首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 编程技术
    3. 发新帖
[原创]DllHijacker For Delphi
发表于: 2008-8-20 20:35 18161

[原创]DllHijacker For Delphi

pathletboy 活跃值
2
2008-8-20 20:35
18161

生成用于Dll劫持的Delphi模板,部分DLL需要修改代码后才能支持劫持。
界面如下


生成ws2help.dll的模板如下

library ws2help; 

//============================================================================== 
// DllHijacker By pathletboy 
//============================================================================== 

uses 
Windows; 

{$R *.res} 

var 
ModHandle: Cardinal; 
POldWahCloseApcHelper: Pointer; 
POldWahCloseHandleHelper: Pointer; 
POldWahCloseNotificationHandleHelper: Pointer; 
POldWahCloseSocketHandle: Pointer; 
POldWahCloseThread: Pointer; 
POldWahCompleteRequest: Pointer; 
POldWahCreateHandleContextTable: Pointer; 
POldWahCreateNotificationHandle: Pointer; 
POldWahCreateSocketHandle: Pointer; 
POldWahDestroyHandleContextTable: Pointer; 
POldWahDisableNonIFSHandleSupport: Pointer; 
POldWahEnableNonIFSHandleSupport: Pointer; 
POldWahEnumerateHandleContexts: Pointer; 
POldWahInsertHandleContext: Pointer; 
POldWahNotifyAllProcesses: Pointer; 
POldWahOpenApcHelper: Pointer; 
POldWahOpenCurrentThread: Pointer; 
POldWahOpenHandleHelper: Pointer; 
POldWahOpenNotificationHandleHelper: Pointer; 
POldWahQueueUserApc: Pointer; 
POldWahReferenceContextByHandle: Pointer; 
POldWahRemoveHandleContext: Pointer; 
POldWahWaitForNotification: Pointer; 

procedure WahCloseApcHelper; asm jmp POldWahCloseApcHelper end; 
procedure WahCloseHandleHelper; asm jmp POldWahCloseHandleHelper end; 
procedure WahCloseNotificationHandleHelper; asm jmp POldWahCloseNotificationHandleHelper end; 
procedure WahCloseSocketHandle; asm jmp POldWahCloseSocketHandle end; 
procedure WahCloseThread; asm jmp POldWahCloseThread end; 
procedure WahCompleteRequest; asm jmp POldWahCompleteRequest end; 
procedure WahCreateHandleContextTable; asm jmp POldWahCreateHandleContextTable end; 
procedure WahCreateNotificationHandle; asm jmp POldWahCreateNotificationHandle end; 
procedure WahCreateSocketHandle; asm jmp POldWahCreateSocketHandle end; 
procedure WahDestroyHandleContextTable; asm jmp POldWahDestroyHandleContextTable end; 
procedure WahDisableNonIFSHandleSupport; asm jmp POldWahDisableNonIFSHandleSupport end; 
procedure WahEnableNonIFSHandleSupport; asm jmp POldWahEnableNonIFSHandleSupport end; 
procedure WahEnumerateHandleContexts; asm jmp POldWahEnumerateHandleContexts end; 
procedure WahInsertHandleContext; asm jmp POldWahInsertHandleContext end; 
procedure WahNotifyAllProcesses; asm jmp POldWahNotifyAllProcesses end; 
procedure WahOpenApcHelper; asm jmp POldWahOpenApcHelper end; 
procedure WahOpenCurrentThread; asm jmp POldWahOpenCurrentThread end; 
procedure WahOpenHandleHelper; asm jmp POldWahOpenHandleHelper end; 
procedure WahOpenNotificationHandleHelper; asm jmp POldWahOpenNotificationHandleHelper end; 
procedure WahQueueUserApc; asm jmp POldWahQueueUserApc end; 
procedure WahReferenceContextByHandle; asm jmp POldWahReferenceContextByHandle end; 
procedure WahRemoveHandleContext; asm jmp POldWahRemoveHandleContext end; 
procedure WahWaitForNotification; asm jmp POldWahWaitForNotification end; 

exports 
WahCloseApcHelper, 
WahCloseHandleHelper, 
WahCloseNotificationHandleHelper, 
WahCloseSocketHandle, 
WahCloseThread, 
WahCompleteRequest, 
WahCreateHandleContextTable, 
WahCreateNotificationHandle, 
WahCreateSocketHandle, 
WahDestroyHandleContextTable, 
WahDisableNonIFSHandleSupport, 
WahEnableNonIFSHandleSupport, 
WahEnumerateHandleContexts, 
WahInsertHandleContext, 
WahNotifyAllProcesses, 
WahOpenApcHelper, 
WahOpenCurrentThread, 
WahOpenHandleHelper, 
WahOpenNotificationHandleHelper, 
WahQueueUserApc, 
WahReferenceContextByHandle, 
WahRemoveHandleContext, 
WahWaitForNotification; 

begin 
ModHandle:= LoadLibrary('C:\WINDOWS\system32\ws2help.dll'); 
if ModHandle > 0 then 
begin 
   POldWahCloseApcHelper:= GetProcAddress(ModHandle, 'WahCloseApcHelper'); 
   POldWahCloseHandleHelper:= GetProcAddress(ModHandle, 'WahCloseHandleHelper'); 
   POldWahCloseNotificationHandleHelper:= GetProcAddress(ModHandle, 'WahCloseNotificationHandleHelper'); 
   POldWahCloseSocketHandle:= GetProcAddress(ModHandle, 'WahCloseSocketHandle'); 
   POldWahCloseThread:= GetProcAddress(ModHandle, 'WahCloseThread'); 
   POldWahCompleteRequest:= GetProcAddress(ModHandle, 'WahCompleteRequest'); 
   POldWahCreateHandleContextTable:= GetProcAddress(ModHandle, 'WahCreateHandleContextTable'); 
   POldWahCreateNotificationHandle:= GetProcAddress(ModHandle, 'WahCreateNotificationHandle'); 
   POldWahCreateSocketHandle:= GetProcAddress(ModHandle, 'WahCreateSocketHandle'); 
   POldWahDestroyHandleContextTable:= GetProcAddress(ModHandle, 'WahDestroyHandleContextTable'); 
   POldWahDisableNonIFSHandleSupport:= GetProcAddress(ModHandle, 'WahDisableNonIFSHandleSupport'); 
   POldWahEnableNonIFSHandleSupport:= GetProcAddress(ModHandle, 'WahEnableNonIFSHandleSupport'); 
   POldWahEnumerateHandleContexts:= GetProcAddress(ModHandle, 'WahEnumerateHandleContexts'); 
   POldWahInsertHandleContext:= GetProcAddress(ModHandle, 'WahInsertHandleContext'); 
   POldWahNotifyAllProcesses:= GetProcAddress(ModHandle, 'WahNotifyAllProcesses'); 
   POldWahOpenApcHelper:= GetProcAddress(ModHandle, 'WahOpenApcHelper'); 
   POldWahOpenCurrentThread:= GetProcAddress(ModHandle, 'WahOpenCurrentThread'); 
   POldWahOpenHandleHelper:= GetProcAddress(ModHandle, 'WahOpenHandleHelper'); 
   POldWahOpenNotificationHandleHelper:= GetProcAddress(ModHandle, 'WahOpenNotificationHandleHelper'); 
   POldWahQueueUserApc:= GetProcAddress(ModHandle, 'WahQueueUserApc'); 
   POldWahReferenceContextByHandle:= GetProcAddress(ModHandle, 'WahReferenceContextByHandle'); 
   POldWahRemoveHandleContext:= GetProcAddress(ModHandle, 'WahRemoveHandleContext'); 
   POldWahWaitForNotification:= GetProcAddress(ModHandle, 'WahWaitForNotification'); 
end; 
end.

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

上传的附件:
收藏
免费 7
支持
分享
最新回复 (19)
cd37ycs
雪    币: 212
活跃值: (1645)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
2
能举个应用范例吗?
2008-8-20 22:18
0
bzhkl
雪    币: 437
活跃值: (273)
能力值: ( LV12,RANK:240 )
在线值:
发帖
回帖
粉丝
私信
3
支持 ~~~
2008-8-20 22:22
0
dayed
雪    币: 225
活跃值: (10)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
私信
4
感谢共享~~~~
2008-8-20 22:53
0
靴子
雪    币: 22
活跃值: (458)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
很好哦:)  不过还是喜欢用C的 体积小呀
2008-8-21 00:13
0
vxin
雪    币: 372
活跃值: (31)
能力值: ( LV12,RANK:410 )
在线值:
发帖
回帖
粉丝
私信
6
学习一下~~
2008-8-21 11:51
0
lsuper
雪    币: 200
活跃值: (245)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
7
不错!非常感谢
2008-8-22 00:00
0
xiaoyuwed
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
8
太感谢了,有了这个方便多了
2009-5-30 22:58
0
绿豆青蛙
雪    币: 220
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
9
delphi的代码总体看起来有点肥。。。
2009-5-30 23:04
0
kangcin
雪    币: 602
活跃值: (45)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
10
先感谢楼主 再测试
2010-3-9 17:26
0
kangcin
雪    币: 602
活跃值: (45)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
11
某些用序号的dll函数不能导出
2010-3-9 17:29
0
deitytoday
雪    币: 203
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
12
这个厉害了.. 弄来学习学习.  

其实主要是我突然想看看自己有多少现金..
2010-4-9 20:04
0
sztxgg
雪    币: 218
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
13
马上下载试用,不错哈
2010-5-3 13:49
0
ppanger
雪    币: 255
活跃值: (49)
能力值: ( LV9,RANK:180 )
在线值:
发帖
回帖
粉丝
私信
14
感谢分享 ^_^
2010-5-12 13:29
0
ddzhouqian
雪    币: 208
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
15
楼主说了不支持所有的dll,某些dll需要修改代码。
今天再看有些熟悉了
2010-5-12 18:17
0
YFLK
雪    币: 253
活跃值: (89)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
16
这是好东西,非常有用,谢谢!
2010-5-13 07:54
0
teletell
雪    币: 2471
活跃值: (2705)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
17
不错的东东!!谢谢共享。
2010-5-18 08:31
0
zhaoxiali
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
18
支持 ~~~
2010-6-10 22:27
0
moomlxm
雪    币: 419
活跃值: (48)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
19
好东西 收藏下
2011-5-6 12:57
0
cherokee
雪    币: 204
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
20
学习了。。。。。
2011-5-19 19:13
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//