Merhaba Gençler,
yazılım geliştirmeye adım atanlar için güncel dll inject modulunu veriyorum nasıl kullanacağını ilk c++ öğrenmeye başlayın ondan sonra kodları inceleyin bakın
Kod: #pragma once #include #include #include #include #include #include #include #define ntZeroMemory(VariableToBeSetToZero) memset(VariableToBeSetToZero, 0, sizeof(VariableToBeSetToZero)) #define THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER 0x00000004 #define TOKENBUFFER sizeof(TOKEN_PRIVILEGES) #define NTRETURN_SUCCESS 1 #define NTRETURN_FAILURE 0 struct NtCreateThreadExBuffer { ULONG Size; ULONG Unknown1; ULONG Unknown2; PULONG Unknown3; ULONG Unknown4; ULONG Unknown5; ULONG Unknown6; PULONG Unknown7; ULONG Unknown8; }; //WINAPI Hooks -TODO: NT WriteVirtualMemory typedef HMODULE (WINAPI *waLoadLib)(LPCTSTR); typedef HMODULE (WINAPI *waGetModH)(LPCTSTR); typedef BOOL (WINAPI *waWriteProcMem)( HANDLE, PVOID, LPCVOID, SIZE_T, SIZE_T * ); //NT Hooks typedef NTSTATUS (__stdcall *ntCreateThEx)( PHANDLE, DWORD, PVOID, HANDLE, // PHANDLE, out param rets Thr Handle LPTHREAD_START_ROUTINE, PVOID, BOOL, ULONG, ULONG, ULONG, PVOID ); //last param &ntcreatethread struct /* Read Comment under function!!!! */ DWORD UnProtectMemory( HANDLE memHandle, DWORD outOldProtection ) { VirtualProtect(memHandle, NULL, PAGE_EXECUTE_READWRITE, &outOldProtection); return outOldProtection; } /*IMPORTANT Re-Protect MEMORY! VirtualProtect(memHandle, NULL, outOldProtection, NULL)*/ //Elevate Privilege Function BOOL ElevatePrivileges( HANDLE hToken, LPCTSTR lpstrPrivilege, // SE_DEBUG_NAME - Adjust memory and debug process - from any user uint16_t enablePrivilege ) { TOKEN_PRIVILEGES tPrivilege; LUID luID; // unique to each OS -- lowpart(low bits) highpart(high bits) OSVERSIONINFO osVersion = { sizeof(osVersion) }; LookupPrivilegeValue(NULL/*uses localsys*/, lpstrPrivilege, &luID); // Function Succeeds ret nonzero tPrivilege.PrivilegeCount = 1; tPrivilege.Privileges[0].Luid = luID; if(enablePrivilege == 1 || TRUE) { tPrivilege.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; } else if(enablePrivilege == 0 || FALSE) { tPrivilege.Privileges[0].Attributes = 0; } BOOL adjustPrivileges = AdjustTokenPrivileges( /* ret nonzero if success */ hToken, FALSE, &tPrivilege, TOKENBUFFER, NULL, (PDWORD)NULL ); if(adjustPrivileges != 0) { std::cout << "Privileges changed" << std::endl; } else if(adjustPrivileges == 0 || FALSE) { std::cout << "Privileges rejected!" << std::endl; return NTRETURN_FAILURE; } return NTRETURN_SUCCESS; } //returns handle from ntCreateThread call HANDLE HkCreateThreadHook( HANDLE hProcess, PCHAR dllFileName ) { DWORD ntTemp0 = 0; DWORD ntTemp1 = 0; HANDLE retHandleFromHook; HMODULE nt_LoadLibraryHook = GetModuleHandle(_T("Kernel32.dll")); HMODULE nt_HandleThreadHook = GetModuleHandle(_T("ntdll.dll")); void *vp_AllocMem = VirtualAlloc( hProcess, NULL, strlen(dllFileName) + 1, PAGE_READWRITE ); void *vp_LoadLib = GetProcAddress(nt_LoadLibraryHook, "LoadLibraryA"); ntCreateThEx nt_CrThreadHook = (ntCreateThEx)GetProcAddress(nt_HandleThreadHook, "NtCreateThreadEx"); if(!nt_CrThreadHook) { std::cout << " Thread Hook - Error - 0x" << GetLastError() << std::endl; } if(!vp_LoadLib) { std::cout << "Load Lib - Error - 0x" << GetLastError() << std::endl; } NtCreateThreadExBuffer ntHookBuff; ntZeroMemory(&ntHookBuff); ntHookBuff.Size = sizeof(NtCreateThreadExBuffer); ntHookBuff.Unknown1 = 0x10003; ntHookBuff.Unknown2 = 0x8; ntHookBuff.Unknown3 = &ntTemp1; ntHookBuff.Unknown4 = 0; ntHookBuff.Unknown5 = 0x10004; ntHookBuff.Unknown6 = 4; ntHookBuff.Unknown7 = &ntTemp0; ntHookBuff.Unknown8 = 0; long nt_ActivateHook = nt_CrThreadHook( &retHandleFromHook, 0x1FFFFF, NULL, hProcess, (LPTHREAD_START_ROUTINE)vp_LoadLib, vp_AllocMem, THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER, NULL, NULL, NULL, &ntHookBuff ); if(retHandleFromHook == NULL) { std::cout << " ThreadHookBootup - Error - 0x" << GetLastError() << std::endl; } DWORD exitCode; GetExitCodeThread(retHandleFromHook, &exitCode); std::cout << "exitCode is : " << exitCode << std::endl; WaitForSingleObject(retHandleFromHook, INFINITE); return retHandleFromHook; } BOOL HkWriteProcMemory( HANDLE hProcess, LPCVOID cvpBuffer, SIZE_T fSize ) { HMODULE dllModule = GetModuleHandle(_T("Kernel32.dll")); waWriteProcMem callWritePMem = (waWriteProcMem)GetProcAddress(dllModule, "WriteProcessMemory"); void *memoryAlloc = VirtualAllocEx( hProcess, NULL, sizeof(cvpBuffer) + 1, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE ); BOOL hkCheck = callWritePMem( /* If functions succeeds the ret value is != 0 */ hProcess, memoryAlloc, cvpBuffer, fSize, NULL ); if(hkCheck == 0) { std::cout << "Writeprocmem hook has failed - Error code - 0x" << GetLastError() << std::endl; return NTRETURN_FAILURE; } return NTRETURN_SUCCESS; }
Konuyu başlatan Gönderildi : 28 Kasım 2016 14:42