Tu comunidad de Seguridad Informatica

Para ver Todo el contenido del foro es necesario estar Registrado!
Antes de comentar o Aportar es Obligado Leer Las: Reglas | Rules
Ya Esta Disponible al publico "LeProject" el Videojuego del Foro Click Aquí Para Ver el Post.
Pitbull Security Labs "Extras" Esta Disponible! [ENTRA]

No estás conectado. Conéctate o registrate

Ver el tema anterior Ver el tema siguiente Ir abajo  Mensaje [Página 1 de 1.]

avatar
Administrador
Administrador

Ver perfil de usuario http://www.pitbullsecurity.org
el Dom Nov 14, 2010 3:58 pm

Código:
'***********************************
'** Inyeccion Dll By Drinky94    **
'** Fecha: 16- Junio - 2010      **
'***********************************
Option Explicit

Private Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Const SYNCHRONIZE As Long = &H100000
Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Const MEM_COMMIT As Long = &H1000
Const PAGE_READWRITE As Long = &H4

Public Function Inyectar(Ruta As String, NameWindow As String, RutaDll As String) As Boolean
    On Error GoTo Error
    Dim IdWin As Long
    Dim IdProc As Long
    Dim ProcMan As Long
    Dim EsMe As Long
    Dim NBytes As Long
    Dim Fun As Long
    Dim IdHil As Long
    ShellExecute 0, "open", Ruta, 0, 0, 0
    Sleep (10000)
    IdWin = FindWindow(vbNullString, NameWindow)
    If IdWin = 0 Then GoTo Error
    GetWindowThreadProcessId IdWin, IdProc
    If IdProc = 0 Then GoTo Error
    ProcMan = OpenProcess(PROCESS_ALL_ACCESS, False, IdProc)
    Debug.Print Err.LastDllError
    If ProcMan = 0 Then GoTo Error
    EsMe = VirtualAllocEx(ProcMan, 0, Len(RutaDll), MEM_COMMIT, PAGE_READWRITE)
    Debug.Print Err.LastDllError
    WriteProcessMemory ProcMan, ByVal EsMe, ByVal RutaDll, Len(RutaDll), NBytes
    Fun = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
    CreateRemoteThread ProcMan, ByVal 0, 0, ByVal Fun, ByVal EsMe, 0, IdHil
    CloseHandle ProcMan
    Inyectar = True
    Exit Function
Error:
    MsgBox "Error al inyectar la DLL", vbCritical, "Error"
    Inyectar = False
End Function

Para llamarlo desde un modulo:
Código:
Sub main()
Dim retorno As Boolean
retorno = Inyectar("c:\windows\system32\calc.exe", "Calculadora", "C:\fary.dll")
If retorno = 0 Then
MsgBox "La Dll no se pudo inyectar"
Else
MsgBox "La Dll se a inyectado con Exito"
End If
End Sub


Gracias a: Drinky94


___________________
Admin: Pitbull Security Labs , Colaborador: Indetectables , Moderador: Level-23

Banned
Banned

Ver perfil de usuario
el Vie Mar 11, 2011 5:10 pm
gracias amogo

avatar
Usuario
Usuario

Ver perfil de usuario
el Sáb Mar 12, 2011 9:12 am
[Tienes que estar registrado y conectado para ver este vínculo] escribió:gracias amogo

No revivas post antiguos a menos que tengas algo importante que aportar.

Reglas del foro escribió:•Prohibido Revivir post de mas de 30 días,estos ya se consideran Antiguos.

4Contenido patrocinado 



Ver el tema anterior Ver el tema siguiente Volver arriba  Mensaje [Página 1 de 1.]

Permisos de este foro:
No puedes responder a temas en este foro.