-
Notifications
You must be signed in to change notification settings - Fork 0
/
SimpleFirewall.dpr
131 lines (117 loc) · 3.11 KB
/
SimpleFirewall.dpr
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
program SimpleFirewall;
uses
SysUtils,
Windows,
TlHelp32;
const MODULE = 'Hook.dll';
function GetCurPath:String;
var
mb: array[0..250-1] of Char;
begin
GetModuleFileName(0, mb, sizeof(mb));
result := ExtractFilePath(mb);
end;
function GetProcessId(const szProcName: PChar):Cardinal;
var
hSnapShot: THandle;
PeFormat32: TProcessEntry32;
begin
result := 0;
PeFormat32.dwSize := sizeof(ProcessEntry32);
hSnapShot := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS, 0);
if hSnapShot <> 0 then
begin
if Process32First(hSnapShot, PeFormat32) <> false then
begin
while Process32Next(hSnapShot, PeFormat32) <> false do
begin
if lstrcmpi(PeFormat32.szExeFile, szProcName) = 0 then
begin
result := PeFormat32.th32ProcessID;
break;
end;
end;
end;
CloseHandle(hSnapShot);
end;
end;
function IsDllInProcLoaded(const hProc: Cardinal; szMod: PChar):Boolean;
var
hSnap: Cardinal;
te: TModuleEntry32;
begin
result := false;
te.dwSize := sizeof(TModuleEntry32);
hSnap := CreateToolHelp32SnapShot(TH32CS_SNAPMODULE, hProc);
if hSnap <> 0 then
begin
if Module32First(hSnap, te) = true then
begin
while Module32Next(hSnap, te) = true do
begin
if lstrcmpi(szMod, te.szModule) = 0 then
begin
result := true;
break;
end;
end;
end;
CloseHandle(hSnap);
end;
end;
function InjectLibrary(lpProcessID: Cardinal; lpDllname: String):LongBool;
var
hProc: Cardinal;
oAlloc: Pointer;
cWPM: Cardinal;
hRemThread: Cardinal;
begin
result := false;
SetLastError(ERROR_SUCCESS);
hProc := OpenProcess(PROCESS_ALL_ACCESS, false, lpProcessID);
if hProc <> 0 then
begin
oAlloc := VirtualAllocEx(hProc, nil, length(lpDllname), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if oAlloc <> nil then
begin
if WriteProcessMemory(hProc, oAlloc, PChar(lpDllName), length(lpDllName), cWPM) = true then
begin
CreateRemoteThread(hProc, nil, 0, GetProcAddress(GetModuleHandle('kernel32.dll'), 'LoadLibraryA'), oAlloc, 0, hRemThread);
if GetLastError = ERROR_SUCCESS then
begin
result := true;
end;
end;
end;
end;
CloseHandle(hProc);
end;
var
Snap: Cardinal;
tp: TProcessEntry32;
s: String;
begin
MessageBoxA(0, 'começando os trabalhos!', 'firewall', 0);
while true do
begin
Snap := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if Snap <> 0 then
begin
tp.dwSize := Sizeof(TProcessEntry32);
if Process32First(Snap, tp) = true then
begin
while Process32Next(Snap, tp) = true do
begin
s := tp.szExeFile;
if Copy(s, length(s)-3, 4) <> '.exe' then continue;
if IsDllInProcLoaded(tp.th32ProcessID, MODULE) = false then
begin
InjectLibrary(tp.th32ProcessID, Format('%s\%s', [GetCurPath(), MODULE]));
end;
end;
end;
CloseHandle(Snap);
end;
Sleep(1000);
end;
end.