06-09-2011، 11:18 AM
اینم یه اموزش اسمبلی واسه inject dll چیز جالبیه
کد:
.386
.model flat, stdcall
option casemap :none
include windows.inc
include kernel32.inc
include user32.inc
include Comctl32.inc
include shell32.inc
include gdi32.inc
include comdlg32.inc
includelib comdlg32.lib
includelib gdi32.lib
includelib kernel32.lib
includelib user32.lib
includelib Comctl32.lib
includelib shell32.lib
DlgProc PROTO :HWND,:UINT,:WPARAM,:LPARAM
.const
IDD_DIALOG1 equ 101
TamBuff equ 256
TamResp equ 512
icone equ 150
;#########################################################################
.data?
hInstance dd ?
hBitmap dd ?
lol dd ?
status dd ?
result dd ?
dlg dd ?
processid dd ?
prochandle dd ?
procaddress dd ?
handle dd ?
address dd ?
libsize dd ?
thread dd ?
statusinject dd ?
hIcone dd ?
hList dd ?
hListdll dd ?
LB dd ?
Processo PROCESSENTRY32 <>
ps PAINTSTRUCT <>
rect RECT <>
.data
img db "asm.bmp",0
loled db "Preencha os campos em branco Diretório da dll e o nome do Processo antes de clicar aqui!!!",0
titulo db "Error...",0
injected db "Dll Injetada com sucesso!!!",0
injectedt db "DLL INJECTED!!!",0
injectederror db "NOT INJECTED!!!",0
errorOP db "ERROR in OpenProcess em Windows Vista e 7 execute como administrador",0
errorWP db "ERROR in WriteProcessMemory em Windows Vista e 7 execute como administrador",0
ofn OPENFILENAME <>
StringFiltro db "DLL",0,"*.dll",0
db "Todos (*.*)",0,"*.*",0,0
Buffer db TamBuff dup(0)
BuffResp db TamResp dup(0)
Processobuffer db TamBuff dup(0)
Dllbuffer db TamBuff dup(0)
Processbuffer db TamBuff dup(0)
kernel32 db "kernel32.dll",0
loadlib db "LoadLibraryA",0
.code
start:
push 0
call GetModuleHandle
mov hInstance,eax
call InitCommonControls
push 0
push offset DlgProc
push 0
push IDD_DIALOG1
push hInstance
call DialogBoxParam
push 0
call ExitProcess
;########################################################################
xzero_it proc lpmem:DWORD,cnt:DWORD
mov edi, lpmem
mov ecx, cnt
shr ecx, 2
cld
xor eax, eax
rep stosd
ret
xzero_it endp
inject proc
begininjectt:
push offset kernel32
call GetModuleHandle
mov handle,eax
push offset Dllbuffer
call lstrlen
add eax,1
mov libsize,eax
push offset loadlib
push handle
call GetProcAddress
mov procaddress,eax
push processid
push 0
push PROCESS_ALL_ACCESS
call OpenProcess
mov prochandle,eax
.if eax <1
mov statusinject,0
jmp errorinop
.endif
push PAGE_READWRITE
push MEM_COMMIT
push libsize
push NULL
push eax
call VirtualAllocEx
mov address,eax
push NULL
push libsize
push offset Dllbuffer
push eax
push prochandle
call WriteProcessMemory
.if eax <1
push MB_ICONERROR
push offset titulo
push offset errorWP
push 0
call MessageBox
mov statusinject,0
jmp errorinwpm
.endif
push NULL
push 0
push address
push procaddress
push 0
push NULL
push prochandle
call CreateRemoteThread
mov thread,eax
.if thread != 0
push offset injected
push 1009
push dlg
call SetDlgItemText
mov statusinject,1
.elseif
push offset injectederror
push 1009
push dlg
call SetDlgItemText
mov statusinject,0
jmp close
.endif
push INFINITE
push offset thread
call WaitForSingleObject
close:
push offset thread
call CloseHandle
errorinwpm:
push MEM_RELEASE
push libsize
push offset address
push prochandle
call VirtualFreeEx
errorinop:
cmp byte ptr ds:[statusinject],1
jz errorinject
ret
errorinject:
inc [LB]
push 1012
push dlg
call GetDlgItem
mov [hListdll],eax
push sizeof Dllbuffer
push offset Dllbuffer
call xzero_it
push offset Dllbuffer
push [LB]
push LB_GETTEXT
push [hListdll]
call SendMessage
push eax
mov eax,DWORD ptr ds:[Dllbuffer]
test eax,eax
jnz begininject
pop eax
push 1008
push dlg
call GetDlgItem
push 0
push BST_UNCHECKED
push BM_SETCHECK
push eax
call SendMessage
ret
begininject:
pop eax
push 1000
call Sleep
jmp begininjectt
inject endp
injetor proc lParam:DWORD
.while status==1
push 0
push TH32CS_SNAPPROCESS
call CreateToolhelp32Snapshot
mov [result],eax
mov [Processo.dwSize],sizeof PROCESSENTRY32
push offset Processo
push eax
call Process32First
jmp ProcessosRodando_Chk
ProcessosRodando_Loop:
push 256
push offset Processobuffer
push 1004
push dlg
call GetDlgItemText
.if eax!=0
push offset Processo.szExeFile
push offset Processobuffer
call lstrcmpi
.if eax==0
push eax
mov eax, Processo.th32ProcessID
mov processid,eax
pop eax
call inject
cmp byte ptr ds:[statusinject],0
jz forever
jmp Error
.endif
.endif
forever:
push offset Processo
push [result]
call Process32Next
ProcessosRodando_Chk:
test eax,eax
jnz ProcessosRodando_Loop
push [result]
call CloseHandle
.endw
Error:
push [result]
call CloseHandle
push 0
call ExitThread
ret
injetor endp
Refresh proc
push 1010
push dlg
call GetDlgItem
mov [hList],eax
push 0
push 0
push LB_RESETCONTENT
push eax
call SendMessage
mov [Processo.dwSize], sizeof Processo
push 0
push TH32CS_SNAPPROCESS
call CreateToolhelp32Snapshot
mov [result], eax
push offset Processo
push eax
call Process32First
.while eax
push offset Processo.szExeFile
push 0
push LB_ADDSTRING
push [hList]
call SendMessage
push [Processo.th32ProcessID]
push eax
push LB_SETITEMDATA
push [hList]
call SendMessage
push offset Processo
push [result]
call Process32Next
.endw
invoke CloseHandle, [result]
ret
Refresh endp
DlgProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM
LOCAL hdc:HDC
LOCAL hMemDC:HDC
mov eax,uMsg
mov edx,hWin
mov dlg,edx
.if eax == WM_NOTIFY
push 0
push 0
push LB_GETCURSEL
push [hList]
call SendMessage
push offset Processbuffer
push eax
push LB_GETTEXT
push [hList]
call SendMessage
invoke SetDlgItemText,dlg,1004,addr Processbuffer
push offset Processbuffer
push 1004
push dlg
call SetDlgItemText
.elseif eax==WM_INITDIALOG
push icone
push hInstance
call LoadIcon
mov hIcone,eax
push hIcone
push ICON_BIG
push WM_SETICON
push hWin
call SendMessage
push LR_LOADFROMFILE
push 100
push 413
push IMAGE_BITMAP
push offset img
push hInstance
call LoadImage
mov hBitmap,eax
push 1
push 0
push hWin
call InvalidateRect
call Refresh
.elseif eax==WM_COMMAND
mov edx,wParam
shr edx,16
.if dx==BN_CLICKED
.if wParam==1008
push 1001
push hWin
call GetDlgItem
push 0
push eax
call EnableWindow
mov status,1
push 0
push 1009
push dlg
call SetDlgItemText
push 256
push offset Processobuffer
push 1004
push dlg
call GetDlgItemText
or eax,eax
jz error
push 1012
push dlg
call GetDlgItem
mov hListdll,eax
mov [LB],0
push offset Dllbuffer
push [LB]
push LB_GETTEXT
push [hListdll]
call SendMessage
mov eax,DWORD ptr ds:[Dllbuffer]
test eax,eax
jz error
push 0
push 0
push 0
push offset injetor
push 0
push 0
call CreateThread
jmp endiff
error:
push MB_ICONERROR
push offset titulo
push offset loled
push 0
call MessageBox
push 1008
push dlg
call GetDlgItem
push 0
push BST_UNCHECKED
push BM_SETCHECK
push eax
call SendMessage
endiff:
.elseif wParam==1007
push 1001
push hWin
call GetDlgItem
push 1
push eax
call EnableWindow
push 0
push 1009
push dlg
call SetDlgItemText
mov status,0
.elseif wParam==1001
push 0
push 1009
push dlg
call SetDlgItemText
.if status==0
push 1012
push dlg
call GetDlgItem
mov hListdll,eax
mov [LB],0
push offset Dllbuffer
push [LB]
push LB_GETTEXT
push [hListdll]
call SendMessage
mov eax,DWORD ptr ds:[Dllbuffer]
test eax,eax
jz errorlol
push 256
push offset Processobuffer
push 1004
push dlg
call GetDlgItemText
or eax,eax
jz errorlol
push 1010
push dlg
call GetDlgItem
mov [hList],eax
push 0
push 0
push LB_GETCURSEL
push [hList]
call SendMessage
push 0
push eax
push LB_GETITEMDATA
push [hList]
call SendMessage
mov [processid],eax
call inject
jmp pass
errorlol:
push MB_ICONERROR
push offset titulo
push offset loled
push 0
call MessageBox
.endif
pass:
.elseif wParam==1011
call Refresh
.elseif wParam==1013
push 1012
push dlg
call GetDlgItem
push 0
push 0
push LB_RESETCONTENT
push eax
call SendMessage
.elseif wParam==1006
mov ofn.lStructSize, SIZEOF ofn
push hWin
pop ofn.hWndOwner
push hInstance
pop ofn.hInstance
mov ofn.lpstrFilter, OFFSET StringFiltro
mov ofn.lpstrFile, OFFSET Buffer
mov ofn.nMaxFile, TamBuff
mov ofn.Flags, OFN_FILEMUSTEXIST or
OFN_PATHMUSTEXIST or OFN_LONGNAMES or
OFN_EXPLORER or OFN_HIDEREADONLY
push offset ofn
call GetOpenFileName
.if eax == TRUE
push 0
push 1003
push hWin
call SetDlgItemText
push 1012
push dlg
call GetDlgItem
mov [hListdll],eax
push ofn.lpstrFile
push 0
push LB_ADDSTRING
push [hListdll]
call SendMessage
.endif
.endif
.endif
.elseif eax==WM_PAINT
push offset ps
push hWin
call BeginPaint
mov hdc,eax
push hdc
call CreateCompatibleDC
mov hMemDC,eax
push hBitmap
push hMemDC
call SelectObject
push offset rect
push hWin
call GetClientRect
push SRCCOPY
push 0
push 0
push hMemDC
push rect.bottom
push rect.right
push 0
push 0
push hdc
call BitBlt
push hMemDC
call DeleteDC
push offset ps
push hWin
call EndPaint
.elseif eax==WM_CLOSE
push 0
push hWin
call EndDialog
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
DlgProc endp
end start
گروه دور همی پارسی کدرز
https://t.me/joinchat/GxVRww3ykLynHFsdCvb7eg
https://t.me/joinchat/GxVRww3ykLynHFsdCvb7eg