[델파이] DLL Injection
델파이2009. 6. 17. 09:55
function InjectDll(PID:DWORD; sDll:string):Boolean;
var
hLib: Pointer;
hThread: THandle;
pMod: Pointer;
hOpen: THandle;
dWritten: Cardinal;
ThreadID: Cardinal;
begin
Result := FALSE;
hOpen := OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
if hOpen <> INVALID_HANDLE_VALUE then
begin
hLib := GetProcAddress(GetModuleHandle(PChar('kernel32.dll')), PChar('LoadLibraryA'));
pMod := VirtualAllocEx(hOpen, nil, Length(sDll) + 1, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if WriteProcessMemory(hOpen, pMod, @sDll[1], Length(sDll), dWritten) then
Result := TRUE;
hThread := CreateRemoteThread(hOpen, nil, 0, hLib, pMod, 0, ThreadID);
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hOpen);
CloseHandle(hThread);
end;
end;
function UnInjectDll(PID:DWORD; sDll:string):Boolean;
var
hSnap: THandle;
MOD32: MODULEENTRY32;
hLib: Pointer;
hOpen: THandle;
hThread: THandle;
ThreadID: Cardinal;
begin
Result := FALSE;
hSnap := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID);
if hSnap <> INVALID_HANDLE_VALUE then
begin
MOD32.dwSize := SizeOf(MOD32);
Module32First(hSnap, MOD32);
repeat
if MOD32.szExePath = sDll then
begin
hOpen := OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
if hOpen <> INVALID_HANDLE_VALUE then
begin
Result := TRUE;
hLib := GetProcAddress(GetModuleHandle(PChar('kernel32.dll')), PChar('FreeLibrary'));
hThread := CreateRemoteThread(hOpen, nil, 0, hLib, MOD32.modBaseAddr, 0, ThreadID);
CloseHandle(hOpen);
CloseHandle(hThread);
end;
end;
until Module32Next(hSnap, MOD32) = FALSE;
CloseHandle(hSnap);
end;
end;
var
hLib: Pointer;
hThread: THandle;
pMod: Pointer;
hOpen: THandle;
dWritten: Cardinal;
ThreadID: Cardinal;
begin
Result := FALSE;
hOpen := OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
if hOpen <> INVALID_HANDLE_VALUE then
begin
hLib := GetProcAddress(GetModuleHandle(PChar('kernel32.dll')), PChar('LoadLibraryA'));
pMod := VirtualAllocEx(hOpen, nil, Length(sDll) + 1, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if WriteProcessMemory(hOpen, pMod, @sDll[1], Length(sDll), dWritten) then
Result := TRUE;
hThread := CreateRemoteThread(hOpen, nil, 0, hLib, pMod, 0, ThreadID);
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hOpen);
CloseHandle(hThread);
end;
end;
function UnInjectDll(PID:DWORD; sDll:string):Boolean;
var
hSnap: THandle;
MOD32: MODULEENTRY32;
hLib: Pointer;
hOpen: THandle;
hThread: THandle;
ThreadID: Cardinal;
begin
Result := FALSE;
hSnap := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID);
if hSnap <> INVALID_HANDLE_VALUE then
begin
MOD32.dwSize := SizeOf(MOD32);
Module32First(hSnap, MOD32);
repeat
if MOD32.szExePath = sDll then
begin
hOpen := OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
if hOpen <> INVALID_HANDLE_VALUE then
begin
Result := TRUE;
hLib := GetProcAddress(GetModuleHandle(PChar('kernel32.dll')), PChar('FreeLibrary'));
hThread := CreateRemoteThread(hOpen, nil, 0, hLib, MOD32.modBaseAddr, 0, ThreadID);
CloseHandle(hOpen);
CloseHandle(hThread);
end;
end;
until Module32Next(hSnap, MOD32) = FALSE;
CloseHandle(hSnap);
end;
end;
'델파이' 카테고리의 다른 글
| [델파이] 콘솔 어플리케이션의 표준출력/표준에러 받아오기 (0) | 2011.12.28 |
|---|---|
| [델파이] 프록시(Proxy) 설정 (1) | 2010.12.24 |
| [델파이] SHDocVw_TLB (0) | 2010.12.21 |
| [델파이] 예외 처리 클래스의 종류 (0) | 2009.11.13 |
| [델파이] 기본 함수 정리 (0) | 2009.06.15 |
| 델파이에서 메모리 누수 확인 (0) | 2009.04.20 |
| IE 기본 툴바에 버튼 생성하기 (0) | 2009.03.10 |
| 현재 페이지의 모든 쿠키 읽어 오기 (0) | 2009.01.29 |
| 서버 상태 확인 (0) | 2009.01.12 |
| BeforeNavigate2 이벤트에서 PostData 읽어오기 (GET 방식과 POST 방식의 구분) (0) | 2008.12.04 |
