PHP Code:
(*
DLL Injection in delphi :)
Tested on 32bit and 64Bit application
*)
function InjectDLL(const dwPID: DWORD; {$IFDEF UNICODE} DLLPath: PWideChar
{$ELSE} DLLPath: PAnsiChar {$ENDIF} ): Integer;
const
Kernel32 = 'kernel32.dll';
var
dwThreadID: Cardinal;
hProc, hThread, hKernel: THandle;
BytesToWrite, BytesWritten: SIZE_T;
pRemoteBuffer, pLoadLibrary: Pointer;
begin
hProc := OpenProcess(PROCESS_CREATE_THREAD or PROCESS_QUERY_INFORMATION or
PROCESS_VM_OPERATION or PROCESS_VM_WRITE or PROCESS_VM_READ, False, dwPID);
if hProc = 0 then
exit(0);
try
BytesToWrite := SizeOf(WideChar) * (Length(DLLPath) + 1);
pRemoteBuffer := VirtualAllocEx(hProc, nil, BytesToWrite, MEM_COMMIT,
PAGE_READWRITE);
if pRemoteBuffer = nil then
exit(0);
try
if not WriteProcessMemory(hProc, pRemoteBuffer, DLLPath, BytesToWrite,
BytesWritten) then
exit(0);
{$REGION 'Check for UNICODE'}
{$IFDEF UNICODE}
hKernel := GetModuleHandleW(Kernel32);
pLoadLibrary := GetProcAddress(hKernel, 'LoadLibraryW');
{$ELSE}
hKernel := GetModuleHandleA(Kernel32);
pLoadLibrary := GetProcAddress(hKernel, 'LoadLibraryA');
{$ENDIF}
{$ENDREGION}
hThread := CreateRemoteThread(hProc, nil, 0, pLoadLibrary, pRemoteBuffer,
0, dwThreadID);
try
WaitForSingleObject(hThread, INFINITE);
finally
CloseHandle(hThread);
end;
finally
VirtualFreeEx(hProc, pRemoteBuffer, 0, MEM_RELEASE);
end;
finally
CloseHandle(hProc);
end;
exit(1);
end;
// how to use ?
begin
{4864 it this sample}
{Target process PID} {Your dll dile path+name}
if InjectDLL(4864, 'C:\SampleDLL') <> 0 then
ShowMessage('woO!');
end;
/////////////////// My Dll file \\\\\\\\\\\\\\
library SampleDLL;
uses
System.SysUtils,
System.Classes,
Winapi.Windows;
procedure mydllproc(Reason: Integer);
begin
case Reason of
DLL_PROCESS_ATTACH:
begin
MessageBoxW(0,'I am in your target : Dll file','woO!',0)
end;
end;
end;
begin
DllProc := mydllproc;
mydllproc(DLL_PROCESS_ATTACH);
end.