Temas

Bueno hace días vi un efecto muy bueno en el foro de Autoit. hoy me dio por portarlo a vb6.

[youtube=640,360]Ex8ohlpldqs[/youtube]

Código Fuente.

http://www.sendspace.com/file/qo1gmx

[winhttp]

Bueno aquí una una UDF que tenias hace unos días lita pero ayer me decidí a actualizarla.  


Requiere  winhttp

http://www.autoitscript.com/forum/topic/84133-winhttp-functions/?hl=winhttp


Ejemplo:

Código (php) [Seleccionar] Expandir

#include <Crypt.au3>
#include "VT.au3"

Example()

Func Example()

   _Crypt_Startup()
   Local $sFilePath = @WindowsDir & "\Explorer.exe"

   Local $bHash = _Crypt_HashFile($sFilePath, $CALG_MD5)
  _Crypt_Shutdown()
   Local $hVirusTotal = VT_Open()
   Local $APIkey='Your API key'
   ConsoleWrite(VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $fScan, $sFilePath,$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo") & @CRLF)
   VT_Close($hVirusTotal) ;
EndFunc   ;==>Example



VT.au3 UDF

Código (php) [Seleccionar] Expandir

#include-once
#include "WinHttp.au3"

; #INDEX# =================================================================================================
; Title .........: VT.au3
; AutoIt Version : 3.3.8.1
; Language ......: English
; Description ...: VirusTotal public API version 2.0 implementation in Autoit
;thanks to: trancexx|ProgAndy "WinHttp.au3"  ||| guinness "Suggestions+Snippets ||| www.virustotal.com
;Reference https://www.virustotal.com/es/documentation/public-api
;Written by Danyfirex
;Date 12/05/2013 | Update 03/06/2013
; #FUNCTION# =============================================================================================




;===================CONSTANTS/CONSTANTES=======================
Global Const $__sVirusTotal_Page = 'www.virustotal.com'
Global Enum $eAPI_HttpOpen, $eAPI_HttpConnect
Global Enum $fReport,$fScan,$fRescan,$uReport,$uScan,$Comment
Global Const $tURL[6]=['/vtapi/v2/file/report','/vtapi/v2/file/scan','/vtapi/v2/file/rescan', _
                      '/vtapi/v2/url/report','/vtapi/v2/url/scan','/vtapi/v2/comments/put']
;==============================================================


; #FUNCTIONS/FUNCIONES# =======================================
;VT() ;Use respective flag($Type)
;VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")
;flags($Type)
;$fReport = retrieve a scan report on a given file
;$fScan   = submit a file for Scanning
;$fRescan = Rescan files in VirusTotal's file store
;$uReport = retrieve a scan report on a given URL
;$uScan   = submit a URL for Scanning
;$Comment = Make a commnet on files and URLs
; ==============================================================



; #FUNCTION# =============================================================================================
; Name...........: VT_Open
; Description ...: Initialize and get session handle & connection handle
; Syntax.........: VT_Open()
; guinness
; #FUNCTION# =============================================================================================
Func VT_Open()
   Local $aAPI[2] = [0, 0]
   $aAPI[$eAPI_HttpOpen] = _WinHttpOpen()
   If @error Then $aAPI[$eAPI_HttpOpen] = -1
   $aAPI[$eAPI_HttpConnect] = _WinHttpConnect($aAPI[$eAPI_HttpOpen], $__sVirusTotal_Page)
   If @error Then $aAPI[$eAPI_HttpConnect] = -1
   Return $aAPI
EndFunc   ;==>VT_Open


; #FUNCTION# =============================================================================================
; Name...........: VT_Close
; Description ...: Close handles
; Syntax.........: VT_Close($handle)
;guinness
; #FUNCTION# =============================================================================================
Func VT_Close(ByRef Const $aAPI)
   _WinHttpCloseHandle($aAPI[$eAPI_HttpOpen])
   _WinHttpCloseHandle($aAPI[$eAPI_HttpConnect])
   Return True
EndFunc   ;==>VT_Close



; #FUNCTION# =============================================================================================
; Name...........: VT
; Syntax.........: VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")
;VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey)
;VT($hVirusTotal, $fScan, "C:\file.exe",$APIkey)
;VT($hVirusTotal, $fRescan, hex($bHash),$APIkey)
;VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey)
;VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey)
;VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo")
; Parameters....: $Resource - md5/sha1/sha256/scan_id | filename | Url | respectively for flag($Type)
;                 $APIkey -  your API key.
;                 $Comments - your Comments
;Return.........; response format is a JSON object
; #FUNCTION# =============================================================================================
Func VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")

   If $aAPI[$eAPI_HttpConnect] = -1 Then $aAPI = VT_Open()

Select ;$fReport,$fScan,$fRescan,$uReport,$uScan,$Comment
   Case $Type = $fReport
        Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'resource=' & $sResource & '&key=' & $sAPIkey)

Case $Type = $fScan
 Local $sBoundary="--------Boundary"
 Local $sHeaders = "Content-Type: multipart/form-data; boundary=" & $sBoundary & @CRLF
 Local $sData = ''
   $sData &= "--" & $sBoundary & @CRLF
$sData &= 'Content-Disposition: form-data; name="apikey"' & @CRLF & @CRLF & $sAPIkey & @CRLF
$sData &= "--" & $sBoundary & @CRLF
$sData &= __WinHttpFileContent("", "file", $sResource,$sBoundary)
$sData &= "--" & $sBoundary & "--" & @CRLF
Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", $tURL[$Type], Default, StringToBinary($sData,0), $sHeaders)

Case $Type = $fRescan
        Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", "/vtapi/v2/file/rescan", Default, "resource=" & $sResource &"&key=" & $sAPIkey)

Case $Type = $uReport
        Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'resource=' & $sResource & '&key=' & $sAPIkey)

Case $Type = $uScan
        Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'url=' & $sResource & '&key=' & $sAPIkey)

Case $Type = $Comment
        return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", "/vtapi/v2/comments/put", Default, "resource=" & $sResource & _
"&comment=" & $Comments & "&key=" & $sAPIkey)

   Case Else
       SetError(3)
EndSelect

EndFunc   ;==>VT



Saludos

Hola una función mas.  
Envía muestra recuérdenlo!!!  

Código (vb) [Seleccionar] Expandir

' =================================================================
' =================================================================
' => Autor: Pink
' => Upload file to VirusTotal.com For Scanning
' => Gracias VirusTotal.com
' => Fecha : 14|05|2013
' => Uso: VT_Scan("c:\hola.exe","your_APIKey")
' => Retorno:
'{"response_code": 1,
' "verbose_msg": "Scan request successfully queued, come back later for the report",
' "resource": "999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0",
' "scan_id": "999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0-1324376258",
' "permalink": "https://www.virustotal.com/file/999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0/analysis/1324376258/",
' "sha256": "999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0",
' "sha1": "2cc875bca8030d745adfd14388b8c001471c2474",
' "md5": "4a00e1a3a14e4fec6f2b353b4f20bb73"}
' =================================================================
' =================================================================
Option Explicit

Function VT_Scan(filepath As String, APIkey As String) As String
Dim boundary As String
Dim Post As String
Dim bytesfinal()  As Byte
Dim bytes() As Byte
Dim Url As String
Dim Http As Object
Dim filedata As String

Url = "https://www.virustotal.com/vtapi/v2/file/scan"
boundary = "--------Boundary"


Open filepath For Binary As #1
ReDim bytes(LOF(1) - 1)
Get #1, , bytes()
Close #1

filedata = StrConv(bytes(), vbUnicode)

Post = "--" & boundary & vbCrLf & _
"Content-Disposition: form-data; name=" & Chr(34) & "apikey" & Chr(34) & vbCrLf & vbCrLf & _
APIkey & vbCrLf & _
"--" & boundary & vbCrLf & _
"Content-Disposition: form-data; name=" & Chr(34) & "file" & Chr(34) & "; filename=" & Chr(34) & filename(filepath) & Chr(34) & vbCrLf & _
"Content-Type: application/octet-stream" & vbCrLf & vbCrLf & _
filedata & vbCrLf & _
"--" & boundary & "--" & vbCrLf

bytesfinal() = StrConv(Post, vbFromUnicode)

Set Http = CreateObject("winhttp.winhttprequest.5.1")
Http.Open "POST", Url, False
Http.SetRequestHeader "Content-Type", "multipart/form-data; " & "boundary=" & boundary
Http.Send (bytesfinal())
VT_Scan = Http.Responsetext
Set Http = Nothing
End Function


Function filename(cadena As String) As String
Dim cadenas() As String
cadenas() = Split(cadena, "\")
filename = cadenas(UBound(cadenas))
End Function


Saludos

Una funcion para subir archivos a Anonfiles 

Código (vb) [Seleccionar] Expandir

' =================================================================
' =================================================================
' => Autor: Danyfirex
' => Upload file to AnonFiles.com
' => Gracias AnonFiles.com
' => Fecha : 14|05|2013
' => Uso: AnonFilesUpload("c:\hola.rar")
' => Retorno: Texto de Respuesta (hotlink)
' =================================================================
' =================================================================


Option Explicit

Function AnonFilesUpload(filepath As String) As String
Dim boundary As String
Dim Post As String
Dim bytesfinal()  As Byte
Dim bytes() As Byte
Dim url As String
Dim Http As Object
Dim filedata As String

url = "https://anonfiles.com/api/hotlink"
boundary = "--------Boundary"


Open filepath For Binary As #1
ReDim bytes(LOF(1) - 1)
Get #1, , bytes()
Close #1
filedata = StrConv(bytes(), vbUnicode)

Post = "--" & boundary & vbCrLf & _
"Content-Disposition: form-data; name=" & Chr(34) & "file" & Chr(34) & "; filename=" & Chr(34) & filename(filepath) & Chr(34) & vbCrLf & _
"Content-Type: application/octet-stream" & vbCrLf & vbCrLf & _
filedata & vbCrLf & _
"--" & boundary & "--" & vbCrLf

bytesfinal() = StrConv(Post, vbFromUnicode)

Set Http = CreateObject("winhttp.winhttprequest.5.1")
Http.Open "POST", url, False
Http.SetRequestHeader "Content-Type", "multipart/form-data; " & "boundary=" & boundary
Http.Send (bytesfinal())
AnonFilesUpload = Http.ResponseText
Set Http = Nothing
End Function

Function filename(cadena As String) As String
Dim cadenas() As String
cadenas() = Split(cadena, "\")
filename = cadenas(UBound(cadenas))
End Function

[Requisitos]

Hola. Bueno les traigo este pequeño manual para Configurar gedit+FASM en linux (Ubuntu)

Requisitos
Gedit Instalado.
pagina Oficial
http://projects.gnome.org/gedit/

Primero nos descargamos de aqui los archivos Necesarios.

http://www.sendspace.com/file/mrb69d

Fasm-1.70.03.tz
asm-intel.lang
comandos
Pasos




Luego descomprimimos Fasm-1.70.03.tz  colocamos la carpeta "FASM" donde queramos.
Yo elegí "/home/pink/fasm/"




Bueno ahora vamos Con gedit

Copiamos nuestro archivo asm-intel.lang a:

usr/share/gtksourceview-3.0/lenguage-specs/asm-intel.lang

gtksourceview-3.0 Esto puede variar gtksourceview-2.0 depende de la version.

Para copiar requiere permisos root.

Yo lo hice de la siguiente manera.

Alt+F2

Luego copiamos

gksu nautilus

así navegamos como root y podemos copiar archivos a cualquier parte.



Listo. ahora a configurar nuestro IDE para FASM

1. Abrimos gedit

2. En el menu superir nos vamos a "Editar" y entramos en las Preferencias

http://i.imgur.com/OqinxSM.png

Quiense por esta aunque este en ingles ( mi ubuntu esta en ingles) :S.

Activamos

-Mostar numero de linea



los cambios en las pestañas editor & fuente/Color son A preferencia.

En la Pestaña Plugins  Seleccionamos External Tools.



Ahora el Depurador y los comando para Compilar y Ejecutar.

Para poner el Depurador (ctrl+F9). en el menu superior nos vamos a "Ver" y activamos en Bottom Panel (Panel Inferior)



Y nos Aparecera el Shell Output abajo.



Los Comandos.

En la barra de menus nos vamos a "Herramientas" > Manage External Tools (Manejo de Herramientas Externas)




Nos abre la ventana donde configuraremos

Yo modifique de una vez el de Build (el que quiera crea uno nuevo)

Pegamos el Código que esta en el archivo de texto "comandos.txt" Importante
Colocamos el acceso por tecla.
save:Current document (documento actual)
Ouput: display in Bottom panel (Mostrar en el panel inferior) Importante



Recuerden Modificar
dirfasm Respectivamente donde este el Ejecutable de fasm.

Listo ahora tenemos nuestro IDE Para FASM en linux.

Aqui les dejo algunas Capturas del resultado final







Cualquier duda Pregunten.

Saludos

Pink(Danyfirex)

Bueno andaba probando unas cosas y me traduje este cifrado.

Código (vb) [Seleccionar] Expandir

' =================================================================
' =================================================================
' => Autor: Pink
' => RC4 ASM en linea
' => Gracias Ward(Version Autoit)
' => Fecha : 01|04|2013
' => Uso: misbytes()=RC4ASM(bytesacifrar(),"clave")
' =================================================================
' =================================================================


Option Explicit

Private Declare Function CallWindowProcW Lib "USER32" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long


Public Function RC4ASM(datos() As Byte, pass As String) As Byte()
Dim passbyte() As Byte
Dim B_RC4() As Byte
Dim Str_OP  As String
Dim i As Long

Str_OP = "C81001006A006A005356578B551031C989C84989D7F2AE484829C88945F085C00F84DC000000B90001000088C82C0188840DEFFEFFFFE2F38365F4008365FC00817DFC000100007D478B45FC31D2F775F0920345100FB6008B4DFC0FB68C0DF0FEFFFF01C80345F425FF0000008945F48B75FC8A8435F0FEFFFF8B7DF486843DF0FEFFFF8"
Str_OP = Str_OP & "88435F0FEFFFFFF45FCEBB08D9DF0FEFFFF31FF89FA39550C76638B85ECFEFFFF4025FF0000008985ECFEFFFF89D80385ECFEFFFF0FB6000385E8FEFFFF25FF0000008985E8FEFFFF89DE03B5ECFEFFFF8A0689DF03BDE8FEFFFF860788060FB60E0FB60701C181E1FF0000008A840DF0FEFFFF8B750801D6300642EB985F5E5BC9C21000"
passbyte = StrConv(pass, vbFromUnicode)

ReDim B_RC4((Len(Str_OP) / 2) - 1)
For i = 1 To Len(Str_OP) - 1 Step 2
B_RC4(Int(i / 2)) = CByte("&h" & Mid(Str_OP, i, 2))
Next

CallWindowProcW VarPtr(B_RC4(0)), VarPtr(datos(0)), UBound(datos) + 1, VarPtr(passbyte(0)), 0

RC4ASM = datos()

End Function

Saludos

Bueno aquí les dejo la versión en Autoit de la que hice en delphi.

Código [Seleccionar] Expandir


#cs -------------------------------------------------------
AutoIt Version: 3.3.8.1
Traducido Por..........: Pink
Agradecimientos........: monoceres
Version Delphi por........:  Pink
Script Function...: Download
Uso..............:Download($urlfile,$pathtosave)
#ce -------------------------------------------------------

Download("http://whitehat.su/Anotador.exe","C:\file.exe")
Func Download($Url,$path)
local $bytes = DllStructCreate("byte[512]")
local $Address= DllCall("Kernel32.dll", "ptr", "GetProcAddress", "ptr",GetModuleHandle("urlmon.dll"), "str", "URLDownloadToFileW")
$Address= $Address[0]
Local $Bufferurl = DllStructCreate("wchar url[" & StringLen($Url) +1 & "]")
Local $Bufferpath = DllStructCreate("wchar path[" & StringLen($path) +1  & "]")
    DllStructSetData($Bufferurl, "url", $Url)
    DllStructSetData($Bufferpath, "path", $path)

Local $Opcode
$Opcode &= "0x"
$Opcode &= "33DB"
$Opcode &= "68" & SwapEndian(0)
$Opcode &= "68" & SwapEndian(0)
$Opcode &= "68" & SwapEndian(DllStructGetPtr($Bufferpath, 1))
$Opcode &= "68" & SwapEndian(DllStructGetPtr($Bufferurl, 1))
$Opcode &= "68" & SwapEndian(0)
$Opcode &= "B8" & SwapEndian($Address)
$Opcode &= "FFD0"
$Opcode &= "53"
$Opcode &= "58"
$Opcode &= "C3"
DllStructSetData($bytes, 1, $Opcode)
Local $Ret = DllCall("user32.dll", "int", "CallWindowProc", "ptr", DllStructGetPtr($bytes), "int", 0, "int", 0, "int", 0, "int", 0)
EndFunc

Func GetModuleHandle($sModuleName)
Local $sModuleNameType = "wstr"
If $sModuleName = "" Then
  $sModuleName = 0
  $sModuleNameType = "ptr"
EndIf
Local $aResult = DllCall("kernel32.dll", "handle", "GetModuleHandleW", $sModuleNameType, $sModuleName)
If @error Then Return SetError(@error, @extended, 0)
Return $aResult[0]
EndFunc ;==>GetModuleHandle WinAPI

Func SwapEndian($hex)
    Return Hex(Binary($hex))
EndFunc   ;==>SwapEndian



Saludos

Bueno les dejo el mshRunPE version Autoit que hice hace tiempo. Un simple ejemplo de como usar shellcode en Autoit. 

Código (php) [Seleccionar] Expandir

#cs -------------------------------------------------------
AutoIt Version: 3.3.8.1
Traducido Por..........: Pink
Agradecimientos: hamavb & iCodeInVB6
Script Function...: RunPE-ShellCode "Correr Ejecutable En memoria"
Uso..............: RunPE(Path,$archivobinario)
#ce -------------------------------------------------------


Func RunPE($path,$filebin)


local  $ASM = "0x60E84E0000006B00650072006E0065006C003300320000006E00740064006C006C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005B8BFC6A42E8BB0300008B54242889118B54242C6A3EE8AA03000089116A4AE8A103000089396A1E6A3CE89D0300006A2268F4000000E8910300006A266A24E8880300006A2A6A40E87F030000"
    $ASM &= "6A2E6A0CE8760300006A3268C8000000E86A0300006A2AE85C0300008B09C701440000006A12E84D030000685BE814CF51E8790300006A3EE83B0300008BD16A1EE8320300006A40FF32FF31FFD06A12E823030000685BE814CF51E84F0300006A1EE8110300008B098B513C6A3EE8050300008B3903FA6A22E8FA0200008B0968F80000005751FFD06A00E8E80200006888FEB31651E8140300006A2EE8D60200"
    $ASM &= "008B396A2AE8CD0200008B116A42E8C402000057526A006A006A046A006A006A006A00FF31FFD06A12E8A902000068D03710F251E8D50200006A22E8970200008B116A2EE88E0200008B09FF7234FF31FFD06A00E87E020000689C951A6E51E8AA0200006A22E86C0200008B118B396A2EE8610200008B096A406800300000FF7250FF7734FF31FFD06A36E8470200008BD16A22E83E0200008B396A3EE8350200"
    $ASM &= "008B316A22E82C0200008B016A2EE8230200008B0952FF775456FF7034FF316A00E81002000068A16A3DD851E83C02000083C40CFFD06A12E8F9010000685BE814CF51E8250200006A22E8E70100008B1183C2066A3AE8DB0100006A025251FFD06A36E8CE010000C70100000000B8280000006A36E8BC010000F7216A1EE8B30100008B118B523C81C2F800000003D06A3EE89F01000003116A26E8960100006A"
    $ASM &= "2852FF316A12E88A010000685BE814CF51E8B601000083C40CFFD06A26E8730100008B398B098B71146A3EE86501000003316A26E85C0100008B098B510C6A22E8500100008B090351346A46E8440100008BC16A2EE83B0100008B0950FF77105652FF316A00E82A01000068A16A3DD851E85601000083C40CFFD06A36E8130100008B1183C20189116A3AE8050100008B093BCA0F8533FFFFFF6A32E8F4000000"
    $ASM &= "8B09C701070001006A00E8E500000068D2C7A76851E8110100006A32E8D30000008B116A2EE8CA0000008B0952FF7104FFD06A22E8BB0000008B3983C7346A32E8AF0000008B318BB6A400000083C6086A2EE89D0000008B116A46E894000000516A045756FF326A00E88600000068A16A3DD851E8B200000083C40CFFD06A22E86F0000008B098B51280351346A32E8600000008B0981C1B000000089116A00E8"
    $ASM &= "4F00000068D3C7A7E851E87B0000006A32E83D0000008BD16A2EE8340000008B09FF32FF7104FFD06A00E82400000068883F4A9E51E8500000006A2EE8120000008B09FF7104FFD06A4AE8040000008B2161C38BCB034C2404C36A00E8F2FFFFFF6854CAAF9151E81E0000006A406800100000FF7424186A00FFD0FF742414E8CFFFFFFF890183C410C3E82200000068A44E0EEC50E84B00000083C408FF742404"
    $ASM &= "FFD0FF74240850E83800000083C408C355525153565733C0648B70308B760C8B761C8B6E088B7E208B3638471875F3803F6B7407803F4B7402EBE78BC55F5E5B595A5DC35552515356578B6C241C85ED74438B453C8B54287803D58B4A188B5A2003DDE330498B348B03F533FF33C0FCAC84C07407C1CF0D03F8EBF43B7C242075E18B5A2403DD668B0C4B8B5A1C03DD8B048B03C55F5E5B595A5DC3C300000000"


Local $BufferASM = DllStructCreate("byte[" & BinaryLen($ASM) & "]")
Local $binBuffer=DllStructCreate("byte[" & BinaryLen($filebin) & "]")


DllStructSetData($BufferASM, 1, $ASM)
DllStructSetData($binBuffer, 1, $filebin)




Local $Ret = DllCall("user32.dll", "int", "CallWindowProcW", _
            "ptr", DllStructGetPtr($BufferASM), _
            "wstr", ($Path), _
            "ptr", DllStructGetPtr($binBuffer), _
            "int", 0, _
            "int", 0)

EndFunc


saludos

Hola, bueno ando estudiado sobre todo esto de ASM inline.

y me gustaría saber como hago esta simple rutina d asm en vb.

Código (asm) [Seleccionar] Expandir


        B8                      mov eax, 00000080
        C3                      ret
   


a lo que me refiero es a imprimir o mostrar en un msgbox un simple numero en este caso 128.

bueno aquí una pequeña contribución para los que les gusta Autoit 

Les dejo dos ejemplos uno con estructura y el otro sin estructura.

Código (php) [Seleccionar] Expandir

#cs -------------------------------------------------------
AutoIt Version: 3.3.8.1
Author..........: Pink
Script Function...: Get_EOF
Uso..............: Get_EOF(Runta Archuivo)
Retorna : "Posicion EOF"
Gracias: EON-Karcrack-The Swash
#ce -------------------------------------------------------


;Ejemplo
$Path="C:\Users\Usuario\Desktop\Anotador.exe"
msgbox(0,"",Get_EOF($Path))


Func Get_EOF($MyFile)
Local $File = FileOpen($MyFile,16)
If @error Then
Msgbox(0,"Error","No se Pudo leer el Archivo")
Endif

Local $FileLen = FileGetSize($MyFile)
Local $Binary = DllStructCreate("byte["& $FileLen &"]")
DllStructSetData($Binary,1,FileRead($File))
FileClose($File)
Local $BinaryPtr = DllStructGetPtr($Binary)




Local Const $I_N_H_Len = 248
Local Const $I_F_H_Len = 20
Local Const $I_O_H_Len = 224
Local Const $I_S_H_Len = 40

Local $IMAGE_DOS_HEADER = DllStructCreate( _
"WORD e_magic;WORD e_cblp;WORD e_cp;WORD e_crlc;WORD e_cparhdr;WORD e_minalloc;WORD e_maxalloc;"& _
"WORD e_ss;WORD e_sp;WORD e_csum;WORD e_ip;WORD e_cs;WORD e_lfarlc;WORD e_ovno;"& _
"WORD e_res[4];WORD e_oemid;WORD e_oeminfo;WORD e_res2[10];WORD e_lfanew",$BinaryPtr)


If Not DllStructGetData($IMAGE_DOS_HEADER,"e_magic") = 23177 Then
Msgbox(0,"Error","Firma MZ Si Encontrado " )
EndIf



$BinaryPtr += DllStructGetData($IMAGE_DOS_HEADER,"e_lfanew")

Local $IMAGE_NT_HEADERS = DllStructCreate( _
"DWORD signature;CHAR ifh["& $I_F_H_Len &"];CHAR ioh["& $I_O_H_Len &"]",$BinaryPtr)

If Not DllStructGetData($IMAGE_NT_HEADERS,"signature") = 17744 Then
Msgbox(0,"Error","Firma PE No Encontrada")
Endif

Local $IMAGE_FILE_HEADER = DllStructCreate( _
"WORD machine;WORD numberofsections;DWORD timedatestamp;DWORD pointertosymboltable;DWORD numberofsymbols;"& _
"WORD SizeOfOptionalHeader;WORD characteristics",DllStructGetPtr($IMAGE_NT_HEADERS,"ifh"))

local $IMAGE_OPT_HEADER = DllStructCreate( _
"WORD magic;BYTE majorlinkerversion;BYTE minorlinkerversion;DWORD sizeofcode;DWORD sizeofinitializeddata;"& _
"DWORD sizeofuninitializeddata;DWORD addressofentrypoint;DWORD baseofcode;DWORD baseofdata;DWORD imagebase;"& _
"DWORD sectionalignment;DWORD filealignment;WORD majoroperatingsystemversion;WORD minoroperatingsystemversion;"& _
"WORD majorimageversion;WORD minorimageversion;WORD majoresubsystemversion;WORD minorsubsystemversion;"& _
"DWORD win32versionvalue;DWORD sizeofimage;DWORD sizeofheaders;DWORD checksum;WORD subsystem;WORD dllcharacteristics;"& _
"DWORD sizeofstackreserve;DWORD sizeofstackcommit;DWORD sizeofheapcommit;DWORD loaderflags;DWORD numberofrvaandsizes;"& _
"DOUBLE datadirectory[16]",DllStructGetPtr($IMAGE_NT_HEADERS,"ioh"))

$BinaryPtr += $I_N_H_Len

$InicioINT=DllStructGetData($IMAGE_DOS_HEADER,"e_lfanew")
$NS=DllStructGetData($IMAGE_FILE_HEADER,'numberofsections')-1
$UTLS=$NS*$I_S_H_Len

$BinaryPtr += $UTLS

Local $IMAGE_SECTION_HEADER = DllStructCreate( _
"CHAR name[8];DWORD virtualsize;DWORD virtualaddress;DWORD sizeofrawdata;DWORD pointertorawdata;DWORD pointertorelocations;"& _
"DWORD pointertolinenumbers;WORD numberofrelocations;WORD numberoflinenumbers;DWORD characteristics",$BinaryPtr)




$RawSize=dec(Hex(DllStructGetData($IMAGE_SECTION_HEADER, "SizeOfRawData")))
$RawOffset=dec(Hex(DllStructGetData($IMAGE_SECTION_HEADER, "PointerToRawData")))


Return $RawSize+$RawOffset

EndFunc 

Código (php) [Seleccionar] Expandir

#cs -------------------------------------------------------
AutoIt Version: 3.3.8.1
Author..........: Pink
Script Function...: Get_EOF
Uso..............: Get_EOF(Runta Archuivo)
Retorna : "Posicion EOF"
Gracias: EON-Karcrack-The Swash
#ce ------------------------------------




;Ejemplo


local $myfile="C:\Users\Usuario\Desktop\Anotador.exe"

msgbox(0,"",Get_EOF($myfile))

Func Get_EOF($file)
    Const $l_fanew=60
    Const $PEsize=4
    Const $I_F_H=20
    const $SizeS =40
    local $LFvalue ;offset Entrada IMAGE_NT_HEADERS firma PE
    local $Size_O_H ;izeOfOptionalHeader
    local $NofS  ;NumberOfSections
    local $fin_I_S_H ;IMAGE_SECTION_HEADER


;leyendo archivo y cargando buffer
    $hfile=fileopen($file)
    $binary=fileread($hfile,1000)


;offset Entrada IMAGE_NT_HEADERS firma PE
   $LFvalue=binarymid($binary,$l_fanew+1,4)
   $LFvalue=Dec(OLE(Stringreplace($LFvalue,"0x","",1,0)))



     ;NumberOfSections
    $NofS=$LFvalue+$PEsize+2
    $NofS=BinaryMid($binary,($NofS+1),2)
    $NofS=Dec(OLE(Stringreplace($NofS,"0x","",1,0)))


    ;Tamaño SizeOfOptionalHeader
    $Size_O_H=$LFvalue+$PEsize+16
    $Size_O_H=BinaryMid($binary,($Size_O_H+1),2)
    $Size_O_H=dec(OLE(StringReplace($Size_O_H,"0x","",1,0)))


$fin_I_S_H=($LFvalue+$PEsize+$I_F_H+$Size_O_H)+($NofS*$SizeS)



$RawSize=binarymid($binary,$fin_I_S_H-24,4)
$RawSize=dec(StringReplace($RawSize,"0x","",1,0))

$RawOffset=binarymid($binary,$fin_I_S_H-20,4)
$RawOffset=dec(StringReplace($RawOffset,"0x","",1,0))


fileclose($hfile)

return $RawSize+$RawOffset




EndFunc


;Funcion OLE "Orden Little Endian"
Func OLE($Var)
Local $len=stringlen($Var)/2
local $Array[$len+1]
local $Char
local $A=1
local $Result
for $i= 1 to $len
    $Char=stringmid($Var,$A,2)
    $A+=2
    $Array[$i]=$Char
    next
for $x = $len to 1 Step -1
    $Result&=$Array[$x]
Next
Return $Result
EndFunc 


Saludos cualquier dura aquí estoy

[SizeOfCode, SizeOfInitializedData & SizeOfUninitializedData:Estos tres campos se ven relacionados en cuanto a cómo obtener su valor y elúnico cambio es la procedencia de cada uno. Al igual que el ejecutable, sussecciones también presentan características y para relacionarlas con estos trescampos las características serían:CONSTANTE VALORIMAGE_SCN_CNT_CODE 0x00000020IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080Estos campos son acumuladores de la suma del SizeOfRawData de las seccionesque presenten su característica. Por ejemplo tengo 2 secciones que tienenIMAGE_SCN_CNT_CODE entonces el campo SizeOfCode tendrá como valor lasuma del SizeOfRawData de las 2 secciones.]

Hola Compas.  Por aqui ando otra vez con una duda que no he podido resolver.

he leido sobre la PE. pero realmente no entiendo de donde salen los valores SizeOfCode, SizeOfInitializedData & SizeOfUninitializedData, osea que parametros tomo para obtener sus valores..

En el manual de la PE version Español "The Swash" habla un poco de eso aquí.

SizeOfCode, SizeOfInitializedData & SizeOfUninitializedData:
Estos tres campos se ven relacionados en cuanto a cómo obtener su valor y el
único cambio es la procedencia de cada uno. Al igual que el ejecutable, sus
secciones también presentan características y para relacionarlas con estos tres
campos las características serían:
CONSTANTE VALOR
IMAGE_SCN_CNT_CODE 0x00000020
IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040
IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080
Estos campos son acumuladores de la suma del SizeOfRawData de las secciones
que presenten su característica. Por ejemplo tengo 2 secciones que tienen
IMAGE_SCN_CNT_CODE entonces el campo SizeOfCode tendrá como valor la
suma del SizeOfRawData de las 2 secciones.



Pero Realmente no me quedo claro. se supone que la suma de los valores RSize de la Imagen



Debería obtener los valores mostrados en esta Imagen




hasta ahí creo que estoy en lo correcto.

Entonces como sacaría esos parámetros?  porque sumando todos los RSize me daría 00004000? y los valores de SizeOfCode, SizeOfInitializedData & SizeOfUninitializedData son distintos.

saludos y gracias por la ayuda que brindan.

hola compañeros.

Tengo una duda en esta parte del codigo de Karcrack

Call CopyMemory(ish(i), ByteArray(idh.e_lfanew + Len(inh) + Len(ish(i)) * i), Len(ish(i)))

realmente no estoy seguro?

en esta parte lo que hago es pasar a Puntero el offset equivalente a esto

ByteArray(idh.e_lfanew + Len(inh) + Len(ish(i)) * i)


:S estoy medio confundido.

hola amigos, vengo por aqui con esta duda  a ver si alguien me explica de donde sale ese valor que subrayo en rojo.

me estoy iniciando en el tema de la PE.



Si no me equivoco ese parte pasandola a decimal me devuelve el offset donde inicia esa sección pero no se como obtenerla.

Saludos espero su me aclaren esa duda.

Hola, Podría alguien explicarme la parte esta parte "sSave = String(255, 0)" del código que coloco abajo.

Código (vb) [Seleccionar] Expandir

Private Declare Function GetCurrentDirectory Lib "kernel32" Alias "GetCurrentDirectoryA" (ByVal nBufferLength _ As Long, ByVal lpBuffer As String) As Long

Private Sub Form_Paint()
Dim sSave As String

sSave = String(255, 0)

GetCurrentDirectory 255, sSave
MsgBox sSave
End Sub

disculpen lo directo de la pregunta pero no tengo mas nada que decir