VB code translated into Delphi-CodePudding

The Attribute VB_Name="ModDXC"
Declare the Function GetAsyncKeyState Lib "user32" (ByVal vKey) As Long As the Integer
'define the thread handle
Public VBThreadHandle1 As Long, VBThreadHandle2 As Long
'define the thread ID
Public VBThreadID1 As Long, VBThreadID2 As Long, HWND As Long

Private Declare Function GetCurrentProcessId Lib "kernel32 () As" Long

Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

Public Declare Function htonl Lib "Wsock32. DLL" (ByVal hostlong As Long) As Long

Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long

Public Declare Function GetProcAddress call Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long

Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any Source, As Any, ByVal Length As Long)

Private Declare Function timeGetTime Lib "winmm. DLL () As" Long, 'the statement to get system boot up to the present time (unit: ms)

'-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Public socket As Long

Public data address As String

Public Sub for socket ()

Dim the original API address As Long, the new API address As Long

Dim assembly instruction As String

The original API address=GetProcAddress call (LoadLibrary (" ws2_32. DLL "), "send")

New API address=process memory address (AddressOf ModDXC. The socket access point)

Form1. Text1=Hex (original API address)

Form1. Text2=Hex (new API address)

Assembly instruction="60 b00 A3 on the 8th of 83 c0 bc4 24" & amp; Completion function (Hex $(htonl (VarPtr (socket)))) & amp; "61 8 BFF 55 bec BB" & amp; Completion function (Hex $(htonl (original API address))) & amp; "83 c3 05 FFE3
"
If written to memory (AddressOf ModDXC. Socket access point, assembly instruction)=False Then MsgBox "failed to get some hooks socket!" , 0, "HOOK"

Unconditional jump - 1, the original API address, the new API address

End Sub
Public Sub construction contract ()

Dim the original API address As Long

Dim assembly instruction As String

Assembly instruction="6 a 00 50 68" & amp; Completion function (Hex $(htonl (VarPtr (data address)))) & amp; "68" & amp; Completion function (Hex $(htonl (socket)))

The original API address=GetProcAddress call (LoadLibrary (" ws2_32. DLL "), "send")

Assembly instruction=assembly instruction & amp; "B8" & amp; Completion function (Hex $(htonl (original API address))) & amp; "FFD0 C3
"
If written to memory (AddressOf ModDXC contract awarding, assembly instruction)=False Then MsgBox "construction contract failed!" , 0, "build"

Form1. Text5=Hex (process memory address (AddressOf ModDXC. Contract))

End Sub

Public Sub Thread1 () 'the child thread 2
'* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (important!) VB6 environment initialization thread * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Init ByVal hh 'VB6 runtime initialize
CoInitializeEx ByVal 0 & amp; COM components, ByVal (COINIT_MULTITHREADED Or COINIT_SPEED_OVER_MEMORY) 'initialize
Induced VB6 runtime InitVBdll 'other internal part of the initialization
'* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (important!) VB6 environment initialization thread * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Form1. Show 1

CoUninitialize 'uninstall COM components (save will not affect the stability, but may cause a handle or a memory leak, in order to develop good habits, or write)
End Sub
Function socket access point (ByVal XX As Long) As Long

MessageBox 0, "DLL hijack module initialization is complete!" , 16
"prompt",
End the Function

Function contract (ByVal packet length As Long As Long

MessageBox 0, "DLL hijack module initialization is complete!" , 16
"prompt",
End the Function

Public Function process memory address (ByVal XX As Long As Long

Process memory address=XX

End the Function
Function unconditional jump (ByVal pehd As Long, ByVal hops As Long, the finish As Long)

Dim PeCodeAdr1 As Long
Dim MyCodeAdr1 As Long
Dim TemCha As Long
Dim byte1 As Byte

PeCodeAdr1=hops

MyCodeAdr1=end

TemCha=MyCodeAdr1 - (PeCodeAdr1 + 5)

WriteProcessMemory pehd, ByVal PeCodeAdr1, 233, 1, 0 & amp; 'E9 JMP

TemCha WriteProcessMemory pehd, ByVal PeCodeAdr1 + 1, 4, 0 & amp; 'the right

End the Function
Function to calculate the hex addresses (ByVal hops As Long, the finish As Long) As String

Computing hexadecimal address=Hex $(htonl (end - (jump point + 5)))

End the Function
Function inverse calculation hexadecimal address (ByVal hops As Long, the finish As Long) As String

Inverse calculation hexadecimal address=Hex $(hops + htonl (end) + 5)

End the Function

Turn the Function hex String (InputData As String) As String

Dim mydata As String, X As Long

For X=1 To Len (InputData)

Mydata=https://bbs.csdn.net/topics/mydata & "" & amp; Mid InputData, X, (2)

X=X + 1

Next

Dim As String, S lib As the Variant, I As an Integer

Dim (a) As Byte

S=Mid (mydata, 2, and Len (mydata))

Lib=Split (S)

ReDim a (UBound (lib))

For I=0 To UBound (lib)

A (I)=Val (" & amp; H "& amp; Lib (I))

Next

Turn the hex string=StrConv (a, vbUnicode)

End the Function
Transfer Function hexadecimal unicode (InputData As String) As String

Dim As a String
Dim as1 () As String
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull