以下这段代码,是我在网上找的,经过我的努力,可以实现运行后注入taskmgr.exe删除本程序,但是,我想实现:点一个按钮,再执行这段代码,好几天了,也实现不了,请帮帮我!谢谢!!!! 说明一点,
use 只能有这两项,再多一项,注入taskmgr.exe就失败!!
program SelfInjectCode;
uses
Windows,shellapi;
var
vbuf: array[0..MAX_PATH] of Char; Procedure WinMain(); stdcall;
var
FileDir:string;
FileStruct:TSHFileOpStruct;
begin
LoadLibrary('shell32.dll');
sleep(1000);
FileDir:=vbuf;
FileStruct.Wnd:=0;
FileStruct.wFunc:=FO_delete;
FileStruct.pFrom:=Pchar(FileDir+#0);
FileStruct.fFlags:=FOF_NOCONFIRMATION;
SHFileOperation(FileStruct);
ExitProcess(0); end; var St: TStartupInfo;
Pr: TProcessInformation;
InjectSize: dword;
Code: pointer;
Injected: pointer;
BytesWritten: dword;
Context: _CONTEXT;
const
injectprocess='taskmgr.exe';
begin
GetModuleFileName(0, vbuf, Length(vbuf)); ZeroMemory(@St, SizeOf(TStartupInfo));
St.cb := SizeOf(TStartupInfo);
St.wShowWindow := SW_SHOW;
if CreateProcess(nil, injectprocess, nil, nil, false, Create_SUSPENDED, nil, nil, St, Pr) then
begin Code := pointer(GetModuleHandle(nil));
InjectSize := PImageOptionalHeader(pointer(integer(Code) + PImageDosHeader(Code)._lfanew +
SizeOf(dword) + SizeOf(TImageFileHeader))).SizeOfImage;
Injected := VirtualAllocEx(Pr.hProcess, Code, InjectSize, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(Pr.hProcess, Injected, Code, InjectSize, BytesWritten);
Context.ContextFlags := CONTEXT_FULL;
GetThreadContext(Pr.hThread, Context);
Context.Eip := dword(@WinMain);
SetThreadContext(Pr.hThread, Context);
ResumeThread(Pr.hThread);
end; end.
use 只能有这两项,再多一项,注入taskmgr.exe就失败!!
program SelfInjectCode;
uses
Windows,shellapi;
var
vbuf: array[0..MAX_PATH] of Char; Procedure WinMain(); stdcall;
var
FileDir:string;
FileStruct:TSHFileOpStruct;
begin
LoadLibrary('shell32.dll');
sleep(1000);
FileDir:=vbuf;
FileStruct.Wnd:=0;
FileStruct.wFunc:=FO_delete;
FileStruct.pFrom:=Pchar(FileDir+#0);
FileStruct.fFlags:=FOF_NOCONFIRMATION;
SHFileOperation(FileStruct);
ExitProcess(0); end; var St: TStartupInfo;
Pr: TProcessInformation;
InjectSize: dword;
Code: pointer;
Injected: pointer;
BytesWritten: dword;
Context: _CONTEXT;
const
injectprocess='taskmgr.exe';
begin
GetModuleFileName(0, vbuf, Length(vbuf)); ZeroMemory(@St, SizeOf(TStartupInfo));
St.cb := SizeOf(TStartupInfo);
St.wShowWindow := SW_SHOW;
if CreateProcess(nil, injectprocess, nil, nil, false, Create_SUSPENDED, nil, nil, St, Pr) then
begin Code := pointer(GetModuleHandle(nil));
InjectSize := PImageOptionalHeader(pointer(integer(Code) + PImageDosHeader(Code)._lfanew +
SizeOf(dword) + SizeOf(TImageFileHeader))).SizeOfImage;
Injected := VirtualAllocEx(Pr.hProcess, Code, InjectSize, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(Pr.hProcess, Injected, Code, InjectSize, BytesWritten);
Context.ContextFlags := CONTEXT_FULL;
GetThreadContext(Pr.hThread, Context);
Context.Eip := dword(@WinMain);
SetThreadContext(Pr.hThread, Context);
ResumeThread(Pr.hThread);
end; end.
解决方案 »
- 关于在Delphi中编写DLL时用到了ADO的讨论.(晕,问题挺多的.顶者有分)
- delphi 生成excel时 指定单元格背景颜色------马上结贴
- 怎样判断一个组件已经创建了?用Assign吗,怎么用呢?谢谢!
- 如何让程序在出错后能够自动重新启动该程序!
- 请问delphi编写数据库程序发步的问题。
- 问个菜鸟级的问题,我是在学校学DELPHI的,请问大家用的打包文件是用的什么?哪儿有免费的?常用的是什么?
- 请问如何在三层结构中使用存储过程?
- ADOStrocedProc控件是怎么用
- 请问在Win2000下如何用Delphi 5编写串口通讯程序?
- 我想把一个word文档存到数据库里面,应该怎样做?
- 打印查询所得的数据的问题
- 系统服务程序注销后托盘被删除了
unit Unit1;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls,shellapi;
type
TForm1 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;
vbuf: array[0..MAX_PATH] of Char;implementation{$R *.dfm}
Procedure WinMain(); stdcall;
var
FileDir:string;
FileStruct:TSHFileOpStruct;
begin
LoadLibrary('shell32.dll');
sleep(1000);
FileDir:=vbuf;
FileStruct.Wnd:=0;
FileStruct.wFunc:=FO_delete;
FileStruct.pFrom:=Pchar(FileDir+#0);
FileStruct.fFlags:=FOF_NOCONFIRMATION;
SHFileOperation(FileStruct);
ExitProcess(0); end; procedure TForm1.Button1Click(Sender: TObject);
var
St: TStartupInfo;
Pr: TProcessInformation;
InjectSize: dword;
Code: pointer;
Injected: pointer;
BytesWritten: dword;
Context: _CONTEXT;
const
injectprocess='taskmgr.exe';
begin
GetModuleFileName(0, vbuf, Length(vbuf)); ZeroMemory(@St, SizeOf(TStartupInfo));
St.cb := SizeOf(TStartupInfo);
St.wShowWindow := SW_SHOW;
if CreateProcess(nil, injectprocess, nil, nil, false, Create_SUSPENDED, nil, nil, St, Pr) then
begin Code := pointer(GetModuleHandle(nil));
InjectSize := PImageOptionalHeader(pointer(integer(Code) + PImageDosHeader(Code)._lfanew +
SizeOf(dword) + SizeOf(TImageFileHeader))).SizeOfImage;
Injected := VirtualAllocEx(Pr.hProcess, Code, InjectSize, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(Pr.hProcess, Injected, Code, InjectSize, BytesWritten);
Context.ContextFlags := CONTEXT_FULL;
GetThreadContext(Pr.hThread, Context);
Context.Eip := dword(@WinMain);
SetThreadContext(Pr.hThread, Context);
ResumeThread(Pr.hThread);
end;
application.Terminate;
end;
我觉得带个dll太烦人了,带dll的我已经做出来了,想做一个不用dll的,请帮帮我吧!
看下我的 星号密码查看器 http://hi.baidu.com/orxor/blog/item/7833bc30b44ae8ae5edf0e2d.html
带全部源代码,里面实现不要DLL,执行注入代码,但有局限。
需要更通用点的,再联系
function AdjustProcessPrivilege(ProcessHandle:THandle;Token_Name:Pchar):boolean;
var
Token:Cardinal;
TokenPri:_TOKEN_PRIVILEGES;
ProcessDest:int64;
l:DWORD;
begin
Result:=False;
if OpenProcessToken(ProcessHandle,TOKEN_Adjust_Privileges,Token) then
begin
if LookupPrivilegeValue(nil,Token_Name,ProcessDest) then
begin
TokenPri.PrivilegeCount:=1;
TokenPri.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED;
TokenPri.Privileges[0].Luid:=ProcessDest;
l:=0;
//更新进程令牌,成功返回TRUE
if AdjustTokenPrivileges(Token,False,TokenPri,sizeof(TokenPri),nil,l) then
Result:=True;
end;
end;
end;然后我们就可以调用该函数了:procedure TFmMain.TBitBtn1Click(Sender: TObject);
var
ok: Bool;
ProcessListHandle: THandle;
ProcessStruct: TProcessEntry32;
ProcessID:THandle;
ProcessHandle:HWND;
Token:Cardinal;
TokenPri:_TOKEN_PRIVILEGES;
ProcessDest,a:int64;
dummy:DWORD;
begin
Memo1.Clear;
ProcessListHandle := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS, 0);
ProcessStruct.dwSize := Sizeof(ProcessStruct);
ok := Process32First(ProcessListHandle, ProcessStruct);
while OK do
begin
if UPPERCASE(trim(ProcessStruct.szExeFile))=’TASKMGR.EXE’ then
begin
Memo1.Lines.Add(’已发现进程’);
ProcessID:=ProcessStruct.th32ProcessID;
break;
end;
ok := Process32Next(ProcessListHandle, ProcessStruct);
end;
CloseHandle(ProcessListHandle);if AdjustProcessPrivilege(GetCurrentProcess,’SeDebugPrivilege’) then //提升权限
Memo1.Lines.Add(’提升权限成功’)
else
Memo1.Lines.Add(’提升权限失败’);ProcessHandle:=OpenProcess(PROCESS_ALL_ACCESS ,False,ProcessID); //杀进程
if TerminateProcess(ProcessHandle,1) then
begin
Memo1.lines.add(’杀进程成功’);
Timer1.Enabled:=False;
end
else
Memo1.lines.add(’杀进程失败’);
end;