Tạo 4 module 1 timer có Interval = 999
Code bỏ vào đầu trang code :
Mã:
Code bỏ vào Form_Load :
Mã:
Code bỏ vào Timer :
Mã:
Code bỏ vào Module1:
Mã:
Code bỏ vào Module2:
Mã:
Code vào Module3:
Mã:
Code Module4:
Mã:
Code bỏ vào đầu trang code :
Mã:
- Code:
Public ProsH As Long
Public process As String
Public dllpath As String
Code bỏ vào Form_Load :
Mã:
- Code:
dllpath = App.Path "\tên dll"
process = "tên file cần injec vd : Crossfire.dat"
Call FileExist(dllpath)
Inject.Interval = 999
LoadHidden = True
Code bỏ vào Timer :
Mã:
- Code:
ProsH = GetHProcExe(process)
If ProsH > "0" Then
Call InjectDll(dllpath, ProsH)
End 'thoat
End If
Code bỏ vào Module1:
Mã:
- Code:
[color=blue]Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal fAllocType As Long, FlProtect As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal ProcessHandle As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Any, ByVal lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadID As Long) As Long
Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
'The Injection Function
Public Function InjectDll(dllpath As String, ProsH As Long)
Dim DLLVirtLoc As Long, DllLength, Inject As Long, LibAddress As Long
Dim CreateThread As Long, ThreadID As Long
'STEP 1 - The easy part...Putting the bitch in the process' memory
'Find a nice spot for your DLL to chill using VirtualAllocEx
g_virutalallocex:
DllLength = Len(dllpath)
DLLVirtLoc = VirtualAllocEx(ProsH, ByVal 0, DllLength, &H1000, ByVal &H4)
If DLLVirtLoc = 0 Then bla = MsgBox("VirtualAllocEx API failed! - try again?", vbYesNo, "ERROR")
If bla = vbYes Then GoTo g_virutalallocex
If bla = vbNo Then End
'Inject the Dll into that spot
g_writepmemory:
Inject = WriteProcessMemory(ProsH, DLLVirtLoc, ByVal dllpath, DllLength, vbNull)
If Inject = 0 Then bla = MsgBox("Failed to Write DLL to Process! - try again?", vbYesNo, "ERROR")
If bla = vbYes Then GoTo g_writepmemory
If bla = vbNo Then End
'STEP 2 - Loading it in the process
'Just throwing our Dll into the process isnt going to do sth unless you
'Load it into the precess address using LoadLibrary. The LoadLibrary function
'maps the specified executable module into the address space of the
'calling process. You call LoadLibrary by using CreateRemoteThread to
'create a thread that runs in the address space of another process.
'First we find the LoadLibrary API function and store it
g_loadlibary:
LibAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
If LibAddress = 0 Then bla = MsgBox("Can't find LoadLibrary API from kernel32.dll", vbYesNo, "ERROR")
If bla = vbYes Then GoTo g_loadlibary
If bla = vbNo Then End
'We set a pointer to LoadLibrary(LibAddress) in our process, LoadLibrary then puts
'our Dll(DLLVirtLoc) into the process address. Easy enough right?
g_creatthread:
CreateThread = CreateRemoteThread(ProsH, vbNull, 0, LibAddress, DLLVirtLoc, 0, ThreadID)
If CreateThread = 0 Then bla = MsgBox("Failed to Create Thead! - try again?", vbYesNo, "ERROR")
If bla = vbYes Then GoTo g_creatthread
If bla = vbNo Then End
End Function
Code bỏ vào Module2:
Mã:
- Code:
[color=blue]Public Function FileExist(FileName As String) As Boolean
Dim found As String
FileExist = False
found = VBA.Dir(FileName)
If Len(found) = 0 Then
MsgBox "Khong Tim Thay File DLL"
End
End If
End Function[/color]
Code vào Module3:
Mã:
- Code:
[color=blue]Public Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Option Explicit
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function FindWindow Lib "USER32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) As Long
Public Declare Function GetWindowThreadProcessId Lib "USER32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Sub CloseHandle Lib "kernel32" (ByVal hPass As Long)
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * 260
End Type
Public Function GetHProcExe(strExeName As String) As Long
Dim hSnap As Long
'Create a snapshot of all of the processes, and information
'about them (saving the handle so we can iterate through the
'processes)
hSnap = CreateToolhelpSnapshot(2, 0)
Dim peProcess As PROCESSENTRY32
peProcess.dwSize = LenB(peProcess)
Dim nProcess As Long
nProcess = Process32First(hSnap, peProcess)
'Loop through the processes until we find the one we want
'and return its process handle
Do While nProcess
If StrComp(Trim$(peProcess.szExeFile), strExeName, vbTextCompare) _
= 0 Then
GetHProcExe = OpenProcess(PROCESS_ALL_ACCESS, False, peProcess.th32ProcessID)
Exit Function
End If
peProcess.szExeFile = vbNullString
nProcess = Process32Next(hSnap, peProcess)
Loop
CloseHandle hSnap
End Function[/color]
Code Module4:
Mã:
- Code:
Declare Function WritePrivateProfileString Lib "kernel32" Alias "WritePrivateProfileStringA" (ByVal lpApplicationname As String, ByVal lpKeyName As Any, ByVal lsString As Any, ByVal lplFilename As String) As Long
Declare Function GetPrivateProfileString Lib "kernel32" Alias "GetPrivateProfileStringA" (ByVal lpApplicationname As String, ByVal lpKeyName As String, ByVal lpDefault As String, ByVal lpReturnedString As String, ByVal nSize As Long, ByVal lpFileName As String) As Long
Public Check As String
Public Function Load(Section As String, Key As String) As String
Dim lngResult As Long
Dim strFileName
Dim strResult As String * 300
strFileName = App.Path & "\sets.ini"
lngResult = GetPrivateProfileString(Section, Key, strFileName, strResult, Len(strResult), strFileName)
Check = App.Path & "\sets.ini"
Load = Trim(strResult)
End Function
Public Function Save(Section As String, Key As String, Content As String)
Dim lngResult As Long
Dim strFileName
strFileName = App.Path & "\sets.ini"
lngResult = WritePrivateProfileString(Section, Key, Content, strFileName)