https://en.wikipedia.org/wiki/Dynamic-link_library
https://github.com/MicrosoftDocs/cpp-docs/blob/main/docs/build/walkthrough-creating-and-using-a-dynamic-link-library-cpp.md
How to Write and Call DLL's within Delphi
https://coderedirect.com/questions/360496/calling-functions-from-a-c-dll-in-delphi
https://www.tutorialspoint.com/dll/dll_delphi_example.htm
http://rvelthuis.de/index.html
https://www.freepascal.org/tools/h2pas.var
http://www.drbob42.com/headconv/
https://www.drbob42.com/Delphi/headconv.htm
https://www.mql5.com/en/articles/249
https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/
https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya
DLL header COM interface TLB Component Object Model DIL Interface Definition Language
DLL header delphi COM interface TLB Component Object Model
https://docwiki.embarcadero.com/RADStudio/Sydney/en/Developing_COM_Applications
Microsoft介面定義語言(英語:Microsoft Interface Definition Language;縮寫:MIDL)是微軟的基於文字的介面描述語言。擴充自DCE/RPC IDL用於微軟的組件物件模型(Component Object Model)。 [1] 它的編譯器是MIDL.exe(隨Windows SDK發行)。MIDL用於遠端程序呼叫(RPC)的介面、DCOM介面、OLE自動化的類型庫等的描述.
https://en.wikipedia.org/wiki/Microsoft_Interface_Definition_Language
https://docwiki.embarcadero.com/RADStudio/Sydney/en/Type_Libraries
https://stackoverflow.com/questions/40799003/importing-c-sharp-or-c-dll-as-com-object-in-delphi
https://www.codeproject.com/Articles/505791/Writing-Simple-COM-ATL-DLL-for-VS2012
https://www.red-gate.com/simple-talk/development/dotnet-development/build-and-deploy-a-net-com-assembly/
https://nachtimwald.com/2012/04/08/wrapping-a-c-library-in-comactivex/
https://wiki.freepascal.org/LazActiveX
https://www.codeproject.com/Articles/13601/COM-in-plain-C
https://docs.microsoft.com/en-us/windows/win32/com/component-object-model--com--portal
https://blog.xuite.net/metafun/life/77922432
https://theroadtodelphi.com/2010/11/25/create-a-sfx-file-with-delphi-self-extracting-archives/
Create a SFX File with Delphi (Self Extracting Archives)
https://kolmck.net/
https://github.com/RRUZ/blog/tree/master/Misc/SFX
Injector Code
Dalam kode kita, saya menggunakan beberapa fungsi API Win32 untuk melakukan injeksi. Dan saya rasa, pada umumnya tulisan tentang DLL Injection di internet menggunakan kode yang sama untuk kategori injeksi dasar.
OpenProcess()
Mendapatkan handle dari proses target.
VirtualAllocEx()
Mengalokasikan memory dalam wilayah memory proses target. Data-data seperti nama fungsi, parameter, dan sebagainya yang akan digunakan oleh injected code harus berada dalam lokasi memori proses target yang dialokasikan sebelumnya dengan fungsi ini.
WriteProcessMemory()
Menuliskan data ke memori yang telah dialokasikan dalam wilayah memori proses target.
CreateRemoteThread()
Menjalankan thread baru di proses target. Ini akan mengeksekusi DLL yang diinjek.
GetProcAddress()
Mendapatkan alamat fungsi dalam sebuah DLL. Ini akan dipakai untuk mengambil alamat fungsi LoadLibrary() dalam kernel32.dll
WaitForSingleObject()
Menunggu eksekusi sampai selesai, dengan menyertakan parameter INFINITE.
CloseHandle()
Meunutup handle proses yang didapatkan dari OpenProcess.
Pid : Cardinal;
dllname : String;
pDLLname : Pointer;
hProzess,bw : Cardinal ;
hRemoteThread : Cardinal;
dllname := ADLLname;
hProzess:= OpenProcess(PROCESS_ALL_ACCESS, false, targetproc);
pdllname := VirtualAllocEx(hProzess, 0, length(dllname),
MEM_COMMIT,PAGE_EXECUTE_READWRITE);
WriteProcessMemory(hProzess, pdllname, PChar(dllname), length(dllname), bw);
CreateRemoteThread(hProzess, nil, 0,
GetProcAddress(GetModuleHandle('kernel32.dll'),
'LoadLibraryA'), pDLLname, 0, hRemoteThread);
WaitForSingleObject(hRemoteThread, INFINITE);
CloseHandle(hProzess);
//...................
uses ...., TlHelp32; // -> untuk menggunakan Win32 Toolhelp library
//...................
procedure TFMain.EnumProcess;
hSnap:Cardinal;
pe32:TProcessEntry32;
s:String;
begin
hsnap:=CreateToolHelp32SnapShot(
TH32CS_SNAPPROCESS,
0
);
if hSnap = INVALID_HANDLE_VALUE then
exit;
FillChar(pe32, sizeof(pe32),0);
pe32.dwSize:=Sizeof(pe32);
if not Process32First(hsnap, pe32) then
exit;
cbProcess.Clear;
repeat
s:=IntToStr(pe32.th32ProcessID);
while length(s)<8 do s:='0'+s;
s:=s+': '+pe32.szExeFile;
if lowercase(copy(s, length(s)-3,4))='.exe' then
cbProcess.Items.Add(s);
until not Process32Next(hsnap, pe32);
CloseHandle(hSnap);
cbProcess.ItemIndex:=0;
end;unit umain;
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, TlHelp32;
hSnap:Cardinal;
pe32:TProcessEntry32;
s:String;
begin
hsnap:=CreateToolHelp32SnapShot(
TH32CS_SNAPPROCESS,
0
);
if hSnap = INVALID_HANDLE_VALUE then
exit;
FillChar(pe32, sizeof(pe32),0);
pe32.dwSize:=Sizeof(pe32);
if not Process32First(hsnap, pe32) then
exit;
cbProcess.Clear;
repeat
s:=IntToStr(pe32.th32ProcessID);
while length(s)<8 do s:='0'+s;
s:=s+': '+pe32.szExeFile;
if lowercase(copy(s, length(s)-3,4))='.exe' then
cbProcess.Items.Add(s);
until not Process32Next(hsnap, pe32);
CloseHandle(hSnap);
cbProcess.ItemIndex:=0;
Pid : Cardinal;
dllname : String;
pDLLname : Pointer;
hProzess,bw : Cardinal ;
hRemoteThread : Cardinal;
dllname := ADLLname;
hProzess:= OpenProcess(PROCESS_ALL_ACCESS, false, targetproc);
pdllname := VirtualAllocEx(hProzess, 0, length(dllname), MEM_COMMIT,PAGE_EXECUTE_READWRITE);
WriteProcessMemory(hProzess, pdllname, PChar(dllname), length(dllname), bw);
CreateRemoteThread(hProzess, nil, 0, GetProcAddress(GetModuleHandle('kernel32.dll'),'LoadLibraryA'), pDLLname, 0, hRemoteThread);
WaitForSingleObject(hRemoteThread, INFINITE);
CloseHandle(hProzess);
EnumProcess;
if cbProcess.Items.Count = 0 then exit;
s:=copy(cbProcess.Items[cbProcess.ItemIndex],1,8);
i:=StrToInt(s);
InjectDll(ExtractFilePath(ParamStr(0))+'InjectedDLL.dll', i);
Managing Memory-Mapped Files THandle Virtual sizeof Integer initialization create memory mapped hMapFile CreateFileMapping ReadWrite VirtualFileName Exception pointer MapViewOfFile application terminates finalization UnmapViewOfFile
2021年12月8日 星期三
How to Write and Call DLL's Component Object Model DIL Interface Definition Language within Delphi
訂閱:
張貼留言 (Atom)
沒有留言:
張貼留言