[VB]Injetor de Dll

Lembrando que é em Visual Basic 6

Vamos precisar de :
3 CommandButton
4 Label
1 Timer
2 TextBox
1 Microsoft Common Dialog Control 6.0
3 Module
2 Option

Vamos começar:

No Form Load declare o Seguinte código :
Option1(0).Value = True
Text2.Text = Load("HProcess", "Box2")
If Text2.Text = Check Then Text2.Text = ""
Text1.Text = Load("DllPath", "Box1")
If Text1.Text = Check Then Text1.Text = ""



Feito isso vamos proceguir.

2° Adicione os CommandButton e dê o nome De :

Command1 = cmdInjetar
Command2 = cmdprocurar
Command3 = cmdprocurar2



Agora Adicione o Seguinte Código no "cmdInjetar"

If ExeName = 1 Then
ProsH = GetHProcExe(Text2.Text)
If ProsH = 0 Then Label1.Caption = "Cant find process!": Exit Sub
DllPath = Text1.Text
InjectDll DllPath, ProsH
Else
ProsH = FindProc(Text2.Text)
If ProsH = 0 Then Label1.Caption = "Cant find process!": Exit Sub
DllPath = Text1.Text
InjectDll DllPath, ProsH
End If



Agora Adicione os Seguintes Códigos no "cmdprocurar"

CommonDialog1.Filter = "Application|*.EXE"
CommonDialog1.ShowOpen
Text2.Text = CommonDialog1.FileTitle
Text2.SetFocus



Agora os Códigos no "cmdprocurar2"

CommonDialog1.Filter = "Library|*.DLL"
CommonDialog1.ShowOpen
Text1.Text = CommonDialog1.FileName
Text1.SetFocus



Agora Adicione o Componente Microsoft Common Dialog Control 6.0 pressionando CTRL+T, e Declare o Segunte Código :

Private Declare Function GetAsyncKeyState Lib "USER32" (ByVal vKey As Long) As Integer
Dim Content As String
Dim DllPath As String



Agora feito isso Adicione um Timer e ponhe o seguinte código :

keyresult = GetAsyncKeyState(96)
If keyresult = -32767 Then
If ExeName = 1 Then
ProsH = GetHProcExe(Text2.Text)
If ProsH = 0 Then Label1.Caption = "Cant find process!": Exit Sub
DllPath = Text1.Text
InjectDll DllPath, ProsH
Else
ProsH = FindProc(Text2.Text)
If ProsH = 0 Then Label1.Caption = "Cant find process!": Exit Sub
DllPath = Text1.Text
InjectDll DllPath, ProsH
End If
End If



Agora Adicione as Label e dê o nome no Caption de "Processo.EXE" e "DLL Patch"

Adicione os 2 "Option" e para o "Option0" Mude o Nome do Caption para "Nome EXE" e ponhe o seguinte código:

Private Sub Option0_Click(Index As Integer)
Select Case Index
Case 0
Label4.Caption = "Process EXE name:"
Command3.Enabled = True
ExeName = 1
Case 1
Label4.Caption = "Process Window Name:"
Command3.Enabled = False
ExeName = 2
End Select
End Sub



No "Option1" de o nome do Caption para "Nome da Janela" e adicione o código abaixo:

Private Sub Option1_Click(Index As Integer)
Select Case Index
Case 0
Label4.Caption = "Process EXE name:"
Command3.Enabled = True
ExeName = 1
Case 1
Label4.Caption = "Process Window Name:"
Command3.Enabled = False
ExeName = 2
End Select
End Sub



Declare também esse Código em Sua "Form"

Private Sub Form_Unload(Cancel As Integer)
Call Save("HProcess", "Box2", Text2.Text)
Call Save("DllPath", "Box1", Text1.Text)
End Sub



Adicione mais 2 Label e de o Nome do Caption para : "Status da Injeção" e "Esperando..."

Agora Adicione 3 Modules e renomeias para :

Module1 = DllInjector
Module2 = modGetHProcExe
Module3 = SaveSets



Adicione os seguintes Códigos no Module "DllInjector"

'VB DLL injector
'By RodrigoEviL

'All the shit it takes to make VB to inject dlls...
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal fAllocType As Long, FlProtect As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal ProcessHandle As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Any, ByVal lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadID As Long) As Long
Public ProsH As Long

'The Injection Function
Public Function InjectDll(DllPath As String, ProsH As Long)
Dim DLLVirtLoc As Long, DllLength, Inject As Long, LibAddress As Long
Dim CreateThread As Long, ThreadID As Long

'STEP 1 - The easy part...Putting the bitch in the process' memory
Form1.Label1.Caption = "Injecting......"
'Find a nice spot for your DLL to chill using VirtualAllocEx
DllLength = Len(DllPath)
DLLVirtLoc = VirtualAllocEx(ProsH, ByVal 0, DllLength, &H1000, ByVal &H4)
If DLLVirtLoc = 0 Then Form1.Label1.Caption = "VirtualAllocEx API failed!": Exit Function
'Inject the Dll into that spot
Inject = WriteProcessMemory(ProsH, DLLVirtLoc, ByVal DllPath, DllLength, vbNull)
If Inject = 0 Then Form1.Label1.Caption = "Failed to Write DLL to Process!"
Form1.Label1.Caption = "Dll Injected...Creating Thread....."


'STEP 2 - Loading it in the process
'This is where it gets a little interesting....
'Just throwing our Dll into the process isnt going to do shit unless you
'Load it into the precess address using LoadLibrary. The LoadLibrary function
'maps the specified executable module into the address space of the
'calling process. You call LoadLibrary by using CreateRemoteThread to
'create a thread(no shit) that runs in the address space of another process.
'First we find the LoadLibrary API function and store it
LibAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
If LibAddress = 0 Then Form1.Label1.Caption = "Can't find LoadLibrary API from kernel32.dll": Exit Function
'Next, the part the took me damn near 2 hours to figure out - using CreateRemoteThread
'We set a pointer to LoadLibrary(LibAddress) in our process, LoadLibrary then puts
'our Dll(DLLVirtLoc) into the process address. Easy enough right?
CreateThread = CreateRemoteThread(ProsH, vbNull, 0, LibAddress, DLLVirtLoc, 0, ThreadID)
If CreateThread = 0 Then Form1.Label1.Caption = "Failed to Create Thead!"
Form1.Label1.Caption = "Dll Injection Successful!"
End Function



No Module2 "modGetHProcExe" Adicione o Código:

'I DID NOT CREATE THIS MODULE! Im in love with who ever did though
Public Const PROCESS_ALL_ACCESS As Long = &H1F0FFF

Option Explicit
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function FindWindow Lib "USER32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) As Long
Public Declare Function GetWindowThreadProcessId Lib "USER32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Sub CloseHandle Lib "kernel32" (ByVal hPass As Long)


Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * 260
End Type

Public Function GetHProcExe(strExeName As String) As Long
Dim hSnap As Long
'Create a snapshot of all of the processes, and information
'about them (saving the handle so we can iterate through the
'processes)
hSnap = CreateToolhelpSnapshot(2, 0)

Dim peProcess As PROCESSENTRY32
peProcess.dwSize = LenB(peProcess)

Dim nProcess As Long
nProcess = Process32First(hSnap, peProcess)

'Loop through the processes until we find the one we want
'and return its process handle
Do While nProcess
If StrComp(Trim$(peProcess.szExeFile), strExeName, vbTextCompare) _
= 0 Then
GetHProcExe = OpenProcess(PROCESS_ALL_ACCESS, False, peProcess.th32ProcessID)
Exit Function
End If
peProcess.szExeFile = vbNullString
nProcess = Process32Next(hSnap, peProcess)
Loop
CloseHandle hSnap
End Function
Public Function FindProc(ProcName As String) As Long
Dim hwnd As Long
Dim ProcessID As Long
Dim ProcessHandle As Long
hwnd = FindWindow(vbNullString, ProcName)
GetWindowThreadProcessId hwnd, ProcessID
ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessID)
FindProc = ProcessHandle
End Function



No Module3 "SaveSets" Adicione :

Declare Function WritePrivateProfileString Lib "kernel32" Alias "WritePrivateProfileStringA" (ByVal lpApplicationname As String, ByVal lpKeyName As Any, ByVal lsString As Any, ByVal lplFilename As String) As Long
Declare Function GetPrivateProfileString Lib "kernel32" Alias "GetPrivateProfileStringA" (ByVal lpApplicationname As String, ByVal lpKeyName As String, ByVal lpDefault As String, ByVal lpReturnedString As String, ByVal nSize As Long, ByVal lpFileName As String) As Long
Public Check As String

Public Function Load(Section As String, Key As String) As String
Dim lngResult As Long
Dim strFileName
Dim strResult As String * 300
strFileName = App.Path & "\sets.ini"
lngResult = GetPrivateProfileString(Section, Key, strFileName, strResult, Len(strResult), strFileName)
Check = App.Path & "\sets.ini"
Load = Trim(strResult)
End Function

Public Function Save(Section As String, Key As String, Content As String)
Dim lngResult As Long
Dim strFileName
strFileName = App.Path & "\sets.ini"
lngResult = WritePrivateProfileString(Section, Key, Content, strFileName)
End Function



Feito Tudo isso você terminou Seu Injetor de DLL's.

Tópico ótimo continue assim