Merhaba Gençler,
yazılım geliştirmeye adım atanlar için güncel dll inject modulunu veriyorum nasıl kullanacağını ilk c++ öğrenmeye başlayın ondan sonra kodları inceleyin bakın
Kod:
#pragma once
#include
#include
#include
#include
#include
#include
#include
#define ntZeroMemory(VariableToBeSetToZero) memset(VariableToBeSetToZero, 0, sizeof(VariableToBeSetToZero))
#define THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER 0x00000004
#define TOKENBUFFER sizeof(TOKEN_PRIVILEGES)
#define NTRETURN_SUCCESS 1
#define NTRETURN_FAILURE 0
struct NtCreateThreadExBuffer {
ULONG Size;
ULONG Unknown1;
ULONG Unknown2;
PULONG Unknown3;
ULONG Unknown4;
ULONG Unknown5;
ULONG Unknown6;
PULONG Unknown7;
ULONG Unknown8;
};
//WINAPI Hooks -TODO: NT WriteVirtualMemory
typedef HMODULE (WINAPI *waLoadLib)(LPCTSTR);
typedef HMODULE (WINAPI *waGetModH)(LPCTSTR);
typedef BOOL (WINAPI *waWriteProcMem)(
HANDLE, PVOID,
LPCVOID, SIZE_T, SIZE_T *
);
//NT Hooks
typedef NTSTATUS (__stdcall *ntCreateThEx)(
PHANDLE, DWORD, PVOID, HANDLE, // PHANDLE, out param rets Thr Handle
LPTHREAD_START_ROUTINE,
PVOID, BOOL,
ULONG, ULONG, ULONG, PVOID
); //last param &ntcreatethread struct
/* Read Comment under function!!!! */
DWORD UnProtectMemory(
HANDLE memHandle,
DWORD outOldProtection
) {
VirtualProtect(memHandle, NULL, PAGE_EXECUTE_READWRITE, &outOldProtection);
return outOldProtection;
}
/*IMPORTANT Re-Protect MEMORY! VirtualProtect(memHandle, NULL, outOldProtection, NULL)*/
//Elevate Privilege Function
BOOL ElevatePrivileges(
HANDLE hToken,
LPCTSTR lpstrPrivilege, // SE_DEBUG_NAME - Adjust memory and debug process - from any user
uint16_t enablePrivilege
) {
TOKEN_PRIVILEGES tPrivilege;
LUID luID; // unique to each OS -- lowpart(low bits) highpart(high bits)
OSVERSIONINFO osVersion = { sizeof(osVersion) };
LookupPrivilegeValue(NULL/*uses localsys*/, lpstrPrivilege, &luID);
// Function Succeeds ret nonzero
tPrivilege.PrivilegeCount = 1;
tPrivilege.Privileges[0].Luid = luID;
if(enablePrivilege == 1 || TRUE) {
tPrivilege.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
}
else if(enablePrivilege == 0 || FALSE) {
tPrivilege.Privileges[0].Attributes = 0;
}
BOOL adjustPrivileges = AdjustTokenPrivileges( /* ret nonzero if success */
hToken,
FALSE,
&tPrivilege,
TOKENBUFFER,
NULL,
(PDWORD)NULL
);
if(adjustPrivileges != 0) {
std::cout << "Privileges changed" << std::endl;
}
else if(adjustPrivileges == 0 || FALSE) {
std::cout << "Privileges rejected!" << std::endl;
return NTRETURN_FAILURE;
}
return NTRETURN_SUCCESS;
}
//returns handle from ntCreateThread call
HANDLE HkCreateThreadHook(
HANDLE hProcess,
PCHAR dllFileName
) {
DWORD ntTemp0 = 0;
DWORD ntTemp1 = 0;
HANDLE retHandleFromHook;
HMODULE nt_LoadLibraryHook = GetModuleHandle(_T("Kernel32.dll"));
HMODULE nt_HandleThreadHook = GetModuleHandle(_T("ntdll.dll"));
void *vp_AllocMem = VirtualAlloc(
hProcess,
NULL,
strlen(dllFileName) + 1,
PAGE_READWRITE
);
void *vp_LoadLib = GetProcAddress(nt_LoadLibraryHook, "LoadLibraryA");
ntCreateThEx nt_CrThreadHook = (ntCreateThEx)GetProcAddress(nt_HandleThreadHook, "NtCreateThreadEx");
if(!nt_CrThreadHook) {
std::cout << " Thread Hook - Error - 0x" << GetLastError() << std::endl;
}
if(!vp_LoadLib) {
std::cout << "Load Lib - Error - 0x" << GetLastError() << std::endl;
}
NtCreateThreadExBuffer ntHookBuff;
ntZeroMemory(&ntHookBuff);
ntHookBuff.Size = sizeof(NtCreateThreadExBuffer);
ntHookBuff.Unknown1 = 0x10003;
ntHookBuff.Unknown2 = 0x8;
ntHookBuff.Unknown3 = &ntTemp1;
ntHookBuff.Unknown4 = 0;
ntHookBuff.Unknown5 = 0x10004;
ntHookBuff.Unknown6 = 4;
ntHookBuff.Unknown7 = &ntTemp0;
ntHookBuff.Unknown8 = 0;
long nt_ActivateHook = nt_CrThreadHook(
&retHandleFromHook,
0x1FFFFF,
NULL,
hProcess,
(LPTHREAD_START_ROUTINE)vp_LoadLib,
vp_AllocMem,
THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER,
NULL,
NULL,
NULL,
&ntHookBuff
);
if(retHandleFromHook == NULL) {
std::cout << " ThreadHookBootup - Error - 0x" << GetLastError() << std::endl;
}
DWORD exitCode;
GetExitCodeThread(retHandleFromHook, &exitCode);
std::cout << "exitCode is : " << exitCode << std::endl;
WaitForSingleObject(retHandleFromHook, INFINITE);
return retHandleFromHook;
}
BOOL HkWriteProcMemory(
HANDLE hProcess,
LPCVOID cvpBuffer,
SIZE_T fSize
) {
HMODULE dllModule = GetModuleHandle(_T("Kernel32.dll"));
waWriteProcMem callWritePMem = (waWriteProcMem)GetProcAddress(dllModule, "WriteProcessMemory");
void *memoryAlloc = VirtualAllocEx(
hProcess,
NULL,
sizeof(cvpBuffer) + 1,
MEM_RESERVE | MEM_COMMIT,
PAGE_READWRITE
);
BOOL hkCheck = callWritePMem( /* If functions succeeds the ret value is != 0 */
hProcess,
memoryAlloc,
cvpBuffer,
fSize,
NULL
);
if(hkCheck == 0) {
std::cout << "Writeprocmem hook has failed - Error code - 0x" << GetLastError() << std::endl;
return NTRETURN_FAILURE;
}
return NTRETURN_SUCCESS;
}
Konuyu başlatan Gönderildi : 28 Kasım 2016 14:42