|
392
|
Programación / Programación Visual Basic / Re: [Source] Inyeccion Dll en VB
|
en: 16 Junio 2007, 23:02 pm
|
Evidentemente este codigo aplicado a un .exe no chuta, ya que el LoadLibrary es para Dll'sy no para exe's....lo que hace el codigo es inyectar codigo para que se ejecute el loadlibrary con la Dll que kieras en el proceso remoto (con CreateRemoteThread)....la api LoadLibrary al cargar la Dll la ejecuta desde DllMain... Un Saludo.
|
|
|
393
|
Programación / Programación Visual Basic / Re: [Source] Inyeccion Dll en VB
|
en: 16 Junio 2007, 18:40 pm
|
entonoses en que quedo lo de la dll se puede o no en visual, de que estamos ablando de una dll no activeX?? (esto es lo feo de solo saber programar en visual b desconoces todas estas cosas) Saludos La Dll en VB no funciona...tiene que ser una en C/C++
|
|
|
394
|
Programación / Programación Visual Basic / Re: [Source] Inyeccion Dll en VB
|
en: 16 Junio 2007, 18:39 pm
|
Te pego 3 codigos del ApiGuide sobre esa api... ExitWindowsX - NT'In a module Private Const EWX_LOGOFF = 0 Private Const EWX_SHUTDOWN = 1 Private Const EWX_REBOOT = 2 Private Const EWX_FORCE = 4 Private Const TOKEN_ADJUST_PRIVILEGES = &H20 Private Const TOKEN_QUERY = &H8 Private Const SE_PRIVILEGE_ENABLED = &H2 Private Const ANYSIZE_ARRAY = 1 Private Const VER_PLATFORM_WIN32_NT = 2 Type OSVERSIONINFO dwOSVersionInfoSize As Long dwMajorVersion As Long dwMinorVersion As Long dwBuildNumber As Long dwPlatformId As Long szCSDVersion As String * 128 End Type Type LUID LowPart As Long HighPart As Long End Type Type LUID_AND_ATTRIBUTES pLuid As LUID Attributes As Long End Type Type TOKEN_PRIVILEGES PrivilegeCount As Long Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES End Type Private Declare Function GetCurrentProcess Lib "kernel32" () As Long Private Declare Function OpenProcessToken Lib "advapi32" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long Private Declare Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As Long Private Declare Function AdjustTokenPrivileges Lib "advapi32" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long Private Declare Function ExitWindowsEx Lib "user32" (ByVal uFlags As Long, ByVal dwReserved As Long) As Long Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (ByRef lpVersionInformation As OSVERSIONINFO) As Long 'Detect if the program is running under Windows NT Public Function IsWinNT() As Boolean Dim myOS As OSVERSIONINFO myOS.dwOSVersionInfoSize = Len(myOS) GetVersionEx myOS IsWinNT = (myOS.dwPlatformId = VER_PLATFORM_WIN32_NT) End Function 'set the shut down privilege for the current application Private Sub EnableShutDown() Dim hProc As Long Dim hToken As Long Dim mLUID As LUID Dim mPriv As TOKEN_PRIVILEGES Dim mNewPriv As TOKEN_PRIVILEGES hProc = GetCurrentProcess() OpenProcessToken hProc, TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY, hToken LookupPrivilegeValue "", "SeShutdownPrivilege", mLUID mPriv.PrivilegeCount = 1 mPriv.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED mPriv.Privileges(0).pLuid = mLUID ' enable shutdown privilege for the current application AdjustTokenPrivileges hToken, False, mPriv, 4 + (12 * mPriv.PrivilegeCount), mNewPriv, 4 + (12 * mNewPriv.PrivilegeCount) End Sub ' Shut Down NT Public Sub ShutDownNT(Force As Boolean) Dim ret As Long Dim Flags As Long Flags = EWX_SHUTDOWN If Force Then Flags = Flags + EWX_FORCE If IsWinNT Then EnableShutDown ExitWindowsEx Flags, 0 End Sub 'Restart NT Public Sub RebootNT(Force As Boolean) Dim ret As Long Dim Flags As Long Flags = EWX_REBOOT If Force Then Flags = Flags + EWX_FORCE If IsWinNT Then EnableShutDown ExitWindowsEx Flags, 0 End Sub 'Log off the current user Public Sub LogOffNT(Force As Boolean) Dim ret As Long Dim Flags As Long Flags = EWX_LOGOFF If Force Then Flags = Flags + EWX_FORCE ExitWindowsEx Flags, 0 End Sub
'In a form 'This project needs a form with three command buttons Private Sub Command1_Click() LogOffNT True End Sub Private Sub Command2_Click() RebootNT True End Sub Private Sub Command3_Click() ShutDownNT True End Sub Private Sub Form_Load() 'KPD-Team 2000 'URL: http://www.allapi.net/ 'E-Mail: KPDTeam@Allapi.net Command1.Caption = "Log Off NT" Command2.Caption = "Reboot NT" Command3.Caption = "Shutdown NT" End Sub System Shutdown' Shutdown Flags Const EWX_LOGOFF = 0 Const EWX_SHUTDOWN = 1 Const EWX_REBOOT = 2 Const EWX_FORCE = 4 Const SE_PRIVILEGE_ENABLED = &H2 Const TokenPrivileges = 3 Const TOKEN_ASSIGN_PRIMARY = &H1 Const TOKEN_DUPLICATE = &H2 Const TOKEN_IMPERSONATE = &H4 Const TOKEN_QUERY = &H8 Const TOKEN_QUERY_SOURCE = &H10 Const TOKEN_ADJUST_PRIVILEGES = &H20 Const TOKEN_ADJUST_GROUPS = &H40 Const TOKEN_ADJUST_DEFAULT = &H80 Const SE_SHUTDOWN_NAME = "SeShutdownPrivilege" Const ANYSIZE_ARRAY = 1 Private Type LARGE_INTEGER lowpart As Long highpart As Long End Type Private Type Luid lowpart As Long highpart As Long End Type Private Type LUID_AND_ATTRIBUTES 'pLuid As Luid pLuid As LARGE_INTEGER Attributes As Long End Type Private Type TOKEN_PRIVILEGES PrivilegeCount As Long Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES End Type Private Declare Function InitiateSystemShutdown Lib "advapi32.dll" Alias "InitiateSystemShutdownA" (ByVal lpMachineName As String, ByVal lpMessage As String, ByVal dwTimeout As Long, ByVal bForceAppsClosed As Long, ByVal bRebootAfterShutdown As Long) As Long Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long Private Declare Function GetCurrentProcess Lib "kernel32" () As Long Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LARGE_INTEGER) As Long Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long Private Declare Function GetComputerName Lib "kernel32" Alias "GetComputerNameA" (ByVal lpBuffer As String, nSize As Long) As Long Private Declare Function GetLastError Lib "kernel32" () As Long Public Function InitiateShutdownMachine(ByVal Machine As String, Optional Force As Variant, Optional Restart As Variant, Optional AllowLocalShutdown As Variant, Optional Delay As Variant, Optional Message As Variant) As Boolean Dim hProc As Long Dim OldTokenStuff As TOKEN_PRIVILEGES Dim OldTokenStuffLen As Long Dim NewTokenStuff As TOKEN_PRIVILEGES Dim NewTokenStuffLen As Long Dim pSize As Long If IsMissing(Force) Then Force = False If IsMissing(Restart) Then Restart = True If IsMissing(AllowLocalShutdown) Then AllowLocalShutdown = False If IsMissing(Delay) Then Delay = 0 If IsMissing(Message) Then Message = "" 'Make sure the Machine-name doesn't start with '\\' If InStr(Machine, "\\") = 1 Then Machine = Right(Machine, Len(Machine) - 2) End If 'check if it's the local machine that's going to be shutdown If (LCase(GetMyMachineName) = LCase(Machine)) Then 'may we shut this computer down? If AllowLocalShutdown = False Then Exit Function 'open access token If OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hProc) = 0 Then MsgBox "OpenProcessToken Error: " & GetLastError() Exit Function End If 'retrieve the locally unique identifier to represent the Shutdown-privilege name If LookupPrivilegeValue(vbNullString, SE_SHUTDOWN_NAME, OldTokenStuff.Privileges(0).pLuid) = 0 Then MsgBox "LookupPrivilegeValue Error: " & GetLastError() Exit Function End If NewTokenStuff = OldTokenStuff NewTokenStuff.PrivilegeCount = 1 NewTokenStuff.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED NewTokenStuffLen = Len(NewTokenStuff) pSize = Len(NewTokenStuff) 'Enable shutdown-privilege If AdjustTokenPrivileges(hProc, False, NewTokenStuff, NewTokenStuffLen, OldTokenStuff, OldTokenStuffLen) = 0 Then MsgBox "AdjustTokenPrivileges Error: " & GetLastError() Exit Function End If 'initiate the system shutdown If InitiateSystemShutdown("\\" & Machine, Message, Delay, Force, Restart) = 0 Then Exit Function End If NewTokenStuff.Privileges(0).Attributes = 0 'Disable shutdown-privilege If AdjustTokenPrivileges(hProc, False, NewTokenStuff, Len(NewTokenStuff), OldTokenStuff, Len(OldTokenStuff)) = 0 Then Exit Function End If Else 'initiate the system shutdown If InitiateSystemShutdown("\\" & Machine, Message, Delay, Force, Restart) = 0 Then Exit Function End If End If InitiateShutdownMachine = True End Function Function GetMyMachineName() As String Dim sLen As Long 'create a buffer GetMyMachineName = Space(100) sLen = 100 'retrieve the computer name If GetComputerName(GetMyMachineName, sLen) Then GetMyMachineName = Left(GetMyMachineName, sLen) End If End Function Private Sub Form_Load() 'KPD-Team 2000 'URL: http://www.allapi.net/ 'E-Mail: KPDTeam@Allapi.net InitiateShutdownMachine GetMyMachineName, True, True, True, 60, "You initiated a system shutdown..." End Sub
Save/Restore Key'example by Scott Watters (scottw@racewaves.com)
' No rhyme or reason for making some private and some public. Use your own discretion... Const HKEY_CURRENT_USER = &H80000001 Const TOKEN_QUERY As Long = &H8& Const TOKEN_ADJUST_PRIVILEGES As Long = &H20& Const SE_PRIVILEGE_ENABLED As Long = &H2 Const SE_RESTORE_NAME = "SeRestorePrivilege" 'Important for what we're trying to accomplish Const SE_BACKUP_NAME = "SeBackupPrivilege" Const REG_FORCE_RESTORE As Long = 8& ' Almost as import, will allow you to restore over a key while it's open! Const READ_CONTROL = &H20000 Const SYNCHRONIZE = &H100000 Const STANDARD_RIGHTS_READ = (READ_CONTROL) Const STANDARD_RIGHTS_WRITE = (READ_CONTROL) Const STANDARD_RIGHTS_ALL = &H1F0000 Const SPECIFIC_RIGHTS_ALL = &HFFFF Const KEY_QUERY_VALUE = &H1 Const KEY_SET_VALUE = &H2 Const KEY_CREATE_SUB_KEY = &H4 Const KEY_ENUMERATE_SUB_KEYS = &H8 Const KEY_NOTIFY = &H10 Const KEY_CREATE_LINK = &H20 Const KEY_READ = ((STANDARD_RIGHTS_READ Or KEY_QUERY_VALUE Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY) And (Not SYNCHRONIZE)) Const KEY_ALL_ACCESS = ((STANDARD_RIGHTS_ALL Or KEY_QUERY_VALUE Or KEY_SET_VALUE Or KEY_CREATE_SUB_KEY Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY Or KEY_CREATE_LINK) And (Not SYNCHRONIZE)) Private Type LUID lowpart As Long highpart As Long End Type Private Type LUID_AND_ATTRIBUTES pLuid As LUID Attributes As Long End Type Private Type TOKEN_PRIVILEGES PrivilegeCount As Long Privileges As LUID_AND_ATTRIBUTES End Type Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long ' Always close your keys when you're done with them! Private Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long ' Need to open the key to be able to restore to it. Private Declare Function RegRestoreKey Lib "advapi32.dll" Alias "RegRestoreKeyA" (ByVal hKey As Long, ByVal lpFile As String, ByVal dwFlags As Long) As Long ' Main function Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPriv As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long 'Used to adjust your program's security privileges, can't restore without it! Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As Any, ByVal lpName As String, lpLuid As LUID) As Long 'Returns a valid LUID which is important when making security changes in NT. Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long Private Declare Function GetCurrentProcess Lib "kernel32" () As Long Private Declare Function RegSaveKey Lib "advapi32.dll" Alias "RegSaveKeyA" (ByVal hKey As Long, ByVal lpFile As String, lpSecurityAttributes As Any) As Long Function EnablePrivilege(seName As String) As Boolean Dim p_lngRtn As Long Dim p_lngToken As Long Dim p_lngBufferLen As Long Dim p_typLUID As LUID Dim p_typTokenPriv As TOKEN_PRIVILEGES Dim p_typPrevTokenPriv As TOKEN_PRIVILEGES p_lngRtn = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, p_lngToken) If p_lngRtn = 0 Then Exit Function ' Failed ElseIf Err.LastDllError <> 0 Then Exit Function ' Failed End If p_lngRtn = LookupPrivilegeValue(0&, seName, p_typLUID) 'Used to look up privileges LUID. If p_lngRtn = 0 Then Exit Function ' Failed End If ' Set it up to adjust the program's security privilege. p_typTokenPriv.PrivilegeCount = 1 p_typTokenPriv.Privileges.Attributes = SE_PRIVILEGE_ENABLED p_typTokenPriv.Privileges.pLuid = p_typLUID EnablePrivilege = (AdjustTokenPrivileges(p_lngToken, False, p_typTokenPriv, Len(p_typPrevTokenPriv), p_typPrevTokenPriv, p_lngBufferLen) <> 0) End Function Public Function RestoreKey(ByVal sKeyName As String, ByVal sFileName As String, lPredefinedKey As Long) As Boolean If EnablePrivilege(SE_RESTORE_NAME) = False Then Exit Function Dim hKey As Long, lRetVal As Long Call RegOpenKeyEx(lPredefinedKey, sKeyName, 0&, KEY_ALL_ACCESS, hKey) ' Must open key to restore it 'The file it's restoring from was created using the RegSaveKey function Call RegRestoreKey(hKey, sFileName, REG_FORCE_RESTORE) RegCloseKey hKey ' Don't want to keep the key ope. It causes problems. End Function Public Function SaveKey(ByVal sKeyName As String, ByVal sFileName As String, lPredefinedKey As Long) As Boolean If EnablePrivilege(SE_BACKUP_NAME) = False Then Exit Function Dim hKey As Long, lRetVal As Long Call RegOpenKeyEx(lPredefinedKey, sKeyName, 0&, KEY_ALL_ACCESS, hKey) ' Must open key to save it 'Don't forget to "KILL" any existing files before trying to save the registry key! If Dir(sFileName) <> "" Then Kill sFileName Call RegSaveKey(hKey, sFileName, ByVal 0&) RegCloseKey hKey ' Don't want to keep the key ope. It causes problems. End Function Private Sub Form_Load() Const sFile = "c:\test.reg" SaveKey "SOFTWARE\KPD-Team\API-Guide", sFile, HKEY_CURRENT_USER RestoreKey "SOFTWARE\KPD-Team\API-Guide", sFile, HKEY_CURRENT_USER End Sub Eso es todo, un Saludo tio.
|
|
|
398
|
Programación / Programación Visual Basic / Re: Hooks
|
en: 15 Junio 2007, 20:22 pm
|
Yo me referia a Api Hooking... en vb lo tienes un poco mal. como siempre nunca aseguro que no se pueda, pero si alguno lo hace seguro que es mas incomodo que en otro lenguaje.
Amén
|
|
|
399
|
Programación / Programación Visual Basic / [Source] Inyeccion Dll en VB
|
en: 15 Junio 2007, 17:11 pm
|
Aqui les dejo este codigo que ya e traducido a C#, ahora a VB...mi proximo reto es traducirlo a ensamblador con el Fasm.... Bueno, me dejo de chachara....aqui esta el codigo: Modulo:'************************************************************************ '************************************************************************ '** ** '** Inyeccion Dll en VB a partir del codigo en C++ de MazarD ** '** ** '** Wrote on June 15, 2007 by Hendrix ** '** ** '** ** '** CopyLeft Licence ** '************************************************************************ '************************************************************************ Private Const PAGE_READWRITE As Long = &H4 Private Const MEM_RELEASE As Long = &H8000 Private Const MEM_COMMIT As Long = &H1000 Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000 Private Const SYNCHRONIZE As Long = &H100000 Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF) Private Const INFINITE As Long = &HFFFFFF Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long Public Function Inyecta(RutaDll As String, Pid As Long) As Integer Dim proc As Long Dim nload As Long Dim rems As Long Dim longi As Long Dim RemThread As Long Dim Tid As Long On Error GoTo Error proc = OpenProcess(PROCESS_ALL_ACCESS, False, Pid) nload = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA") rems = VirtualAllocEx(proc, 0, Len(RutaDll), MEM_COMMIT, PAGE_READWRITE) WriteProcessMemory proc, ByVal rems, ByVal RutaDll, Len(RutaDll), longi CreateRemoteThread proc, ByVal 0, 0, ByVal nload, ByVal rems, 0, Tid WaitForSingleObject rems, INFINITE CloseHandle proc CloseHandle rems Inyecta = 0 Exit Function Error: Inyecta = 1 End Function
Formulario:Private Sub Form_Load() Dim ruta As Long Dim resultado As Integer ruta = Shell("notepad.exe") resultado = Inyecta("C:\ladll.dll", ruta) If resultado = 0 Then MsgBox "Dll Inyectada con éxito!!!", , "Información" Else MsgBox "A ocurrido un error", vbCritical, "Información" End If End End Sub
Un Saludo.
|
|
|
400
|
Programación / Programación Visual Basic / Re: Hooks
|
en: 15 Junio 2007, 15:07 pm
|
el quiere hookear funciones no el teclado. por ejemplo si un programa usa CreateFile que se llame antes a su codigo que a la funcion.
En una palabra, Api Hooking.... Mad, postea ejemplos de API Hooking....yo no e encontrado ninguno todavia en VB que funcione...
|
|
|
|
|
|
|