unit uMain;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, ExtCtrls, StdCtrls, uallHook, uallProcess, uallUtil, uallKernel;
  
type
  TfrmMain = class(TForm)
    lbl1: TLabel;
    tmrSearchCondor: TTimer;
    mmo1: TMemo;
    procedure FormCreate(Sender: TObject);
    procedure tmrSearchCondorTimer(Sender: TObject);
    procedure FormDestroy(Sender: TObject);
  private
    { Private-Deklarationen }
    fCondorPID : DWord;
    fInjected : Boolean;
    fDontWork : Boolean;
    procedure SearchCondor;
    procedure InjectMyFunctions;
    procedure UnloadMyFunctions;
    function GetDebugPrivileges : Boolean;
    procedure WriteText(s : string);
    procedure WMNOTIFYCD(var Msg: TWMCopyData); message WM_COPYDATA;
  public
    { Public-Deklarationen }
  end;

var
  frmMain: TfrmMain;

implementation

{$R *.dfm}

type Tmydata = packed record
       datacount: integer;
       ind: boolean;
     end;

const cCondorApplication = 'notepad.exe';
      cinjComFuntionsDLL = 'injComFunctions.dll';

var myData : TMydata;

procedure TfrmMain.WMNOTIFYCD(var Msg: TWMCopyData);
begin
  if Msg.CopyDataStruct^.cbData = sizeof(TMydata) then
  begin
    CopyMemory(@myData,Msg.CopyDataStruct^.lpData,sizeof(TMyData));
    WriteText(IntToStr(mydata.datacount))
  end;
end;

procedure TfrmMain.WriteText(s : string);
begin
  mmo1.Lines.Add(DateTimeToStr(now) + ':> ' + s);
end;

procedure TfrmMain.InjectMyFunctions;
begin
  if not fInjected then begin
    if InjectLibrary(fCondorPID, PChar(GetExeDirectory + cinjComFuntionsDLL)) then fInjected := True;
  end;
end;

procedure TfrmMain.UnloadMyFunctions;
begin
  if fInjected then begin
    UnloadLibrary(fCondorPID, PChar(GetExeDirectory + cinjComFuntionsDLL));
    fInjected := False;
  end;
end;

procedure TfrmMain.SearchCondor;
begin
  fCondorPID := FindProcess(cCondorApplication);
  if fCondorPID <> 0 then begin
    lbl1.Caption := 'Notepad is running!';
    InjectMyFunctions;
  end else begin
    lbl1.Caption := 'Notepad isn''t running!';
  end;
end;

procedure TfrmMain.FormDestroy(Sender: TObject);
begin
  UnloadMyFunctions;
end;

function TfrmMain.GetDebugPrivileges : Boolean;
begin
  Result := False;
  if not SetDebugPrivilege(SE_PRIVILEGE_ENABLED) then begin
    Application.MessageBox('No Debug rights!', 'Error', MB_OK);
  end else begin
    Result := True;
  end;
end;

procedure TfrmMain.FormCreate(Sender: TObject);
begin
  fInjected := False;
  fDontWork := not GetDebugPrivileges;
  tmrSearchCondor.Enabled := not fDontWork;
end;

procedure TfrmMain.tmrSearchCondorTimer(Sender: TObject);
begin
  tmrSearchCondor.Enabled := False;
  SearchCondor;
  tmrSearchCondor.Enabled := True;
end;

end.

library injComFunctions;

uses
  windows, uallHook, SysUtils;

const WM_COPYDATA = $004A;

type Tmydata = packed record
      datacount: integer;
      ind: boolean;
     end;

var
  nextCreateFile, oldCreateFile : function(lpFileName: PChar; dwDesiredAccess, dwShareMode: DWORD;
                 lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
                 hTemplateFile: THandle): THandle; stdcall;
  nextCreateFileA, oldCreateFileA : function(lpFileName: PAnsiChar; dwDesiredAccess, dwShareMode: DWORD;
                          lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
                          hTemplateFile: THandle): THandle; stdcall;
  nextCreateFileW, oldCreateFileW : function(lpFileName: PWideChar; dwDesiredAccess, dwShareMode: DWORD;
                          lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
                          hTemplateFile: THandle): THandle; stdcall;

  myData : Tmydata;
  CDS : TCopyDataStruct;
  winh : integer;

procedure sendapp(len: integer; indata: boolean);
begin
  MessageBoxA(0,PChar('Function sendapp: ' + IntToStr(len)),'Msg',0);
  mydata.datacount := len;
  mydata.ind := indata;
  SendMessageA(winh,WM_COPYDATA,0,cardinal(@CDS));
end;

function myCreateFile(lpFileName: PChar; dwDesiredAccess, dwShareMode: DWORD;
                 lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
                 hTemplateFile: THandle): THandle; stdcall;
begin
  sendapp(11, true);
  Result := nextCreateFile(lpFileName, dwDesiredAccess, dwShareMode,
                 lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes,
                 hTemplateFile);
end;

function myCreateFileA(lpFileName: PAnsiChar; dwDesiredAccess, dwShareMode: DWORD;
                          lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
                          hTemplateFile: THandle): THandle; stdcall;
begin
  sendapp(22, true);
  Result := nextCreateFileA(lpFileName, dwDesiredAccess, dwShareMode,
                          lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes,
                          hTemplateFile);
end;

function myCreateFileW(lpFileName: PWideChar; dwDesiredAccess, dwShareMode: DWORD;
                          lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
                          hTemplateFile: THandle): THandle; stdcall;
begin
  sendapp(33, true);
  Result := nextCreateFileW(lpFileName, dwDesiredAccess, dwShareMode,
                          lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes,
                          hTemplateFile);
end;

procedure InjectMain;
var kernelHandle : Integer;
begin
  @oldCreateFile := nil;
  @oldCreateFileA := nil;
  @oldCreateFileW := nil;

  CDS.dwData := 0;
  CDS.cbData := sizeof(TMyData);
  CDS.lpData := @mydata;

  winh := FindWindowA(nil,'CondorComTest');
  MessageBoxA(0,PChar('Handle winh: ' + IntToStr(winh)),'Msg',0);
  if winh <> 0 then sendapp(10, true);

  kernelHandle := GetModuleHandle('kernel32.dll');
  if kernelHandle > 0 then begin
    @oldCreateFile := GetProcAddress(kernelHandle,'CreateFile');
    if @oldCreateFile <> nil then HookCode(@oldCreateFile, @myCreateFile, @nextCreateFile);
    @oldCreateFileA := GetProcAddress(kernelHandle,'CreateFileA');
    if @oldCreateFileA <> nil then HookCode(@oldCreateFileA, @myCreateFileA, @nextCreateFileA);
    @oldCreateFileW := GetProcAddress(kernelHandle,'CreateFileW');
    if @oldCreateFileW <> nil then HookCode(@oldCreateFileW, @myCreateFileW, @nextCreateFileW);
  end;
end;

procedure UnInjectMain;
begin
  if @oldCreateFile <> nil then UnhookCode(@nextCreateFile);
  if @oldCreateFileA <> nil then UnhookCode(@nextCreateFileA);
  if @oldCreateFileW <> nil then UnhookCode(@nextCreateFileW);
end;

procedure DllMain(dwReason: DWord);
begin
  case dwReason of
    DLL_PROCESS_ATTACH: begin
                          InjectMain;
                          MessageBoxA(0,PChar('Loaded :'+Paramstr(0)),'Msg',0);
                        end;
    DLL_PROCESS_DETACH: begin
                          UnInjectMain;
                          //MessageBoxA(0,PChar('Unloaded :'+Paramstr(0)),'Msg',0);
                        end;
  end;
end;

begin
  DllProc := @DllMain;
  DllMain(DLL_PROCESS_ATTACH);
end.