• ¡Welcome to Square Theme!
  • This news are in header template.
  • Please ignore this message.
مهمان عزیز خوش‌آمدید. ورود عضــویت


امتیاز موضوع:
  • 44 رای - 2.57 میانگین
  • 1
  • 2
  • 3
  • 4
  • 5
Title: Simple dll injector
حالت موضوعی
#1
اینم یه اموزش اسمبلی واسه inject dll چیز جالبیه
کد:
.386
.model flat, stdcall  
option casemap :none

include windows.inc
include kernel32.inc
include user32.inc
include Comctl32.inc
include shell32.inc
include gdi32.inc
include comdlg32.inc

includelib comdlg32.lib
includelib gdi32.lib
includelib kernel32.lib
includelib user32.lib
includelib Comctl32.lib
includelib shell32.lib

DlgProc            PROTO    :HWND,:UINT,:WPARAM,:LPARAM

.const

IDD_DIALOG1    equ 101
TamBuff     equ 256
TamResp     equ 512
icone       equ 150
;#########################################################################

.data?
hInstance        dd ?
hBitmap         dd ?
lol             dd ?
status          dd ?
result          dd ?
dlg             dd ?
processid       dd ?
prochandle      dd ?
procaddress     dd ?
handle          dd ?
address         dd ?
libsize         dd ?
thread          dd ?
statusinject    dd ?
hIcone            dd ?
hList            dd ?
hListdll        dd ?
LB              dd ?
Processo PROCESSENTRY32 <>
ps PAINTSTRUCT <>
rect RECT <>

.data

img             db "asm.bmp",0
loled           db "Preencha os campos em branco Diretório da dll e o nome do Processo antes de clicar aqui!!!",0
titulo          db "Error...",0
injected        db "Dll Injetada com sucesso!!!",0
injectedt       db "DLL INJECTED!!!",0
injectederror   db "NOT INJECTED!!!",0
errorOP         db "ERROR in OpenProcess em Windows Vista e 7 execute como administrador",0
errorWP         db "ERROR in WriteProcessMemory em Windows Vista e 7 execute como administrador",0
ofn OPENFILENAME <>
StringFiltro    db "DLL",0,"*.dll",0
                db "Todos (*.*)",0,"*.*",0,0
Buffer          db TamBuff dup(0)
BuffResp        db TamResp dup(0)
Processobuffer  db TamBuff dup(0)
Dllbuffer       db TamBuff dup(0)
Processbuffer   db TamBuff dup(0)
kernel32        db "kernel32.dll",0
loadlib         db "LoadLibraryA",0



.code

start:

    push 0
    call GetModuleHandle
    mov     hInstance,eax
    call InitCommonControls
    push 0
    push offset DlgProc
    push 0
    push IDD_DIALOG1
    push hInstance
    call DialogBoxParam
    push 0
    call ExitProcess

;########################################################################
xzero_it proc lpmem:DWORD,cnt:DWORD

mov edi, lpmem
mov ecx, cnt    
shr ecx, 2      
cld
xor eax, eax
rep stosd      
ret
xzero_it endp
inject proc
    
    begininjectt:
    push offset kernel32
    call GetModuleHandle
    
    mov handle,eax
    
    push offset Dllbuffer
    call lstrlen
    
    add eax,1
    mov libsize,eax
    push offset loadlib
    push handle
    call GetProcAddress
    
    mov procaddress,eax
    
    push processid
    push 0
    push PROCESS_ALL_ACCESS
    call OpenProcess
    
    mov prochandle,eax
    .if eax <1
        mov statusinject,0
        jmp errorinop
    .endif
    
    push PAGE_READWRITE
    push MEM_COMMIT
    push libsize
    push NULL
    push eax
    call VirtualAllocEx
    
    mov address,eax
    
    push NULL
    push libsize
    push offset Dllbuffer
    push eax
    push prochandle
    call WriteProcessMemory
    
    .if eax <1
        push MB_ICONERROR
        push offset titulo
        push offset errorWP
        push 0
        call MessageBox
        mov statusinject,0
        jmp errorinwpm
    .endif
    
    push NULL
    push 0
    push address
    push procaddress
    push 0
    push NULL
    push prochandle
    call CreateRemoteThread

    mov thread,eax
    
    .if thread != 0
        push offset injected
        push 1009
        push dlg
        call SetDlgItemText
        mov statusinject,1
    .elseif
        push offset injectederror
        push 1009
        push dlg
        call SetDlgItemText
        mov statusinject,0
        jmp close
    .endif
    
    push INFINITE
    push offset thread
    call WaitForSingleObject
close:    
    push offset thread
    call CloseHandle

errorinwpm:    
    push MEM_RELEASE
    push libsize
    push offset address
    push prochandle
    call VirtualFreeEx
errorinop:
    cmp byte ptr ds:[statusinject],1
    jz errorinject    
    ret
    errorinject:
    inc [LB]
    push 1012
    push dlg
    call GetDlgItem
    mov [hListdll],eax

    push sizeof Dllbuffer
    push offset Dllbuffer
    call xzero_it

    push offset Dllbuffer
    push [LB]
    push LB_GETTEXT
    push [hListdll]
    call SendMessage
    
    push eax
    mov eax,DWORD ptr ds:[Dllbuffer]
    test eax,eax
    jnz begininject
    pop eax
    push 1008
    push dlg
    call GetDlgItem

    push 0
    push BST_UNCHECKED
    push BM_SETCHECK
    push eax
    call SendMessage
    ret
    begininject:
    pop eax

    push 1000
    call Sleep
    jmp begininjectt

inject endp
injetor proc lParam:DWORD
    
    .while status==1
    push   0
    push   TH32CS_SNAPPROCESS
    call   CreateToolhelp32Snapshot
    mov    [result],eax

    mov    [Processo.dwSize],sizeof PROCESSENTRY32

    push   offset Processo
    push   eax
    call   Process32First        
    jmp    ProcessosRodando_Chk

ProcessosRodando_Loop:

    push 256
    push offset Processobuffer
    push 1004
    push dlg
    call GetDlgItemText
    .if eax!=0
    push offset Processo.szExeFile
    push offset Processobuffer
    call lstrcmpi
    .if eax==0
    push eax
    mov  eax, Processo.th32ProcessID
    mov  processid,eax
    pop  eax
    call inject
    cmp byte ptr ds:[statusinject],0
    jz forever
    jmp Error
    .endif
    .endif                                                                          

forever:    
    push   offset Processo
    push   [result]
    call   Process32Next                  

ProcessosRodando_Chk:
    test   eax,eax
    jnz    ProcessosRodando_Loop      

    push   [result]
    call   CloseHandle  
    .endw
Error:
    push   [result]
    call   CloseHandle
    push 0
    call ExitThread
    ret

injetor endp

Refresh proc

    push 1010
    push dlg
    call GetDlgItem
    mov [hList],eax

    push 0
    push 0
    push LB_RESETCONTENT
    push eax
    call SendMessage
    mov    [Processo.dwSize], sizeof Processo

    push 0
    push TH32CS_SNAPPROCESS
    call CreateToolhelp32Snapshot
    mov    [result], eax

    push offset Processo
    push eax
    call Process32First
    .while eax

        push offset Processo.szExeFile
        push 0
        push LB_ADDSTRING
        push [hList]
        call SendMessage

        push [Processo.th32ProcessID]
        push eax
        push LB_SETITEMDATA
        push [hList]
        call SendMessage

        push offset Processo
        push [result]
        call Process32Next
    .endw
    invoke    CloseHandle, [result]

    ret
Refresh endp

DlgProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM
    LOCAL hdc:HDC
    LOCAL hMemDC:HDC
    mov        eax,uMsg
    mov     edx,hWin
    mov     dlg,edx
    .if eax == WM_NOTIFY

            push 0
            push 0
            push LB_GETCURSEL
            push [hList]
            call SendMessage

            push offset Processbuffer
            push eax
            push LB_GETTEXT
            push [hList]
            call SendMessage
            invoke  SetDlgItemText,dlg,1004,addr Processbuffer
            push offset Processbuffer
            push 1004
            push dlg
            call SetDlgItemText
            
    .elseif eax==WM_INITDIALOG
        push icone
        push hInstance
        call LoadIcon
        mov hIcone,eax
        push hIcone
        push ICON_BIG
        push WM_SETICON
        push hWin
        call SendMessage
         push LR_LOADFROMFILE
         push 100
         push 413
         push IMAGE_BITMAP
         push offset img
         push hInstance
         call LoadImage
        mov hBitmap,eax
        push 1
        push 0
        push hWin
        call InvalidateRect
        call Refresh
    
    .elseif eax==WM_COMMAND
        mov edx,wParam
        shr edx,16
        
        .if dx==BN_CLICKED
        
            .if wParam==1008
            push 1001
            push hWin
            call GetDlgItem
            
            push 0
            push eax
            call EnableWindow
            mov status,1

            push 0
            push 1009
            push dlg
            call SetDlgItemText

            push 256
            push offset Processobuffer
            push 1004
            push dlg
            call GetDlgItemText
            or eax,eax
            jz error

                push 1012
                push dlg
                call GetDlgItem
                mov hListdll,eax
                mov [LB],0

                push offset Dllbuffer
                push [LB]
                push LB_GETTEXT
                push [hListdll]
                call SendMessage
                mov eax,DWORD ptr ds:[Dllbuffer]
                test eax,eax
                jz error            
                
                push 0
                push 0
                push 0
                push offset injetor
                push 0
                push 0
                call CreateThread
                jmp endiff
                error:

                push MB_ICONERROR
                push offset titulo
                push offset loled
                push 0
                call MessageBox

                push 1008
                push dlg
                call GetDlgItem

                push 0
                push BST_UNCHECKED
                push BM_SETCHECK
                push eax
                call SendMessage
                endiff:
            .elseif wParam==1007

            push 1001
            push hWin
            call GetDlgItem

            push 1
            push eax
            call EnableWindow

            push 0
            push 1009
            push dlg
            call SetDlgItemText
            mov status,0
            .elseif wParam==1001

            push 0
            push 1009
            push dlg
            call SetDlgItemText
                .if status==0

                push 1012
                push dlg
                call GetDlgItem
                mov hListdll,eax
                mov [LB],0

                push offset Dllbuffer
                push [LB]
                push LB_GETTEXT
                push [hListdll]
                call SendMessage
                mov eax,DWORD ptr ds:[Dllbuffer]
                test eax,eax
                jz errorlol    

                push 256
                push offset Processobuffer
                push 1004
                push dlg
                call GetDlgItemText
                or eax,eax
                jz errorlol

                push 1010
                push dlg
                call GetDlgItem
                mov [hList],eax

                push 0
                push 0
                push LB_GETCURSEL
                push [hList]
                call SendMessage

                push 0
                push eax
                push LB_GETITEMDATA
                push [hList]
                call SendMessage
                mov [processid],eax
                call inject
                jmp pass
                errorlol:

                push MB_ICONERROR
                push offset titulo
                push offset loled
                push 0
                call MessageBox
                
                .endif
                pass:
            .elseif wParam==1011
                 call Refresh
             .elseif wParam==1013
             
                 push 1012
                 push dlg
                 call GetDlgItem

                push 0
                push 0
                push LB_RESETCONTENT
                push eax
                call SendMessage
                    
            .elseif wParam==1006
            mov     ofn.lStructSize, SIZEOF ofn
             push    hWin
             pop     ofn.hWndOwner
             push    hInstance
             pop     ofn.hInstance
             mov     ofn.lpstrFilter, OFFSET StringFiltro
             mov     ofn.lpstrFile, OFFSET Buffer
             mov     ofn.nMaxFile, TamBuff
             mov     ofn.Flags, OFN_FILEMUSTEXIST or
                     OFN_PATHMUSTEXIST or OFN_LONGNAMES or
                     OFN_EXPLORER or OFN_HIDEREADONLY
             push offset ofn
             call GetOpenFileName
             .if eax == TRUE

             push 0
             push 1003
             push hWin
             call SetDlgItemText

             push 1012
             push dlg
             call GetDlgItem
             mov [hListdll],eax

             push ofn.lpstrFile
             push 0
             push LB_ADDSTRING
             push [hListdll]
             call SendMessage
                 
            .endif
            .endif
        .endif    
        
    .elseif eax==WM_PAINT
        push offset ps
        push hWin
        call BeginPaint
        mov hdc,eax
        
        push hdc
        call CreateCompatibleDC
        mov hMemDC,eax
        
        push hBitmap
        push hMemDC
        call SelectObject
        
        push offset rect
        push hWin
        call GetClientRect

        push SRCCOPY
        push 0
        push 0
        push hMemDC
        push rect.bottom
        push rect.right
        push 0
        push 0
        push hdc
        call BitBlt
      
        push hMemDC
        call DeleteDC

        push offset ps
        push hWin
        call EndPaint
    .elseif eax==WM_CLOSE
        push 0
        push hWin
        call EndDialog
    .else
        mov        eax,FALSE
        ret
    .endif
    mov        eax,TRUE
    ret

DlgProc endp

end start
گروه دور همی پارسی کدرز
https://t.me/joinchat/GxVRww3ykLynHFsdCvb7eg
 
پاسخ
#2
امین خان inject dll چی هست؟
میشه یکم توضیح بدین؟
 
پاسخ
#3
به تزریق کد باینری به فایل میگن اینجکت
گروه دور همی پارسی کدرز
https://t.me/joinchat/GxVRww3ykLynHFsdCvb7eg
 
پاسخ
  


پرش به انجمن:


Browsing: 4 مهمان