[零基礎VB外掛] Inject Dll & Pass CRC《注入函數》

很久以前的東西了...也不是我寫得這樣

Inject Dll & Pass CRC《注入函數》

模組:modInject

調用方法:

Public Const PROCESS_VM_READ = &H10
Public Const TH32CS_SNAPPROCESS = &H2
Public Const MEM_COMMIT = 4096
Public Const MEM_DECOMMIT = &H4000
Public Const PAGE_READWRITE = 4
Public Const PROCESS_CREATE_THREAD = (&H2)
Public Const PROCESS_VM_OPERATION = (&H8)
Public Const PROCESS_VM_WRITE = (&H20)
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Public Const INFINITE = &HFFFF

Public Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Public Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long

Public Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Public Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Public Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Public Declare Function Process32Next Lib "kernel32" (ByVal hSapshot As Long, lppe As PROCESSENTRY32) As Long

Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long

Public Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Public Declare Function GetExitCodeThread Lib "kernel32" (ByVal hThread As Long, lpExitCode As Long) As Long

Public Type PROCESSENTRY32
    dwSize              As Long
    cntUseage           As Long
    th32ProcessID       As Long
    th32DefaultHeapID   As Long
    th32ModuleID        As Long
    cntThreads          As Long
    th32ParentProcessID As Long
    pcPriClassBase      As Long
    swFlags             As Long
    szExeFile           As String * 1024
End Type

Public Sub Inject(myDll As String)
Dim MySnapHandle            As Long
Dim ProcessInfo             As PROCESSENTRY32
Dim MyRemoteProcessId       As Long
Dim MyDllFileName           As String
Dim MyDllFileLength         As Long
Dim MyDllFileBuffer         As Long
Dim MyAddr                  As Long
Dim MyReturn                As Long

MySnapHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
ProcessInfo.dwSize = Len(ProcessInfo)
If Process32First(MySnapHandle, ProcessInfo) <> 0 Then
Do
     If InStr(ProcessInfo.szExeFile, "MapleStory.exe") > 0 Then
         MyDllFileName = App.Path & "\" & IIf(LCase(Right(myDll, 4)) = ".dll", myDll, myDll & ".dll")
         MyDllFileLength = LenB(StrConv(MyDllFileName, vbFromUnicode)) + 1
         MyRemoteProcessId = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessInfo.th32ProcessID)
         If MyRemoteProcessId = 0 Then MsgBox "OpenProcess Error"
         MyDllFileBuffer = VirtualAllocEx(MyRemoteProcessId, 0, MyDllFileLength, MEM_COMMIT, PAGE_READWRITE)
         If MyDllFileBuffer = 0 Then MsgBox "VirtualAllocEx Error"
         MyReturn = WriteProcessMemory(MyRemoteProcessId, MyDllFileBuffer, ByVal (MyDllFileName), MyDllFileLength, 0)
         If MyReturn = 0 Then MsgBox "WriteProcessMemory Error"
         MyAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
         If MyAddr = 0 Then MsgBox "GetProcAddress Error"
         MyResult = CreateRemoteThread(MyRemoteProcessId, 0, 0, MyAddr, MyDllFileBuffer, 0, 0)
         If MyResult = 0 Then MsgBox "error CreateRemoteThread"
         CloseHandle MyResult
         CloseHandle MyRemoteProcessId
     End If
Loop While Process32Next(MySnapHandle, ProcessInfo) <> 0
End If
CloseHandle MySnapHandle
End Sub