Mensajes

i mean can i call this api with callapibyname function (with out declaration)?

Yes it's possible

Strptr Can Be Fully Replaced Without Any Problems
KarCrack made some error Try This

Código (vb) [Seleccionar] Expandir


'KERNEL32
Private Declare Function VarPtr__ Lib "KERNEL32" Alias "MulDiv" (ByRef a As Any, Optional ByVal b As Long = 1, Optional ByVal c As Long = 1) As Long
'MSVBVM60
Private Declare Sub GetMem4 Lib "MSVBVM60" (ByVal lPtr As Long, ByRef ret As Long)
'USER32
Private Declare Function MessageBoxW Lib "USER32" (ByVal hWnd As Long, ByVal lpText As Long, ByVal lpCaption As Long, ByVal wType As Long) As Long

Private Sub Form_Load()
    Dim cadena      As String
    Dim ptr1        As Long
    Dim ptr2        As Long

    cadena = "karcrack"

    ptr1 = StrPtr(cadena)
    'StrPtr__
    Call GetMem4(VarPtr__(cadena) + 8, ptr2)

    MsgBox (ptr1 = ptr2)

    Call MessageBoxW(0, ptr2, 0, 0)
    Call MessageBoxW(0, ptr1, 0, 0)
End Sub

STPRT Get the BSTR Address(where the string is stored) so is simple get it

Readmemory(Varptr + 8) = BSTR

enjoy

Hi all ... i have some Problem whit this Shellcode when i Crypt Some Unicode Chars


Assembly language source code :
***************************************
00000000  push ebp
00000001  mov ebp,esp
00000003  push ebx
00000004  push esi
00000005  push edi
00000006  mov eax,dword[ss:ebp+0xc]
00000009  test eax,eax
0000000b  je 0x53
0000000d  mov eax,dword[ss:ebp+0x14]
00000010  test eax,eax
00000012  je 0x53
00000014  mov ecx,dword[ss:ebp+0xc]
00000017  shl ecx,0x1
00000019  mov edx,dword[ss:ebp+0x8]
0000001c  add edx,ecx
0000001e  neg ecx
00000020  mov ebx,dword[ss:ebp+0x14]
00000023  shl ebx,0x1
00000025  mov eax,dword[ss:ebp+0x10]
00000028  add eax,ebx
0000002a  mov dword[ss:ebp+0x10],eax
0000002d  neg ebx
0000002f  mov dword[ss:ebp+0x14],ebx
00000032  mov eax,dword[edx+ecx*1]
00000035  add ebx,dword[ss:ebp+0x10]
00000038  xor al,byte[ebx]
0000003a  sub ebx,dword[ss:ebp+0x10]
0000003d  add ebx,0x2
00000043  jne 0x48
00000045  mov ebx,dword[ss:ebp+0x14]
00000048  mov dword[edx+ecx*1],eax
0000004b  add ecx,0x2
00000051  jne 0x32
00000053  xor eax,eax
00000055  pop edi
00000056  pop esi
00000057  pop ebx
00000058  mov esp,ebp
0000005a  pop ebp
0000005b  ret 0x10

I think the Problem Is xor al,byte[ebx] so i changed the OPCode

32 03  xor al,byte[ebx]

To

33 03 xor eax Dword(EBX)

now seems it can crypt more unicode chars but there is still some problem

Anyone can help me ? Thanks !!

Thanks A Lot ....

KarCrack Always the best

Thanks a lot ......

Hi all ... i need some Help

Maybe Someone know the rtcEnvironBstr Export of MSVBVM60.dll

i need the Declare of rtcEnvironBstr export function

Thanks to anyone who help me