-
-
[原创]DllHijacker For Delphi
-
发表于: 2008-8-20 20:35
-
生成用于Dll劫持的Delphi模板,部分DLL需要修改代码后才能支持劫持。
界面如下
生成ws2help.dll的模板如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 | library ws2help; //============================================================================== // DllHijacker By pathletboy //============================================================================== uses Windows; {$R *.res} var ModHandle: Cardinal; POldWahCloseApcHelper: Pointer; POldWahCloseHandleHelper: Pointer; POldWahCloseNotificationHandleHelper: Pointer; POldWahCloseSocketHandle: Pointer; POldWahCloseThread: Pointer; POldWahCompleteRequest: Pointer; POldWahCreateHandleContextTable: Pointer; POldWahCreateNotificationHandle: Pointer; POldWahCreateSocketHandle: Pointer; POldWahDestroyHandleContextTable: Pointer; POldWahDisableNonIFSHandleSupport: Pointer; POldWahEnableNonIFSHandleSupport: Pointer; POldWahEnumerateHandleContexts: Pointer; POldWahInsertHandleContext: Pointer; POldWahNotifyAllProcesses: Pointer; POldWahOpenApcHelper: Pointer; POldWahOpenCurrentThread: Pointer; POldWahOpenHandleHelper: Pointer; POldWahOpenNotificationHandleHelper: Pointer; POldWahQueueUserApc: Pointer; POldWahReferenceContextByHandle: Pointer; POldWahRemoveHandleContext: Pointer; POldWahWaitForNotification: Pointer; procedure WahCloseApcHelper; asm jmp POldWahCloseApcHelper end; procedure WahCloseHandleHelper; asm jmp POldWahCloseHandleHelper end; procedure WahCloseNotificationHandleHelper; asm jmp POldWahCloseNotificationHandleHelper end; procedure WahCloseSocketHandle; asm jmp POldWahCloseSocketHandle end; procedure WahCloseThread; asm jmp POldWahCloseThread end; procedure WahCompleteRequest; asm jmp POldWahCompleteRequest end; procedure WahCreateHandleContextTable; asm jmp POldWahCreateHandleContextTable end; procedure WahCreateNotificationHandle; asm jmp POldWahCreateNotificationHandle end; procedure WahCreateSocketHandle; asm jmp POldWahCreateSocketHandle end; procedure WahDestroyHandleContextTable; asm jmp POldWahDestroyHandleContextTable end; procedure WahDisableNonIFSHandleSupport; asm jmp POldWahDisableNonIFSHandleSupport end; procedure WahEnableNonIFSHandleSupport; asm jmp POldWahEnableNonIFSHandleSupport end; procedure WahEnumerateHandleContexts; asm jmp POldWahEnumerateHandleContexts end; procedure WahInsertHandleContext; asm jmp POldWahInsertHandleContext end; procedure WahNotifyAllProcesses; asm jmp POldWahNotifyAllProcesses end; procedure WahOpenApcHelper; asm jmp POldWahOpenApcHelper end; procedure WahOpenCurrentThread; asm jmp POldWahOpenCurrentThread end; procedure WahOpenHandleHelper; asm jmp POldWahOpenHandleHelper end; procedure WahOpenNotificationHandleHelper; asm jmp POldWahOpenNotificationHandleHelper end; procedure WahQueueUserApc; asm jmp POldWahQueueUserApc end; procedure WahReferenceContextByHandle; asm jmp POldWahReferenceContextByHandle end; procedure WahRemoveHandleContext; asm jmp POldWahRemoveHandleContext end; procedure WahWaitForNotification; asm jmp POldWahWaitForNotification end; exports WahCloseApcHelper, WahCloseHandleHelper, WahCloseNotificationHandleHelper, WahCloseSocketHandle, WahCloseThread, WahCompleteRequest, WahCreateHandleContextTable, WahCreateNotificationHandle, WahCreateSocketHandle, WahDestroyHandleContextTable, WahDisableNonIFSHandleSupport, WahEnableNonIFSHandleSupport, WahEnumerateHandleContexts, WahInsertHandleContext, WahNotifyAllProcesses, WahOpenApcHelper, WahOpenCurrentThread, WahOpenHandleHelper, WahOpenNotificationHandleHelper, WahQueueUserApc, WahReferenceContextByHandle, WahRemoveHandleContext, WahWaitForNotification; begin ModHandle:= LoadLibrary('C:\WINDOWS\system32\ws2help.dll'); if ModHandle > 0 thenbegin POldWahCloseApcHelper:= GetProcAddress(ModHandle, 'WahCloseApcHelper'); POldWahCloseHandleHelper:= GetProcAddress(ModHandle, 'WahCloseHandleHelper'); POldWahCloseNotificationHandleHelper:= GetProcAddress(ModHandle, 'WahCloseNotificationHandleHelper'); POldWahCloseSocketHandle:= GetProcAddress(ModHandle, 'WahCloseSocketHandle'); POldWahCloseThread:= GetProcAddress(ModHandle, 'WahCloseThread'); POldWahCompleteRequest:= GetProcAddress(ModHandle, 'WahCompleteRequest'); POldWahCreateHandleContextTable:= GetProcAddress(ModHandle, 'WahCreateHandleContextTable'); POldWahCreateNotificationHandle:= GetProcAddress(ModHandle, 'WahCreateNotificationHandle'); POldWahCreateSocketHandle:= GetProcAddress(ModHandle, 'WahCreateSocketHandle'); POldWahDestroyHandleContextTable:= GetProcAddress(ModHandle, 'WahDestroyHandleContextTable'); POldWahDisableNonIFSHandleSupport:= GetProcAddress(ModHandle, 'WahDisableNonIFSHandleSupport'); POldWahEnableNonIFSHandleSupport:= GetProcAddress(ModHandle, 'WahEnableNonIFSHandleSupport'); POldWahEnumerateHandleContexts:= GetProcAddress(ModHandle, 'WahEnumerateHandleContexts'); POldWahInsertHandleContext:= GetProcAddress(ModHandle, 'WahInsertHandleContext'); POldWahNotifyAllProcesses:= GetProcAddress(ModHandle, 'WahNotifyAllProcesses'); POldWahOpenApcHelper:= GetProcAddress(ModHandle, 'WahOpenApcHelper'); POldWahOpenCurrentThread:= GetProcAddress(ModHandle, 'WahOpenCurrentThread'); POldWahOpenHandleHelper:= GetProcAddress(ModHandle, 'WahOpenHandleHelper'); POldWahOpenNotificationHandleHelper:= GetProcAddress(ModHandle, 'WahOpenNotificationHandleHelper'); POldWahQueueUserApc:= GetProcAddress(ModHandle, 'WahQueueUserApc'); POldWahReferenceContextByHandle:= GetProcAddress(ModHandle, 'WahReferenceContextByHandle'); POldWahRemoveHandleContext:= GetProcAddress(ModHandle, 'WahRemoveHandleContext'); POldWahWaitForNotification:= GetProcAddress(ModHandle, 'WahWaitForNotification'); end; end. |
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏记录
参与人
雪币
留言
时间
Youlor
为你点赞~
2024-1-4 00:26
伟叔叔
为你点赞~
2023-11-13 02:46
QinBeast
为你点赞~
2023-8-22 00:57
PLEBFE
为你点赞~
2023-8-21 00:29
shinratensei
为你点赞~
2023-7-29 00:03
心游尘世外
为你点赞~
2023-7-18 00:29
飘零丶
为你点赞~
2023-7-7 00:24
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
很好哦:) 不过还是喜欢用C的 体积小呀
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
