|
Mostrar Temas
|
Páginas: 1 [2] 3 4 5
|
11
|
Programación / Desarrollo Web / [AYUDA] Cambiar hostname
|
en: 20 Mayo 2015, 16:21 pm
|
Buenas a todos, tengo muy poco conocimiento sobre el tema web, pero recuerdo que hace mucho hice algo que no estoy pudiendo hacer ahora.
Yo tenía una web llamada "pepe.com.ar" (ejemplo), por otra parte tenía un dns o lo que sea que era "fake.com" que yo al poner "fake.com" me redireccionaba a "pepe.com.ar", el punto es que cuando cargaba "pepe.com.ar" de alguna manera yo cambiana el path y aparecía como "fake.com" y si tenía por ejemplo "pepe.com.ar/foro/index.php=?babla", en el url me aparecía "fake.com/foro/index.php=?babla" y no se recargaba la página cosa que para el usuario es imperceptible, alguno sabe como podría replicarlo?
Saludos.
|
|
|
12
|
Programación / Programación Visual Basic / [VB6][SRC] Memory Regions
|
en: 13 Febrero 2015, 13:48 pm
|
Una manera de detectar intrusos. Posteado en: http://hackhound.org/forums/topic/7209-vb6src-memory-regions/Modulo: Option Explicit 'typedef enum _MEMORY_INFORMATION_CLASS { ' MemoryBasicInformation, ' MemoryWorkingSetList, ' MemorySectionName '} MEMORY_INFORMATION_CLASS; Public Enum MEMORY_INFORMATION_CLASS MemoryBasicInformation = 0 MemoryWorkingSetList MemorySectionName End Enum 'typedef struct _MEMORY_BASIC_INFORMATION { ' PVOID BaseAddress; ' PVOID AllocationBase; ' DWORD AllocationProtect; ' SIZE_T RegionSize; ' DWORD State; ' DWORD Protect; ' DWORD Type; '} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION; Public Type MEMORY_BASIC_INFORMATION BaseAddress As Long AllocationBase As Long AllocationProtect As Long RegionSize As Long State As Long Protect As Long Type As Long End Type 'typedef struct _FUNCTION_INFORMATION { ' char name[64]; ' ULONG_PTR VirtualAddress; '} FUNCTION_INFORMATION, *PFUNCTION_INFORMATION; Public Type FUNCTION_INFORMATION name As String * 64 VirtualAddress As Long End Type 'typedef struct _MODULE_INFORMATION '{ ' PVOID BaseAddress; ' PVOID AllocationBase; ' DWORD AllocationProtect; ' SIZE_T RegionSize; ' DWORD State; ' DWORD Protect; ' DWORD Type; ' WCHAR szPathName[MAX_PATH]; ' PVOID EntryAddress; ' PFUNCTION_INFORMATION Functions; ' DWORD FunctionCount; ' DWORD SizeOfImage; '}MODULE_INFORMATION, *PMODULE_INFORMATION; Public Type MODULE_INFORMATION BaseAddress As Long AllocationBase As Long AllocationProtect As Long RegionSize As Long State As Long Protect As Long Type As Long szPathName(1 To 520) As Byte EntryAddress As Long Functions As Long 'VarPtr(MODULE_INFORMATION), es un puntero, PFUNCTION_INFORMATION Functions; FunctionCount As Long SizeOfImage As Long End Type 'struct UNICODE_STRING { ' USHORT Length; ' USHORT MaximumLength; ' PWSTR Buffer; '}; Public Type UNICODE_STRING Length As Integer MaximumLength As Integer Buffer As Long 'PWSTR Buffer; End Type 'typedef UNICODE_STRING *PUNICODE_STRING; Public Const PAGE_NOACCESS = &H1 Public Const PAGE_READONLY = &H2 Public Const PAGE_READWRITE = &H4 Public Const PAGE_WRITECOPY = &H8 Public Const PAGE_EXECUTE = &H10 Public Const PAGE_EXECUTE_READ = &H20 Public Const PAGE_EXECUTE_READWRITE = &H40 Public Const PAGE_EXECUTE_WRITECOPY = &H80 Public Const PAGE_GUARD = &H100 Public Const PAGE_NOCACHE = &H200 Public Const PAGE_WRITECOMBINE = &H400 Public Const MEM_COMMIT = &H1000 Public Const MEM_RESERVE = &H2000 Public Const MEM_DECOMMIT = &H4000 Public Const MEM_RELEASE = &H8000 Public Const MEM_FREE = &H10000 Public Const MEM_PRIVATE = 20000 Public Const MEM_MAPPED = &H40000 Public Const MEM_RESET = &H80000 Public Const MEM_TOP_DOWN = &H100000 Public Const MEM_WRITE_WATCH = &H200000 Public Const MEM_PHYSICAL = &H400000 Public Const MEM_ROTATE = &H800000 Public Const MEM_LARGE_PAGES = &H20000000 Public Const MEM_4MB_PAGES = &H80000000 'typedef LONG (WINAPI *ZWQUERYVIRTUALMEMORY)( ' HANDLE ProcessHandle, ' PVOID BaseAddress, ' MEMORY_INFORMATION_CLASS MemoryInformationClass, ' PVOID MemoryInformation, ' ULONG MemoryInformationLength, ' PULONG ReturnLength '); Public Declare Function ZwQueryVirtualMemory Lib "NTDLL.DLL" (ByVal ProcessHandle As Long, ByVal BaseAddress As Long, ByVal MemoryInformationClass As MEMORY_INFORMATION_CLASS, ByVal MemoryInformation As Long, ByVal MemoryInformationLength As Long, ByVal ReturnLength As Long) As Long Public Declare Function GetCurrentProcess Lib "kernel32" () As Long Public Declare Function VirtualQuery Lib "kernel32" (ByRef lpAddress As Any, ByRef lpBuffer As MEMORY_BASIC_INFORMATION, ByVal dwLength As Long) As Long Public Declare Sub ZeroMemory Lib "kernel32.dll" Alias "RtlZeroMemory" (Destination As Any, ByVal Length As Long) Public Declare Sub RtlMoveMemory Lib "kernel32.dll" (hpvDest As Any, hpvSource As Any, ByVal cbCopy As Long) Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Public Declare Function GetCurrentProcessId Lib "kernel32" () As Long Public Declare Function LoadLibraryA Lib "kernel32" (ByVal lpLibFileName As String) As Long Public Const PROCESS_ALL_ACCESS = &H1F0FFF 'Specifies all possible access flags for the process object. Public Const PROCESS_CREATE_THREAD = &H2 'Enables using the process handle in the CreateRemoteThread function to create a thread in the process. Public Const PROCESS_DUP_HANDLE = &H40 'Enables using the process handle as either the source or target process in the DuplicateHandle function to duplicate a handle. Public Const PROCESS_QUERY_INFORMATION = &H400 'Enables using the process handle in the GetExitCodeProcess and GetPriorityClass functions to read information from the process object. Public Const PROCESS_SET_INFORMATION = &H200 'Enables using the process handle in the SetPriorityClass function to set the priority class of the process. Public Const PROCESS_TERMINATE = &H1 'Enables using the process handle in the TerminateProcess function to terminate the process. Public Const PROCESS_VM_OPERATION = &H8 'Enables using the process handle in the VirtualProtectEx and WriteProcessMemory functions to modify the virtual memory of the process. Public Const PROCESS_VM_READ = &H10 'Enables using the process handle in the ReadProcessMemory function to read from the virtual memory of the process. Public Const PROCESS_VM_WRITE = &H20 'Enables using the process handle in the WriteProcessMemory function to write to the virtual memory of the process. Public Const SYNCHRONIZE = &H100000 'Enables using the process handle in any of the wait functions to wait for the process to terminate. Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (hpvDest As Any, hpvSource As Any, ByVal cbCopy As Long) 'The WideCharToMultiByte function maps a wide-character string to a new character string. 'The function is faster when both lpDefaultChar and lpUsedDefaultChar are NULL. 'CodePage Private Const CP_ACP = 0 'ANSI Private Const CP_MACCP = 2 'Mac Private Const CP_OEMCP = 1 'OEM Private Const CP_UTF7 = 65000 Private Const CP_UTF8 = 65001 'dwFlags Private Const WC_NO_BEST_FIT_CHARS = &H400 Private Const WC_COMPOSITECHECK = &H200 Private Const WC_DISCARDNS = &H10 Private Const WC_SEPCHARS = &H20 'Default Private Const WC_DEFAULTCHAR = &H40 Private Declare Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As Long, ByVal cchWideChar As Long, ByVal lpMultiByteStr As Long, ByVal cbMultiByte As Long, ByVal lpDefaultChar As Long, ByVal lpUsedDefaultChar As Long) As Long Public Function ByteArrayToString(Bytes() As Byte) As String Dim iUnicode As Long, i As Long, j As Long On Error Resume Next i = UBound(Bytes) If (i < 1) Then 'ANSI, just convert to unicode and return ByteArrayToString = StrConv(Bytes, vbUnicode) Exit Function End If i = i + 1 'Examine the first two bytes CopyMemory iUnicode, Bytes(0), 2 If iUnicode = Bytes(0) Then 'Unicode 'Account for terminating null If (i Mod 2) Then i = i - 1 'Set up a buffer to recieve the string ByteArrayToString = String$(i / 2, 0) 'Copy to string CopyMemory ByVal StrPtr(ByteArrayToString), Bytes(0), i Else 'ANSI ByteArrayToString = StrConv(Bytes, vbUnicode) End If End Function Public Function StringToByteArray(strInput As String, Optional bReturnAsUnicode As Boolean = True, Optional bAddNullTerminator As Boolean = False) As Byte() Dim lRet As Long Dim bytBuffer() As Byte Dim lLenB As Long If bReturnAsUnicode Then 'Number of bytes lLenB = LenB(strInput) 'Resize buffer, do we want terminating null? If bAddNullTerminator Then ReDim bytBuffer(lLenB) Else ReDim bytBuffer(lLenB - 1) End If 'Copy characters from string to byte array CopyMemory bytBuffer(0), ByVal StrPtr(strInput), lLenB Else 'METHOD ONE ' 'Get rid of embedded nulls ' strRet = StrConv(strInput, vbFromUnicode) ' lLenB = LenB(strRet) ' If bAddNullTerminator Then ' ReDim bytBuffer(lLenB) ' Else ' ReDim bytBuffer(lLenB - 1) ' End If ' CopyMemory bytBuffer(0), ByVal StrPtr(strInput), lLenB 'METHOD TWO 'Num of characters lLenB = Len(strInput) If bAddNullTerminator Then ReDim bytBuffer(lLenB) Else ReDim bytBuffer(lLenB - 1) End If lRet = WideCharToMultiByte(CP_ACP, 0&, ByVal StrPtr(strInput), -1, ByVal VarPtr(bytBuffer(0)), lLenB, 0&, 0&) End If StringToByteArray = bytBuffer End Function
Form: Agregar RitchTextBox (llenar el texto), un Label (para el address del for) y un CommandButton (acción) Private Sub Command1_Click() 'MEMORY_BASIC_INFORMATION mbi; Dim mbi As MEMORY_BASIC_INFORMATION 'MODULE_INFORMATION mi; Dim mi As MODULE_INFORMATION 'BYTE szBuffer[MAX_PATH * 2 + 4] = { 0 }; Dim szBuffer(523) As Byte Dim i As Integer 'PUNICODE_STRING usSectionName; Dim usSectionName As UNICODE_STRING Dim hProcess As Long hProcess = GetCurrentProcess() Dim Addr As Long Dim READABLE As Long READABLE = (PAGE_EXECUTE_READ + PAGE_EXECUTE_READWRITE + PAGE_EXECUTE_WRITECOPY + PAGE_READONLY + PAGE_READWRITE + PAGE_WRITECOPY) txtSections.Text = "" Addr = 0 Dim hRet As Long Dim asd As String Dim zBytes() As Byte txtSections.Visible = False ReDim zBytes(0) As Byte While VirtualQuery(Addr, mbi, 28) DoEvents Label1.Caption = "0x" & Hex(Addr) If (mbi.State And MEM_COMMIT) Then If (mbi.AllocationProtect And READABLE) Then hRet = ZwQueryVirtualMemory(hProcess, Addr, MemoryBasicInformation, VarPtr(mbi), &H1C, 0&) txtSections.Text = txtSections.Text & "Add: " & Hex(Addr) & " - Size: " & Hex(mbi.RegionSize) & vbNewLine For i = LBound(szBuffer) To UBound(szBuffer) szBuffer(i) = 0 Next i For i = LBound(zBytes) To UBound(zBytes) zBytes(i) = 0 Next i If (hRet >= 0) Then If (mbi.Type <> MEM_FREE) Then hRet = ZwQueryVirtualMemory(hProcess, Addr, MemorySectionName, VarPtr(szBuffer(0)), &H20C, 0&) If (hRet >= 0) Then Call ZeroMemory(mi, &H234) Call RtlMoveMemory(mi, mbi, &H1C) Call ReadProcessMemory(hProcess, VarPtr(szBuffer(0)), usSectionName.Length, &H2, 0&) Call ReadProcessMemory(hProcess, VarPtr(szBuffer(2)), usSectionName.MaximumLength, &H2, 0&) ReDim zBytes(usSectionName.Length * 2) 'How do I know is offset 8? It's simple.... "Aliens" Call ReadProcessMemory(hProcess, VarPtr(szBuffer(8)), zBytes(0), usSectionName.Length * 2, 0&) txtSections.Text = txtSections.Text & ByteArrayToString(zBytes) & " (" & usSectionName.Length & "/" & usSectionName.MaximumLength & ")" & vbNewLine & vbNewLine End If End If End If End If End If txtSections.SelStart = Len(txtSections) If Addr >= &H7FFF0000 Then GoTo salir End If Addr = (mbi.BaseAddress) + mbi.RegionSize Wend salir: txtSections.Visible = True MsgBox "Done" End Sub
Resultado: Add: 0 - Size: 1000 Add: 10000 - Size: 1000 Add: 20000 - Size: 1000 Add: 21000 - Size: 1000 Add: 30000 - Size: 1000 Add: 129000 - Size: 1000 Add: 12A000 - Size: 1000 Add: 130000 - Size: 1000 Add: 134000 - Size: 1000 Add: 140000 - Size: 1000 Add: 141000 - Size: 1000 Add: 150000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\locale.nls Add: 1B7000 - Size: 1000 Add: 1C0000 - Size: 1000 Add: 1C1000 - Size: 1000 Add: 1D0000 - Size: 1000 Add: 1DA000 - Size: 1000 Add: 1E0000 - Size: 1000 Add: 1E7000 - Size: 1000 Add: 1F0000 - Size: 1000 Add: 1F2000 - Size: 1000 Add: 200000 - Size: 1000 Add: 201000 - Size: 1000 Add: 210000 - Size: 1000 Add: 211000 - Size: 1000 Add: 220000 - Size: 1000 Add: 222000 - Size: 1000 Add: 230000 - Size: 1000 Add: 232000 - Size: 1000 Add: 240000 - Size: 1000 Add: 241000 - Size: 1000 Add: 250000 - Size: 1000 Add: 252000 - Size: 1000 Add: 260000 - Size: 1000 Add: 2F3000 - Size: 1000 Add: 360000 - Size: 1000 Add: 361000 - Size: 1000 Add: 370000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\TABCTL32.OCX Add: 37D000 - Size: 1000 Add: 380000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\RICHTX32.OCX Add: 3D0000 - Size: 1000 Add: 3D1000 - Size: 1000 Add: 3E0000 - Size: 1000 Add: 400000 - Size: 1000 \Device\HarddiskVolume2\Misery-PC\[New Programming 2014]\[AO]\OffiHack\test\Project1.exe Add: 401000 - Size: 1000 \Device\HarddiskVolume2\Misery-PC\[New Programming 2014]\[AO]\OffiHack\test\Project1.exe Add: 42D000 - Size: 1000 \Device\HarddiskVolume2\Misery-PC\[New Programming 2014]\[AO]\OffiHack\test\Project1.exe Add: 430000 - Size: 1000 \Device\HarddiskVolume2\Misery-PC\[New Programming 2014]\[AO]\OffiHack\test\Project1.exe Add: 431000 - Size: 1000 Add: 440000 - Size: 1000 Add: 441000 - Size: 1000 Add: 4C0000 - Size: 1000 Add: 4E0000 - Size: 1000 Add: 4E3000 - Size: 1000 Add: 4F0000 - Size: 1000 Add: 4FF000 - Size: 1000 Add: 5B0000 - Size: 1000 Add: 5B3000 - Size: 1000 Add: 5B8000 - Size: 1000 Add: 5C0000 - Size: 1000 Add: 6C1000 - Size: 1000 Add: 6D0000 - Size: 1000 Add: 87A000 - Size: 1000 Add: 12D0000 - Size: 1000 Add: 12E0000 - Size: 1000 Add: 16D0000 - Size: 1000 \Device\HarddiskVolume2\Windows\Globalization\Sorting\SortDefault.nls Add: 199F000 - Size: 1000 Add: 19A0000 - Size: 1000 Add: 1A7F000 - Size: 1000 Add: 1A80000 - Size: 1000 Add: 1A82000 - Size: 1000 Add: 1B80000 - Size: 1000 Add: 1B90000 - Size: 1000 Add: 1BAE000 - Size: 1000 Add: 1BD0000 - Size: 1000 Add: 1CF0000 - Size: 1000 Add: 1CF2000 - Size: 1000 Add: 1D00000 - Size: 1000 Add: 1D90000 - Size: 1000 Add: 1DD0000 - Size: 1000 Add: 1F00000 - Size: 1000 Add: 1F03000 - Size: 1000 Add: 1F10000 - Size: 1000 Add: 1FA0000 - Size: 1000 Add: 1FC7000 - Size: 1000 Add: 1FE0000 - Size: 1000 Add: 2356000 - Size: 1000 Add: 2360000 - Size: 1000 Add: 2370000 - Size: 1000 Add: 2760000 - Size: 1000 Add: 2B61000 - Size: 1000 Add: 2B70000 - Size: 1000 \Device\HarddiskVolume2\Windows\Fonts\StaticCache.dat Add: 34A0000 - Size: 1000 Add: 35D0000 - Size: 1000 Add: 35D1000 - Size: 1000 Add: 35E0000 - Size: 1000 Add: 10000000 - Size: 1000 \Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll Add: 10001000 - Size: 1000 \Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll Add: 10002000 - Size: 1000 \Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll Add: 10003000 - Size: 1000 \Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll Add: 10004000 - Size: 1000 \Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll Add: 10005000 - Size: 1000 Add: 20000000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\RICHTX32.OCX Add: 20001000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\RICHTX32.OCX Add: 2001E000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\RICHTX32.OCX Add: 2001F000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\RICHTX32.OCX Add: 20030000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\RICHTX32.OCX Add: 20032000 - Size: 1000 Add: 212F0000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\TABCTL32.OCX Add: 212F1000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\TABCTL32.OCX Add: 21313000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\TABCTL32.OCX Add: 21316000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\TABCTL32.OCX Add: 21321000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\TABCTL32.OCX Add: 21323000 - Size: 1000 Add: 5C290000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\oledlg.dll Add: 5C291000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\oledlg.dll Add: 5C2A5000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\oledlg.dll Add: 5C2A6000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\oledlg.dll Add: 5C2A7000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\oledlg.dll Add: 5C2AC000 - Size: 1000 Add: 65D90000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched20.dll Add: 65D91000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched20.dll Add: 65DF7000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched20.dll Add: 65DF8000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched20.dll Add: 65E06000 - Size: 1000 Add: 713E0000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll Add: 713E1000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll Add: 71456000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll Add: 71458000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll Add: 71459000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll Add: 71464000 - Size: 1000 Add: 72940000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\msvbvm60.dll Add: 72941000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\msvbvm60.dll Add: 72A4A000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\msvbvm60.dll Add: 72A51000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\msvbvm60.dll Add: 72A52000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\msvbvm60.dll Add: 72A93000 - Size: 1000 Add: 742C0000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched32.dll Add: 742C1000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched32.dll Add: 742C3000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched32.dll Add: 742C4000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched32.dll Add: 742C6000 - Size: 1000 Add: 74640000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\dwmapi.dll Add: 74641000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\dwmapi.dll Add: 7464C000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\dwmapi.dll Add: 7464E000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\dwmapi.dll Add: 74653000 - Size: 1000 Add: 74C20000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Add: 74C21000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Add: 74D6C000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Add: 74D6E000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Add: 74D6F000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Add: 74DBE000 - Size: 1000 Add: 74DC0000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll Add: 74DC1000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll Add: 74DFA000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll Add: 74DFB000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll Add: 74DFC000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll Add: 74E00000 - Size: 1000 Add: 75C70000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\cryptbase.dll Add: 75C71000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\cryptbase.dll Add: 75C79000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\cryptbase.dll Add: 75C7A000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\cryptbase.dll Add: 75C7C000 - Size: 1000 Add: 75C80000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\sxs.dll Add: 75C81000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\sxs.dll y blablabla
|
|
|
13
|
Programación / Programación Visual Basic / [SRC] GetPath EXE Opened
|
en: 9 Febrero 2015, 14:53 pm
|
Bueno, éste es un tema que ví en foro.elhacker.net/programacion_visual_basic/abrir_ejecutable_en_un_form_iquestes_posible_abrir_chrome-t429104.0.html para obtener el path de un archivo en ejecución sin hooks, aparentemente vé de donde se abrió, ahora posteo el código y un par de ejemplos: Option Explicit Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Public Declare Function GetCurrentProcessId Lib "kernel32" () As Long Public Declare Function LoadLibraryA Lib "kernel32" (ByVal lpLibFileName As String) As Long Public Const PROCESS_ALL_ACCESS = &H1F0FFF 'Specifies all possible access flags for the process object. Public Const PROCESS_CREATE_THREAD = &H2 'Enables using the process handle in the CreateRemoteThread function to create a thread in the process. Public Const PROCESS_DUP_HANDLE = &H40 'Enables using the process handle as either the source or target process in the DuplicateHandle function to duplicate a handle. Public Const PROCESS_QUERY_INFORMATION = &H400 'Enables using the process handle in the GetExitCodeProcess and GetPriorityClass functions to read information from the process object. Public Const PROCESS_SET_INFORMATION = &H200 'Enables using the process handle in the SetPriorityClass function to set the priority class of the process. Public Const PROCESS_TERMINATE = &H1 'Enables using the process handle in the TerminateProcess function to terminate the process. Public Const PROCESS_VM_OPERATION = &H8 'Enables using the process handle in the VirtualProtectEx and WriteProcessMemory functions to modify the virtual memory of the process. Public Const PROCESS_VM_READ = &H10 'Enables using the process handle in the ReadProcessMemory function to read from the virtual memory of the process. Public Const PROCESS_VM_WRITE = &H20 'Enables using the process handle in the WriteProcessMemory function to write to the virtual memory of the process. Public Const SYNCHRONIZE = &H100000 'Enables using the process handle in any of the wait functions to wait for the process to terminate. Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (hpvDest As Any, hpvSource As Any, ByVal cbCopy As Long) 'The WideCharToMultiByte function maps a wide-character string to a new character string. 'The function is faster when both lpDefaultChar and lpUsedDefaultChar are NULL. 'CodePage Private Const CP_ACP = 0 'ANSI Private Const CP_MACCP = 2 'Mac Private Const CP_OEMCP = 1 'OEM Private Const CP_UTF7 = 65000 Private Const CP_UTF8 = 65001 'dwFlags Private Const WC_NO_BEST_FIT_CHARS = &H400 Private Const WC_COMPOSITECHECK = &H200 Private Const WC_DISCARDNS = &H10 Private Const WC_SEPCHARS = &H20 'Default Private Const WC_DEFAULTCHAR = &H40 Private Declare Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As Long, ByVal cchWideChar As Long, ByVal lpMultiByteStr As Long, ByVal cbMultiByte As Long, ByVal lpDefaultChar As Long, ByVal lpUsedDefaultChar As Long) As Long Public Function ByteArrayToString(Bytes() As Byte) As String Dim iUnicode As Long, i As Long, j As Long On Error Resume Next i = UBound(Bytes) If (i < 1) Then 'ANSI, just convert to unicode and return ByteArrayToString = StrConv(Bytes, vbUnicode) Exit Function End If i = i + 1 'Examine the first two bytes CopyMemory iUnicode, Bytes(0), 2 If iUnicode = Bytes(0) Then 'Unicode 'Account for terminating null If (i Mod 2) Then i = i - 1 'Set up a buffer to recieve the string ByteArrayToString = String$(i / 2, 0) 'Copy to string CopyMemory ByVal StrPtr(ByteArrayToString), Bytes(0), i Else 'ANSI ByteArrayToString = StrConv(Bytes, vbUnicode) End If End Function Public Function StringToByteArray(strInput As String, Optional bReturnAsUnicode As Boolean = True, Optional bAddNullTerminator As Boolean = False) As Byte() Dim lRet As Long Dim bytBuffer() As Byte Dim lLenB As Long If bReturnAsUnicode Then 'Number of bytes lLenB = LenB(strInput) 'Resize buffer, do we want terminating null? If bAddNullTerminator Then ReDim bytBuffer(lLenB) Else ReDim bytBuffer(lLenB - 1) End If 'Copy characters from string to byte array CopyMemory bytBuffer(0), ByVal StrPtr(strInput), lLenB Else 'METHOD ONE ' 'Get rid of embedded nulls ' strRet = StrConv(strInput, vbFromUnicode) ' lLenB = LenB(strRet) ' If bAddNullTerminator Then ' ReDim bytBuffer(lLenB) ' Else ' ReDim bytBuffer(lLenB - 1) ' End If ' CopyMemory bytBuffer(0), ByVal StrPtr(strInput), lLenB 'METHOD TWO 'Num of characters lLenB = Len(strInput) If bAddNullTerminator Then ReDim bytBuffer(lLenB) Else ReDim bytBuffer(lLenB - 1) End If lRet = WideCharToMultiByte(CP_ACP, 0&, ByVal StrPtr(strInput), -1, ByVal VarPtr(bytBuffer(0)), lLenB, 0&, 0&) End If StringToByteArray = bytBuffer End Function
Option Explicit Private Sub Command1_Click() Dim handle_Process As Double handle_Process = OpenProcess(PROCESS_ALL_ACCESS, False, Val(Text1.Text)) If handle_Process <> 0 Then Dim zBytes(256) As Byte Dim lb As Long lb = LoadLibraryA("KERNEL32.DLL") If lb = 0 Then lb = &H77C50000 End If 'kernel32.dll+C6320 '0x77D16320 If ReadProcessMemory(handle_Process, lb + &HC6320, zBytes(0), 256, 0&) <> 0 Then Clipboard.SetText ByteArrayToString(zBytes) MsgBox Clipboard.GetText Else MsgBox "Error al ejecutar ReadProcessMemory. (" & Err.LastDllError & ")" End If Call CloseHandle(handle_Process) Else MsgBox "Error al ejecutar OpenProcess. (" & Err.LastDllError & ")" End If End Sub Private Sub Form_Load() Text1.Text = GetCurrentProcessId() End Sub
TaskMgr: opera.exe 236 C:\Program Files\Opera\20.0.1387.91\opera.exe OUTPUT: C:\Program Files\Opera\ McTray.exe 1796 C:\Program Files\McAfee\Common Framework\McTray.exe OUTPUT: C:\Program Files\McAfee\Common Framework\ Project1.exe 2368 (éste) C:\Users\***00001**\Desktop\Program Opened from\Project1.exe OUTPUT: C:\Users\***00001**\Desktop\Program Opened from\ TeamViewer.exe 3308 C:\Program Files\TeamViewer\Version9\TeamViewer.exe OUTPUT: C:\Windows\system32\ (muestra este output porque se cargó como servicio y aparentemente se abre desde ese path) cheatengine-i386.exe 4320 C:\Misery-PC\Descargas\CE 6.3\CE 6.3\cheatengine-i386.exe OUTPUT: C:\Misery-PC\Descargas\CE 6.3\CE 6.3\ UdaterUI.exe 5216 C:\Program Files\McAfee\Common Framework\UdaterUI.exe OUTPUT: C:\Program Files\McAfee\Common Framework\ notepad++.exe 7464 C:\Program Files\Notepad++\notepad++.exe OUTPUT: C:\Users\***00001**\Desktop\GOTTA DO\ (abrí un txt desde ese lugar) Si bien no muestra el path del ejecutable, muestra el path de donde se abrió, seguramente que por el address KERNEL32.DLL+offset debe estar el path original del .exe, cualquier cosa nueva la posteo. Saludos.
|
|
|
14
|
Programación / Bases de Datos / [AYUDA] SQL Query
|
en: 27 Noviembre 2014, 18:49 pm
|
Buenas tardes a todos, no sé si realmente ésto va acá o en Programación General, bueno mi cuestión es la siguiente: Yo tengo una consulta como por ejemplo Select * From tbNombres; La cual me puede traer muchos nombres, como "Pepe", "Juan", etc. El punto es que si quiero filtrar ciertos nombres como Pepes, Juan y otros más, que el query no se me haga de 5 renglones, ya que actualmente estoy usándolo de la siguiente manera: SELECT * FROM tbNombres WHERE Name!='Pepe' AND Name!='Juan' AND Name!='Carlos' AND Name!='Luis' AND Name!='Alberto' AND Name!='Horacio' AND Name!='Tito' AND Name!='Marito' AND Name!='Oscar' AND Name!='Julieta' AND Name!='Florencia' AND Name!='Rocatalegiata' AND Name!='Raul' AND ...
Es decir que tengo una tabla con miles de nombres y no quiero que me traiga unos 200 determinados, tal vez esté haciendo mal el query, lo cual es probable porque no sé programar en SQL, alguno me podría orientar? Desde ya muchas gracias, sigo buscando mientras (Y)
|
|
|
15
|
Programación / Programación Visual Basic / [SRC] VB6 0 API
|
en: 17 Octubre 2014, 16:22 pm
|
Bueno hace poco hice algo para ejecutar APIs sin declararlas, 0 API. Posteado en http://hackhound.org/forums/topic/6634-0-api/Option Explicit 'You must compile Native and check 'Remove Array Bound Checks' '--------------------------------------------------------------------------------------- ' Module : mMemory ' Author : Karcrack ' Date : 20/09/2011 ' Purpose : Work with memory withouth using any API ' History : 20/09/2011 First cut '--------------------------------------------------------------------------------------- Private bvHack(0) As Byte Private lHackDelta As Long Private bInitialized As Boolean Public Function Initialize() As Boolean On Error GoTo Error_Handle bvHack(-1) = bvHack(-1) 'Error check lHackDelta = VarPtr(bvHack(0)) Initialize = True bInitialized = Initialize Exit Function Error_Handle: If Err.Number = 9 Then Debug.Print "Remember to tick 'Remove array boundary check' and compile before using" End End Function Public Function GetByte(ByVal lptr As Long) As Byte If bInitialized Then GetByte = bvHack(lptr - lHackDelta) End Function Public Function GetWord(ByVal lptr As Long) As Integer If bInitialized Then GetWord = MakeWord(GetByte(lptr + &H0), GetByte(lptr + &H1)) End Function Public Function GetDWord(ByVal lptr As Long) As Long If bInitialized Then GetDWord = MakeDWord(GetWord(lptr + &H0), GetWord(lptr + &H2)) End Function Public Sub PutByte(ByVal lptr As Long, ByVal bByte As Byte) If bInitialized Then bvHack(lptr - lHackDelta) = bByte End Sub Public Sub PutWord(ByVal lptr As Long, ByVal iWord As Integer) If bInitialized Then Call PutByte(lptr + &H0, iWord And &HFF): Call PutByte(lptr + &H1, (iWord And &HFF00&) \ &H100) End Sub Public Sub PutDWord(ByVal lptr As Long, ByVal lDWord As Long) If bInitialized Then Call PutWord(lptr + &H0, IIf(lDWord And &H8000&, lDWord Or &HFFFF0000, lDWord And &HFFFF&)): Call PutWord(lptr + &H2, (lDWord And &HFFFF0000) \ &H10000) End Sub Private Function MakeWord(ByVal loByte As Byte, ByVal hiByte As Byte) As Integer '[http://www.xbeat.net/vbspeed/c_MakeWord.htm#MakeWord02] If hiByte And &H80 Then MakeWord = ((hiByte * &H100&) Or loByte) Or &HFFFF0000 Else MakeWord = (hiByte * &H100) Or loByte End If End Function Private Function MakeDWord(ByVal LoWord As Integer, ByVal HiWord As Integer) As Long '[http://www.xbeat.net/vbspeed/c_MakeD...m#MakeDWord05] MakeDWord = (HiWord * &H10000) Or (LoWord And &HFFFF&) End Function
Option Explicit 'Private Declare Function VirtualAlloc Lib "kernel32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long 'Sore wa watashi no monode wa arimasen. Public Function CallAPI_NotMine(ByVal vForm As Form, ByVal sLib As String, ByVal sProc As String, ParamArray vParams() As Variant) As Long Dim c_ASM(28) As Currency, bvLib() As Byte, bvProc() As Byte, laParam() As Long, ubParam As Long, bInitialized As Boolean, i As Long If bInitialized = False Then c_ASM(0) = 725985647539103.3577@: c_ASM(1) = 465082451154280.4619@: c_ASM(2) = 174754948986808.1932@ c_ASM(3) = 353151298900331.7606@: c_ASM(4) = -842056535466254.24@: c_ASM(5) = -158485362956912.3259@ c_ASM(6) = -151289242656700.5557@: c_ASM(7) = -129660215991460.1245@: c_ASM(8) = -457434111994534.3183@ c_ASM(9) = -145719479559932.942@: c_ASM(10) = -836727781740640.7692@: c_ASM(11) = 540785052671076.873@ c_ASM(12) = -842945876107851.5061@: c_ASM(13) = -436817922147838.1567@: c_ASM(14) = -36546947.8739@ c_ASM(15) = 34438797019703.0793@: c_ASM(16) = -190689866724056.7239@: c_ASM(17) = -59310703.0909@ c_ASM(18) = -26865768425160.8957@: c_ASM(19) = -82935132042744.5623@: c_ASM(20) = -1607042434518.5911@ c_ASM(21) = -55225496747848.4993@: c_ASM(22) = 850252832244421.5689@: c_ASM(23) = -836310804921489.818@ c_ASM(24) = 7079432546648.5829@: c_ASM(25) = -748820712252184.718@: c_ASM(26) = -850720513820548.8302@ c_ASM(27) = -28815265.8452@: c_ASM(28) = -143712485721099.5542@ bInitialized = True End If bvLib = StrConv(sLib & vbNullChar, vbFromUnicode): bvProc = StrConv(sProc & vbNullChar, vbFromUnicode): ubParam = UBound(vParams): ReDim laParam(0 To ubParam) For i = 0 To ubParam laParam(i) = CLng(vParams(i)) Next i Call NewMisery.CallAPI(NewMisery.FunctionAddress(vForm, "VirtualAlloc"), VarPtr(VarPtr(c_ASM(0))), VarPtr(UBound(c_ASM) + 1), VarPtr(&H1000), VarPtr(&H40)) CallAPI_NotMine = MyCallWindowProcA(VarPtr(c_ASM(0)), VarPtr(bvLib(0)), VarPtr(bvProc(0)), ubParam + 1, VarPtr(laParam(0))) End Function
Option Explicit '--------------------------------------------------------------------------------------- ' Don't use VirusTotal, use http://nodistribute.com instead ' ' Module : NewMisery (Im horrible for names...) ' Author : Misery (Miseryk) Inspired by OXYMORON ' Date : 17/07/2014 (Start) | 15/09/2014 (End) ' Purpose : 0 API '--------------------------------------------------------------------------------------- Public KernelBase As Long Public Base As Long 'With no use, just test Public BkAddVal As Long '[Me.Point(8@)] backup => CALL [EAX+2D0] Public User32 As Long Private Sub Initialize() Call Karcrack.Initialize End Sub Public Function GetFuncAddr(ByVal lAddr As Long) As Long GetFuncAddr = lAddr End Function Public Sub Init(ByVal vForm As Form) Call Initialize Dim ASM_c(7) As Currency ASM_c(0) = 259535234953094.8442@ ASM_c(1) = 350419256390428.4982@ ASM_c(2) = 465082451153964.2368@ ASM_c(3) = 117108873756465.8452@ ASM_c(4) = 64246993287716.5497@ ASM_c(5) = -518518030442266.1493@ ASM_c(6) = -30494267.8016@ ASM_c(7) = -801556291178923.7505@ BkAddVal = Karcrack.GetDWord(Karcrack.GetDWord(ObjPtr(vForm)) + &H2D0) Call Karcrack.PutDWord(Karcrack.GetDWord(ObjPtr(vForm)) + &H2D0, VarPtr(ASM_c(0))) Call vForm.Point(VarPtr(KernelBase), VarPtr(Base)) Call Karcrack.PutDWord(Karcrack.GetDWord(ObjPtr(vForm)) + &H2D0, BkAddVal) Call Patch(vForm) End Sub Private Sub Patch(ByVal vForm As Form) Dim ASM_c(5) As Currency ASM_c(0) = 537140736891580.1227@ ASM_c(1) = 583913078498908.8528@ ASM_c(2) = -854952546922381.2279@ ASM_c(3) = -841638429847924.6252@ ASM_c(4) = -116134715448543.5308@ ASM_c(5) = -802975980578020.9409@ Dim Address As Long Address = NewMisery.GetFuncAddr(AddressOf CallAPI) + 11 Dim MyPushes(6) As Long MyPushes(0) = VarPtr(0) MyPushes(1) = 51 MyPushes(2) = VarPtr(ASM_c(0)) MyPushes(3) = Address MyPushes(4) = -1 MyPushes(5) = KernelBase MyPushes(6) = NewMisery.FunctionAddress(vForm, "WriteProcessMemory") Dim ASM_c2(6) As Currency ASM_c2(0) = -856471559609067.0246@ ASM_c2(1) = 367493325241674.242@ ASM_c2(2) = 828635112938277.7599@ ASM_c2(3) = -842503583785949.618@ ASM_c2(4) = 5202119258820.4106@ ASM_c2(5) = -119118.2336@ ASM_c2(6) = -802970373083417.7606@ BkAddVal = Karcrack.GetDWord(Karcrack.GetDWord(ObjPtr(vForm)) + &H2D0) Call Karcrack.PutDWord(Karcrack.GetDWord(ObjPtr(vForm)) + &H2D0, VarPtr(ASM_c2(0))) Call vForm.Point(VarPtr(MyPushes(0)), 0) Call Karcrack.PutDWord(Karcrack.GetDWord(ObjPtr(vForm)) + &H2D0, BkAddVal) End Sub Public Function ConvertToMisery(ByVal vForm As Form, ByVal AddressSrc As Long, ByVal AddressDst As Long) As Long Dim c_ASM(2) As Long c_ASM(0) = -64731961 c_ASM(1) = AddressSrc c_ASM(2) = -64723713 ConvertToMisery = NewMisery.CallAPI(NewMisery.FunctionAddress(vForm, "WriteProcessMemory"), VarPtr(-1), AddressDst, VarPtr(VarPtr(c_ASM(0))), VarPtr(12), VarPtr(VarPtr(0))) End Function Public Function CallAPI(ByVal Address As Long, ParamArray vParams() As Variant) As Long Address = KernelBase + Address DoEvents: DoEvents: DoEvents DoEvents: DoEvents: DoEvents DoEvents: DoEvents: DoEvents DoEvents: DoEvents: DoEvents DoEvents: DoEvents: DoEvents DoEvents: DoEvents: DoEvents End Function Public Function MyCallWindowProcA(ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long DoEvents DoEvents End Function Public Function MyGetProcAddress(ByVal hModule As Long, ByVal lpProcName As String) As Long DoEvents DoEvents End Function Public Function FunctionAddress(ByVal vForm As Form, ByVal StrFunction As String) As Long Dim strFunc() As Byte Dim Offset As Long Dim ASM_c(19) As Currency ASM_c(0) = 814232361510246.7936@ ASM_c(1) = 350419227990245.6828@ ASM_c(2) = 465082451153964.2368@ ASM_c(3) = 117108873756465.8452@ ASM_c(4) = 461280767645907.9819@ ASM_c(5) = -459709328520114.7076@ ASM_c(6) = -118880.7541@ ASM_c(7) = -835887271382144.2318@ ASM_c(8) = 886420572523377.9787@ ASM_c(9) = 839808409003602.7148@ ASM_c(10) = 840567380577989.5332@ ASM_c(11) = -100852514478035.1214@ ASM_c(12) = -428637109111001.2498@ ASM_c(13) = -64280619725626.29@ ASM_c(14) = -273730417291300.9967@ ASM_c(15) = 204338008016006.1199@ ASM_c(16) = -854998653806026.0861@ ASM_c(17) = -511608917668079.9976@ ASM_c(18) = 190267051.2127@ ASM_c(19) = -802975918745080.576@ BkAddVal = Karcrack.GetDWord(Karcrack.GetDWord(ObjPtr(vForm)) + &H2D0) Call Karcrack.PutDWord(Karcrack.GetDWord(ObjPtr(vForm)) + &H2D0, VarPtr(ASM_c(0))) strFunc = StrConv(StrFunction & Chr(0), vbFromUnicode) Call vForm.Point(VarPtr(Offset), VarPtr(strFunc(0))) Call Karcrack.PutDWord(Karcrack.GetDWord(ObjPtr(vForm)) + &H2D0, BkAddVal) FunctionAddress = Offset End Function Public Sub GetUser32(ByVal vForm As Form) Dim LoadLibrary As Long Dim ASM_c(9) As Currency LoadLibrary = NewMisery.FunctionAddress(vForm, "LoadLibraryW") LoadLibrary = LoadLibrary + KernelBase ASM_c(0) = 814232361510246.7936@ ASM_c(1) = 100060056.7804@ ASM_c(2) = 497206524950976.384@ ASM_c(3) = 331470430218173.2864@ ASM_c(4) = 8356415879.68@ ASM_c(5) = -840821747844015.7184@ ASM_c(6) = 654401063636671.802@ ASM_c(7) = 79190153.865@ ASM_c(8) = 12469341468280.2432@ ASM_c(9) = -802991806362733.7728@ BkAddVal = Karcrack.GetDWord(Karcrack.GetDWord(ObjPtr(vForm)) + &H2D0) Call Karcrack.PutDWord(Karcrack.GetDWord(ObjPtr(vForm)) + &H2D0, VarPtr(ASM_c(0))) Call vForm.Point(VarPtr(User32), VarPtr(LoadLibrary)) Call Karcrack.PutDWord(Karcrack.GetDWord(ObjPtr(vForm)) + &H2D0, BkAddVal) End Sub
Option Explicit Private Sub Command1_Click() Call NewMisery.Init(Me) Call NewMisery.GetUser32(Me) Dim User32Add As Long User32Add = NewMisery.User32 Call ConvertToMisery(Me, NewMisery.KernelBase + NewMisery.FunctionAddress(Me, "GetProcAddress"), NewMisery.GetFuncAddr(AddressOf MyGetProcAddress)) Call ConvertToMisery(Me, NewMisery.MyGetProcAddress(User32Add, StrConv("CallWindowProcA", vbFromUnicode)), NewMisery.GetFuncAddr(AddressOf MyCallWindowProcA)) MsgBox "Done." End Sub Private Sub Command2_Click() 'My manner of calling API could be a shit, maybe, who knows?, so call this 'This is not mine, but it calls MyCallWindowProcA(overwrite) and NewMisery.CallAPI(VirtualAlloc) Call NotMine.CallAPI_NotMine(Me, "user32", "MessageBoxW", 0, StrPtr("t_Invoke works"), StrPtr("victory"), &H40) End Sub
Functiona en XP, 7 y 8, pero en 8 para 64 hay que hacer un mini cambio el cual quedaría funcionando para XP 7 y 8 en 32 y 64, pero hasta el momento lo libero así (Y) Saludos.
|
|
|
16
|
Programación / Programación Visual Basic / [AYUDA] Log-In OutLook SendMail
|
en: 28 Julio 2014, 17:04 pm
|
Buenos días a todos, encontré un código por el cual puedo enviar mails teniendo el outlook instalado, pero utiliza la cuenta actual (configurada), lo que quería lograr era usar una cuenta hotmail pero no encuentro la manera de loguearla. Option Explicit Private Sub Form_Load() sendOutlookEmail End Sub Sub sendOutlookEmail() Dim oApp As Outlook.Application Dim oMail As MailItem Set oApp = CreateObject("Outlook.application") Set oMail = oApp.CreateItem(olMailItem) oMail.Body = "Body of the email" oMail.Subject = "Subject" oMail.To = "" 'A email oMail.CC = "" 'Copia a emails oMail.Attachments.Add "C:\archivo.txt" oMail.Send Set oMail = Nothing Set oApp = Nothing End Sub
Alguno tiene idea de como podría ser? Saludos.
|
|
|
17
|
Programación / Programación Visual Basic / [APORTE] ReadIni Memoria
|
en: 1 Julio 2014, 20:08 pm
|
Bueno, estaba trabajando con archivos en memoria, y no quería guardarlos en directorios temporales o cosas así, así que hice una función que simula a GetPrivateProfileString. PD: solamente hice en modo lectura, ya que des-en-crip-to un archivo y ni me interesa modifcarlo desde ahí. Public Function MiseryReadKey(Cadena As String, Section As String, Key As String) As String 'BreakLine = Enter o ; Dim FirstPos As Long, LastPos As Long, FitPos As Long Dim FinalStr As String Section = UCase(Section) Key = UCase(Key) '[Section] FirstPos = InStr(1, UCase(Cadena), "[" & Section & "]") If FirstPos < 1 Then MiseryReadKey = "" Exit Function End If FirstPos = FirstPos + Len("[" & Section & "]") LastPos = InStr(FirstPos, UCase(Cadena), "[") - 1 'Patch, si está al final no ván a haber más "[" If LastPos < 1 Then LastPos = Len(Cadena) + 1 End If FinalStr = Mid(Cadena, FirstPos, LastPos - FirstPos) 'Key FirstPos = InStr(1, UCase(FinalStr), Key) If FirstPos < 1 Then MiseryReadKey = "" Exit Function End If LastPos = InStr(FirstPos, FinalStr, Chr(13)) - 1 'Patch 07/07/2014 'Patch, lo mismo acá, no ván a haber más enters si lée el último If LastPos < 1 Then LastPos = Len(FinalStr) + 1 End If 'Hay un comentario FitPos = InStr(FirstPos, FinalStr, ";") If FitPos > 0 Then If FitPos < LastPos Then LastPos = FitPos - 1 End If End If '= FirstPos = InStr(FirstPos, FinalStr, "=") If FirstPos < 1 Then MiseryReadKey = "" Exit Function End If MiseryReadKey = Trim(Mid(FinalStr, FirstPos + 1, LastPos - FirstPos)) End Function
MsgBox MiseryReadKey(txtFile.Text, "NUMERO1", "Val1")
El FitPos es para el enter o ; Archivo: [NUMERO1] Val1=333 ;asd Val2=666;asd
Saludos!
|
|
|
18
|
Programación / Programación C/C++ / [AYUDA] Borrar archivo en uso
|
en: 10 Abril 2014, 03:32 am
|
Hola a todos, estoy tratando de lograr borrar un archivo en uso, alguno tiene idea de como poder lograrlo?
En realidad quiero lograr algo parecido a lo que hace el programa Unlocker, que desbloquea el archivo sin tener que cerrar la aplicación que lo está usando y lo mejor es que desde la otra aplicación el archivo se sigue visualizando.
Ej: un excel o un doc
|
|
|
20
|
Programación / Programación C/C++ / C++ Variables MUY largas
|
en: 22 Marzo 2014, 23:58 pm
|
Buenas, estaba queriendo poner en práctica lo nuevo de 64bits, queriendo declarar variables de 16 bytes o 32 bytes, a su vez aplicar funciones para esas variables, como exp, log, sin, cos, etc. Toda información me sería útil.
Saludos.
|
|
|
|
|
|
|