Dlephi中调用DLL的相关问题
发布网友
发布时间:2023-01-12 00:58
共1个回答
热心网友
时间:2023-10-30 02:57
**********************************************************************************
DLL文件说明:
**********************************************************************************
library Project2;
uses
SysUtils, //应用单元
Classes,
windows;
procere Log(dwReason:DWord); //要输入的函数,参数必须要dwReason:DWord 注意:尽量不用stdcall关键字
var
i:integer;
begin
for i:=0 to 5 do begin
MessageBox(0,'已经被注入,时间5秒,'0',16);
sleep(1000);
end;
ExitProcess(0);
end;
exports //输入的函数名
Log;
begin //DLL的初始化区域内容
DllProc := @Log; //DllProc是本Dll的首地址,将要注入的函数地址赋给他
Log(DLL_PROCESS_ATTACH); //函数的参数必须是:DLL_PROCESS_ATTACH
end.
***********************************************************************************
注入线程代码函数
***********************************************************************************
//-----------------------------------------获得相应应用程序的PID---------------
procere GetMyProcessID(const AFilename: string; const PathMatch: Boolean; var ProcessID: DWORD);
//参数:进程名,false(不继承),传入的参数(返回值的参数)
var
lppe: TProcessEntry32;
SsHandle: Thandle;
FoundAProc, FoundOK: boolean;
begin
ProcessID :=0;
SsHandle := CreateToolHelp32SnapShot(TH32CS_SnapProcess, 0);
lppe.dwSize := sizeof(TProcessEntry32);
FoundAProc := Process32First(Sshandle, lppe);
while FoundAProc do
begin
if PathMatch then
FoundOK := AnsiStricomp(lppe.szExefile, PChar(AFilename)) = 0
else
FoundOK := AnsiStricomp(PChar(ExtractFilename(lppe.szExefile)), PChar(ExtractFilename(AFilename))) = 0;
if FoundOK then
begin
ProcessID := lppe.th32ProcessID;
break;
end;
FoundAProc := Process32Next(SsHandle, lppe);
end;
CloseHandle(SsHandle);
end;
//-----------------------------------------------设置打开进程权限----------------
function EnabledDebugPrivilege(const Enabled : Boolean) : Boolean;
//---------参数:true
var
hTk : THandle;
rtnTemp : Dword;
TokenPri : TOKEN_PRIVILEGES;
const
SE_DEBUG = 'SeDebugPrivilege';
begin
Result := False;
if (OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,hTk)) then
begin
TokenPri.PrivilegeCount := 1;
LookupPrivilegeValue(nil,SE_DEBUG,TokenPri.Privileges[0].Luid);
if Enabled then
TokenPri.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else
TokenPri.Privileges[0].Attributes := 0;
rtnTemp := 0;
AdjustTokenPrivileges(hTk,False,TokenPri,sizeof(TokenPri),nil,rtnTemp);
Result := GetLastError = ERROR_SUCCESS;
CloseHandle(hTk);
end;
end;
//-------------注入线程函数--------------------
function InjectTo(const Host, Guest: string; const PID: DWORD = 0): DWORD;
//--------参数: 进程名,DLL地址[第3参数:直接指定程序PID]
var
hRemoteProcess: THandle;
dwRemoteProcessId: DWORD;
memSize: DWORD;
pszLibFileRemote: Pointer;
iReturnCode: Boolean;
TempVar: DWORD;
pfnStartAddr: TFNThreadStartRoutine;
pszLibAFilename: PwideChar;
begin
Result := 0;
EnabledDebugPrivilege(True);
Getmem(pszLibAFilename, Length(Guest) * 2 + 1); //这里是在本地分配内存空间:一会儿要释放.因为进程与进程通信只能在内存上传数据
StringToWideChar(Guest, pszLibAFilename, Length(Guest) * 2 + 1);
if PID > 0 then
dwRemoteProcessID := PID //参数PID不为0,直接指定要注入的程序PID为这个
else
GetMyProcessID(Host, False, dwRemoteProcessID); //否则用函数取得PID
hRemoteProcess := OpenProcess(PROCESS_CREATE_THREAD +
PROCESS_VM_OPERATION +
PROCESS_VM_WRITE,
FALSE, dwRemoteProcessId);
memSize := (1 + lstrlenW(pszLibAFilename)) * sizeof(WCHAR);
pszLibFileRemote := PWIDESTRING(VirtualAllocEx(hRemoteProcess, nil, memSize, MEM_COMMIT, PAGE_READWRITE)); //分配远程进程地址空间
TempVar := 0;
iReturnCode := WriteProcessMemory(hRemoteProcess, pszLibFileRemote, pszLibAFilename, memSize, TempVar); //写远程地址空间内容
if iReturnCode then
begin
pfnStartAddr := GetProcAddress(GetMoleHandle('Kernel32'), 'LoadLibraryW'); //在远程创建线程,只有使用远程调用LoadLibraryW()函数
TempVar := 0;
Result := CreateRemoteThread(hRemoteProcess, nil, 0, pfnStartAddr, pszLibFileRemote, 0, TempVar); //创建线程
end;
Freemem(pszLibAFilename); //释放本地内存空间
end;
**************************************************************************************************
使用函数
**************************************************************************************************
procere TForm1.Button3Click(Sender: TObject);
begin
InjectTo('AAAAA.exe', extractfilepath(paramstr(0))+'d.dll');
end;
请参考
