|

提醒:若下载的软件是收费的"请不要付款",可能是骗子,请立即联系本站举报,执意要付款被骗后本站概不负责。(任何交易请走第三方中介,请勿直接付款交易以免被骗!切记).
- ;*************************************************
- ;CopyRight@GhostHand
- ;*************************************************
- .386
- .model flat,stdcall
- option casemap:none
- ;*************************************************
- include windows.inc
- include user32.inc
- includelib user32.lib
- include kernel32.inc
- includelib kernel32.lib
- include advapi32.inc
- includelib advapi32.lib
- include comdlg32.inc
- includelib comdlg32.lib
- include shell32.inc
- includelib shell32.lib
- include into.inc
- ;*************************************************
- .data?
- hInstance dd ?
- hWinMain dd ?
- lpLoadLibrary dd ?
- lpFreeLibrary dd ?
- hProcess dd ?
- lpDllName dd ?
- szDllName db MAX_PATH dup (?)
- .const
- szText db '[幽灵屋论坛]:[url]www.ghostasm.com[/url]',0
- szCaption db '[GhostHand]Message',0
- szSetDebug db 'SeDebugPrivilege',0
- szATPErr db '[AdjustTokenPrivileges]:Error!!',0
- szLPVErr db '[LookupPrivilegeValue]:Error!',0
- szOPTErr db '[OpenProcessToken]:Error!',0
- szFilter db 'Dll Files(*.dll)',0,'*.dll',0,0
- szOpenCaption db 'Select a dll',0
- szOD db '[_OpenDll]:请选择Dll文件!',0
- szDllKernel db 'Kernel32.dll',0
- szLoadLibrary db 'LoadLibraryA',0
- szFreeLibrary db 'FreeLibraryAndExitThread',0
- szCRTErr db '[CreateRemoteThread]:Error!',0
- szVAEErr db '[VirtualAllocEx]:Error!',0
- szOPErr db '[OpenProcess]:Error!',0
- szCRTOk db '[CreateRemoteThread]:Success!',0
- szEmail db 'mailto:admin@ghostasm.com',0
- szNtDll db 'ntdll.dll',0
- szNtQueryInformationThread db 'NtQueryInformationThread',0
- .code
- _SetWinPos proc _hWnd
-
- LOCAL x_screen:dword
- LOCAL y_screen:dword
- LOCAL rtWinMain:RECT
-
- invoke GetSystemMetrics,SM_CXSCREEN
- mov edx,0
- mov cx,2
- div cx ;商在ax中,余数在dx中
- mov x_screen,eax
- invoke GetSystemMetrics,SM_CYSCREEN
- mov edx,0
- mov cx,2
- div cx
- mov y_screen,eax
- invoke GetWindowRect,_hWnd,addr rtWinMain
- mov edx,0
- mov eax,rtWinMain.right
- mov cx,2
- div cx
- mov edx,x_screen
- sub edx,eax
- mov x_screen,edx
- mov edx,0
- mov eax,rtWinMain.bottom
- mov cx,2
- div cx
- mov edx,y_screen
- sub edx,eax
- mov y_screen,edx
- invoke SetWindowPos,_hWnd,NULL,x_screen,y_screen,NULL,NULL,SWP_NOSIZE
-
- ret
- _SetWinPos endp
- _EnableDebug proc
-
- LOCAL hToken:dword
- LOCAL tkp:TOKEN_PRIVILEGES
- LOCAL @luid:LUID
- invoke GetCurrentProcess
- lea ebx,hToken
- invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,ebx
- .if eax
- invoke LookupPrivilegeValue,NULL,offset szSetDebug,addr tkp.Privileges.Luid
- .if eax
- mov tkp.PrivilegeCount,1
- mov tkp.Privileges.Attributes,SE_PRIVILEGE_ENABLED
- invoke AdjustTokenPrivileges,hToken, FALSE,addr tkp,sizeof tkp,NULL,NULL
- .if !eax
- invoke CloseHandle,hToken
- invoke MessageBox,hWinMain,offset szATPErr,offset szCaption,MB_OK
- .endif
- .else
- invoke CloseHandle,hToken
- invoke MessageBox,hWinMain,offset szLPVErr,offset szCaption,MB_OK
- .endif
- .else
- invoke MessageBox,hWinMain,offset szOPTErr,offset szCaption,MB_OK
- .endif
- ret
- _EnableDebug endp
- _OpenDll proc
-
- LOCAL @stOF:OPENFILENAME
-
- invoke RtlZeroMemory,addr @stOF,sizeof @stOF
- mov @stOF.lStructSize,sizeof @stOF
- push hWinMain
- pop @stOF.hwndOwner
- mov @stOF.lpstrFilter,offset szFilter
- mov @stOF.lpstrFile,offset szDllName
- mov @stOF.nMaxFile,MAX_PATH
- mov @stOF.Flags,OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST
- mov @stOF.lpstrTitle,offset szOpenCaption
- invoke GetOpenFileName,addr @stOF
- .if eax
- invoke SetDlgItemText,hWinMain,IDC_DLLPATH,offset szDllName
- .endif
- ret
- _OpenDll endp
- _GetProcessList proc _hWnd
- LOCAL @stProcess:PROCESSENTRY32
- LOCAL @hSnapShot
-
- invoke RtlZeroMemory,addr @stProcess,sizeof @stProcess
- invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_RESETCONTENT,0,0
- mov @stProcess.dwSize,sizeof @stProcess
- invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
- mov @hSnapShot,eax
- invoke Process32First,@hSnapShot,addr @stProcess
- .while eax
- invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_ADDSTRING,0,addr @stProcess.szExeFile
- invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_SETITEMDATA,eax,@stProcess.th32ProcessID
- invoke Process32Next,@hSnapShot,addr @stProcess
- .endw
- invoke CloseHandle,@hSnapShot
- ret
- _GetProcessList endp
- _GetModelList proc _dwProcessId,_hWnd,_hModule
-
- LOCAL @stModule:MODULEENTRY32
- LOCAL @hSnapShot
- LOCAL @ModuleSize
-
- mov @ModuleSize,0
- invoke RtlZeroMemory,addr @stModule,sizeof @stModule
- invoke SendDlgItemMessage,_hWnd,IDC_MODELLIST,LB_RESETCONTENT,0,0
- mov @stModule.dwSize,sizeof @stModule
- invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,_dwProcessId ;枚举进程模块
- mov @hSnapShot,eax
- invoke Module32First,@hSnapShot,addr @stModule
- .while eax
- mov eax,_hModule
- .if eax == @stModule.modBaseAddr
- push @stModule.modBaseSize
- pop @ModuleSize
- .endif
- invoke SendDlgItemMessage,_hWnd,IDC_MODELLIST,LB_ADDSTRING,0,addr @stModule.szModule
- invoke SendDlgItemMessage,_hWnd,IDC_MODELLIST,LB_SETITEMDATA,eax,@stModule.modBaseAddr
- invoke Module32Next,@hSnapShot,addr @stModule
- .endw
- invoke CloseHandle,@hSnapShot
- mov eax,@ModuleSize
- ret
- _GetModelList endp
- _KillThread proc _ProcessId,_lpModelBase,dwModelSize
-
- LOCAL @stThread:THREADENTRY32
- LOCAL @hSnapShot
- LOCAL @hThread
- LOCAL @NtQueryInformationThread
- LOCAL @ThreadBase
- invoke GetModuleHandle,offset szNtDll
- invoke GetProcAddress,eax,offset szNtQueryInformationThread
- mov @NtQueryInformationThread,eax
-
- invoke RtlZeroMemory,addr @stThread,sizeof @stThread
- mov @stThread.dwSize,sizeof @stThread
- invoke CreateToolhelp32Snapshot,TH32CS_SNAPTHREAD,_ProcessId
- mov @hSnapShot,eax
- invoke Thread32First,@hSnapShot,addr @stThread
- .while eax
- invoke OpenThread,THREAD_ALL_ACCESS,FALSE,@stThread.th32ThreadID
- mov @hThread,eax
-
- lea edx,@ThreadBase
- mov ecx,@NtQueryInformationThread
- push NULL
- push 4h
- push edx
- push 9
- push @hThread
- call ecx
-
- mov eax,@ThreadBase
- sub eax,_lpModelBase
- .if (eax < dwModelSize) || (eax == dwModelSize)
- invoke TerminateThread,@hThread,0
- .endif
- invoke CloseHandle,@hThread
- invoke Thread32Next,@hSnapShot,addr @stThread
- .endw
- invoke CloseHandle,@hSnapShot
- ret
- _KillThread endp
- _Into proc dwProcessId,_hWnd
- LOCAL @hThread
-
- invoke GetModuleHandle,offset szDllKernel
- invoke GetProcAddress,eax,offset szLoadLibrary
- mov lpLoadLibrary,eax
- invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_GETCURSEL,0,0
- invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_GETITEMDATA,eax,0
- invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,eax
- .if eax
- mov hProcess,eax
- invoke lstrlen,offset szDllName
- inc eax
- invoke VirtualAllocEx,hProcess,NULL,eax,MEM_COMMIT,PAGE_READWRITE
- .if eax
- mov lpDllName,eax
- ;将DLL路径写入目标进程
- invoke lstrlen,offset szDllName
- inc eax
- invoke WriteProcessMemory,hProcess,lpDllName,offset szDllName,eax,NULL
- invoke CreateRemoteThread,hProcess,NULL,0,lpLoadLibrary,lpDllName,0,NULL
- .if eax
- mov @hThread,eax
- invoke WaitForSingleObject,eax,INFINITE;等待线程执行
- invoke CloseHandle,@hThread
- invoke SetDlgItemText,hWinMain,IDC_MSG,offset szCRTOk
- .else
- invoke SetDlgItemText,hWinMain,IDC_MSG,offset szCRTErr
- .endif
- invoke lstrlen,offset szDllName
- inc eax
- invoke VirtualFreeEx,hProcess,lpDllName,eax,MEM_DECOMMIT
- .else
- invoke SetDlgItemText,hWinMain,IDC_MSG,offset szVAEErr
- .endif
- invoke CloseHandle,hProcess
- .else
- invoke SetDlgItemText,hWinMain,IDC_MSG,offset szOPErr
- .endif
- ret
- _Into endp
- _Out proc _dwProcessId,_Model
-
- LOCAL @dwHandle:dword
- LOCAL @hThread:dword
-
- invoke GetModuleHandle,offset szDllKernel
- invoke GetProcAddress,eax,offset szFreeLibrary
- mov lpFreeLibrary,eax
- invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,_dwProcessId ;打开Services.exe的进程
- .if eax
- mov hProcess,eax
- invoke _GetModelList,_dwProcessId,hWinMain,_Model
- invoke _KillThread,_dwProcessId,_Model,eax
- invoke CreateRemoteThread,hProcess,NULL,0,lpFreeLibrary,_Model,0,NULL
- .if eax
- mov @hThread,eax
- invoke WaitForSingleObject,eax,INFINITE
- invoke CloseHandle,@hThread
- invoke SetDlgItemText,hWinMain,IDC_MSG,offset szCRTOk
- .else
- invoke SetDlgItemText,hWinMain,IDC_MSG,offset szCRTErr
- .endif
- invoke CloseHandle,hProcess
- .else
- invoke SetDlgItemText,hWinMain,IDC_MSG,offset szOPErr
- .endif
- ret
- _Out endp
- _MainThread proc uses edi esi hWnd,uMsg,wParam,lParam
-
- LOCAL @dwProcessId
- mov eax,uMsg
- .if eax == WM_COMMAND
- mov eax,wParam
- .if ax == IDC_DLL
- call _OpenDll
- .elseif ax ==IDC_PROCESSLIST
- shr eax,16
- .if ax == LBN_SELCHANGE
- invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETCURSEL,0,0
- invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETITEMDATA,eax,0
- invoke _GetModelList,eax,hWnd,0
- invoke GetDlgItem,hWnd,IDC_OUT
- invoke EnableWindow,eax,FALSE
- invoke SendDlgItemMessage,hWnd,IDC_MODELLIST,LB_GETCOUNT,0,0
- .if eax == 0
- invoke GetDlgItem,hWnd,IDC_IN
- invoke EnableWindow,eax,FALSE
- .else
- invoke GetDlgItem,hWnd,IDC_IN
- invoke EnableWindow,eax,TRUE
- .endif
- .endif
- .elseif ax ==IDC_MODELLIST
- shr eax,16
- .if ax == LBN_SELCHANGE
- invoke GetDlgItem,hWnd,IDC_OUT
- invoke EnableWindow,eax,TRUE
- .endif
- .elseif ax == IDC_IN
- invoke lstrlen,offset szDllName
- .if eax
- invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETCURSEL,0,0
- invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETITEMDATA,eax,0
- mov @dwProcessId,eax
- invoke _Into,eax,hWnd
- invoke _GetModelList,@dwProcessId,hWnd,0
- .else
- invoke MessageBox,hWinMain,offset szOD,offset szCaption,MB_OK
- .endif
- .elseif ax == IDC_OUT
- invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETCURSEL,0,0
- invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETITEMDATA,eax,0
- mov @dwProcessId,eax
- invoke SendDlgItemMessage,hWnd,IDC_MODELLIST,LB_GETCURSEL,0,0
- invoke SendDlgItemMessage,hWnd,IDC_MODELLIST,LB_GETITEMDATA,eax,0
- invoke _Out,@dwProcessId,eax
- invoke _GetModelList,@dwProcessId,hWnd,0
- .elseif ax ==IDC_UPDATE
- invoke _GetProcessList,hWnd
- invoke SendDlgItemMessage,hWnd,IDC_MODELLIST,LB_RESETCONTENT,0,0
- invoke GetDlgItem,hWnd,IDC_IN
- invoke EnableWindow,eax,FALSE
- invoke GetDlgItem,hWnd,IDC_OUT
- invoke EnableWindow,eax,FALSE
- .elseif ax == IDC_EMAIL
- invoke ShellExecute,0,0,offset szEmail,0,0,SW_SHOW
- .endif
- .elseif eax == WM_INITDIALOG
- push hWnd
- pop hWinMain
- invoke LoadIcon,hInstance,ICO_MAIN
- invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
- invoke _SetWinPos,hWnd
- call _EnableDebug
- invoke _GetProcessList,hWnd
- invoke GetDlgItem,hWnd,IDC_IN
- invoke EnableWindow,eax,FALSE
- invoke GetDlgItem,hWnd,IDC_OUT
- invoke EnableWindow,eax,FALSE
- invoke SetDlgItemText,hWinMain,IDC_MSG,offset szText
- .elseif eax == WM_CLOSE
- invoke EndDialog,hWnd,-1
- .else
- mov eax,FALSE
- ret
- .endif
- mov eax,TRUE
- ret
- _MainThread endp
- start:
- invoke GetModuleHandle,NULL
- mov hInstance,eax
- invoke DialogBoxParam,eax,IDD_MAIN,NULL,offset _MainThread,-1
- invoke ExitProcess,0
- end start
复制代码
幽灵屋DLL注入卸载工具.zip
(148.86 KB, 下载次数: 25)
联系我时,请说是在 挂海论坛 上看到的,谢谢! |
上一篇: 编写后台监控软件下一篇: 游戏PCK文件修改和PWPACK工具的使用方法
免责声明:
1、本主题所有言论和图片纯属会员个人意见,与本论坛立场无关。一切关于该内容及资源商业行为与www.52ghai.com无关。
2、本站提供的一切资源内容信息仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。
3、本站信息来自第三方用户,非本站自制,版权归原作者享有,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑或手机中彻底删除上述内容。
4、如果您喜欢该程序,请支持正版,购买注册,得到更好的正版服务。如有侵犯你版权的,请邮件与我们联系删除(邮箱:xhzlw@foxmail.com),本站将立即改正。
|