Ir para conteúdo
Faça parte da equipe! (2024) ×
Conheça nossa Beta Zone! Novas áreas a caminho! ×
  • Quem está por aqui   0 membros estão online

    • Nenhum usuário registrado visualizando esta página.

[Source] ProcessVisivel [Delphi] De Como Deixa Process Visivel


 Compartilhar

Posts Recomendados

Olá, Hoje venho postar uma dll que deixa o processo visivel e também a source

 

Dowlaod :

É necessário se cadastrar para acessar o conteúdo.

 

Scan :

É necessário se cadastrar para acessar o conteúdo.

 

Eu nem coloquei proteção na dll, pós vou postar a source, existe várias formas de deixar o processos visivel.

Procure programas com o nome : " KERNEL HOOK " você vai encontrar vários programas que deixe o processo visivel.

 

Criação Manual :

 

Declare nas uses;

 

Código:

 

uses

SysUtils,

windows,

Classes;

 

em baixo de {$R *.res} coloque o code;

 

Código:

 

function UnhookExport(hModule: HMODULE; FunctionName: pchar): boolean;

type

TSections = array [0..0] of TImageSectionHeader;

var

ModuleName: pchar;

ImageBase, LoadedImage, pImageBase, pSectionBase: pointer;

Module: THandle;

ModuleSize, BytesRead: dword;

ImageDosHeader: PImageDosHeader;

ImageNtHeaders: PImageNtHeaders;

ImageExportDirectory: PImageExportDirectory;

ExportLoop: integer;

ExportName: pchar;

ExportFunction: pointer;

PNames: pdword;

PFunctions: pdword;

PSections: ^TSections;

SectionLoop: integer;

SectionBase: pointer;

VirtualSectionSize, RawSectionSize: dword;

LoadedAddress: pbyte;

ExportedAddress: pbyte;

OldProtection: dword;

CodeLen: dword;

begin

Result := False;

GetMem(ModuleName, MAX_PATH + 1);

GetModuleFileName(hModule, ModuleName, MAX_PATH + 1);

ExportedAddress := nil;

LoadedAddress := nil;

Module := CreateFile(ModuleName, GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, 0, 0);

SetFilePointer(Module, 0, nil, FILE_BEGIN);

ModuleSize := GetFileSize(Module, nil);

GetMem(LoadedImage, ModuleSize);

ReadFile(Module, LoadedImage^, ModuleSize, BytesRead, nil);

CloseHandle(Module);

ImageDosHeader := PImageDosHeader(LoadedImage);

ImageNtHeaders := PImageNtHeaders(cardinal(ImageDosHeader.e_lfanew) + cardinal(LoadedImage));

ImageBase := VirtualAlloc(nil, ImageNtHeaders.OptionalHeader.SizeOfImage, MEM_RESERVE, PAGE_NOACCESS);

pImageBase := ImageBase;

SectionBase := VirtualAlloc(ImageBase, ImageNtHeaders.OptionalHeader.SizeOfHeaders, MEM_COMMIT, PAGE_READWRITE);

pSectionBase := SectionBase;

Move(LoadedImage^, SectionBase^, ImageNtHeaders.OptionalHeader.SizeOfHeaders);

PSections := pointer(pchar(@(ImageNtHeaders.OptionalHeader)) + ImageNtHeaders.FileHeader.SizeOfOptionalHeader);

for SectionLoop := 0 to ImageNtHeaders.FileHeader.NumberOfSections - 1 do

begin

VirtualSectionSize := PSections[sectionLoop].Misc.VirtualSize;

RawSectionSize := PSections[sectionLoop].SizeOfRawData;

if VirtualSectionSize < RawSectionSize then VirtualSectionSize := RawSectionSize;

SectionBase := VirtualAlloc(PSections[sectionLoop].VirtualAddress + pchar(ImageBase), VirtualSectionSize, MEM_COMMIT, PAGE_READWRITE);

FillChar(SectionBase^, VirtualSectionSize, 0);

Move(pointer(cardinal(LoadedImage) + PSections[sectionLoop].PointerToRawData)^, SectionBase^, RawSectionSize);

VirtualFree(SectionBase, 0, MEM_RELEASE);

end;

ImageExportDirectory := PImageExportDirectory(ImageNtHeaders.OptionalHeader.DataDirectory[iMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + cardinal(ImageBase));

PNames := pointer(cardinal(ImageExportDirectory.AddressOfNames) + cardinal(ImageBase));

PFunctions := pointer(cardinal(ImageExportDirectory.AddressOfFunctions) + cardinal(ImageBase));

for ExportLoop := 0 to ImageExportDirectory.NumberOfNames - 1 do

begin

ExportName := pchar(pdword(PNames)^ + cardinal(ImageBase));

ExportFunction := pointer(pdword(PFunctions)^ + cardinal(ImageBase));

if lstrcmpi(ExportName, FunctionName) = 0 then

begin

LoadedAddress := ExportFunction;

Break;

end;

Inc(PNames);

Inc(PFunctions);

end;

ImageBase := pointer(GetModuleHandle(ModuleName));

ImageDosHeader := PImageDosHeader(ImageBase);

ImageNtHeaders := PImageNtHeaders(cardinal(ImageDosHeader.e_lfanew) + cardinal(ImageBase));

ImageExportDirectory := PImageExportDirectory(ImageNtHeaders.OptionalHeader.DataDirectory[iMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + cardinal(ImageBase));

PNames := pointer(cardinal(ImageExportDirectory.AddressOfNames) + cardinal(ImageBase));

PFunctions := pointer(cardinal(ImageExportDirectory.AddressOfFunctions) + cardinal(ImageBase));

for ExportLoop := 0 to ImageExportDirectory.NumberOfNames - 1 do

begin

ExportName := pchar(pdword(PNames)^ + cardinal(ImageBase));

ExportFunction := pointer(pdword(PFunctions)^ + cardinal(ImageBase));

if lstrcmpi(ExportName, FunctionName) = 0 then

begin

ExportedAddress := ExportFunction;

Break;

end;

Inc(PNames);

Inc(PFunctions);

end;

if ((LoadedAddress <> nil) and (ExportedAddress <> nil)) then

begin

if ((ExportedAddress^ <> 0) and (LoadedAddress^ <> 0) and (ExportedAddress^ <> LoadedAddress^)) then

begin

Result := True;

WriteLn('Unhooking ', FunctionName, '...');

WriteLn('');

CodeLen := SizeOfProc(LoadedAddress);

VirtualProtect(ExportedAddress, CodeLen, PAGE_EXECUTE_READWRITE, @OldProtection);

CopyMemory(ExportedAddress, LoadedAddress, CodeLen);

VirtualProtect(ExportedAddress, CodeLen, OldProtection, @OldProtection);

end;

end;

FreeMem(ModuleName);

FreeMem(LoadedImage);

VirtualFree(pImageBase, 0, MEM_RELEASE);

VirtualFree(pSectionBase, 0, MEM_RELEASE);

end;

 

function CheckExports(ImageBase: pointer; ImageExportDirectory: PImageExportDirectory): boolean;

var

ExportLoop: integer;

ExportName: pchar;

PNames: pdword;

HooksFound: boolean;

begin

Result := False;

PNames := pointer(cardinal(ImageExportDirectory.AddressOfNames) + cardinal(ImageBase));

for ExportLoop := 0 to ImageExportDirectory.NumberOfNames - 1 do

begin

ExportName := pchar(pdword(PNames)^ + cardinal(ImageBase));

HooksFound := UnhookExport(HMODULE(ImageBase), ExportName);

if HooksFound = True then Result := True;

Inc(PNames);

end;

end;

 

procedure RemoveUserHooks;

var

ImageBase: pointer;

ImageDosHeader: PImageDosHeader;

ImageNtHeaders: PImageNtHeaders;

ImageExportDirectory: PImageExportDirectory;

begin

ImageBase := pointer(GetModuleHandle('kernel32'));

ImageDosHeader := PImageDosHeader(ImageBase);

ImageNtHeaders := PImageNtHeaders(cardinal(ImageDosHeader.e_lfanew) + cardinal(ImageBase));

ImageExportDirectory := PImageExportDirectory(ImageNtHeaders.OptionalHeader.DataDirectory[iMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + cardinal(ImageBase));

if ImageExportDirectory <> ImageBase then

begin

if ImageExportDirectory.NumberOfNames <> 0 then

begin

if not CheckExports(ImageBase, ImageExportDirectory) then WriteLn('Falha!);

end;

end;

end;

end.

 

Pronto, agora só compila com a tecla " F9 "

Link para o comentário
Compartilhar em outros sites

Este tópico está impedido de receber novos posts.
 Compartilhar

×
×
  • Criar Novo...

Informação Importante

Nós fazemos uso de cookies no seu dispositivo para ajudar a tornar este site melhor. Você pode ajustar suas configurações de cookies , caso contrário, vamos supor que você está bem para continuar.