-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinject.pas
90 lines (79 loc) · 2.86 KB
/
inject.pas
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
type
TInjectStruct = packed record
iLoadLibrary : function (lpLibFileName: PWideChar): HMODULE; stdcall;
iGetProcAddress : function (hModule: HMODULE; lpProcName: PAnsiChar): FARPROC; stdcall;
iGetModuleHandle: function (lpModuleName: PWideChar): HMODULE; stdcall;
kernel32name : array[0..15] of WideChar;
ExitThread_Name : array[0..31] of AnsiChar;
GetModuleHandle_Name: array[0..31] of AnsiChar;
InjLibraryPath : array[0..MAX_PATH] of WideChar;
end;
function InjectProc(ThreadArg: Pointer): DWORD; stdcall;
var
Kernel32: HMODULE;
iExitThread: procedure(uExitCode: UINT); stdcall;
begin
with TInjectStruct(ThreadArg^) do
begin
Kernel32 := iLoadLibrary(Kernel32name);
@iGetModuleHandle := iGetProcAddress(Kernel32, GetModuleHandle_Name);
@iExitThread := iGetProcAddress(Kernel32, ExitThread_Name);
if iGetModuleHandle(InjLibraryPath) = 0 then
iLoadLibrary(InjLibraryPath);
end;
Result := 0;
iExitThread(0);
end;
function TRemoteInterface.DoInject(InjectProc: Pointer; InjectSize: Cardinal): Boolean;
var
EQProc: THandle;
InjBlock: Pointer;
Written: Cardinal;
InjThread: THandle;
InjThreadID: Cardinal;
InjInfo: TInjectStruct;
Kernel32: HMODULE;
Res: Boolean;
begin
Result := false;
if IsActive then
Exit;
{ EQWnd := FindWindow('EQ2ApplicationClass', nil);
if EQWnd = 0 then
Exit;
GetWindowThreadProcessID(EQWnd, EQProcID);}
EQProc := OpenProcess(PROCESS_ALL_ACCESS, false, FGameData.EQProcID);
if EQProc = INVALID_HANDLE_VALUE then
Exit;
InjBlock := VirtualAllocEx(EQProc, nil, 4096, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if InjBlock = nil then
Exit;
Kernel32 := GetModuleHandle('kernel32.dll');
with InjInfo do
begin
iLoadLibrary := GetProcAddress(Kernel32, 'LoadLibraryW');
iGetProcAddress := GetProcAddress(Kernel32, 'GetProcAddress');
lstrcpyW(kernel32name, 'kernel32.dll');
lstrcpyA(ExitThread_Name, 'ExitThread');
lstrcpyA(GetModuleHandle_Name, 'GetModuleHandleW');
lstrcpyW(InjLibraryPath, PWideChar(ExtractFilePath(Application.ExeName)+'eqhook.dll'));
end;
Res := WriteProcessMemory(EQProc, InjBlock, @InjInfo, sizeof(InjInfo), Written);
Res := Res and (Written = sizeof(InjInfo));
if Res then
begin
Res := WriteProcessMemory(EQProc, Pointer(Cardinal(InjBlock)+2048), InjectProc, InjectSize, Written);
Res := Res and (Written = InjectSize);
if Res then
begin
InjThread := CreateRemoteThread(EQProc, nil, 0, Pointer(Cardinal(InjBlock)+2048), InjBlock, 0, InjThreadID);
if InjThread <> 0 then
begin
Result := true;
WaitForSingleObject(InjThread, INFINITE);
CloseHandle(InjThread);
end;
end;
end;
VirtualFreeEx(EQProc, InjBlock, 0, MEM_RELEASE);
end;