ChupaChu Posted October 15, 2007 Posted October 15, 2007 (edited) Get it here: uallCollection.zip Its powerfull sources in Delphi - pretty hard to find (my provider had it blacklisted, thanks to people whom helped me to find it!) // uallDisasm.pas { read an assembler instruction on a specific address [p] pointer to address of assembler instruction [name] returns a string with name of the assembler instruction returns the size of the assembler instruction [result] true if successful, false if [p] not readable or unknown assembler instruction} function InstructionInfo(p: pointer; var name: string; var size: integer): boolean; stdcall; // uallHook.pas { hooks a function in memory [oldfunction] address of function to hook [yourfunction] address of the callback function [nextfunction] address of function which must be used instead of [oldfunction] (else endless loop) [result] true if successful hooked else false} function HookCode(oldfunction, yourfunction: pointer; var nextfunction: pointer): boolean; stdcall; { unhooks a function which is hooked by HookCode [nextfunction] address of function which was returned by HookCode [result] true if successful unhooked elese false} function UnhookCode(var nextfunction: pointer): boolean; stdcall; { hooks an imported API function from a module [modulehandle] handle of module which imports the function (NOT exports) [oldfunction] address of function which is imported [yourfunction] address of callback function [result] true if successfull hooked else false} function HookApiIAT(modulehandle: integer; oldfunction, yourfunction: pointer): boolean; stdcall; overload; { hooks an improted API modulewide [modulehandle] handle of module which imports the function (NOT exports) [oldfunction] address of function which is imported [yourfunction] address of callback function [result] true if successfull hooked else false} function HookApiIAT(oldfunction, yourfunction: pointer): boolean; stdcall; overload; { injects the executable into a target process [pid] target process [dllmain] address of dllmain inside the executable which is called after injection [result] true if successful injected into target process} function InjectMe(pid: integer; dllmain: pointer): boolean; stdcall; { injects a library into a target process [pid] target process [dlln] path to dll which should be injected [result] address of inject code inside targetprocess else nil} function InjectLibrary(pid: cardinal; dlln: pchar): pointer; stdcall; { uninjects a library into a target process [pid] target process [dlln] path to dll which should be uninjected [result] address of uninject code inside targetprocess else nil} function UnloadLibrary(pid: cardinal; dlln: pchar): pointer; stdcall; { injects a library into all current processes [libname] path to dll which should be injected [result] count of process which has loaded the dll} function GlobalInjectLibrary(libname: pchar): integer; stdcall; { uninjects a library into all current processes [libname] path to dll which should be uninjected [result] count of process which has unloaded the dll} function GlobalUnloadLibrary(libname: pchar): integer; stdcall; // uallKernel.pas { loads a library into the process [dllname] name of dll which should be loaded [result] handle of dll if successful else 0} function LoadLibraryX(dllname: pchar): integer; stdcall; overload; { loads a library into the process [dllname] name of dll which should be loaded [name] you can pass everything here it uses the third param of dllmain [result] handle of dll if successful else 0} function LoadLibraryX(dllname, name: pchar): integer; stdcall; overload; { creates a thread into the target process (win9x support) [pid] target process [p] startaddress of thread [result] true if successful started else 0} function CreateRemoteThreadX(pid: cardinal; p: pointer): boolean; stdcall; { open a thread with access right (win9x support) [access] access rights [inherited handle] [tid] thread id to open [result] handle with access rights if successful else 0} function OpenThreadX(access: integer; inherithandle: boolean; tid: integer): integer; stdcall; { allocates memory in the target process (win9x support, EXECUTE_READWRITE) [pid] process id size of memory which should be allocated [result] address of allocated memory if successful else nil} function VirtualAllocExX(pid: cardinal; Size: cardinal): pointer; stdcall; { get the entrypoint of a function in dll [modulehandle] handle of module which exports the function [procname] name of exported function [result] address of the function if successful else nil} function GetProcAddressX(module: integer; procname: pchar): pointer; stdcall; { frees memory which is allocated by VirtualAllocEx in a process [pid] process id [memaddr] address of memory which should be freed size of memory to free [result] true if successful else false} function VirtualFreeExX(pid: cardinal; Memaddr: pointer; Size: cardinal): boolean; stdcall; { returns handle of kernel32.dll module [result] handle of kernel32.dll module} function GetKernelHandle: integer; stdcall; { return handle of the calling module [result] handle of the calling module} function GetOwnModuleHandle: cardinal; stdcall; { returns handle of module which where the address points to [addr] address inside a module [result] handle of module if successful else 0} function GetRealModuleHandle(addr: pointer): cardinal stdcall; // uallProcess.pas { returns processid of a processname [exenames] list of processname ex. 'hl.exe'#13#10'cstrike.exe'#13#10 use #13#10 as seperator [result] processid if successful else 0} function FindProcess(ExeNames: string): integer; stdcall; { lists modules of a process [pid] process id [result] string with modules (seperated with #13#10) if successful else empty string} function FindModulesInProcess(pid: cardinal): string; stdcall; overload; { lists modules of a process [processname] name of process [result] string with modules (seperated with #13#10) if successful else empty string} function FindModulesInProcess(processname: string): string; stdcall; overload; { list of all processes [result] string with all processnames (seperated with #13#10) if successful else empty string} function FindAllProcesses: string; stdcall; { find a thread from a process id [pid] process id [result] a threadid from the process if successful else 0 } function GetThread(pid: integer): integer; stdcall; // uallProtect.pas { hides a library in the process (GetModuleHandle will fail) [lib] handle of library [result] true if successful else false} function HideLibraryNT(lib: integer): boolean; stdcall; { unhides a library which was hidden by HideLibraryNT [lib] handle of library [result] true if successful else false} function ShowLibraryNT(lib: integer): boolean; stdcall; { returns if a debugger is attached [result] true if debugger detected else false} function IsDebuggerPresent: boolean; stdcall; { gives the calling process the debug privilege [result] true if successful else false} function GetDebugPrivilege: boolean; stdcall; { forces the process to load a library (you can have some instances of one library) [libname] name of module [result] handle of module} function ForceLoadLibrary(libname: pchar): integer; stdcall; { calls a function, debuggers will crash [proc] address of function which should be called} procedure ProtectCall(proc: pointer); stdcall; { if this function is called windows debggers cant attach the process anymore} procedure AntiDebugActiveProcess; stdcall; { checks if a API is hooked by CodeOverwriting/Import/Export table hook [dllname] name of dll which exports the function [procname] name of exported API [result] true if function is hooked else false} function IsHooked(dllname, procname: pchar): boolean; stdcall; { returns handle of kernel32.dll module [result] handle of kernel32.dll module} function GetKernelHandle: integer; stdcall; // uallRelocHook.pas { hooks an API by the reclocation table (own method) [oldaddress] address of API [newaddress] address of callback function [nextaddress] address of function which should be used after hooking (endless loop otherwise) [result] count of installed hooks} function HookRelocationTable(oldaddress, newaddress: pointer; var nextaddress: pointer): integer; stdcall; { unhook an API which was hooked by the relocation table [nextaddress] callback address [newaddress] original API address [result] count of uninstalled hooks} function UnHookRelocationTable(nextaddress, newaddress: pointer): integer; stdcall; // uallTableHook.pas { returns assembler intruction length [addr] address of assembler instruction [result] size of instruction} function myInstructionLength(addr: pointer): integer; stdcall; { hooks an API / code by code overwriting (JMP) [oldfunction] address of API / code [yourfunction] address of callback function [nextfucntion] address of function which should be used after hooking (endless loop otherwise) [result] true if successful hooked else false} function HookAPIJMP(oldfunction,yourfunction: pointer; var nextfunction: pointer): boolean; stdcall; { unhooks an API /code which was hooked by code overwriting (jmp) [nextfunction] address of function which was returned by HookAPIJMP [result] true if successfuk unhooked else false} function UnhookAPIJMP(nextfunction: pointer): boolean; stdcall; // uallUtil.pas { extracts a filename with its extention file [result] filename with extention} function ExtractFileNameWithExtention(s: string): string; stdcall; { extracts a filename without extention file [result] filename without extention} function ExtractFileName(s: string): string; stdcall; { retuns the uppercase of the string string [result] uppercase of string} function UpperCase(s: string): string; stdcall; { retuns the lowercase of the string string [result] lowercase of string} function LowerCase(s: string): string; stdcall; { returns the path of a file file [result] paht of file} function ExtractFilePath(s: String): string; stdcall; { returns an integer value as string [value] integer value [result] [value] as string} function IntToStr(Value: integer): string; stdcall; { returns an integer value as hexstring [value] integer value [digits] count of digits which the string should return [result] [value] as hexstring} function IntToHex(Value, Digits: integer): string; stdcall; { return the directory of the executable [result] directory of the executable} function GetExeDirectory: string; stdcall; { returns if system is windows NT based [result] true if system is NT based else false} function isNT: boolean; stdcall; { returns if system is windows 9x based [result] true if system is 9x (95 / 98 / 98 SE / ME) based else false} function is9x: boolean; stdcall; BTW: if anyone has original examples for omorphia project (that have been removed from inital package), please share it! EDIT: thanks to SK for providing link to omorphia project! Hope this will help to all Delphi coders Best Regards, ChupaChu! Edited October 15, 2007 by ChupaChu
zooley Posted October 15, 2007 Posted October 15, 2007 Thanx Chupa, awesome sources, thanx a lot. The best thinkg in this forum is sharing great sources and tearning from them.
ChupaChu Posted October 16, 2007 Author Posted October 16, 2007 ur welcomed!And i do agree with wath you said.. there is no way the scene to grow and advance if nobody wants to share information..
Departure Posted October 27, 2007 Posted October 27, 2007 yeap i agree very awsome functions there, I just started Delphi, Was coding in VB6 for 4 or 5 years, but got tiered and want to go learn something new, by my suprise delphi seems to be a lot easyer than I thought, stuff I can now do in delphi with a just few lines of code took mass amounts of code with Vb6, Im still mostly coding with API's as they are the same in Vb6 but I am looking forward to seeing delphi true power (beside the short coding and no runtime files)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now