[TUTOR] Simple Suspend & i3exec Injector
Diposkan oleh animator freak di 06.35 . Kamis, 06 desember 2010
Label: tips trik
Tutorial by request
Membuat Simple Suspend & i3exec Injector
Source code seadanya, tanpa error handling.
Tools: MS VB 2008
Yang gak mau repot, silahkan donlot project nya:
1. VB
2. Delphi
1. Buka VB,buat project baru (Ctrl+Shift+N)
http://www.ziddu.com/download/12845322/22059446.jpg.html
2. Buka Form1, dan tambahkan object seperti gambar di bawah
http://www.ziddu.com/download/12845351/suspend.jpg.html
3. Klik kanan pada project, pilih Add -> Module
http://www.ziddu.com/download/12845390/38813368.jpg.html
4. Copy & Paste kode dibawah di Module yg baru saja di buat
Module Module1
Public Const MEM_COMMIT = 4096
Public Const PAGE_READWRITE = 4
Public Const PROCESS_CREATE_THREAD = (&H2)
Public Const PROCESS_VM_OPERATION = (&H8)
Public Const PROCESS_VM_READ = &H10
Public Const PROCESS_VM_WRITE = (&H20)
Public Enum ThreadAccess As Integer
TERMINATE = (&H1)
SUSPEND_RESUME = (&H2)
GET_CONTEXT = (&H8)
SET_CONTEXT = (&H10)
SET_INFORMATION = (&H20)
QUERY_INFORMATION = (&H40)
SET_THREAD_TOKEN = (&H80)
IMPERSONATE = (&H100)
DIRECT_IMPERSONATION = (&H200)
End Enum
Public Declare Function OpenThread Lib "kernel32.dll" (ByVal dwDesiredAccess As ThreadAccess, ByVal bInheritHandle As Boolean, ByVal dwThreadId As UInteger) As IntPtr
Public Declare Function SuspendThread Lib "kernel32.dll" (ByVal hThread As IntPtr) As UInteger
Public Declare Function ResumeThread Lib "kernel32.dll" (ByVal hThread As IntPtr) As UInteger
Public Declare Function CloseHandle Lib "kernel32.dll" (ByVal hHandle As IntPtr) As Boolean
Public Declare Function ReadProcessMemory Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpBaseAddress As Integer, _
ByVal lpBuffer As String, _
ByVal nSize As Integer, _
ByRef lpNumberOfBytesWritten As Integer) As Integer
Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Integer
Public Declare Function VirtualAllocEx Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpAddress As Integer, _
ByVal dwSize As Integer, _
ByVal flAllocationType As Integer, _
ByVal flProtect As Integer) As Integer
Public Declare Function WriteProcessMemory Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpBaseAddress As Integer, _
ByVal lpBuffer As String, _
ByVal nSize As Integer, _
ByRef lpNumberOfBytesWritten As Integer) As Integer
Public Declare Function GetProcAddress Lib "kernel32" ( _
ByVal hModule As Integer, _
ByVal lpProcName As String) As Integer
Public Declare Function GetModuleHandle Lib "Kernel32" Alias "GetModuleHandleA" ( _
ByVal lpModuleName As String) As Integer
Public Declare Function CreateRemoteThread Lib "kernel32" ( _
ByVal hProcess As Integer, _
ByVal lpThreadAttributes As Integer, _
ByVal dwStackSize As Integer, _
ByVal lpStartAddress As Integer, _
ByVal lpParameter As Integer, _
ByVal dwCreationFlags As Integer, _
ByRef lpThreadId As Integer) As Integer
Public Declare Function OpenProcess Lib "kernel32" ( _
ByVal dwDesiredAccess As Integer, _
ByVal bInheritHandle As Integer, _
ByVal dwProcessId As Integer) As Integer
End Module
5. Kembali ke Form1, klik kanan pilih View Code
6. Skali lagi copas code dibawah
Imports System
Public Class Form1
Private prPB As Process
Private szGame As String = "POINTBLANK"
Private szDLLName As String
Private dwProcessID As Long = 0
Private dwStartAddr As Long
Private dwBuffer As Long
Private Sub SuspendProcess(ByVal process As System.Diagnostics.Process)
For Each t As ProcessThread In process.Threads
Dim th As IntPtr
th = OpenThread(ThreadAccess.SUSPEND_RESUME, False, t.Id)
If th <> IntPtr.Zero Then
SuspendThread(th)
CloseHandle(th)
End If
Next
End Sub
Private Sub ResumeProcess(ByVal process As System.Diagnostics.Process)
For Each t As ProcessThread In process.Threads
Dim th As IntPtr
th = OpenThread(ThreadAccess.SUSPEND_RESUME, False, t.Id)
If th <> IntPtr.Zero Then
ResumeThread(th)
CloseHandle(th)
End If
Next
End Sub
Private Sub Inject()
dwProcessID = OpenProcess(PROCESS_CREATE_THREAD Or PROCESS_VM_OPERATION Or PROCESS_VM_WRITE, False, prPB.Id)
dwStartAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
dwBuffer = Len(szDLLName) + 1
Dim ret As Integer
Dim dwLibAdress As Integer
dwLibAdress = VirtualAllocEx(dwProcessID, 0, dwBuffer, MEM_COMMIT, PAGE_READWRITE)
ret = WriteProcessMemory(dwProcessID, dwLibAdress, szDLLName, dwBuffer, 0)
CreateRemoteThread(dwProcessID, 0, 0, dwStartAddr, dwLibAdress, 0, 0)
CloseHandle(dwProcessID)
End Sub
Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
If (Process.GetProcessesByName(szGame).Length = 0) Then
Label1.Text = "Waiting " & szGame
Button1.Enabled = False
Button2.Enabled = False
Else
Timer1.Stop()
prPB = Process.GetProcessesByName(szGame)(0)
dwProcessID = prPB.Id
szDLLName = Mid$(prPB.MainModule.FileName, 1, Len(prPB.MainModule.FileName) - 4) & ".i3exec"
Label1.Text = "Found " & szGame
Button1.Enabled = True
Button2.Enabled = True
End If
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
If Button1.Text = "Suspend" Then
SuspendProcess(prPB)
Button1.Text = "Resume"
Else
ResumeProcess(prPB)
Button1.Text = "Suspend"
End If
End Sub
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
Inject()
End Sub
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Timer1.Interval = 100
Timer1.Start()
End Sub
'EDIT, nambahin Auto Resume pada saat firm di tutup
'--------------------------------------------------------------
Private Sub Form1_FormClosing(ByVal sender As System.Object, ByVal e As System.Windows.Forms.FormClosingEventArgs) Handles MyBase.FormClosing
If Button1.Text = "Resume" Then
ResumeProcess(prPB)
End If
End Sub
'--------------------------------------------------------------
End Class
7. Build project, Run
http://www.ziddu.com/download/12845425/29408432.jpg.html
Tidak ada komentar:
Posting Komentar