473,503 Members | 2,059 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

calling shfileoperation with code injection

1 New Member
i want to call shfileoperation from shel32.dll to copy a file with delphi
but my code dosen't work and the reason is the format of paths,I didn't find any solution for the problem.any one can help me? here is my code and the image of RemoteInfo value while debugging
here is link of the image
http://www.freeimagehosting.net/uploads/219d79fc30.jpg

Expand|Select|Wrap|Line Numbers
  1.  
  2. program InjectCode;
  3. uses
  4.   Windows,
  5.   shellapi, injectmemory,dialogs, strutils, sysutils, classes;
  6. type
  7.   LPSHFILEOPSTRUCT = ^SHFILEOPSTRUCT;
  8.   SHFILEOPSTRUCT = packed record
  9.     Wnd: HWND;
  10.     wFunc: UINT;
  11.     pFrom: PAnsiChar;
  12.     pTo: PAnsiChar;
  13.     fFlags: FILEOP_FLAGS;
  14.     fAnyOperationsAborted: BOOL;
  15.     hNameMappings: Pointer;
  16.     lpszProgressTitle: PAnsiChar;
  17.   end;
  18.  
  19. type
  20.   TRemoteInfo = record
  21.     LoadLibrary: function(lpLibFileName: PChar): HMODULE; stdcall;
  22.     GetProcAddress: function(hModule: HMODULE;
  23.       lpProcName: LPCSTR): FARPROC; stdcall;
  24.     shf: SHFILEOPSTRUCT;
  25.     Kernel32: array[0..20] of Char;
  26.     shell32: array[0..20] of Char;
  27.     SHFileOperationA: array[0..20] of Char;
  28.     Fromlpbuff: array[0..20] of char; //Source path
  29.     Tolpbuff: array[0..20] of Char;   //Des Path
  30.  
  31.   end;
  32.  
  33. procedure RemoteThread(RemoteInfo: pointer); stdcall;
  34. var
  35.   SHFileOperation: function(lpFileOp: LPSHFILEOPSTRUCT): Integer; stdcall;
  36. begin
  37.   with TRemoteInfo(Remoteinfo^) do
  38.   begin
  39.     @SHFileOperation := GetProcAddress(LoadLibrary(shell32), SHFileOperationA);
  40.     SHFileOperation(@shf);
  41.   end;
  42.  
  43. end;
  44. procedure RemoteThreadEnd;
  45. begin
  46. end;
  47. var
  48.   RemoteInfo: TRemoteInfo;
  49.   s2: string;
  50.   s1: string;
  51.   i: integer;
  52.   pInfo, CodeAdr: pointer;
  53.   TID: dword;
  54.   Process: dword;
  55.   StartInfo: TStartupInfo;
  56.   ProcInfo: TProcessInformation;
  57.  
  58. begin
  59.   ZeroMemory(@StartInfo, SizeOf(TStartupInfo));
  60.   StartInfo.cb := SizeOf(TStartupInfo);
  61.   CreateProcess(nil, 'calc.exe', nil, nil, False, 0,
  62.     nil, nil, StartInfo, ProcInfo);
  63.   Process := ProcInfo.hProcess;
  64.   ZeroMemory(@RemoteInfo.fromlpbuff, sizeof(RemoteInfo.fromlpbuff));
  65.   ZeroMemory(@RemoteInfo.Tolpbuff, sizeof(RemoteInfo.Tolpbuff));
  66.   ZeroMemory(@RemoteInfo, SizeOf(RemoteInfo));
  67.   lstrcpy(RemoteInfo.shell32, 'shell32.dll');
  68.   lstrcpy(RemoteInfo.Kernel32, 'kernel32.dll');
  69.   lstrcpy(RemoteInfo.SHFileOperationA, 'SHFileOperationA');
  70.   RemoteInfo.shf.Wnd := 0;
  71.   RemoteInfo.shf.wFunc := FO_COPY;
  72.   RemoteInfo.shf.pFrom := @remoteInfo.Fromlpbuff;
  73.   RemoteInfo.shf.pto := @remoteInfo.tolpbuff;
  74.   lstrcpy(RemoteInfo.shf.pFrom, 'e:\1.jpg' + #0#0);
  75.   lstrcpy(RemoteInfo.shf.pto, 'f:\1.jpg' + #0#0);
  76.   RemoteInfo.shf.fFlags := FOF_ALLOWUNDO;
  77.   RemoteInfo.shf.fAnyOperationsAborted := false;
  78.   @RemoteInfo.LoadLibrary := GetProcAddress(GetModuleHandle('kernel32.dll'),
  79.     'LoadLibraryA');
  80.   @RemoteInfo.GetProcAddress := GetProcAddress(GetModuleHandle('kernel32.dll'),
  81.     'GetProcAddress');
  82.   pInfo := InjectMemory(Process, @RemoteInfo, SizeOf(TRemoteInfo));
  83.   CodeAdr := InjectMemory(Process, @RemoteThread,
  84.     dword(@RemoteThreadEnd) - dword(@RemoteThread));
  85.   Sleep(2000);
  86.   CreateRemoteThread(Process, nil, 0, CodeAdr, pInfo, 0, TID);
  87. end.
  88.  
Attached Images
File Type: jpg image.jpg (6.1 KB, 102 views)
Jul 13 '10 #1
0 1043

Sign in to post your reply or Sign up for a free account.

Similar topics
1
2210
Calling Jython code from Java
by: Raja | last post by:
I have a java class thats trying to call something in python. This works fine when i do a jythonc on the python script. When i call another python script from the __init__ of my called python...
Python
4
1589
Calling unmanged code in managed code
by: James L. Brown | last post by:
Hello I'm currently working on a project, that contains one .net (VB) executable and a C++ (MFC) DLL. Now, what I want to do is to call the functions in the dll out of my managed code //managed...
.NET Framework
2
1342
Calling managed code
by: Peter Schmitz | last post by:
Hi, I just created a solution that is based on unmanaged C++ code. Now, the .net framework consists of some cool functions and classes - there is especially one namespace I'd like to use....
.NET Framework
2
1646
a question about calling unmanged code from managed code
by: chaor | last post by:
hi, how to convert the following strut into safe struct in c#? struct in C++: typedef struct { char m_username; char m_password; char m_userIP;
C# / C Sharp
2
4700
Automatic code injection/invocation. Does it exist?
by: bobben | last post by:
Hi everybody. I don't know if this is possible, but I am looking for a way to automatically inject code. I would like to fire a Debug.Writeline() automatically when a method is invoked and...
C# / C Sharp
1
2881
Mixed-mode DLL crashes when calling managed code
by: Jesse McGrew | last post by:
Hi all, I'm trying to make a plugin DLL for a third-party application, using VC++ .NET 2003. This DLL acts as a bridge between the C++ plugin API of the application, and my actual plugin code...
.NET Framework
1
1445
Odd unmanaged calling managed code issues
by: Bill Soudan | last post by:
Hi all, I'm a MS/.NET newbie, diving right into CLR interop. I've worked through the various issues foreign to me as a UNIX guy: multiple heap issues because I was linking to different CRT...
.NET Framework
6
1296
'Insurance' Code injection attack
by: Sati | last post by:
Hi All, Does anyone know how to clean a asp application from a virus that converts labels with the word 'Insurance' into link button to a web page. It also injects text in the textbox when the...
ASP.NET
1
1484
'Insurance' code injection attack
by: sati | last post by:
Thanks.. Since my last post, I have identified a few more facts on this case. This code injection occurs in the client browser. The Web server seems to be sending correct page. So far, I have...
ASP.NET
3
4683
Calling unmanaged code from managed MFC worker thread
by: Klaus | last post by:
Hi, I have an existing VC 6 MFC application which communicates asynchronly with a VC 2005 managed code dll. I use an unmanaged base class with virtual functions to access methods in the MFC...
.NET Framework
0
7091
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7282
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7342
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
6998
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
7464
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
5586
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
4680
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3171
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
1516
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us