;made by correy
;Email:leguanyuan@126.com
;QQ:112426112
;rc me.rc
;ml /coff test.asm /link /subsystem:windows me.res
.386
.model flat, stdcall
option casemap :none
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
;Email:leguanyuan@126.com
;QQ:112426112
;rc me.rc
;ml /coff test.asm /link /subsystem:windows me.res
.386
.model flat, stdcall
option casemap :none
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
.data
szDesktopClass db "Progman",0
szDesktopWindow db "Program Manager",0
szDllUser db "User32.dll",0
szMessageBox db "MessageBoxA",0
szDesktopClass db "Progman",0
szDesktopWindow db "Program Manager",0
szDllUser db "User32.dll",0
szMessageBox db "MessageBoxA",0
.data?
lpMessageBox dd ?
dwProcessID dd ?
dwThreadID dd ?
hProcess dd ?
lpRemoteCode dd ?
lpMessageBox dd ?
dwProcessID dd ?
dwThreadID dd ?
hProcess dd ?
lpRemoteCode dd ?
.code
_lpMessageBox dd ?
correy db "made by correy",0
body db "i find a person,her name is xxx.",0
correy db "made by correy",0
body db "i find a person,her name is xxx.",0
RemoteThread proc uses ebx edi esi lParam
call @F
@@:pop ebx
sub ebx,offset @B
begin:push 0
mov eax,offset correy
add eax,ebx
push eax
mov eax,offset body
add eax,ebx
push eax
push 0
call [ebx+_lpMessageBox]
;jmp begin
ret
RemoteThread endp
call @F
@@:pop ebx
sub ebx,offset @B
begin:push 0
mov eax,offset correy
add eax,ebx
push eax
mov eax,offset body
add eax,ebx
push eax
push 0
call [ebx+_lpMessageBox]
;jmp begin
ret
RemoteThread endp
lcl dd "lcl",0
start:
invoke GetModuleHandle,addr szDllUser
mov ebx,eax
invoke GetProcAddress,ebx,offset szMessageBox
mov lpMessageBox,eax
invoke FindWindow,addr szDesktopClass,addr szDesktopWindow
invoke GetWindowThreadProcessId,eax,offset dwProcessID
mov dwThreadID,eax
invoke OpenProcess,PROCESS_CREATE_THREAD or PROCESS_VM_OPERATION or PROCESS_VM_WRITE,FALSE,dwProcessID
mov hProcess,eax
invoke VirtualAllocEx,hProcess,0,offset lcl - offset _lpMessageBox,MEM_COMMIT,PAGE_EXECUTE_READWRITE
mov lpRemoteCode,eax
invoke WriteProcessMemory,hProcess,lpRemoteCode,offset _lpMessageBox,offset lcl - offset _lpMessageBox,0
invoke WriteProcessMemory,hProcess,lpRemoteCode,offset lpMessageBox,4,0
mov eax,lpRemoteCode
add eax,offset RemoteThread - offset _lpMessageBox
invoke CreateRemoteThread,hProcess,0,0,eax,0,0,0
invoke CloseHandle,eax
invoke CloseHandle,hProcess
ret
end start
invoke GetModuleHandle,addr szDllUser
mov ebx,eax
invoke GetProcAddress,ebx,offset szMessageBox
mov lpMessageBox,eax
invoke FindWindow,addr szDesktopClass,addr szDesktopWindow
invoke GetWindowThreadProcessId,eax,offset dwProcessID
mov dwThreadID,eax
invoke OpenProcess,PROCESS_CREATE_THREAD or PROCESS_VM_OPERATION or PROCESS_VM_WRITE,FALSE,dwProcessID
mov hProcess,eax
invoke VirtualAllocEx,hProcess,0,offset lcl - offset _lpMessageBox,MEM_COMMIT,PAGE_EXECUTE_READWRITE
mov lpRemoteCode,eax
invoke WriteProcessMemory,hProcess,lpRemoteCode,offset _lpMessageBox,offset lcl - offset _lpMessageBox,0
invoke WriteProcessMemory,hProcess,lpRemoteCode,offset lpMessageBox,4,0
mov eax,lpRemoteCode
add eax,offset RemoteThread - offset _lpMessageBox
invoke CreateRemoteThread,hProcess,0,0,eax,0,0,0
invoke CloseHandle,eax
invoke CloseHandle,hProcess
ret
end start
没有评论:
发表评论