HanDs
管理员


学习中请遵循国家相关法律法规,黑客不作恶。没有网络安全就没有国家安全

本站需要登陆后才能查看

Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Const PROCESS_ALL_ACCESS = &H1F0FFF
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

Private Sub Form_Load()
    On Error Resume Next
    Dim Pid As Long
    Dim Handle As Long
    Dim Phandle As Long
    Dim wMsg(9) As Byte
    wMsg(0) = 48
    wMsg(1) = 50
    wMsg(2) = 53
    wMsg(3) = 53
    wMsg(4) = 50
    wMsg(5) = 49
    wMsg(6) = 50
    wMsg(7) = 49
    wMsg(8) = 52
    wMsg(9) = 56
    Handle = FindWindow("*****", "********")
    GetWindowThreadProcessId Handle, Pid
    Phandle = OpenProcess(PROCESS_ALL_ACCESS, False, Pid)
    WriteProcessMemory Phandle, ByVal &HDF23F8, wMsg(0), 10, vbNull
    Sleep (1000)
    Unload Me
End Sub
'喜欢的话,byval strptr(str)也可以~


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
2016-7-9 #1楼
HanDs
管理员

[Delphi文章] inf方式加载驱动 





学习中请遵循国家相关法律法规,黑客不作恶。没有网络安全就没有国家安全

本站需要登陆后才能查看

几个月前抓了个鬼影病毒,遂大卸八块之,由于向百度娘搜了点资料,所以有些函数非原创。

program bb;

uses
   Windows;
 
const
   MAX_CLASS_NAME_LEN = 128;
   DIF_REMOVE = $00000005;
   DICD_GENERATE_ID = $00000001;
   INSTALLFLAG_FORCE = $00000001;
   SPDRP_HARDWAREID = $00000001;
   DIF_REGISTERDEVICE = $00000019;
   DIGCF_PRESENT = $0002;
   DIGCF_ALLCLASSES = $0004;

   SetupApiModuleName = 'SetupApi.dll';
   NewDevModuleName = 'newdev.dll';

type
   ULONG_PTR = DWORD;
   DI_FUNCTION = UINT; // Function type for device installer
   HDEVINFO = Pointer;

   PSPDevInfoData = ^TSPDevInfoData;
   SP_DEVINFO_DATA = packed record
     cbSize: DWORD;
     ClassGuid: TGUID;
     DevInst: DWORD; // DEVINST handle
     Reserved: ULONG_PTR;
  end;
 
   {$EXTERNALSYM SP_DEVINFO_DATA}
   TSPDevInfoData = SP_DEVINFO_DATA;

  function SetupDiGetClassDevs(ClassGuid: PGUID; const Enumerator: PAnsiChar; hwndParent: HWND; Flags: DWORD): HDEVINFO; stdcall;external 'Setupapi.dll' name 'SetupDiGetClassDevsA';
  function SetupDiEnumDeviceInfo(DeviceInfoSet: HDEVINFO; MemberIndex: DWORD; var DeviceInfoData: TSPDevInfoData): LongBool; stdcall;external 'Setupapi.dll' name 'SetupDiEnumDeviceInfo';
  function SetupDiGetDeviceRegistryProperty(DeviceInfoSet: HDEVINFO; const DeviceInfoData: TSPDevInfoData; Property_: DWORD; var PropertyRegDataType: DWORD; PropertyBuffer: PBYTE; PropertyBufferSize: DWORD; var RequiredSize: DWORD): LongBool; stdcall;external 'Setupapi.dll' name 'SetupDiGetDeviceRegistryPropertyA';
  function SetupDiDestroyDeviceInfoList(DeviceInfoSet: HDEVINFO): LongBool; stdcall;external 'Setupapi.dll' name 'SetupDiDestroyDeviceInfoList';
  function SetupDiGetINFClass(const InfName: PAnsiChar; var ClassGuid: TGUID; ClassName: PAnsiChar; ClassNameSize: DWORD; RequiredSize: PDWORD): LongBool; stdcall;external 'Setupapi.dll' name 'SetupDiGetINFClassA';
  function SetupDiCreateDeviceInfoList(ClassGuid: PGUID; hwndParent: HWND): HDEVINFO; stdcall;external 'Setupapi.dll' name 'SetupDiCreateDeviceInfoList';
  function SetupDiCreateDeviceInfo(DeviceInfoSet: HDEVINFO; const DeviceName: PAnsiChar; var ClassGuid: TGUID; const DeviceDescription: PAnsiChar; hwndParent: HWND; CreationFlags: DWORD; DeviceInfoData: PSPDevInfoData): LongBool; stdcall;external 'Setupapi.dll' name 'SetupDiCreateDeviceInfoA';
  function SetupDiSetDeviceRegistryProperty(DeviceInfoSet: HDEVINFO; var DeviceInfoData: TSPDevInfoData; Property_: DWORD; const PropertyBuffer: PBYTE; PropertyBufferSize: DWORD): LongBool; stdcall;external 'Setupapi.dll' name 'SetupDiSetDeviceRegistryPropertyA';
  function SetupDiCallClassInstaller(InstallFunction: DI_FUNCTION; DeviceInfoSet: HDEVINFO; DeviceInfoData: PSPDevInfoData): LongBool; stdcall;external 'Setupapi.dll' name 'SetupDiCallClassInstaller';
  function UpdateDriverForPlugAndPlayDevices(hwndParent: THandle; HardwareId: Pchar; FullInfPath: Pchar; InstallFlags: DWORD; bRebootRequired: PBOOL ): BOOL; stdcall;external 'newdev.dll' name 'UpdateDriverForPlugAndPlayDevicesA';
  function SetupDiClassNameFromGuid(ClassGuid: PGUID; ClassName: PChar;ClassNameSize: DWORD; RequiredSize: PDWORD): BOOL; stdcall;external 'Setupapi.dll' name 'SetupDiClassNameFromGuidA';

procedure SetPrivilege;
var
   TPPrev, TP: TTokenPrivileges;
   TokenHandle: THandle;
   dwRetLen: DWORD;
   lpLuid: TLargeInteger;
begin
   OpenProcessToken(GetCurrentProcess, TOKEN_ALL_ACCESS, TokenHandle);
  if (LookupPrivilegeValue(nil, 'SeDebugPrivilege', lpLuid)) then
  begin
     TP.PrivilegeCount := 1;
     TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
     TP.Privileges[0].Luid := lpLuid;
     AdjustTokenPrivileges(TokenHandle, False, TP, SizeOf(TPPrev), TPPrev, dwRetLen);
  end;
   CloseHandle(TokenHandle);
end;

function GetDeviceClassName(aGUID: TGUID): string;
var
    ClassName: PChar;
    ClassNameSize: DWORD;
begin
    ClassNameSize := 0;
    GetMem(ClassName, ClassNameSize);
    { 利用GUID返回设备类型名 }
   while not SetupDiClassNameFromGuid(@aGUID, ClassName, ClassNameSize,
      @ClassNameSize) do
   begin
     if GetLastError() = ERROR_INSUFFICIENT_BUFFER then
     begin
       if ClassName <> nil then FreeMem(ClassName);
        GetMem(ClassName, ClassNameSize);
     end else
        Break;
   end;
    Result := ClassName;
   if ClassName <> nil then FreeMem(ClassName);
end;

function StrPas(const Str: PChar): string;
begin
   Result := Str;
end;

function isinstalled(hardid:Pchar):bool;
var
    DevInfo: HDEVINFO;
    DeviceInfoData: SP_DEVINFO_DATA; {设备信息结构}
    i: Integer;
    DataT, Buffersize: DWORD;
    Buffer: pchar;
    index: Integer;
begin
    result:=false;
    DevInfo := SetupDiGetClassDevs(nil, 0, 0,DIGCF_PRESENT or DIGCF_ALLCLASSES);
   if DevInfo = nil then Exit;
    i := 0;
    Buffersize := 256;
    DeviceInfoData.cbSize := SizeOf(SP_DEVINFO_DATA);
    GetMem(Buffer, Buffersize);
    { 枚举设备信息 }
   while SetupDiEnumDeviceInfo(DevInfo, i, DeviceInfoData) do
   begin
     { 获取设备信息包括GUID和名称 }
     SetupDiGetDeviceRegistryProperty(DevInfo, DeviceInfoData,1, DataT, PByte(Buffer), Buffersize, DataT);
     Inc(i);
    if StrPas(hardid)= StrPas(Buffer) then
    begin
     result:=true;
     break;
    end;
   end;
   if Buffer <> nil then FreeMem(Buffer);
   if (GetLastError() <> NO_ERROR) and (GetLastError() <> ERROR_NO_MORE_ITEMS) then
      Exit;
    SetupDiDestroyDeviceInfoList(DevInfo);
end;

function InstallRootEnumeratedDriver(HardwareId, INFFile: Pchar; RebootRequired: PBOOL): DWORD;
var
   r: DWORD;
   DeviceInfoSet: HDEVINFO;
   DeviceInfoData: SP_DEVINFO_DATA;
   ClassGUID: TGUID;
   ClassName: array[0..MAX_CLASS_NAME_LEN - 1] of char;
label TheEnd;
begin
   r := 0;
   DeviceInfoSet := nil;

  if isinstalled(HardwareId) then  //如果已经有了服务,无需安装,直接加载即可
    if not(UpdateDriverForPlugAndPlayDevices(0, HardwareId, pchar(INFFile),INSTALLFLAG_FORCE,RebootRequired)) then
      begin
         r := GetLastError();SetLastError(r);
        goto TheEnd;
      end;
  if (not SetupDiGetINFClass(INFFile, ClassGUID, ClassName, sizeof(ClassName), nil)) then
  begin
     r := GetLastError();
    goto TheEnd;
  end;
   DeviceInfoSet := SetupDiCreateDeviceInfoList(@ClassGUID, 0);
  if (DWORD(DeviceInfoSet) = INVALID_HANDLE_VALUE) then
  begin
     r := GetLastError();
    goto TheEnd;
  end;
   DeviceInfoData.cbSize := sizeof(SP_DEVINFO_DATA);
  if (not SetupDiCreateDeviceInfo(DeviceInfoSet,ClassName,ClassGUID,nil,0,DICD_GENERATE_ID,@DeviceInfoData)) then
  begin
     r := GetLastError();
    goto TheEnd;
  end;
  if (not SetupDiSetDeviceRegistryProperty(DeviceInfoSet,DeviceInfoData,SPDRP_HARDWAREID,PBYTE(HardwareId),(lstrlen(HardwareId) + 1 + 1) * sizeof(CHAR))) then
  begin
     r := GetLastError();
    goto TheEnd;
  end;
  if (not SetupDiCallClassInstaller(DIF_REGISTERDEVICE,DeviceInfoSet,@DeviceInfoData)) then
  begin
     r := GetLastError();
    goto TheEnd;
  end;
  if not(UpdateDriverForPlugAndPlayDevices(0,HardwareId,INFFile,INSTALLFLAG_FORCE,RebootRequired)) then
  begin
     r := GetLastError();
    if (not SetupDiCallClassInstaller(DIF_REMOVE,DeviceInfoSet,@DeviceInfoData)) then   messagebox(0,pchar('出错6'),'aa',0);
     SetLastError(r);
    goto TheEnd;
  end;
 
TheEnd:
   SetupDiDestroyDeviceInfoList(DeviceInfoSet);
   Result := r;
end;

function ExtractFilePath(path: string): string;
var
   i: integer;
begin
   i := length(path);
  while i >= 1 do
  begin
    if (path[i] = '\') or (path[i] = '/') or (path[i] = ':') then
       break;
     dec(i);
   end;
   result := copy(path, 1, i);
end;

var
   Msg: TMsg;
   bReboot: BOOL ;
begin
   GetInputState();
   PostThreadMessage(GetCurrentThreadId(), 0, 0, 0);
   GetMessage(Msg, 0, 0, 0);
   //SetPrivilege;
   InstallRootEnumeratedDriver('*OneDevice', pchar(extractfilepath(paramstr(0))+'One.inf') ,@bReboot);
end.


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
inf 方式加载驱动
#2楼
发帖时间:2016-7-9   |   查看数:0   |   回复数:0
游客组
快速回复