Delphi using hook to implement DLL injection detailed

Requires a DLL to inject (Inject.dll) and a calling program (Caller.exe)

Process:

Caller.exe


procedure Testhook;


var pwnd,hchild, Hwndinject:hwnd;


msg:tmsg;


begin


//through the window title use FindWindow to find the main window handle of the program to be injected pwnd


pwnd: = FindWindow (' ProgMan ', nil);


//FindWindowEx (Hmain,0,nil,nil) To find the child window handle Hchild


Hchild: = FindWindowEx (Pwnd,0,nil,nil);


//GetWindowThreadProcessId (Hchild,nil) to find the thread to inject


dwThreadID: = GetWindowThreadProcessId (Hchild,nil);


//Call Inject.dll Setinjecthook method


Setinjecthook (dwThreadID);


//Waiting for message return


getmessage (msg,0,0,0);


//Find injected window


hwndinject:= FindWindow (nil, ' injectform ');


//Send control message, the handle of the target form as wparam, control parameters to lparam into


SendMessage (Hwndinject, Wm_app,hchild,integer (true));


//Close injected window


SendMessage (hwndinject,wm_close,0,0);


//Waiting for window to close


Sleep (500);


//Check for successful shutdown


assert (not IsWindow (Hwndinject));


//Remove Hook


setdipshook (0);


end;


//below illustrates the specific operation of the Inject.dll Setinjecthook


defines the following variables globally


var


g_hhook:hhook=0;


g_dwthreadidinject:d word=0;


G_hinjectfrm:hwnd;


function Setinjecthook (Dwthreadid:dword): boolean;


begin


Result: = false;


//If the thread flag is 0 to remove the hook, otherwise dynamic library injection


if Dwthreadid<>0 then


begin


assert (g_hhook=0);


//Save the ID of the current thread to G_dwthreadidinject


g_dwthreadidinject: = GetCurrentThreadID;


//Next getmessage hook to target thread


//getmsgproc is a function defined below that creates a custom form on the target thread on the first call


//This allows the target thread to be in-process control through this custom form.


G_hhook: = SetWindowsHookEx (Wh_getmessage,getmsgproc,hinstance,dwthreadid);


Result: = G_hhook <> null;


if result then


//Send an empty message to facilitate the creation of this custom form immediately


Result: = PostThreadMessage (dwThreadID, wm_null,0,0);


//Wait half a second to ensure that the caller can find this newly created form


Sleep (500);


End Else


begin


assert (g_hhook<>0);


//Remove Hook


Result: = UnhookWindowsHookEx (G_hhook);


G_hhook: = 0;


end;


end;


//Define a global whether the first message's flag


var


Ffirsttime:boolean = true;


//This function is used to create a custom form when the first message is received to facilitate remote control of the


function Getmsgproc (code:integer; wparam:wparam; lparam:lparam): Lresult; stdcall;


begin


//If it is the first time


if Ffirsttime then


begin


Ffirsttime: = false;


Create a form


injectfrm: = Tinjectfrm.create (nil);


//Save form handle


g_hinjectfrm: = Injectfrm.handle;


end;


//Call default processing, this sentence can not be forgotten


Result: = CallNextHookEx (G_hhook,code,wparam,lparam);


end;