1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
| unit InjectUnit;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs, madCodeHook,
StdCtrls,PsAPI, TlHelp32,Registry;
type
TForm1 = class(TForm)
ButtonHook: TButton;
ButtonUnHook: TButton;
Memo1: TMemo;
procedure ButtonHookClick(Sender: TObject);
procedure ButtonUnHookClick(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure FormDestroy(Sender: TObject);
private
NumMessage : UINT;// num de notre message
{ Déclarations privées }
public
procedure OnWmCopyData(var msg:TMessage); message WM_COPYDATA;
{ Déclarations publiques }
end;
type
TModuleArray = array[0..1] of HMODULE;
PHModule = ^TModuleArray;
var
Form1: TForm1;
implementation
{$R *.DFM}
Type
//TPDataEnvoyes est un type pointeur (adresse) sur un TDataEnvoyes :
TPDataSent=^TDataSent;
TDataSent =Packed record
StrKey:String[255];
StrDate:String[255];
HPID : DWORD;
end;
function GetProcessName(PID:DWORD):string;
var
Handle: THandle;
begin
Result := '';
Handle := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, PID);
if Handle <> 0 then
try
SetLength(Result, MAX_PATH);
if GetModuleFileNameEx(Handle, 0, PChar(Result), MAX_PATH) > 0 then
SetLength(Result, StrLen(PChar(Result)))
else
Result := '';
finally
CloseHandle(Handle);
end;
end;
procedure TForm1.OnWmCopyData(var msg: TMessage);
// procedure qui sera déclenchée lorsqu'un message WM_COPYDATA arrivera
type
TPCopyDataStruct=^TCopyDataStruct;
TPDataSent=^TDataSent;
Var
DataSent:TDataSent;
PDataSent:TPDataSent;
PCopyDataStruct:TPCopyDataStruct;
begin
PCopyDataStruct:=TPCopyDataStruct(msg.LParam);
//PCopyDataStruct^ signifie "ce qui est pointé par le PCopyDataStruct"
PDataSent:=PCopyDataStruct^.lpData;
DataSent:=PDataSent^;
Memo1.Lines.Add(DataSent.StrDate + ' Process : ' + GetProcessName(DataSent.HPID));
Memo1.Lines.Add(DataSent.StrKey);
end;
procedure TForm1.ButtonHookClick(Sender: TObject);
begin
InjectLibrary(ALL_SESSIONS or SYSTEM_PROCESSES, 'HookRegOpenKey.dll');
end;
procedure TForm1.ButtonUnHookClick(Sender: TObject);
begin
UninjectLibrary(ALL_SESSIONS or SYSTEM_PROCESSES, 'HookRegOpenKey.dll');
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
NumMessage:=RegisterWindowMessage('Message perso de application');
Form1.Caption:='Fenêtre réceptrice de messages';
end;
procedure TForm1.FormDestroy(Sender: TObject);
begin
UninjectLibrary(ALL_SESSIONS or SYSTEM_PROCESSES, 'HookRegOpenKey.dll');
end;
end. |
Partager