[零基礎VB外掛] Inject Dll & Pass CRC《注入函數》

作者: knowlet -
很久以前的東西了...也不是我寫得這樣

Inject Dll & Pass CRC《注入函數》

模組:modInject

調用方法:
Public Const PROCESS_VM_READ = &H10
Public Const TH32CS_SNAPPROCESS = &H2
Public Const MEM_COMMIT = 4096
Public Const MEM_DECOMMIT = &H4000
Public Const PAGE_READWRITE = 4
Public Const PROCESS_CREATE_THREAD = (&H2)
Public Const PROCESS_VM_OPERATION = (&H8)
Public Const PROCESS_VM_WRITE = (&H20)
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Public Const INFINITE = &HFFFF

Public Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Public Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long

Public Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Public Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Public Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Public Declare Function Process32Next Lib "kernel32" (ByVal hSapshot As Long, lppe As PROCESSENTRY32) As Long

Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long

Public Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Public Declare Function GetExitCodeThread Lib "kernel32" (ByVal hThread As Long, lpExitCode As Long) As Long

Public Type PROCESSENTRY32
    dwSize              As Long
    cntUseage           As Long
    th32ProcessID       As Long
    th32DefaultHeapID   As Long
    th32ModuleID        As Long
    cntThreads          As Long
    th32ParentProcessID As Long
    pcPriClassBase      As Long
    swFlags             As Long
    szExeFile           As String * 1024
End Type

Public Sub Inject(myDll As String)
Dim MySnapHandle            As Long
Dim ProcessInfo             As PROCESSENTRY32
Dim MyRemoteProcessId       As Long
Dim MyDllFileName           As String
Dim MyDllFileLength         As Long
Dim MyDllFileBuffer         As Long
Dim MyAddr                  As Long
Dim MyReturn                As Long

MySnapHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
ProcessInfo.dwSize = Len(ProcessInfo)
If Process32First(MySnapHandle, ProcessInfo) <> 0 Then
Do
     If InStr(ProcessInfo.szExeFile, "MapleStory.exe") > 0 Then
         MyDllFileName = App.Path & "\" & IIf(LCase(Right(myDll, 4)) = ".dll", myDll, myDll & ".dll")
         MyDllFileLength = LenB(StrConv(MyDllFileName, vbFromUnicode)) + 1
         MyRemoteProcessId = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessInfo.th32ProcessID)
         If MyRemoteProcessId = 0 Then MsgBox "OpenProcess Error"
         MyDllFileBuffer = VirtualAllocEx(MyRemoteProcessId, 0, MyDllFileLength, MEM_COMMIT, PAGE_READWRITE)
         If MyDllFileBuffer = 0 Then MsgBox "VirtualAllocEx Error"
         MyReturn = WriteProcessMemory(MyRemoteProcessId, MyDllFileBuffer, ByVal (MyDllFileName), MyDllFileLength, 0)
         If MyReturn = 0 Then MsgBox "WriteProcessMemory Error"
         MyAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
         If MyAddr = 0 Then MsgBox "GetProcAddress Error"
         MyResult = CreateRemoteThread(MyRemoteProcessId, 0, 0, MyAddr, MyDllFileBuffer, 0, 0)
         If MyResult = 0 Then MsgBox "error CreateRemoteThread"
         CloseHandle MyResult
         CloseHandle MyRemoteProcessId
     End If
Loop While Process32Next(MySnapHandle, ProcessInfo) <> 0
End If
CloseHandle MySnapHandle
End Sub

留言

張貼留言

本月最夯

偷用電腦,怎知?事件檢視器全記錄!(開機時間、啟動項時間...)

作者: knowlet -
圖片
想知道你的電腦在你不使用的時候是否被開機過嗎?小朋友是不是趁家長不在家的時候偷偷完電腦啊?常常懷疑家裡或公司的電腦被人偷偷開來亂弄東西,可以用下面的方法檢查一下電腦在什麼時候有被開機、登入使用過。 Windows 系統裡的「事件檢視器」會紀錄很多電腦的相關資訊,包含什麼時候開機、登入、登出,或者系統發生哪些錯誤或其他的特殊事件等等,通通會紀錄在「事件檢視器」的日誌中。如果你只是想知道電腦什麼時候開機過的話,可以很輕易的從「事件檢視器」裡查到電腦確實的開機、關機時間。
閱讀完整內容

[Chrome] 不用任何擴充功能,Chrome 內建開發者工具讓您輕鬆下載任何影片!

作者: knowlet -
圖片
此招急其凶狠,初新者莫學  (開玩笑地 現在線上影音及其發達,各種影片下載手法層出不窮,本站曾介紹過: [JS] 取得伊莉影片區的影片下載網址 如何下載 Youtube 影片?Youtube Downloader! [JS] Facebook 影片一鍵下載,按一下即可! 但是難道遇到不同網站就得找新的下載器、擴充功能或是重寫JS嘛!?現在要分享一個必殺技(?)其實就跟那些萬用影片下載器原理差不多,把這招學起來以後都不用下載那些軟體、擴充功能了(前提是你用 Chrome,其他沒試過) 目前試過知名線上影音分享:Youtube、FC2、Nico Nico、Eyny Video (依莉)、Tudou (土豆)、Facebook,都可以使用...
閱讀完整內容