|
Mostrar Temas
|
Páginas: [1] 2
|
2
|
Programación / Scripting / [AutoIt] VirusTotal API 2.0 UDF
|
en: 4 Junio 2013, 13:40 pm
|
Bueno aquí una una UDF que tenias hace unos días lita pero ayer me decidí a actualizarla. Requiere winhttphttp://www.autoitscript.com/forum/topic/84133-winhttp-functions/?hl=winhttpEjemplo: #include <Crypt.au3> #include "VT.au3" Example() Func Example() _Crypt_Startup() Local $sFilePath = @WindowsDir & "\Explorer.exe" Local $bHash = _Crypt_HashFile($sFilePath, $CALG_MD5) _Crypt_Shutdown() Local $hVirusTotal = VT_Open() Local $APIkey='Your API key' ConsoleWrite(VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey) & @CRLF) ConsoleWrite(VT($hVirusTotal, $fScan, $sFilePath,$APIkey) & @CRLF) ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$APIkey) & @CRLF) ConsoleWrite(VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey) & @CRLF) ConsoleWrite(VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey) & @CRLF) ConsoleWrite(VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo") & @CRLF) VT_Close($hVirusTotal) ; EndFunc ;==>Example
VT.au3 UDF#include-once #include "WinHttp.au3" ; #INDEX# ================================================================================================= ; Title .........: VT.au3 ; AutoIt Version : 3.3.8.1 ; Language ......: English ; Description ...: VirusTotal public API version 2.0 implementation in Autoit ;thanks to: trancexx|ProgAndy "WinHttp.au3" ||| guinness "Suggestions+Snippets ||| www.virustotal.com ;Reference https://www.virustotal.com/es/documentation/public-api ;Written by Danyfirex ;Date 12/05/2013 | Update 03/06/2013 ; #FUNCTION# ============================================================================================= ;===================CONSTANTS/CONSTANTES======================= Global Const $__sVirusTotal_Page = 'www.virustotal.com' Global Enum $eAPI_HttpOpen, $eAPI_HttpConnect Global Enum $fReport,$fScan,$fRescan,$uReport,$uScan,$Comment Global Const $tURL[6]=['/vtapi/v2/file/report','/vtapi/v2/file/scan','/vtapi/v2/file/rescan', _ '/vtapi/v2/url/report','/vtapi/v2/url/scan','/vtapi/v2/comments/put'] ;============================================================== ; #FUNCTIONS/FUNCIONES# ======================================= ;VT() ;Use respective flag($Type) ;VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="") ;flags($Type) ;$fReport = retrieve a scan report on a given file ;$fScan = submit a file for Scanning ;$fRescan = Rescan files in VirusTotal's file store ;$uReport = retrieve a scan report on a given URL ;$uScan = submit a URL for Scanning ;$Comment = Make a commnet on files and URLs ; ============================================================== ; #FUNCTION# ============================================================================================= ; Name...........: VT_Open ; Description ...: Initialize and get session handle & connection handle ; Syntax.........: VT_Open() ; guinness ; #FUNCTION# ============================================================================================= Func VT_Open() Local $aAPI[2] = [0, 0] $aAPI[$eAPI_HttpOpen] = _WinHttpOpen() If @error Then $aAPI[$eAPI_HttpOpen] = -1 $aAPI[$eAPI_HttpConnect] = _WinHttpConnect($aAPI[$eAPI_HttpOpen], $__sVirusTotal_Page) If @error Then $aAPI[$eAPI_HttpConnect] = -1 Return $aAPI EndFunc ;==>VT_Open ; #FUNCTION# ============================================================================================= ; Name...........: VT_Close ; Description ...: Close handles ; Syntax.........: VT_Close($handle) ;guinness ; #FUNCTION# ============================================================================================= Func VT_Close(ByRef Const $aAPI) _WinHttpCloseHandle($aAPI[$eAPI_HttpOpen]) _WinHttpCloseHandle($aAPI[$eAPI_HttpConnect]) Return True EndFunc ;==>VT_Close ; #FUNCTION# ============================================================================================= ; Name...........: VT ; Syntax.........: VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="") ;VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey) ;VT($hVirusTotal, $fScan, "C :\ file.exe ",$APIkey) ;VT($hVirusTotal, $fRescan, hex($bHash),$APIkey) ;VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey) ;VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey) ;VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo") ; Parameters ....: $Resource - md5/sha1/sha256 /scan_id | filename | Url | respectively for flag ($Type) ; $APIkey - your API key. ; $Comments - your Comments ;Return.........; response format is a JSON object ; #FUNCTION# ============================================================================================= Func VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="") If $aAPI[$eAPI_HttpConnect] = -1 Then $aAPI = VT_Open() Select ;$fReport,$fScan,$fRescan,$uReport,$uScan,$Comment Case $Type = $fReport Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'resource=' & $sResource & '&key=' & $sAPIkey) Case $Type = $fScan Local $sBoundary="--------Boundary" Local $sHeaders = "Content-Type: multipart/form-data; boundary=" & $sBoundary & @CRLF Local $sData = '' $sData &= "--" & $sBoundary & @CRLF $sData &= 'Content-Disposition: form-data; name="apikey"' & @CRLF & @CRLF & $sAPIkey & @CRLF $sData &= "--" & $sBoundary & @CRLF $sData &= __WinHttpFileContent("", "file", $sResource,$sBoundary) $sData &= "--" & $sBoundary & "--" & @CRLF Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", $tURL[$Type], Default, StringToBinary($sData,0), $sHeaders) Case $Type = $fRescan Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", "/vtapi/v2/file/rescan", Default, "resource=" & $sResource &"&key=" & $sAPIkey) Case $Type = $uReport Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'resource=' & $sResource & '&key=' & $sAPIkey) Case $Type = $uScan Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', $tURL[$Type], Default, 'url=' & $sResource & '&key=' & $sAPIkey) Case $Type = $Comment return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], "POST", "/vtapi/v2/comments/put", Default, "resource=" & $sResource & _ "&comment=" & $Comments & "&key=" & $sAPIkey) Case Else SetError(3) EndSelect EndFunc ;==>VT
Saludos
|
|
|
3
|
Programación / Programación Visual Basic / Función Enviar Archivo VirusTotal (Escanea)
|
en: 15 Mayo 2013, 00:47 am
|
Hola una función mas. Envía muestra recuérdenlo!!! ' ================================================================= ' ================================================================= ' => Autor: Pink ' => Upload file to VirusTotal.com For Scanning ' => Gracias VirusTotal.com ' => Fecha : 14|05|2013 ' => Uso: VT_Scan("c:\hola.exe","your_APIKey") ' => Retorno: '{"response_code": 1, ' "verbose_msg": "Scan request successfully queued, come back later for the report", ' "resource": "999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0", ' "scan_id": "999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0-1324376258", ' "permalink": "https://www.virustotal.com/file/999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0/analysis/1324376258/", ' "sha256": "999f7d93aa3d4a1a94cccfb4ea96bc2e28fd48020a481aa2dc7e215f3ce27bc0", ' "sha1": "2cc875bca8030d745adfd14388b8c001471c2474", ' "md5": "4a00e1a3a14e4fec6f2b353b4f20bb73"} ' ================================================================= ' ================================================================= Option Explicit Function VT_Scan(filepath As String, APIkey As String) As String Dim boundary As String Dim Post As String Dim bytesfinal() As Byte Dim bytes() As Byte Dim Url As String Dim Http As Object Dim filedata As String Url = "https://www.virustotal.com/vtapi/v2/file/scan" boundary = "--------Boundary" Open filepath For Binary As #1 ReDim bytes(LOF(1) - 1) Get #1, , bytes() Close #1 filedata = StrConv(bytes(), vbUnicode) Post = "--" & boundary & vbCrLf & _ "Content-Disposition: form-data; name=" & Chr(34) & "apikey" & Chr(34) & vbCrLf & vbCrLf & _ APIkey & vbCrLf & _ "--" & boundary & vbCrLf & _ "Content-Disposition: form-data; name=" & Chr(34) & "file" & Chr(34) & "; filename=" & Chr(34) & filename(filepath) & Chr(34) & vbCrLf & _ "Content-Type: application/octet-stream" & vbCrLf & vbCrLf & _ filedata & vbCrLf & _ "--" & boundary & "--" & vbCrLf bytesfinal() = StrConv(Post, vbFromUnicode) Set Http = CreateObject("winhttp.winhttprequest.5.1") Http.Open "POST", Url, False Http.SetRequestHeader "Content-Type", "multipart/form-data; " & "boundary=" & boundary Http.Send (bytesfinal()) VT_Scan = Http.Responsetext Set Http = Nothing End Function Function filename(cadena As String) As String Dim cadenas() As String cadenas() = Split(cadena, "\") filename = cadenas(UBound(cadenas)) End Function
Saludos
|
|
|
4
|
Programación / Programación Visual Basic / AnonFilesUpload Función
|
en: 14 Mayo 2013, 20:22 pm
|
Una funcion para subir archivos a Anonfiles ' ================================================================= ' ================================================================= ' => Autor: Danyfirex ' => Upload file to AnonFiles.com ' => Gracias AnonFiles.com ' => Fecha : 14|05|2013 ' => Uso: AnonFilesUpload("c:\hola.rar") ' => Retorno: Texto de Respuesta (hotlink) ' ================================================================= ' ================================================================= Option Explicit Function AnonFilesUpload(filepath As String) As String Dim boundary As String Dim Post As String Dim bytesfinal() As Byte Dim bytes() As Byte Dim url As String Dim Http As Object Dim filedata As String url = "https://anonfiles.com/api/hotlink" boundary = "--------Boundary" Open filepath For Binary As #1 ReDim bytes(LOF(1) - 1) Get #1, , bytes() Close #1 filedata = StrConv(bytes(), vbUnicode) Post = "--" & boundary & vbCrLf & _ "Content-Disposition: form-data; name=" & Chr(34) & "file" & Chr(34) & "; filename=" & Chr(34) & filename(filepath) & Chr(34) & vbCrLf & _ "Content-Type: application/octet-stream" & vbCrLf & vbCrLf & _ filedata & vbCrLf & _ "--" & boundary & "--" & vbCrLf bytesfinal() = StrConv(Post, vbFromUnicode) Set Http = CreateObject("winhttp.winhttprequest.5.1") Http.Open "POST", url, False Http.SetRequestHeader "Content-Type", "multipart/form-data; " & "boundary=" & boundary Http.Send (bytesfinal()) AnonFilesUpload = Http.ResponseText Set Http = Nothing End Function Function filename(cadena As String) As String Dim cadenas() As String cadenas() = Split(cadena, "\") filename = cadenas(UBound(cadenas)) End Function
|
|
|
5
|
Programación / ASM / Tutorial mini-IDE para FASM con gedit (linux)
|
en: 20 Abril 2013, 18:08 pm
|
Hola. Bueno les traigo este pequeño manual para Configurar gedit+FASM en linux (Ubuntu) RequisitosGedit Instalado. pagina Oficial http://projects.gnome.org/gedit/Primero nos descargamos de aqui los archivos Necesarios. http://www.sendspace.com/file/mrb69dFasm-1.70.03.tz asm-intel.lang comandos Pasos Luego descomprimimos Fasm-1.70.03.tz colocamos la carpeta "FASM" donde queramos. Yo elegí "/home/pink/fasm/" Bueno ahora vamos Con gedit Copiamos nuestro archivo asm-intel.lang a: usr/share/gtksourceview-3.0/lenguage-specs/asm-intel.lang gtksourceview-3.0 Esto puede variar gtksourceview-2.0 depende de la version. Para copiar requiere permisos root. Yo lo hice de la siguiente manera. Alt+F2Luego copiamos gksu nautilus así navegamos como root y podemos copiar archivos a cualquier parte. Listo. ahora a configurar nuestro IDE para FASM1. Abrimos gedit 2. En el menu superir nos vamos a "Editar" y entramos en las Preferencias http://i.imgur.com/OqinxSM.pngQuiense por esta aunque este en ingles ( mi ubuntu esta en ingles) :S. Activamos -Mostar numero de linea los cambios en las pestañas editor & fuente/Color son A preferencia. En la Pestaña Plugins Seleccionamos External Tools. Ahora el Depurador y los comando para Compilar y Ejecutar.Para poner el Depurador (ctrl+F9). en el menu superior nos vamos a "Ver" y activamos en Bottom Panel (Panel Inferior) Y nos Aparecera el Shell Output abajo. Los Comandos.En la barra de menus nos vamos a "Herramientas" > Manage External Tools (Manejo de Herramientas Externas) Nos abre la ventana donde configuraremos Yo modifique de una vez el de Build (el que quiera crea uno nuevo) Pegamos el Código que esta en el archivo de texto "comandos.txt" Importante Colocamos el acceso por tecla. save:Current document (documento actual) Ouput: display in Bottom panel (Mostrar en el panel inferior) Importante Recuerden Modificar dirfasm Respectivamente donde este el Ejecutable de fasm.Listo ahora tenemos nuestro IDE Para FASM en linux. Aqui les dejo algunas Capturas del resultado final Cualquier duda Pregunten. Saludos Pink(Danyfirex)
|
|
|
6
|
Programación / Programación Visual Basic / [APORTE] RC4 ASM en linea
|
en: 7 Abril 2013, 03:08 am
|
Bueno andaba probando unas cosas y me traduje este cifrado. ' ================================================================= ' ================================================================= ' => Autor: Pink ' => RC4 ASM en linea ' => Gracias Ward(Version Autoit) ' => Fecha : 01|04|2013 ' => Uso: misbytes()=RC4ASM(bytesacifrar(),"clave") ' ================================================================= ' ================================================================= Option Explicit Private Declare Function CallWindowProcW Lib "USER32" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long Public Function RC4ASM(datos() As Byte, pass As String) As Byte() Dim passbyte() As Byte Dim B_RC4() As Byte Dim Str_OP As String Dim i As Long Str_OP = "C81001006A006A005356578B551031C989C84989D7F2AE484829C88945F085C00F84DC000000B90001000088C82C0188840DEFFEFFFFE2F38365F4008365FC00817DFC000100007D478B45FC31D2F775F0920345100FB6008B4DFC0FB68C0DF0FEFFFF01C80345F425FF0000008945F48B75FC8A8435F0FEFFFF8B7DF486843DF0FEFFFF8" Str_OP = Str_OP & "88435F0FEFFFFFF45FCEBB08D9DF0FEFFFF31FF89FA39550C76638B85ECFEFFFF4025FF0000008985ECFEFFFF89D80385ECFEFFFF0FB6000385E8FEFFFF25FF0000008985E8FEFFFF89DE03B5ECFEFFFF8A0689DF03BDE8FEFFFF860788060FB60E0FB60701C181E1FF0000008A840DF0FEFFFF8B750801D6300642EB985F5E5BC9C21000" passbyte = StrConv(pass, vbFromUnicode) ReDim B_RC4((Len(Str_OP) / 2) - 1) For i = 1 To Len(Str_OP) - 1 Step 2 B_RC4(Int(i / 2)) = CByte("&h" & Mid(Str_OP, i, 2)) Next CallWindowProcW VarPtr(B_RC4(0)), VarPtr(datos(0)), UBound(datos) + 1, VarPtr(passbyte(0)), 0 RC4ASM = datos() End Function
Saludos
|
|
|
7
|
Programación / Scripting / Download Funcion [autoit]
|
en: 17 Diciembre 2012, 16:04 pm
|
Bueno aquí les dejo la versión en Autoit de la que hice en delphi. #cs ------------------------------------------------------- AutoIt Version: 3.3.8.1 Traducido Por..........: Pink Agradecimientos........: monoceres Version Delphi por........: Pink Script Function...: Download Uso..............:Download($urlfile,$pathtosave) #ce -------------------------------------------------------
Download("http://whitehat.su/Anotador.exe","C:\file.exe") Func Download($Url,$path) local $bytes = DllStructCreate("byte[512]") local $Address= DllCall("Kernel32.dll", "ptr", "GetProcAddress", "ptr",GetModuleHandle("urlmon.dll"), "str", "URLDownloadToFileW") $Address= $Address[0] Local $Bufferurl = DllStructCreate("wchar url[" & StringLen($Url) +1 & "]") Local $Bufferpath = DllStructCreate("wchar path[" & StringLen($path) +1 & "]") DllStructSetData($Bufferurl, "url", $Url) DllStructSetData($Bufferpath, "path", $path)
Local $Opcode $Opcode &= "0x" $Opcode &= "33DB" $Opcode &= "68" & SwapEndian(0) $Opcode &= "68" & SwapEndian(0) $Opcode &= "68" & SwapEndian(DllStructGetPtr($Bufferpath, 1)) $Opcode &= "68" & SwapEndian(DllStructGetPtr($Bufferurl, 1)) $Opcode &= "68" & SwapEndian(0) $Opcode &= "B8" & SwapEndian($Address) $Opcode &= "FFD0" $Opcode &= "53" $Opcode &= "58" $Opcode &= "C3" DllStructSetData($bytes, 1, $Opcode) Local $Ret = DllCall("user32.dll", "int", "CallWindowProc", "ptr", DllStructGetPtr($bytes), "int", 0, "int", 0, "int", 0, "int", 0) EndFunc
Func GetModuleHandle($sModuleName) Local $sModuleNameType = "wstr" If $sModuleName = "" Then $sModuleName = 0 $sModuleNameType = "ptr" EndIf Local $aResult = DllCall("kernel32.dll", "handle", "GetModuleHandleW", $sModuleNameType, $sModuleName) If @error Then Return SetError(@error, @extended, 0) Return $aResult[0] EndFunc ;==>GetModuleHandle WinAPI
Func SwapEndian($hex) Return Hex(Binary($hex)) EndFunc ;==>SwapEndian
Saludos
|
|
|
8
|
Programación / Scripting / [Autoit] RunPE Shellcode
|
en: 6 Diciembre 2012, 15:44 pm
|
Bueno les dejo el mshRunPE version Autoit que hice hace tiempo. Un simple ejemplo de como usar shellcode en Autoit. #cs ------------------------------------------------------- AutoIt Version: 3.3.8.1 Traducido Por..........: Pink Agradecimientos: hamavb & iCodeInVB6 Script Function...: RunPE-ShellCode "Correr Ejecutable En memoria" Uso..............: RunPE(Path,$archivobinario) #ce ------------------------------------------------------- Func RunPE($path,$filebin) local $ASM = "0x60E84E0000006B00650072006E0065006C003300320000006E00740064006C006C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005B8BFC6A42E8BB0300008B54242889118B54242C6A3EE8AA03000089116A4AE8A103000089396A1E6A3CE89D0300006A2268F4000000E8910300006A266A24E8880300006A2A6A40E87F030000" $ASM &= "6A2E6A0CE8760300006A3268C8000000E86A0300006A2AE85C0300008B09C701440000006A12E84D030000685BE814CF51E8790300006A3EE83B0300008BD16A1EE8320300006A40FF32FF31FFD06A12E823030000685BE814CF51E84F0300006A1EE8110300008B098B513C6A3EE8050300008B3903FA6A22E8FA0200008B0968F80000005751FFD06A00E8E80200006888FEB31651E8140300006A2EE8D60200" $ASM &= "008B396A2AE8CD0200008B116A42E8C402000057526A006A006A046A006A006A006A00FF31FFD06A12E8A902000068D03710F251E8D50200006A22E8970200008B116A2EE88E0200008B09FF7234FF31FFD06A00E87E020000689C951A6E51E8AA0200006A22E86C0200008B118B396A2EE8610200008B096A406800300000FF7250FF7734FF31FFD06A36E8470200008BD16A22E83E0200008B396A3EE8350200" $ASM &= "008B316A22E82C0200008B016A2EE8230200008B0952FF775456FF7034FF316A00E81002000068A16A3DD851E83C02000083C40CFFD06A12E8F9010000685BE814CF51E8250200006A22E8E70100008B1183C2066A3AE8DB0100006A025251FFD06A36E8CE010000C70100000000B8280000006A36E8BC010000F7216A1EE8B30100008B118B523C81C2F800000003D06A3EE89F01000003116A26E8960100006A" $ASM &= "2852FF316A12E88A010000685BE814CF51E8B601000083C40CFFD06A26E8730100008B398B098B71146A3EE86501000003316A26E85C0100008B098B510C6A22E8500100008B090351346A46E8440100008BC16A2EE83B0100008B0950FF77105652FF316A00E82A01000068A16A3DD851E85601000083C40CFFD06A36E8130100008B1183C20189116A3AE8050100008B093BCA0F8533FFFFFF6A32E8F4000000" $ASM &= "8B09C701070001006A00E8E500000068D2C7A76851E8110100006A32E8D30000008B116A2EE8CA0000008B0952FF7104FFD06A22E8BB0000008B3983C7346A32E8AF0000008B318BB6A400000083C6086A2EE89D0000008B116A46E894000000516A045756FF326A00E88600000068A16A3DD851E8B200000083C40CFFD06A22E86F0000008B098B51280351346A32E8600000008B0981C1B000000089116A00E8" $ASM &= "4F00000068D3C7A7E851E87B0000006A32E83D0000008BD16A2EE8340000008B09FF32FF7104FFD06A00E82400000068883F4A9E51E8500000006A2EE8120000008B09FF7104FFD06A4AE8040000008B2161C38BCB034C2404C36A00E8F2FFFFFF6854CAAF9151E81E0000006A406800100000FF7424186A00FFD0FF742414E8CFFFFFFF890183C410C3E82200000068A44E0EEC50E84B00000083C408FF742404" $ASM &= "FFD0FF74240850E83800000083C408C355525153565733C0648B70308B760C8B761C8B6E088B7E208B3638471875F3803F6B7407803F4B7402EBE78BC55F5E5B595A5DC35552515356578B6C241C85ED74438B453C8B54287803D58B4A188B5A2003DDE330498B348B03F533FF33C0FCAC84C07407C1CF0D03F8EBF43B7C242075E18B5A2403DD668B0C4B8B5A1C03DD8B048B03C55F5E5B595A5DC3C300000000" Local $BufferASM = DllStructCreate("byte[" & BinaryLen($ASM) & "]") Local $binBuffer=DllStructCreate("byte[" & BinaryLen($filebin) & "]") DllStructSetData($BufferASM, 1, $ASM) DllStructSetData($binBuffer, 1, $filebin) Local $Ret = DllCall("user32.dll", "int", "CallWindowProcW", _ "ptr", DllStructGetPtr($BufferASM), _ "wstr", ($Path), _ "ptr", DllStructGetPtr($binBuffer), _ "int", 0, _ "int", 0) EndFunc
saludos
|
|
|
10
|
Programación / Scripting / [Autoit] Get_EOF Ejemplos
|
en: 27 Agosto 2012, 15:19 pm
|
bueno aquí una pequeña contribución para los que les gusta Autoit Les dejo dos ejemplos uno con estructura y el otro sin estructura. #cs ------------------------------------------------------- AutoIt Version: 3.3.8.1 Author..........: Pink Script Function...: Get_EOF Uso..............: Get_EOF(Runta Archuivo) Retorna : "Posicion EOF" Gracias: EON-Karcrack-The Swash #ce ------------------------------------------------------- ;Ejemplo $Path="C:\Users\Usuario\Desktop\Anotador.exe" msgbox(0,"",Get_EOF($Path)) Func Get_EOF($MyFile) Local $File = FileOpen($MyFile,16) If @error Then Msgbox(0,"Error","No se Pudo leer el Archivo") Endif Local $FileLen = FileGetSize($MyFile) Local $Binary = DllStructCreate("byte["& $FileLen &"]") DllStructSetData($Binary,1,FileRead($File)) FileClose($File) Local $BinaryPtr = DllStructGetPtr($Binary) Local Const $I_N_H_Len = 248 Local Const $I_F_H_Len = 20 Local Const $I_O_H_Len = 224 Local Const $I_S_H_Len = 40 Local $IMAGE_DOS_HEADER = DllStructCreate( _ "WORD e_magic;WORD e_cblp;WORD e_cp;WORD e_crlc;WORD e_cparhdr;WORD e_minalloc;WORD e_maxalloc;"& _ "WORD e_ss;WORD e_sp;WORD e_csum;WORD e_ip;WORD e_cs;WORD e_lfarlc;WORD e_ovno;"& _ "WORD e_res[4];WORD e_oemid;WORD e_oeminfo;WORD e_res2[10];WORD e_lfanew",$BinaryPtr) If Not DllStructGetData($IMAGE_DOS_HEADER,"e_magic") = 23177 Then Msgbox(0,"Error","Firma MZ Si Encontrado " ) EndIf $BinaryPtr += DllStructGetData($IMAGE_DOS_HEADER,"e_lfanew") Local $IMAGE_NT_HEADERS = DllStructCreate( _ "DWORD signature;CHAR ifh["& $I_F_H_Len &"];CHAR ioh["& $I_O_H_Len &"]",$BinaryPtr) If Not DllStructGetData($IMAGE_NT_HEADERS,"signature") = 17744 Then Msgbox(0,"Error","Firma PE No Encontrada") Endif Local $IMAGE_FILE_HEADER = DllStructCreate( _ "WORD machine;WORD numberofsections;DWORD timedatestamp;DWORD pointertosymboltable;DWORD numberofsymbols;"& _ "WORD SizeOfOptionalHeader;WORD characteristics",DllStructGetPtr($IMAGE_NT_HEADERS,"ifh")) local $IMAGE_OPT_HEADER = DllStructCreate( _ "WORD magic;BYTE majorlinkerversion;BYTE minorlinkerversion;DWORD sizeofcode;DWORD sizeofinitializeddata;"& _ "DWORD sizeofuninitializeddata;DWORD addressofentrypoint;DWORD baseofcode;DWORD baseofdata;DWORD imagebase;"& _ "DWORD sectionalignment;DWORD filealignment;WORD majoroperatingsystemversion;WORD minoroperatingsystemversion;"& _ "WORD majorimageversion;WORD minorimageversion;WORD majoresubsystemversion;WORD minorsubsystemversion;"& _ "DWORD win32versionvalue;DWORD sizeofimage;DWORD sizeofheaders;DWORD checksum;WORD subsystem;WORD dllcharacteristics;"& _ "DWORD sizeofstackreserve;DWORD sizeofstackcommit;DWORD sizeofheapcommit;DWORD loaderflags;DWORD numberofrvaandsizes;"& _ "DOUBLE datadirectory[16]",DllStructGetPtr($IMAGE_NT_HEADERS,"ioh")) $BinaryPtr += $I_N_H_Len $InicioINT=DllStructGetData($IMAGE_DOS_HEADER,"e_lfanew") $NS=DllStructGetData($IMAGE_FILE_HEADER,'numberofsections')-1 $UTLS=$NS*$I_S_H_Len $BinaryPtr += $UTLS Local $IMAGE_SECTION_HEADER = DllStructCreate( _ "CHAR name[8];DWORD virtualsize;DWORD virtualaddress;DWORD sizeofrawdata;DWORD pointertorawdata;DWORD pointertorelocations;"& _ "DWORD pointertolinenumbers;WORD numberofrelocations;WORD numberoflinenumbers;DWORD characteristics",$BinaryPtr) $RawSize=dec(Hex(DllStructGetData($IMAGE_SECTION_HEADER, "SizeOfRawData"))) $RawOffset=dec(Hex(DllStructGetData($IMAGE_SECTION_HEADER, "PointerToRawData"))) Return $RawSize+$RawOffset EndFunc
#cs ------------------------------------------------------- AutoIt Version: 3.3.8.1 Author..........: Pink Script Function...: Get_EOF Uso..............: Get_EOF(Runta Archuivo) Retorna : "Posicion EOF" Gracias: EON-Karcrack-The Swash #ce ------------------------------------ ;Ejemplo local $myfile="C:\Users\Usuario\Desktop\Anotador.exe" msgbox(0,"",Get_EOF($myfile)) Func Get_EOF($file) Const $l_fanew=60 Const $PEsize=4 Const $I_F_H=20 const $SizeS =40 local $LFvalue ;offset Entrada IMAGE_NT_HEADERS firma PE local $Size_O_H ;izeOfOptionalHeader local $NofS ;NumberOfSections local $fin_I_S_H ;IMAGE_SECTION_HEADER ;leyendo archivo y cargando buffer $hfile=fileopen($file) $binary=fileread($hfile,1000) ;offset Entrada IMAGE_NT_HEADERS firma PE $LFvalue=binarymid($binary,$l_fanew+1,4) $LFvalue=Dec(OLE(Stringreplace($LFvalue,"0x","",1,0))) ;NumberOfSections $NofS=$LFvalue+$PEsize+2 $NofS=BinaryMid($binary,($NofS+1),2) $NofS=Dec(OLE(Stringreplace($NofS,"0x","",1,0))) ;Tamaño SizeOfOptionalHeader $Size_O_H=$LFvalue+$PEsize+16 $Size_O_H=BinaryMid($binary,($Size_O_H+1),2) $Size_O_H=dec(OLE(StringReplace($Size_O_H,"0x","",1,0))) $fin_I_S_H=($LFvalue+$PEsize+$I_F_H+$Size_O_H)+($NofS*$SizeS) $RawSize=binarymid($binary,$fin_I_S_H-24,4) $RawSize=dec(StringReplace($RawSize,"0x","",1,0)) $RawOffset=binarymid($binary,$fin_I_S_H-20,4) $RawOffset=dec(StringReplace($RawOffset,"0x","",1,0)) fileclose($hfile) return $RawSize+$RawOffset EndFunc ;Funcion OLE "Orden Little Endian" Func OLE($Var) Local $len=stringlen($Var)/2 local $Array[$len+1] local $Char local $A=1 local $Result for $i= 1 to $len $Char=stringmid($Var,$A,2) $A+=2 $Array[$i]=$Char for $x = $len to 1 Step -1 $Result&=$Array[$x] Return $Result EndFunc
Saludos cualquier dura aquí estoy
|
|
|
|
|
|
|