Jump to content
Tuts 4 You

Uallcollection Download


ChupaChu

Recommended Posts

Posted (edited)

Get it here: uallCollection.zip

Its powerfull sources in Delphi - pretty hard to find (my provider had it blacklisted, thanks to people whom helped me to find it!)

// uallDisasm.pas

{ read an assembler instruction on a specific address

[p] pointer to address of assembler instruction

[name] returns a string with name of the assembler instruction

returns the size of the assembler instruction

[result] true if successful, false if [p] not readable or unknown assembler instruction}

function InstructionInfo(p: pointer; var name: string; var size: integer): boolean; stdcall;

// uallHook.pas

{ hooks a function in memory

[oldfunction] address of function to hook

[yourfunction] address of the callback function

[nextfunction] address of function which must be used instead of [oldfunction] (else endless loop)

[result] true if successful hooked else false}

function HookCode(oldfunction, yourfunction: pointer; var nextfunction: pointer): boolean; stdcall;

{ unhooks a function which is hooked by HookCode

[nextfunction] address of function which was returned by HookCode

[result] true if successful unhooked elese false}

function UnhookCode(var nextfunction: pointer): boolean; stdcall;

{ hooks an imported API function from a module

[modulehandle] handle of module which imports the function (NOT exports)

[oldfunction] address of function which is imported

[yourfunction] address of callback function

[result] true if successfull hooked else false}

function HookApiIAT(modulehandle: integer; oldfunction, yourfunction: pointer): boolean; stdcall; overload;

{ hooks an improted API modulewide

[modulehandle] handle of module which imports the function (NOT exports)

[oldfunction] address of function which is imported

[yourfunction] address of callback function

[result] true if successfull hooked else false}

function HookApiIAT(oldfunction, yourfunction: pointer): boolean; stdcall; overload;

{ injects the executable into a target process

[pid] target process

[dllmain] address of dllmain inside the executable which is called after injection

[result] true if successful injected into target process}

function InjectMe(pid: integer; dllmain: pointer): boolean; stdcall;

{ injects a library into a target process

[pid] target process

[dlln] path to dll which should be injected

[result] address of inject code inside targetprocess else nil}

function InjectLibrary(pid: cardinal; dlln: pchar): pointer; stdcall;

{ uninjects a library into a target process

[pid] target process

[dlln] path to dll which should be uninjected

[result] address of uninject code inside targetprocess else nil}

function UnloadLibrary(pid: cardinal; dlln: pchar): pointer; stdcall;

{ injects a library into all current processes

[libname] path to dll which should be injected

[result] count of process which has loaded the dll}

function GlobalInjectLibrary(libname: pchar): integer; stdcall;

{ uninjects a library into all current processes

[libname] path to dll which should be uninjected

[result] count of process which has unloaded the dll}

function GlobalUnloadLibrary(libname: pchar): integer; stdcall;

// uallKernel.pas

{ loads a library into the process

[dllname] name of dll which should be loaded

[result] handle of dll if successful else 0}

function LoadLibraryX(dllname: pchar): integer; stdcall; overload;

{ loads a library into the process

[dllname] name of dll which should be loaded

[name] you can pass everything here

it uses the third param of dllmain

[result] handle of dll if successful else 0}

function LoadLibraryX(dllname, name: pchar): integer; stdcall; overload;

{ creates a thread into the target process (win9x support)

[pid] target process

[p] startaddress of thread

[result] true if successful started else 0}

function CreateRemoteThreadX(pid: cardinal; p: pointer): boolean; stdcall;

{ open a thread with access right (win9x support)

[access] access rights

[inherited handle]

[tid] thread id to open

[result] handle with access rights if successful else 0}

function OpenThreadX(access: integer; inherithandle: boolean; tid: integer): integer; stdcall;

{ allocates memory in the target process (win9x support, EXECUTE_READWRITE)

[pid] process id

size of memory which should be allocated

[result] address of allocated memory if successful else nil}

function VirtualAllocExX(pid: cardinal; Size: cardinal): pointer; stdcall;

{ get the entrypoint of a function in dll

[modulehandle] handle of module which exports the function

[procname] name of exported function

[result] address of the function if successful else nil}

function GetProcAddressX(module: integer; procname: pchar): pointer; stdcall;

{ frees memory which is allocated by VirtualAllocEx in a process

[pid] process id

[memaddr] address of memory which should be freed

size of memory to free

[result] true if successful else false}

function VirtualFreeExX(pid: cardinal; Memaddr: pointer; Size: cardinal): boolean; stdcall;

{ returns handle of kernel32.dll module

[result] handle of kernel32.dll module}

function GetKernelHandle: integer; stdcall;

{ return handle of the calling module

[result] handle of the calling module}

function GetOwnModuleHandle: cardinal; stdcall;

{ returns handle of module which where the address points to

[addr] address inside a module

[result] handle of module if successful else 0}

function GetRealModuleHandle(addr: pointer): cardinal stdcall;

// uallProcess.pas

{ returns processid of a processname

[exenames] list of processname ex. 'hl.exe'#13#10'cstrike.exe'#13#10

use #13#10 as seperator

[result] processid if successful else 0}

function FindProcess(ExeNames: string): integer; stdcall;

{ lists modules of a process

[pid] process id

[result] string with modules (seperated with #13#10) if successful else empty string}

function FindModulesInProcess(pid: cardinal): string; stdcall; overload;

{ lists modules of a process

[processname] name of process

[result] string with modules (seperated with #13#10) if successful else empty string}

function FindModulesInProcess(processname: string): string; stdcall; overload;

{ list of all processes

[result] string with all processnames (seperated with #13#10) if successful else empty string}

function FindAllProcesses: string; stdcall;

{ find a thread from a process id

[pid] process id

[result] a threadid from the process if successful else 0

}

function GetThread(pid: integer): integer; stdcall;

// uallProtect.pas

{ hides a library in the process (GetModuleHandle will fail)

[lib] handle of library

[result] true if successful else false}

function HideLibraryNT(lib: integer): boolean; stdcall;

{ unhides a library which was hidden by HideLibraryNT

[lib] handle of library

[result] true if successful else false}

function ShowLibraryNT(lib: integer): boolean; stdcall;

{ returns if a debugger is attached

[result] true if debugger detected else false}

function IsDebuggerPresent: boolean; stdcall;

{ gives the calling process the debug privilege

[result] true if successful else false}

function GetDebugPrivilege: boolean; stdcall;

{ forces the process to load a library (you can have some instances of one library)

[libname] name of module

[result] handle of module}

function ForceLoadLibrary(libname: pchar): integer; stdcall;

{ calls a function, debuggers will crash

[proc] address of function which should be called}

procedure ProtectCall(proc: pointer); stdcall;

{ if this function is called windows debggers cant attach the process anymore}

procedure AntiDebugActiveProcess; stdcall;

{ checks if a API is hooked by CodeOverwriting/Import/Export table hook

[dllname] name of dll which exports the function

[procname] name of exported API

[result] true if function is hooked else false}

function IsHooked(dllname, procname: pchar): boolean; stdcall;

{ returns handle of kernel32.dll module

[result] handle of kernel32.dll module}

function GetKernelHandle: integer; stdcall;

// uallRelocHook.pas

{ hooks an API by the reclocation table (own method)

[oldaddress] address of API

[newaddress] address of callback function

[nextaddress] address of function which should be used after hooking (endless loop otherwise)

[result] count of installed hooks}

function HookRelocationTable(oldaddress, newaddress: pointer; var nextaddress: pointer): integer; stdcall;

{ unhook an API which was hooked by the relocation table

[nextaddress] callback address

[newaddress] original API address

[result] count of uninstalled hooks}

function UnHookRelocationTable(nextaddress, newaddress: pointer): integer; stdcall;

// uallTableHook.pas

{ returns assembler intruction length

[addr] address of assembler instruction

[result] size of instruction}

function myInstructionLength(addr: pointer): integer; stdcall;

{ hooks an API / code by code overwriting (JMP)

[oldfunction] address of API / code

[yourfunction] address of callback function

[nextfucntion] address of function which should be used after hooking (endless loop otherwise)

[result] true if successful hooked else false}

function HookAPIJMP(oldfunction,yourfunction: pointer; var nextfunction: pointer): boolean; stdcall;

{ unhooks an API /code which was hooked by code overwriting (jmp)

[nextfunction] address of function which was returned by HookAPIJMP

[result] true if successfuk unhooked else false}

function UnhookAPIJMP(nextfunction: pointer): boolean; stdcall;

// uallUtil.pas

{ extracts a filename with its extention

file

[result] filename with extention}

function ExtractFileNameWithExtention(s: string): string; stdcall;

{ extracts a filename without extention

file

[result] filename without extention}

function ExtractFileName(s: string): string; stdcall;

{ retuns the uppercase of the string

string

[result] uppercase of string}

function UpperCase(s: string): string; stdcall;

{ retuns the lowercase of the string

string

[result] lowercase of string}

function LowerCase(s: string): string; stdcall;

{ returns the path of a file

file

[result] paht of file}

function ExtractFilePath(s: String): string; stdcall;

{ returns an integer value as string

[value] integer value

[result] [value] as string}

function IntToStr(Value: integer): string; stdcall;

{ returns an integer value as hexstring

[value] integer value

[digits] count of digits which the string should return

[result] [value] as hexstring}

function IntToHex(Value, Digits: integer): string; stdcall;

{ return the directory of the executable

[result] directory of the executable}

function GetExeDirectory: string; stdcall;

{ returns if system is windows NT based

[result] true if system is NT based else false}

function isNT: boolean; stdcall;

{ returns if system is windows 9x based

[result] true if system is 9x (95 / 98 / 98 SE / ME) based else false}

function is9x: boolean; stdcall;

BTW: if anyone has original examples for omorphia project (that have been removed from inital package), please share it!

EDIT: thanks to SK for providing link to omorphia project!

Hope this will help to all Delphi coders :)

Best Regards, ChupaChu!

Edited by ChupaChu
Posted

Thanx Chupa, awesome sources, thanx a lot. The best thinkg in this forum is sharing great sources and tearning from them.

Posted

ur welcomed!

And i do agree with wath you said.. there is no way the scene to grow and advance if nobody wants to share information..

  • 2 weeks later...
Posted

yeap i agree very awsome functions there, I just started Delphi, Was coding in VB6 for 4 or 5 years, but got tiered and want to go learn something new, by my suprise delphi seems to be a lot easyer than I thought, stuff I can now do in delphi with a just few lines of code took mass amounts of code with Vb6, Im still mostly coding with API's as they are the same in Vb6 but I am looking forward to seeing delphi true power (beside the short coding and no runtime files)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...