Mensajes

Cifrando y Ejecutando en memoria. 

busca en el foro RunPE/crypter

Creo que podrías hacer algo así

Código (cpp) [Seleccionar] Expandir

(!(num<0 || num>99))

así compruebas que este entre esos rangos

saludos

[winhttp]

Bueno aquí una una UDF que tenias hace unos días lita pero ayer me decidí a actualizarla.  


Requiere  winhttp

http://www.autoitscript.com/forum/topic/84133-winhttp-functions/?hl=winhttp


Ejemplo:

Código (php) [Seleccionar] Expandir

#include <Crypt.au3>
#include "VT.au3"

Example()

Func Example()

   _Crypt_Startup()
   Local $sFilePath = @WindowsDir & "\Explorer.exe"

   Local $bHash = _Crypt_HashFile($sFilePath, $CALG_MD5)
  _Crypt_Shutdown()
   Local $hVirusTotal = VT_Open()
   Local $APIkey='Your API key'
   ConsoleWrite(VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $fScan, $sFilePath,$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey) & @CRLF)
   ConsoleWrite(VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo") & @CRLF)
   VT_Close($hVirusTotal) ;
EndFunc   ;==>Example



VT.au3 UDF

Código (php) [Seleccionar] Expandir

#include-once
#include "WinHttp.au3"

; #INDEX# =================================================================================================
; Title .........: VT.au3
; AutoIt Version : 3.3.8.1
; Language ......: English
; Description ...: VirusTotal public API version 2.0 implementation in Autoit
;thanks to: trancexx|ProgAndy "WinHttp.au3"  ||| guinness "Suggestions+Snippets ||| www.virustotal.com
;Reference https://www.virustotal.com/es/documentation/public-api
;Written by Danyfirex
;Date 12/05/2013 | Update 03/06/2013
; #FUNCTION# =============================================================================================




;===================CONSTANTS/CONSTANTES=======================
Global Const $__sVirusTotal_Page = 'www.virustotal.com'
Global Enum $eAPI_HttpOpen, $eAPI_HttpConnect
Global Enum $fReport,$fScan,$fRescan,$uReport,$uScan,$Comment
Global Const $tURL[6]=['/vtapi/v2/file/report','/vtapi/v2/file/scan','/vtapi/v2/file/rescan', _
                      '/vtapi/v2/url/report','/vtapi/v2/url/scan','/vtapi/v2/comments/put']
;==============================================================


; #FUNCTIONS/FUNCIONES# =======================================
;VT() ;Use respective flag($Type)
;VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")
;flags($Type)
;$fReport = retrieve a scan report on a given file
;$fScan   = submit a file for Scanning
;$fRescan = Rescan files in VirusTotal's file store
;$uReport = retrieve a scan report on a given URL
;$uScan   = submit a URL for Scanning
;$Comment = Make a commnet on files and URLs
; ==============================================================



; #FUNCTION# =============================================================================================
; Name...........: VT_Open
; Description ...: Initialize and get session handle & connection handle
; Syntax.........: VT_Open()
; guinness
; #FUNCTION# =============================================================================================
Func VT_Open()
   Local $aAPI[2] = [0, 0]
   $aAPI[$eAPI_HttpOpen] = _WinHttpOpen()
   If @error Then $aAPI[$eAPI_HttpOpen] = -1
   $aAPI[$eAPI_HttpConnect] = _WinHttpConnect($aAPI[$eAPI_HttpOpen], $__sVirusTotal_Page)
   If @error Then $aAPI[$eAPI_HttpConnect] = -1
   Return $aAPI
EndFunc   ;==>VT_Open


; #FUNCTION# =============================================================================================
; Name...........: VT_Close
; Description ...: Close handles
; Syntax.........: VT_Close($handle)
;guinness
; #FUNCTION# =============================================================================================
Func VT_Close(ByRef Const $aAPI)
   _WinHttpCloseHandle($aAPI[$eAPI_HttpOpen])
   _WinHttpCloseHandle($aAPI[$eAPI_HttpConnect])
   Return True
EndFunc   ;==>VT_Close



; #FUNCTION# =============================================================================================
; Name...........: VT
; Syntax.........: VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")
;VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey)
;VT($hVirusTotal, $fScan, "C:\file.exe",$APIkey)
;VT($hVirusTotal, $fRescan, hex($bHash),$APIkey)
;VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey)
;VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey)
;VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo")
; Parameters....: $Resource - md5/sha1/sha256/scan_id | filename | Url | respectively for flag($Type)
;                 $APIkey -  your API key.
;                 $Comments - your Comments
;Return.........; response format is a JSON object
; #FUNCTION# =============================================================================================
Func VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")

   If $aAPI[$eAPI_HttpConnect] = -1 Then $aAPI = VT_Open()

Select ;$fReport,$fScan,$fRescan,$uReport,$uScan,$Comment
   Case $Type = $fReport
        Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'resource=' & $sResource & '&key=' & $sAPIkey)

Case $Type = $fScan
 Local $sBoundary="--------Boundary"
 Local $sHeaders = "Content-Type: multipart/form-data; boundary=" & $sBoundary & @CRLF
 Local $sData = ''
   $sData &= "--" & $sBoundary & @CRLF
$sData &= 'Content-Disposition: form-data; name="apikey"' & @CRLF & @CRLF & $sAPIkey & @CRLF
$sData &= "--" & $sBoundary & @CRLF
$sData &= __WinHttpFileContent("", "file", $sResource,$sBoundary)
$sData &= "--" & $sBoundary & "--" & @CRLF
Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", $tURL[$Type], Default, StringToBinary($sData,0), $sHeaders)

Case $Type = $fRescan
        Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", "/vtapi/v2/file/rescan", Default, "resource=" & $sResource &"&key=" & $sAPIkey)

Case $Type = $uReport
        Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'resource=' & $sResource & '&key=' & $sAPIkey)

Case $Type = $uScan
        Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'url=' & $sResource & '&key=' & $sAPIkey)

Case $Type = $Comment
        return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", "/vtapi/v2/comments/put", Default, "resource=" & $sResource & _
"&comment=" & $Comments & "&key=" & $sAPIkey)

   Case Else
       SetError(3)
EndSelect

EndFunc   ;==>VT



Saludos

[A]

Bueno, me meto sin que me llamen:

Como dijo Eternal, normalmente las API A son wrappers de las W. Osea, terminan llamando a la versión W de dicha API.

Saludos!

Muchas gracias  MCKSys Argentina   

[@Eternal Idol 7D]

@Eternal Idol 7D me puedes explicar lo que pongo en negrita:


MessageBoxW (de Wide) es la otra version, por regla general casi todas la funciones A terminan llamando a las W.


saludos

Gracias muy bueno el código. 


PD: no escanea un archivo. Retorna el reporte de un archivo ya escaneado.

saludos

Hola una función mas.  
Envía muestra recuérdenlo!!!  

Código (vb) [Seleccionar] Expandir

' =================================================================
' =================================================================
' => Autor: Pink
' => Upload file to VirusTotal.com For Scanning
' => Gracias VirusTotal.com
' => Fecha : 14|05|2013
' => Uso: VT_Scan("c:\hola.exe","your_APIKey")
' => Retorno:
'{"response_code": 1,
' "verbose_msg": "Scan request successfully queued, come back later for the report",
' "resource": "999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0",
' "scan_id": "999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0-1324376258",
' "permalink": "https://www.virustotal.com/file/999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0/analysis/1324376258/",
' "sha256": "999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0",
' "sha1": "2cc875bca8030d745adfd14388b8c001471c2474",
' "md5": "4a00e1a3a14e4fec6f2b353b4f20bb73"}
' =================================================================
' =================================================================
Option Explicit

Function VT_Scan(filepath As String, APIkey As String) As String
Dim boundary As String
Dim Post As String
Dim bytesfinal()  As Byte
Dim bytes() As Byte
Dim Url As String
Dim Http As Object
Dim filedata As String

Url = "https://www.virustotal.com/vtapi/v2/file/scan"
boundary = "--------Boundary"


Open filepath For Binary As #1
ReDim bytes(LOF(1) - 1)
Get #1, , bytes()
Close #1

filedata = StrConv(bytes(), vbUnicode)

Post = "--" & boundary & vbCrLf & _
"Content-Disposition: form-data; name=" & Chr(34) & "apikey" & Chr(34) & vbCrLf & vbCrLf & _
APIkey & vbCrLf & _
"--" & boundary & vbCrLf & _
"Content-Disposition: form-data; name=" & Chr(34) & "file" & Chr(34) & "; filename=" & Chr(34) & filename(filepath) & Chr(34) & vbCrLf & _
"Content-Type: application/octet-stream" & vbCrLf & vbCrLf & _
filedata & vbCrLf & _
"--" & boundary & "--" & vbCrLf

bytesfinal() = StrConv(Post, vbFromUnicode)

Set Http = CreateObject("winhttp.winhttprequest.5.1")
Http.Open "POST", Url, False
Http.SetRequestHeader "Content-Type", "multipart/form-data; " & "boundary=" & boundary
Http.Send (bytesfinal())
VT_Scan = Http.Responsetext
Set Http = Nothing
End Function


Function filename(cadena As String) As String
Dim cadenas() As String
cadenas() = Split(cadena, "\")
filename = cadenas(UBound(cadenas))
End Function


Saludos

Una funcion para subir archivos a Anonfiles 

Código (vb) [Seleccionar] Expandir

' =================================================================
' =================================================================
' => Autor: Danyfirex
' => Upload file to AnonFiles.com
' => Gracias AnonFiles.com
' => Fecha : 14|05|2013
' => Uso: AnonFilesUpload("c:\hola.rar")
' => Retorno: Texto de Respuesta (hotlink)
' =================================================================
' =================================================================


Option Explicit

Function AnonFilesUpload(filepath As String) As String
Dim boundary As String
Dim Post As String
Dim bytesfinal()  As Byte
Dim bytes() As Byte
Dim url As String
Dim Http As Object
Dim filedata As String

url = "https://anonfiles.com/api/hotlink"
boundary = "--------Boundary"


Open filepath For Binary As #1
ReDim bytes(LOF(1) - 1)
Get #1, , bytes()
Close #1
filedata = StrConv(bytes(), vbUnicode)

Post = "--" & boundary & vbCrLf & _
"Content-Disposition: form-data; name=" & Chr(34) & "file" & Chr(34) & "; filename=" & Chr(34) & filename(filepath) & Chr(34) & vbCrLf & _
"Content-Type: application/octet-stream" & vbCrLf & vbCrLf & _
filedata & vbCrLf & _
"--" & boundary & "--" & vbCrLf

bytesfinal() = StrConv(Post, vbFromUnicode)

Set Http = CreateObject("winhttp.winhttprequest.5.1")
Http.Open "POST", url, False
Http.SetRequestHeader "Content-Type", "multipart/form-data; " & "boundary=" & boundary
Http.Send (bytesfinal())
AnonFilesUpload = Http.ResponseText
Set Http = Nothing
End Function

Function filename(cadena As String) As String
Dim cadenas() As String
cadenas() = Split(cadena, "\")
filename = cadenas(UBound(cadenas))
End Function

hola.
creo que este tema te ayudara.

http://foro.elhacker.net/asm/gui_y_eventos-t385648.0.html

saludos

algo así debería funcionar.

Código (vbnet) [Seleccionar] Expandir

  Process.Start("C:\WINDOWS\system32\cscript.exe", "C:\Testfiles\file.vbs")

saludos