|
321
|
Programación / .NET (C#, VB.NET, ASP) / Array de Bytes a String.
|
en: 15 Mayo 2019, 14:35 pm
|
Hola, tengo otra duda, no entiendo muy bien como funciona este code : Dim shellcode As String = "PYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIylJHk9s0C0s0SPmYxeTqzrqtnkaBDpNkV2VlNkpRb4nkqbQ8dOx7rjfFtqyoVQo0nLgLqq1lfbVL10IQ8O6mWqiWZBl0BrSgNkaBDPNkbbwLUQJplKQPpxOukpbTRjWqXPV0nkg828Nkshq0c1N3zCUlQYnk5dlKS1N6eaKOfQYPNLjaxOdMS1kwUhKPQeydtCQmIh7KsM7TBUIrV8LKPX6DgqICpfNkVlrkLKrxWls1zsLK5TNkuQN0Oyg4GTvD3kQKSQqIcjPQkO9pChcobzLKVrJKMVsmBJfaLMMUx9GpEPC0v0E8vQlKBOMWYoyEMkM0wmtjDJCXoVoeoMomyojuEl4FalDJk09kkPQe35mkw7fsd2PoBJ30sciohUbCSQbLbCfNauD8SUs0AA" Dim shell_array(shellcode.Length - 1) As Byte Dim i As Integer = 0 Do shell_array(i) = Convert.ToByte(shellcode(i)) i = i + 1 Loop While i < shellcode.Length
En si Convierte el String a un array de bytes , lo cual genera un calc.exe (Calculadora de windows) . Pregunta : Ok , todo bien por ahi, Pero como Podría hacerlo al contrario. convertir un array de bytes (Algún .exe) a ese tipo de cadena String. ? Gracias de antemano.
|
|
|
323
|
Programación / .NET (C#, VB.NET, ASP) / Re: Funcion calloc() en vb.net?
|
en: 11 Mayo 2019, 01:27 am
|
Gracias por responder, me has ayudado xd. una Pregunta. hay alguna manera facil de declarar codigo ASM en vb.net?Por ejemplo en esta funcion : VOID ThreadMain(LPVOID p) { while (1) { if (IsDebuggerPresent()) { __asm { int 3; } } Sleep(500); } return 0; }
No encontre como declarar codigo ASM en vb.net, en la parte : __asm { int 3; }
Bueno al final lo hice asi : Private Declare Function IsDebuggerPresent Lib "kernel32" () As Integer Private Function IsDebuggerPresentFunc() As Boolean If IsDebuggerPresent = 1 Then Return True End If Return False End Function
|
|
|
324
|
Programación / .NET (C#, VB.NET, ASP) / Re: Librería de Snippets para VB.NET !! (Compartan aquí sus snippets)
|
en: 11 Mayo 2019, 00:51 am
|
VM Detector classUna Pequeña class que codee para detectar la ejecución en maquinas virtuales. Como usar ? Agregar 1 Timer Public ProtectVM As AntiVM = New AntiVM Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load ProtectVM.VM_Start() Anti_VM_Timer.Enabled = True End Sub Private Sub Anti_VM_Timer_Tick(sender As Object, e As EventArgs) Handles Anti_VM_Timer.Tick Dim Detection As Boolean = ProtectVM.IsVirtualMachinePresent Dim Description As String = ProtectVM.DescriptcionVM If Detection = True Then msgbox("VM detectada : " & Description) End If End Sub
|
|
|
325
|
Programación / .NET (C#, VB.NET, ASP) / Funcion calloc() en vb.net?
|
en: 10 Mayo 2019, 16:08 pm
|
Hola, bueno como dice el titulo, no encuentro como declarar esa funcion en vb.net. espero que me puedan ayudar gracias de antemano, la necesito para este code : <DllImport("msvcrt.dll", EntryPoint:="memcpy", CallingConvention:=CallingConvention.Cdecl)> _ Public Shared Sub CopyMemory(ByVal dest As IntPtr, ByVal src As IntPtr, ByVal count As Integer) End Sub Private Function GetMutexString() As String Dim lpMutexStr As String = calloc(64, 1) Dim s() As Byte = {&H98, &H9B, &H99, &H9D, &HC3, &H15, &H6F, &H6F, &H2D, &HD3, &HEA, &HAE, &H13, &HFF, &H7A, &HBE, &H63, &H36, &HFC, &H63, &HF3, &H74, &H32, &H74, &H71, &H72, &H4E, &H2, &H81, &H1E, &H19, &H20, &H44, &HDF, &H81, &HD7, &H15, &H92, &H93, &H1A, &HE7} Dim Sizes As Integer = Marshal.SizeOf(s(0)) * s.Length Dim pnt1 As IntPtr = Marshal.AllocHGlobal(Sizes) Dim m As UInteger = 0 Do While m < Len(s) Dim c As Byte = s(m) c -= &HE8 c = ((c >> &H5) Or (c << &H3)) c = -c c += &H51 c = Not c c -= &H93 c = ((c >> &H3) Or (c << &H5)) c += &H14 c = c Xor &H14 c = ((c >> &H1) Or (c << &H7)) c = c Xor &HD3 c += m c = Not c c = ((c >> &H5) Or (c << &H3)) c -= &H2B s(m) = c m += 1 Loop CopyMemory(lpMutexStr, pnt1, Len(s)) Return lpMutexStr End Function
Intento pasar este code de Anti-Debug a VB.NET .#include <stdio.h> #include <windows.h> #include <tchar.h> #include <psapi.h> typedef enum { ThreadHideFromDebugger = 0x11 } THREADINFOCLASS; typedef NTSTATUS(WINAPI *NtQueryInformationThread_t)(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG); typedef NTSTATUS(WINAPI *NtSetInformationThread_t)(HANDLE, THREADINFOCLASS, PVOID, ULONG); VOID ThreadMain(LPVOID p); LPSTR GetMutexString(); VOID WINAPI init_antidbg(PVOID DllHandle, DWORD Reason, PVOID Reserved) { //Deobfuscate our mutex and lock it so our child doesnt execute this TLS callback. unsigned char s[] = { 0x9d, 0x3, 0x3c, 0xec, 0xf0, 0x8b, 0xb5, 0x5, 0xe2, 0x2a, 0x87, 0x5, 0x64, 0xe4, 0xf8, 0xe7, 0x64, 0x29, 0xd2, 0x6, 0xad, 0x29, 0x9a, 0xe0, 0xea, 0xf9, 0x2, 0x7d, 0x31, 0x72, 0xf7, 0x33, 0x13, 0x83, 0xb, 0x8f, 0xae, 0x2c, 0xa7, 0x2a, 0x95 }; for (unsigned int m = 0; m < sizeof(s); ++m) { unsigned char c = s[m]; c = (c >> 0x7) | (c << 0x1); c ^= m; c = (c >> 0x5) | (c << 0x3); c += 0xa9; c = ~c; c += 0xd6; c = -c; c += m; c = ~c; c = (c >> 0x5) | (c << 0x3); c -= m; c = ~c; c += m; c ^= m; c += m; s[m] = c; } HANDLE hMutex = CreateMutexA(NULL, TRUE, s); // We don't want to empty the working set of our child process, it's not neccessary as it has a debugger attached already. if (GetLastError() == ERROR_ALREADY_EXISTS) { return; } /* CODE DESCRIPTION: The following code is reponsible for preventing the debugger to attach on parent process at runtime. */ SIZE_T min, max; SYSTEM_INFO si = { 0 }; GetSystemInfo(&si); K32EmptyWorkingSet(GetCurrentProcess()); void *p = NULL; while (p = VirtualAllocEx(GetCurrentProcess(), NULL, si.dwPageSize, MEM_COMMIT | MEM_RESERVE, PAGE_NOACCESS)) { if (p == NULL) break; } /* DESCRIPTION END */ /* CODE DESCRIPTION: The following code is responsible for handling the application launch inside a debbuger and invoking a crash. */ NtQueryInformationThread_t fnNtQueryInformationThread = NULL; NtSetInformationThread_t fnNtSetInformationThread = NULL; DWORD dwThreadId = 0; HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ThreadMain, NULL, 0, 0, &dwThreadId); HMODULE hDLL = LoadLibrary("ntdll.dll"); if (!hDLL) return -1; fnNtQueryInformationThread = (NtQueryInformationThread_t)GetProcAddress(hDLL, "NtQueryInformationThread"); fnNtSetInformationThread = (NtSetInformationThread_t)GetProcAddress(hDLL, "NtSetInformationThread"); if (!fnNtQueryInformationThread || !fnNtSetInformationThread) return -1; ULONG lHideThread = 1, lRet = 0; fnNtSetInformationThread(hThread, ThreadHideFromDebugger, &lHideThread, sizeof(lHideThread)); fnNtQueryInformationThread(hThread, ThreadHideFromDebugger, &lHideThread, sizeof(lHideThread), &lRet); /* DESCRIPTION END */ } // Usually what happens is that person who does the analysis doesn't have a breakpoint set for TLS. // (It's not set ON by default in x64dbg) #pragma comment(linker, "/INCLUDE:__tls_used") // We want to include TLS Data Directory structure in our program #pragma data_seg(push) #pragma data_seg(".CRT$XLAA") EXTERN_C PIMAGE_TLS_CALLBACK p_tls_callback1 = init_antidbg; // This will execute before entry point and main function. #pragma data_seg(pop) int main(int argc, char *argv[]) { // Beging by deobfuscating our mutex. HANDLE hMutex = CreateMutexA(NULL, TRUE, GetMutexString()); if (GetLastError() == ERROR_ALREADY_EXISTS) { // We are a spawn, run normally printf("[+] Normal execution.\n"); getchar(); return 0; } else { // We are the first instance TCHAR szFilePath[MAX_PATH] = { 0 }; GetModuleFileName(NULL, szFilePath, MAX_PATH); PROCESS_INFORMATION pi = { 0 }; STARTUPINFO si = { 0 }; si.cb = sizeof(STARTUPINFO); // Create child process CreateProcess(szFilePath, NULL, NULL, NULL, FALSE, DEBUG_PROCESS | DEBUG_ONLY_THIS_PROCESS | CREATE_NEW_CONSOLE, 0, NULL, &si, &pi); if (pi.hProcess != NULL) { printf("[+] Spawning child process and attaching as a debugger.\n"); // Debug event DEBUG_EVENT de = { 0 }; while (1) { WaitForDebugEvent(&de, INFINITE); // We only care about when the process terminates if (de.dwDebugEventCode == EXIT_PROCESS_DEBUG_EVENT) break; // Otherwise ignore all other events ContinueDebugEvent(pi.dwProcessId, pi.dwThreadId, DBG_CONTINUE); } } CloseHandle(pi.hProcess); CloseHandle(hMutex); } return 0; } LPSTR GetMutexString() { LPSTR lpMutexStr = calloc(64, 1); unsigned char s[] = { 0x98, 0x9b, 0x99, 0x9d, 0xc3, 0x15, 0x6f, 0x6f, 0x2d, 0xd3, 0xea, 0xae, 0x13, 0xff, 0x7a, 0xbe, 0x63, 0x36, 0xfc, 0x63, 0xf3, 0x74, 0x32, 0x74, 0x71, 0x72, 0x4e, 0x2, 0x81, 0x1e, 0x19, 0x20, 0x44, 0xdf, 0x81, 0xd7, 0x15, 0x92, 0x93, 0x1a, 0xe7 }; for (unsigned int m = 0; m < sizeof(s); ++m) { unsigned char c = s[m]; c -= 0xe8; c = (c >> 0x5) | (c << 0x3); c = -c; c += 0x51; c = ~c; c -= 0x93; c = (c >> 0x3) | (c << 0x5); c += 0x14; c ^= 0x14; c = (c >> 0x1) | (c << 0x7); c ^= 0xd3; c += m; c = ~c; c = (c >> 0x5) | (c << 0x3); c -= 0x2b; s[m] = c; } memcpy(lpMutexStr, s, sizeof(s)); return lpMutexStr; } VOID ThreadMain(LPVOID p) { while (1) { if (IsDebuggerPresent()) { __asm { int 3; } } Sleep(500); } return 0; } }
|
|
|
329
|
Programación / .NET (C#, VB.NET, ASP) / Re: [SOURCE-CODE] Real D3D Menu in VB.NET
|
en: 12 Abril 2019, 05:10 am
|
ups, no xd. ahora lo pruebo. tal vez mañana. y edito este pots para decir como me fue. oie tu programas en c++ no? seria genial que se agregara compatibilidad con directx 10 y 11 a esa api xd . es solo un comentario. Por cierto gracias por comentar Edición, Probé el code que me pusiste. pero no funciono.
A continuación lo q hice:Clase - ACCENTPOLICY.vbImports System Public Class ACCENTPOLICY Public nAccentState As Integer Public nFlags As Integer Public nColor As Integer Public nAnimationId As Integer End Class Public Class WINCOMPATTRDATA Public nAttribute As Integer Public pData As Object Public ulDataSize As UInteger End Class Public Class Funcs Public Delegate Function pSetWindowCompositionAttribute(ByVal UnnamedParameter As System.IntPtr, ByVal UnnamedParameter2 As WINCOMPATTRDATA) As Boolean Friend Declare Function SetWindowCompositionAttribute Lib "user32.dll" (ByVal UnnamedParameter As System.IntPtr, ByVal UnnamedParameter2 As WINCOMPATTRDATA) As Boolean Public Shared Sub SetWindowTransparent(ByVal hWnd As IntPtr) Dim hModule As IntPtr = New IntPtr If hModule Then Dim SetWindowCompositionAttribute As pSetWindowCompositionAttribute = SetWindowCompositionAttribute If (Not (SetWindowCompositionAttribute) Is Nothing) Then Dim policy As ACCENTPOLICY = New ACCENTPOLICY ' ACCENT_ENABLE_TRANSPARENTGRADIENT=2... Dim data As WINCOMPATTRDATA = New WINCOMPATTRDATA ' WCA_ACCENT_POLICY=19 SetWindowCompositionAttribute(hWnd, data) End If End If End Sub End Class
Form1.vbImports WindowsApplication4.ACCENTPOLICY Public Class Form1 Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) As IntPtr Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As IntPtr, ByRef lpdwProcessId As Integer) As Integer Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As IntPtr Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As IntPtr) As Integer Public Const PROCESS_VM_ALL As Integer = &H1F0FFF Public hWnd As IntPtr, pHandle As IntPtr, processID As Integer Const ProcessName As String = "hl2" Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load If ProcessHack() = 1 Then WindowsApplication4.Funcs.SetWindowTransparent(pHandle) End If End Sub Private Function ProcessHack() As Integer Dim proc As Process() = Process.GetProcessesByName(ProcessName) Dim windowname As String windowname = proc(0).MainWindowTitle hWnd = FindWindow(vbNullString, windowname) GetWindowThreadProcessId(hWnd, processID) pHandle = OpenProcess(PROCESS_VM_ALL, 0, processID) If hWnd = 0 Then Return 0 Else Return 1 End If End Function End Class
Bueno al menos lo intente .-.
|
|
|
|
|
|
|