幽灵屋DLL注入卸载工具【源码+程序】
;*************************************************;CopyRight@GhostHand
;*************************************************
.386
.model flat,stdcall
option casemap:none
;*************************************************
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
include advapi32.inc
includelib advapi32.lib
include comdlg32.inc
includelib comdlg32.lib
include shell32.inc
includelib shell32.lib
include into.inc
;*************************************************
.data?
hInstance dd?
hWinMain dd?
lpLoadLibrary dd?
lpFreeLibrary dd?
hProcess dd?
lpDllName dd?
szDllName db MAX_PATH dup (?)
.const
szText db'[幽灵屋论坛]:www.ghostasm.com',0
szCaption db'Message',0
szSetDebugdb'SeDebugPrivilege',0
szATPErr db':Error!!',0
szLPVErr db':Error!',0
szOPTErr db':Error!',0
szFilter db'Dll Files(*.dll)',0,'*.dll',0,0
szOpenCaption db'Select a dll',0
szOD db':请选择Dll文件!',0
szDllKernel db'Kernel32.dll',0
szLoadLibrary db'LoadLibraryA',0
szFreeLibrary db'FreeLibraryAndExitThread',0
szCRTErr db':Error!',0
szVAEErr db':Error!',0
szOPErr db':Error!',0
szCRTOk db':Success!',0
szEmail db'mailto:admin@ghostasm.com',0
szNtDll db'ntdll.dll',0
szNtQueryInformationThreaddb'NtQueryInformationThread',0
.code
_SetWinPosproc _hWnd
LOCAL x_screen:dword
LOCAL y_screen:dword
LOCAL rtWinMain:RECT
invoke GetSystemMetrics,SM_CXSCREEN
mov edx,0
mov cx,2
div cx ;商在ax中,余数在dx中
mov x_screen,eax
invoke GetSystemMetrics,SM_CYSCREEN
mov edx,0
mov cx,2
div cx
mov y_screen,eax
invoke GetWindowRect,_hWnd,addr rtWinMain
mov edx,0
mov eax,rtWinMain.right
mov cx,2
div cx
mov edx,x_screen
sub edx,eax
mov x_screen,edx
mov edx,0
mov eax,rtWinMain.bottom
mov cx,2
div cx
mov edx,y_screen
sub edx,eax
mov y_screen,edx
invoke SetWindowPos,_hWnd,NULL,x_screen,y_screen,NULL,NULL,SWP_NOSIZE
ret
_SetWinPos endp
_EnableDebug proc
LOCAL hToken:dword
LOCAL tkp:TOKEN_PRIVILEGES
LOCAL @luid:LUID
invoke GetCurrentProcess
lea ebx,hToken
invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,ebx
.if eax
invoke LookupPrivilegeValue,NULL,offset szSetDebug,addr tkp.Privileges.Luid
.if eax
mov tkp.PrivilegeCount,1
mov tkp.Privileges.Attributes,SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges,hToken, FALSE,addr tkp,sizeof tkp,NULL,NULL
.if !eax
invoke CloseHandle,hToken
invoke MessageBox,hWinMain,offset szATPErr,offset szCaption,MB_OK
.endif
.else
invoke CloseHandle,hToken
invoke MessageBox,hWinMain,offset szLPVErr,offset szCaption,MB_OK
.endif
.else
invoke MessageBox,hWinMain,offset szOPTErr,offset szCaption,MB_OK
.endif
ret
_EnableDebug endp
_OpenDll proc
LOCAL @stOF:OPENFILENAME
invoke RtlZeroMemory,addr @stOF,sizeof @stOF
mov @stOF.lStructSize,sizeof @stOF
push hWinMain
pop@stOF.hwndOwner
mov @stOF.lpstrFilter,offset szFilter
mov @stOF.lpstrFile,offset szDllName
mov @stOF.nMaxFile,MAX_PATH
mov @stOF.Flags,OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST
mov @stOF.lpstrTitle,offset szOpenCaption
invoke GetOpenFileName,addr @stOF
.if eax
invoke SetDlgItemText,hWinMain,IDC_DLLPATH,offset szDllName
.endif
ret
_OpenDll endp
_GetProcessList proc _hWnd
LOCAL @stProcess:PROCESSENTRY32
LOCAL @hSnapShot
invoke RtlZeroMemory,addr @stProcess,sizeof @stProcess
invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_RESETCONTENT,0,0
mov @stProcess.dwSize,sizeof @stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
mov @hSnapShot,eax
invoke Process32First,@hSnapShot,addr @stProcess
.while eax
invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_ADDSTRING,0,addr @stProcess.szExeFile
invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_SETITEMDATA,eax,@stProcess.th32ProcessID
invoke Process32Next,@hSnapShot,addr @stProcess
.endw
invoke CloseHandle,@hSnapShot
ret
_GetProcessList endp
_GetModelList proc _dwProcessId,_hWnd,_hModule
LOCAL @stModule:MODULEENTRY32
LOCAL @hSnapShot
LOCAL @ModuleSize
mov @ModuleSize,0
invoke RtlZeroMemory,addr @stModule,sizeof @stModule
invoke SendDlgItemMessage,_hWnd,IDC_MODELLIST,LB_RESETCONTENT,0,0
mov @stModule.dwSize,sizeof @stModule
invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,_dwProcessId;枚举进程模块
mov @hSnapShot,eax
invoke Module32First,@hSnapShot,addr @stModule
.whileeax
mov eax,_hModule
.if eax == @stModule.modBaseAddr
push @stModule.modBaseSize
pop@ModuleSize
.endif
invoke SendDlgItemMessage,_hWnd,IDC_MODELLIST,LB_ADDSTRING,0,addr @stModule.szModule
invoke SendDlgItemMessage,_hWnd,IDC_MODELLIST,LB_SETITEMDATA,eax,@stModule.modBaseAddr
invoke Module32Next,@hSnapShot,addr @stModule
.endw
invoke CloseHandle,@hSnapShot
mov eax,@ModuleSize
ret
_GetModelList endp
_KillThread proc _ProcessId,_lpModelBase,dwModelSize
LOCAL @stThread:THREADENTRY32
LOCAL @hSnapShot
LOCAL @hThread
LOCAL @NtQueryInformationThread
LOCAL @ThreadBase
invoke GetModuleHandle,offset szNtDll
invoke GetProcAddress,eax,offset szNtQueryInformationThread
mov @NtQueryInformationThread,eax
invoke RtlZeroMemory,addr @stThread,sizeof @stThread
mov @stThread.dwSize,sizeof @stThread
invoke CreateToolhelp32Snapshot,TH32CS_SNAPTHREAD,_ProcessId
mov @hSnapShot,eax
invoke Thread32First,@hSnapShot,addr @stThread
.whileeax
invoke OpenThread,THREAD_ALL_ACCESS,FALSE,@stThread.th32ThreadID
mov @hThread,eax
lea edx,@ThreadBase
mov ecx,@NtQueryInformationThread
push NULL
push 4h
push edx
push 9
push @hThread
call ecx
mov eax,@ThreadBase
sub eax,_lpModelBase
.if (eax < dwModelSize) || (eax == dwModelSize)
invoke TerminateThread,@hThread,0
.endif
invoke CloseHandle,@hThread
invoke Thread32Next,@hSnapShot,addr @stThread
.endw
invoke CloseHandle,@hSnapShot
ret
_KillThread endp
_Into proc dwProcessId,_hWnd
LOCAL @hThread
invoke GetModuleHandle,offset szDllKernel
invoke GetProcAddress,eax,offset szLoadLibrary
mov lpLoadLibrary,eax
invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_GETCURSEL,0,0
invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_GETITEMDATA,eax,0
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,eax
.if eax
mov hProcess,eax
invoke lstrlen,offset szDllName
inc eax
invoke VirtualAllocEx,hProcess,NULL,eax,MEM_COMMIT,PAGE_READWRITE
.if eax
mov lpDllName,eax
;将DLL路径写入目标进程
invoke lstrlen,offset szDllName
inc eax
invoke WriteProcessMemory,hProcess,lpDllName,offset szDllName,eax,NULL
invoke CreateRemoteThread,hProcess,NULL,0,lpLoadLibrary,lpDllName,0,NULL
.if eax
mov @hThread,eax
invoke WaitForSingleObject,eax,INFINITE;等待线程执行
invoke CloseHandle,@hThread
invoke SetDlgItemText,hWinMain,IDC_MSG,offset szCRTOk
.else
invoke SetDlgItemText,hWinMain,IDC_MSG,offset szCRTErr
.endif
invoke lstrlen,offset szDllName
inc eax
invoke VirtualFreeEx,hProcess,lpDllName,eax,MEM_DECOMMIT
.else
invoke SetDlgItemText,hWinMain,IDC_MSG,offset szVAEErr
.endif
invoke CloseHandle,hProcess
.else
invoke SetDlgItemText,hWinMain,IDC_MSG,offset szOPErr
.endif
ret
_Into endp
_Out proc _dwProcessId,_Model
LOCAL @dwHandle:dword
LOCAL @hThread:dword
invoke GetModuleHandle,offset szDllKernel
invoke GetProcAddress,eax,offset szFreeLibrary
mov lpFreeLibrary,eax
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,_dwProcessId ;打开Services.exe的进程
.if eax
mov hProcess,eax
invoke _GetModelList,_dwProcessId,hWinMain,_Model
invoke _KillThread,_dwProcessId,_Model,eax
invoke CreateRemoteThread,hProcess,NULL,0,lpFreeLibrary,_Model,0,NULL
.if eax
mov @hThread,eax
invoke WaitForSingleObject,eax,INFINITE
invoke CloseHandle,@hThread
invoke SetDlgItemText,hWinMain,IDC_MSG,offset szCRTOk
.else
invoke SetDlgItemText,hWinMain,IDC_MSG,offset szCRTErr
.endif
invoke CloseHandle,hProcess
.else
invoke SetDlgItemText,hWinMain,IDC_MSG,offset szOPErr
.endif
ret
_Out endp
_MainThread proc uses edi esi hWnd,uMsg,wParam,lParam
LOCAL @dwProcessId
mov eax,uMsg
.if eax == WM_COMMAND
mov eax,wParam
.if ax == IDC_DLL
call _OpenDll
.elseif ax ==IDC_PROCESSLIST
shr eax,16
.if ax == LBN_SELCHANGE
invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETCURSEL,0,0
invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETITEMDATA,eax,0
invoke _GetModelList,eax,hWnd,0
invoke GetDlgItem,hWnd,IDC_OUT
invoke EnableWindow,eax,FALSE
invoke SendDlgItemMessage,hWnd,IDC_MODELLIST,LB_GETCOUNT,0,0
.if eax == 0
invoke GetDlgItem,hWnd,IDC_IN
invoke EnableWindow,eax,FALSE
.else
invoke GetDlgItem,hWnd,IDC_IN
invoke EnableWindow,eax,TRUE
.endif
.endif
.elseif ax ==IDC_MODELLIST
shr eax,16
.if ax == LBN_SELCHANGE
invoke GetDlgItem,hWnd,IDC_OUT
invoke EnableWindow,eax,TRUE
.endif
.elseif ax == IDC_IN
invoke lstrlen,offset szDllName
.if eax
invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETCURSEL,0,0
invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETITEMDATA,eax,0
mov @dwProcessId,eax
invoke _Into,eax,hWnd
invoke _GetModelList,@dwProcessId,hWnd,0
.else
invoke MessageBox,hWinMain,offset szOD,offset szCaption,MB_OK
.endif
.elseif ax == IDC_OUT
invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETCURSEL,0,0
invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETITEMDATA,eax,0
mov @dwProcessId,eax
invoke SendDlgItemMessage,hWnd,IDC_MODELLIST,LB_GETCURSEL,0,0
invoke SendDlgItemMessage,hWnd,IDC_MODELLIST,LB_GETITEMDATA,eax,0
invoke _Out,@dwProcessId,eax
invoke _GetModelList,@dwProcessId,hWnd,0
.elseif ax ==IDC_UPDATE
invoke _GetProcessList,hWnd
invoke SendDlgItemMessage,hWnd,IDC_MODELLIST,LB_RESETCONTENT,0,0
invoke GetDlgItem,hWnd,IDC_IN
invoke EnableWindow,eax,FALSE
invoke GetDlgItem,hWnd,IDC_OUT
invoke EnableWindow,eax,FALSE
.elseif ax == IDC_EMAIL
invoke ShellExecute,0,0,offset szEmail,0,0,SW_SHOW
.endif
.elseif eax == WM_INITDIALOG
push hWnd
pophWinMain
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
invoke _SetWinPos,hWnd
call _EnableDebug
invoke _GetProcessList,hWnd
invoke GetDlgItem,hWnd,IDC_IN
invoke EnableWindow,eax,FALSE
invoke GetDlgItem,hWnd,IDC_OUT
invoke EnableWindow,eax,FALSE
invoke SetDlgItemText,hWinMain,IDC_MSG,offset szText
.elseif eax == WM_CLOSE
invoke EndDialog,hWnd,-1
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_MainThread endp
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,eax,IDD_MAIN,NULL,offset _MainThread,-1
invoke ExitProcess,0
end start
看看...~ 我老过来打酱油的。 我来赚一个 谢谢! 哦 不错 谢谢啊 不知该说些什么。。。。。。 帮你顶.... 传说中的沙发???哇卡卡 真是被感动的痛哭流涕…… 珍爱生命,果断回帖。
页:
[1]
2