Underc0de

Programación General => Visual Basic => Códigos Fuentes => Mensaje iniciado por: Juan en Agosto 30, 2010, 06:34:42 PM

Título: Inyeccion Dll
Publicado por: Juan en Agosto 30, 2010, 06:34:42 PM
Bueno aqui les dejo esta inyeccion dll que cree hace un tiempo:

Código (vb) [Seleccionar]
'***********************************
'** Inyeccion Dll By Drinky94     **
'** Fecha: 16- Junio - 2010       **
'***********************************
Option Explicit

Private Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Const SYNCHRONIZE As Long = &H100000
Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Const MEM_COMMIT As Long = &H1000
Const PAGE_READWRITE As Long = &H4

Public Function Inyectar(Ruta As String, NameWindow As String, RutaDll As String) As Boolean
    On Error GoTo Error
    Dim IdWin As Long
    Dim IdProc As Long
    Dim ProcMan As Long
    Dim EsMe As Long
    Dim NBytes As Long
    Dim Fun As Long
    Dim IdHil As Long
    ShellExecute 0, "open", Ruta, 0, 0, 0
    Sleep (10000)
    IdWin = FindWindow(vbNullString, NameWindow)
    If IdWin = 0 Then GoTo Error
    GetWindowThreadProcessId IdWin, IdProc
    If IdProc = 0 Then GoTo Error
    ProcMan = OpenProcess(PROCESS_ALL_ACCESS, False, IdProc)
    Debug.Print Err.LastDllError
    If ProcMan = 0 Then GoTo Error
    EsMe = VirtualAllocEx(ProcMan, 0, Len(RutaDll), MEM_COMMIT, PAGE_READWRITE)
    Debug.Print Err.LastDllError
    WriteProcessMemory ProcMan, ByVal EsMe, ByVal RutaDll, Len(RutaDll), NBytes
    Fun = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
    CreateRemoteThread ProcMan, ByVal 0, 0, ByVal Fun, ByVal EsMe, 0, IdHil
    CloseHandle ProcMan
    Inyectar = True
    Exit Function
Error:
    MsgBox "Error al inyectar la DLL", vbCritical, "Error"
    Inyectar = False
End Function


Ejemplo de uso ( en un modulo):

Código (vb) [Seleccionar]
Sub main()
    Dim retorno As Boolean
    retorno = Inyectar("c:\windows\system32\calc.exe", "Calculadora", "C:\fary.dll")
    If retorno = 0 Then
        MsgBox "La Dll no se pudo inyectar"
    Else
        MsgBox "La Dll se a inyectado con Exito"
    End If
End Sub



salu2!

Título: Re:Inyeccion Dll
Publicado por: _katze_ en Agosto 30, 2010, 08:56:04 PM
esto si es un aporte voy a probar aver q pasa!
Título: Re:Inyeccion Dll
Publicado por: Dr0B4ck en Octubre 28, 2011, 02:12:00 AM
nada mal men le veo muy beuna programacion espero sigas aportando mas...