCast, MCAST)danie s opredelenoy programi i peredavat ih na ukazaniy TCP/IP server, kotoriy potom napravit eti danie snova v set na ukazaniy port ( v drugoy podseti, kotoraya zakrita faervolom ot UDP).

← →
Игорь Шевченко © (2004-12-05 22:17) [1]

Шпиона пишем ?

← →
Biryk (2004-12-05 22:33) [2]

Ta net, u menya po rayonu lokalnaya set, kotoraya sostoit iz podsetey, ktorie v svou ochired soideneni programiruemimi svichami (komutatorami) blokiruisimi UDP paketi. Vot i poyavilas ideya v napisanie takoy programi kotoraya pozlolit rabotat vsem chatam, igram (hot v bolshinstve slucheev takie igri ispolzuut UDP tolko dlya poiska serverov -- vseravno ohata zaiti v igru i uvidit de v shas igraut :) ), i t.d. programam cherez taku fignu.

Ne proshe pereprogamirovat svichi? :) K sozheleniu zlie admini otkazuutca dazhe ot otkritiya pari portov dlya UDP.

← →
Xaker © (2004-12-05 23:10) [3]

Biryk (05.12.04 22:33) [2]
внедрение: (код не совсем мой)

program loader; uses Windows,SysUtils,Tlhelp32; function SetDebugPriv: Boolean; var Token: THandle; tkp: TTokenPrivileges; begin Result := false; if OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, Token) then begin if LookupPrivilegeValue(nil, PChar("SeDebugPrivilege"), tkp.Privileges[0].Luid) then begin tkp.PrivilegeCount := 1; tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED; Result := AdjustTokenPrivileges(Token, false, tkp, 0, PTokenPrivileges(nil)^, PDWord(nil)^); end; end; end; function Start(ProcessID: Cardinal; DllFileName: string): Boolean; var hProcess, hTh: THandle; BytesWritten, ThreadID, DllNameLen: Cardinal; LoadLibraryProc, MemPtr: Pointer; ExitCode: DWord; begin Result := false; SetDebugPriv(); hProcess := OpenProcess(PROCESS_CREATE_THREAD or PROCESS_VM_OPERATION or PROCESS_VM_WRITE,true, ProcessID); if hProcess <> 0 then begin DllNameLen := Length(DllFileName) + 1; MemPtr := VirtualAllocEx(hProcess, nil, DllNameLen, MEM_COMMIT, PAGE_READWRITE); if MemPtr <> nil then begin if WriteProcessMemory(hProcess, MemPtr, PChar(DllFileName), DllNameLen, BytesWritten) then begin LoadLibraryProc := GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); hTh := CreateRemoteThread(hProcess, nil, 0, LoadLibraryProc, MemPtr, 0, ThreadID); if hTh <> 0 then begin if (WaitForSingleObject(hTh, INFINITE) = WAIT_OBJECT_0) and GetExitCodeThread(hTh, ExitCode) then Result := ExitCode <> 0; CloseHandle(hTh); end; end; VirtualFreeEx(hProcess, MemPtr, 0, MEM_RELEASE); end; CloseHandle(hProcess); end; end; var ProcessID: Cardinal; DllName,ppp: string; ContinueLoop: BOOL; FSnapshotHandle: THandle; FProcessEntry32: TProcessEntry32; begin ProcessID:=0; FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); FProcessEntry32.dwSize:=Sizeof(FProcessEntry32); ContinueLoop := Process32First(FSnapshotHandle,FProcessEntry32); while integer(ContinueLoop) <> 0 do begin ppp:=FProcessEntry32.szExeFile; if (pos("CSRSS",UpperCase(ppp))>0) then ProcessID:=FProcessEntry32.th32ProcessID; ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32); end; CloseHandle(FSnapshotHandle); DllName:="A:\test.dll"; if ProcessID <> 0 then Start(ProcessID, DllName); end.

← →
Xaker © (2004-12-05 23:17) [4]

Biryk (05.12.04 22:33) [2]
кстати, если нужен, пример "самовыгружающийся" DLL :
library Project1; uses Windows; Var r:textfile; ThreadID,id:cardinal; function thread:integer; stdcall; begin CreateThread(nil,0,GetProcAddress(GetModuleHandle("kernel32"),"FreeLibrary"),pointer(hInstance),0,id); end; begin AssignFile(r,"a:\f1"); Rewrite(r); CloseFile(r); CreateThread(nil,0,@Thread,nil,0,ThreadID); end.

← →
Biryk (2004-12-06 00:22) [5]

Xaker ©, spasiba za sovet, zavtra budu probovat. Nu na perviy vzglyad eto to chto nuzhno. Tak zhe spasiba za primer avtovigruzheniya.

← →
Xaker © (2004-12-06 00:30) [6]

Biryk (06.12.04 0:22) [5]
не за что :))
я раньше сам с этим долго парился ;)))

← →
Biryk (2004-12-10 23:27) [7]

Vrobibi v primere vnedreniya DLL est oshibka. Poka deystviya v DLL ispolnyautca -- vse norma (naprimer -- otrkitie modalnogo okana, i prosto dialoga MessageBOX). A potom... stashno smotret na spisok zagruzhenih DLL, cho tam toka ne poyavlyaetca -- *.NLS, Ssilka na nesushistvuvushuu DLL bez imeni i prochey informacii, Index.DAT -- etot ya vobshe ne poymu prichom tut.
Nu a tak rabotayet... prosto metamarfozi pugaut, i nayti oshibku pokashto ne poluchilos.

Biryk (10.12.04 23:27) [7]
так и не понял .. ладно, главное работает, а остальноее не важно :))
- забей :)

← →
Biryk (2004-12-11 16:54) [9]

Uzhe zrabotala, oshibka v stroke
DllNameLen := Length(DllFileName) + 1;
Pri kopirovanie +1 poteryal :)
Eshe raz spasiba.

Pomogite razobratca s DLL... Найти похожие ветки