elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Los 10 CVE más críticos (peligrosos) de 2020


+  Foro de elhacker.net
|-+  Seguridad Informática
| |-+  Análisis y Diseño de Malware (Moderador: fary)
| | |-+  Ayuda creacion RunPE VB6
0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] Ir Abajo Respuesta Imprimir
Autor Tema: Ayuda creacion RunPE VB6  (Leído 4,154 veces)
fary
Moderador Global
***
Desconectado Desconectado

Mensajes: 1.021



Ver Perfil WWW
Ayuda creacion RunPE VB6
« en: 28 Enero 2011, 20:54 pm »

Bueno, estoi intentando aprender como trabaja el loader de windows y me e puesto a hacer  un runPE, viendo como funcionan otros y tal despues de haber leido varias veces sobre el formato PE, pero tengo problemas, no me funciona correctamente el api NtUnmapViewOfSection ni VirtualAllocEx y nose porque no funcionan bien... el código que tengo es el siguiente:

Código
  1. Option Explicit
  2.  
  3. Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Dest As Any, Src As Any, ByVal L As Long)
  4. Private Declare Function CreateProcessA Lib "kernel32" (ByVal lpAppName As String, ByVal lpCommandLine As String, ByVal lpProcessAttributes As Long, ByVal lpThreadAttributes As Long, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, ByVal lpEnvironment As Long, ByVal lpCurrentDirectory As Long, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
  5. Private Declare Function NtUnmapViewOfSection Lib "NTDLL.dll" (ByVal ProcessHandle As Long, ByVal BaseAddress As Long) As Long
  6. Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
  7.  
  8. Private Const CONTEXT_FULL As Long = &H10007
  9. Private Const MAX_PATH As Integer = 260
  10. Private Const CREATE_SUSPENDED As Long = &H4
  11. Private Const MEM_COMMIT As Long = &H1000
  12. Private Const MEM_RESERVE As Long = &H2000
  13. Private Const PAGE_EXECUTE_READWRITE As Long = &H40
  14.  
  15. Private Type PROCESS_INFORMATION
  16.    hProcess As Long
  17.    hThread As Long
  18.    dwProcessId As Long
  19.    dwThreadID As Long
  20. End Type
  21.  
  22. Private Type STARTUPINFO
  23.    cb As Long
  24.    lpReserved As Long
  25.    lpDesktop As Long
  26.    lpTitle As Long
  27.    dwX As Long
  28.    dwY As Long
  29.    dwXSize As Long
  30.    dwYSize As Long
  31.    dwXCountChars As Long
  32.    dwYCountChars As Long
  33.    dwFillAttribute As Long
  34.    dwFlags As Long
  35.    wShowWindow As Integer
  36.    cbReserved2 As Integer
  37.    lpReserved2 As Long
  38.    hStdInput As Long
  39.    hStdOutput As Long
  40.    hStdError As Long
  41. End Type
  42.  
  43. Private Type IMAGE_DOS_HEADER
  44.    e_magic As Integer
  45.    e_cblp As Integer
  46.    e_cp As Integer
  47.    e_crlc As Integer
  48.    e_cparhdr As Integer
  49.    e_minalloc As Integer
  50.    e_maxalloc As Integer
  51.    e_ss As Integer
  52.    e_sp As Integer
  53.    e_csum As Integer
  54.    e_ip As Integer
  55.    e_cs As Integer
  56.    e_lfarlc As Integer
  57.    e_ovno As Integer
  58.    e_res(0 To 3) As Integer
  59.    e_oemid As Integer
  60.    e_oeminfo As Integer
  61.    e_res2(0 To 9) As Integer
  62.    e_lfanew As Long
  63. End Type
  64.  
  65. Private Type IMAGE_FILE_HEADER
  66.    Machine As Integer
  67.    NumberOfSections As Integer
  68.    TimeDateStamp As Long
  69.    PointerToSymbolTable As Long
  70.    NumberOfSymbols As Long
  71.    SizeOfOptionalHeader As Integer
  72.    characteristics As Integer
  73. End Type
  74.  
  75. Private Type IMAGE_DATA_DIRECTORY
  76.    VirtualAddress As Long
  77.    Size As Long
  78. End Type
  79.  
  80. Const IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16
  81.  
  82. Private Type IMAGE_OPTIONAL_HEADER
  83.    Magic As Integer
  84.    MajorLinkerVersion As Byte
  85.    MinorLinkerVersion As Byte
  86.    SizeOfCode As Long
  87.    SizeOfInitializedData As Long
  88.    SizeOfUnitializedData As Long
  89.    AddressOfEntryPoint As Long
  90.    BaseOfCode As Long
  91.    BaseOfData As Long
  92.    ImageBase As Long
  93.    SectionAlignment As Long
  94.    FileAlignment As Long
  95.    MajorOperatingSystemVersion As Integer
  96.    MinorOperatingSystemVersion As Integer
  97.    MajorImageVersion As Integer
  98.    MinorImageVersion As Integer
  99.    MajorSubsystemVersion As Integer
  100.    MinorSubsystemVersion As Integer
  101.    W32VersionValue As Long
  102.    SizeOfImage As Long
  103.    SizeOfHeaders As Long
  104.    CheckSum As Long
  105.    SubSystem As Integer
  106.    DllCharacteristics As Integer
  107.    SizeOfStackReserve As Long
  108.    SizeOfStackCommit As Long
  109.    SizeOfHeapReserve As Long
  110.    SizeOfHeapCommit As Long
  111.    LoaderFlags As Long
  112.    NumberOfRvaAndSizes As Long
  113.    DataDirectory(0 To IMAGE_NUMBEROF_DIRECTORY_ENTRIES - 1) As IMAGE_DATA_DIRECTORY
  114. End Type
  115.  
  116. Private Type IMAGE_NT_HEADERS
  117.    Signature As Long
  118.    FileHeader As IMAGE_FILE_HEADER
  119.    OptionalHeader As IMAGE_OPTIONAL_HEADER
  120. End Type
  121.  
  122. Const IMAGE_SIZEOF_SHORT_NAME = 8
  123.  
  124. Private Type IMAGE_SECTION_HEADER
  125.   SecName As String * IMAGE_SIZEOF_SHORT_NAME
  126.   VirtualSize As Long
  127.   VirtualAddress  As Long
  128.   SizeOfRawData As Long
  129.   PointerToRawData As Long
  130.   PointerToRelocations As Long
  131.   PointerToLinenumbers As Long
  132.   NumberOfRelocations As Integer
  133.   NumberOfLinenumbers As Integer
  134.   characteristics  As Long
  135. End Type
  136.  
  137. Public Function EjecutarPE(ByVal Ruta As String) As Boolean
  138.    On Error GoTo error
  139.  
  140.    Dim IDH As IMAGE_DOS_HEADER
  141.    Dim INH As IMAGE_NT_HEADERS
  142.    Dim ISH() As IMAGE_SECTION_HEADER
  143.    Dim IDD As IMAGE_DATA_DIRECTORY
  144.  
  145.    Dim Datos() As Byte
  146.  
  147.    ReDim Datos(FileLen(Ruta))
  148.  
  149.    Open Ruta For Binary As #1
  150.        Get #1, , Datos
  151.    Close #1
  152.  
  153.    Call CopyMemory(IDH, Datos(0), Len(IDH))
  154.    Call CopyMemory(INH, Datos(IDH.e_lfanew), Len(INH))
  155.  
  156.    Dim MYe_lfanew As Long: MYe_lfanew = IDH.e_lfanew
  157.    Dim MYImageBase As Long: MYImageBase = INH.OptionalHeader.ImageBase
  158.    Dim MYSizeOfImage As Long: MYSizeOfImage = INH.OptionalHeader.SizeOfImage
  159.    Dim MYSizeOfHeaders As Long: MYSizeOfHeaders = INH.OptionalHeader.SizeOfHeaders
  160.    Dim MYAddressOfEntryPoint As Long: MYAddressOfEntryPoint = INH.OptionalHeader.AddressOfEntryPoint
  161.    Dim MYNumberOfSections As Integer:  MYNumberOfSections = INH.FileHeader.NumberOfSections
  162.    Dim MYVirtualAddress As Long
  163.    Dim MYPointerToRawData As Long
  164.    Dim MYSizeOfRawData As Long
  165.  
  166.    Dim ManijaProceso As Long
  167.    Dim pi As PROCESS_INFORMATION
  168.    Dim si As STARTUPINFO
  169.    Dim NTUN As Long
  170.    Dim Espacio As Long
  171.    Dim IdProc As Long
  172.  
  173.    Call CreateProcessA(App.Path & "\" & App.EXEName & ".exe", 0, 0, 0, False, CREATE_SUSPENDED, 0, 0, si, pi)
  174.    ManijaProceso = pi.dwProcessId
  175.  
  176.    NTUN = NtUnmapViewOfSection(ManijaProceso, MYImageBase)
  177.  
  178.    Espacio = VirtualAllocEx(ManijaProceso, MYImageBase, MYSizeOfImage, &H1000& Or &H2000&, &H40)
  179.  
  180.    Exit Function
  181. error:
  182.    EjecutarPE = False
  183. End Function
  184.  
  185.  
  186.  

Agradeceria que alguien me dijese que ago mal.

salu2!
En línea

Un byte a la izquierda.
Karcrack


Desconectado Desconectado

Mensajes: 2.416


Se siente observado ¬¬'


Ver Perfil
Re: Ayuda creacion RunPE VB6
« Respuesta #1 en: 28 Enero 2011, 21:09 pm »

Código:
ManijaProceso = pi.hProcess
En línea

_katze_

Desconectado Desconectado

Mensajes: 140



Ver Perfil WWW
Re: Ayuda creacion RunPE VB6
« Respuesta #2 en: 28 Enero 2011, 22:19 pm »

interesant si tienes esa documentacion podria ayudart y hasta kisas animarme
En línea

fary
Moderador Global
***
Desconectado Desconectado

Mensajes: 1.021



Ver Perfil WWW
Re: Ayuda creacion RunPE VB6
« Respuesta #3 en: 28 Enero 2011, 22:33 pm »

Gracias, era ese el problema, me equivoque   :xD

Gracias  por la ayuda.



Kazte, hay muchisimos código sobre esto en la red, yo lo ago solo para aprender...

salu2!
En línea

Un byte a la izquierda.
Páginas: [1] Ir Arriba Respuesta Imprimir 

Ir a:  

Mensajes similares
Asunto Iniciado por Respuestas Vistas Último mensaje
RunPE Killer V. 1.0 By Psymera
Ingeniería Inversa
psymera 6 6,925 Último mensaje 17 Septiembre 2009, 18:25 pm
por Arkangel_0x7C5
a punto de lograr RunPE en windows XP [Solucionado]
Análisis y Diseño de Malware
Belial & Grimoire 3 3,488 Último mensaje 27 Febrero 2011, 04:42 am
por Belial & Grimoire
Que es un RunPE? « 1 2 »
Análisis y Diseño de Malware
x64core 11 12,684 Último mensaje 16 Octubre 2011, 11:29 am
por [Kayser]
Ayuda RunPe win7
.NET (C#, VB.NET, ASP)
Cromatico 8 4,213 Último mensaje 30 Noviembre 2012, 13:19 pm
por Cromatico
ayuda con llamar runpe
Dudas Generales
mirkosenior 0 1,575 Último mensaje 6 Junio 2014, 12:06 pm
por mirkosenior
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines