-
-
[转帖]PEiD Making a Plug-in with Visual Basic 6
-
发表于: 2007-2-1 13:10
-
This may be doable. I was screwing around with it and I got PEID to load my DLL but when you try to activate it it crashes PEID. It will take some post-compiling file editing though. I'll give you a basic idea of what I did.
First off, this page will describe how to create a real DLL in VB. It's not hard.
http://www.vb-helper.com/howto_make_standard_dll.html
Here is what I have in my module.
That's all there is to the code. As you can see it only message boxes but still. Then you need a DEF file so that the linker will export the function.
Now, as for the file modification you have to do.. If you try to load the Plugin as it is you will notice that the name of the plugin (in the plugin menu) shows up as V. This is because of the way VB stores stuff. "V B P E I D P l u g i n". With null bytes (00) in between each letter. I'm not sure why this messes up PEID but it does. Open your plugin DLL in a hex editor, find the name of it and change it to something like this... "VB PEID Plugin " Take out the null bytes and add them back on after the end of your plugin title. Now PEID will show your plugin name correctly. That's as far as I got because I got distracted but if anyone takes it further let me know.
First off, this page will describe how to create a real DLL in VB. It's not hard.
http://www.vb-helper.com/howto_make_standard_dll.html
Here is what I have in my module.
Option Explicit
Public Const DLL_PROCESS_DETACH = 0
Public Const DLL_PROCESS_ATTACH = 1
Public Const DLL_THREAD_ATTACH = 2
Public Const DLL_THREAD_DETACH = 3
Public Function DllMain(hInst As Long, fdwReason As Long, lpvReserved As Long) As Boolean
Select Case fdwReason
Case DLL_PROCESS_DETACH
Case DLL_PROCESS_ATTACH
DllMain = True
Case DLL_THREAD_ATTACH
Case DLL_THREAD_DETACH
End Select
End Function
Public Function LoadDll()
LoadDll = "VB PEID Plugin v1"
End Function
Public Function DoMyJob(hMainDlg As Long, szFname As String, lpReserved As String, lpParam As String) As Boolean
'//hMainDlg: HWND of PEiD window
'//szFname: Filename
'//lpReserved: PEiD passes 'PEiD' as the value
'//lpParam: NULL passed, for future use
'// Write your main code here
MsgBox "Plugin activated!"
DoMyJob = True
End Function
That's all there is to the code. As you can see it only message boxes but still. Then you need a DEF file so that the linker will export the function.
NAME VBPEIDPlugin
LIBRARY VBPEIDPlugin
DESCRIPTION "VB PEID Plugin"
EXPORTS DllMain @1
LoadDll @2
DoMyJob @3
Now, as for the file modification you have to do.. If you try to load the Plugin as it is you will notice that the name of the plugin (in the plugin menu) shows up as V. This is because of the way VB stores stuff. "V B P E I D P l u g i n". With null bytes (00) in between each letter. I'm not sure why this messes up PEID but it does. Open your plugin DLL in a hex editor, find the name of it and change it to something like this... "VB PEID Plugin " Take out the null bytes and add them back on after the end of your plugin title. Now PEID will show your plugin name correctly. That's as far as I got because I got distracted but if anyone takes it further let me know.
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
