elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: (TUTORIAL) Aprende a emular Sentinel Dongle By Yapis


  Mostrar Mensajes
Páginas: [1] 2
1  Programación / Programación Visual Basic / Re: Can't find DLL entry point RtlGetNtVersionNumber in ntdll.dll en: 11 Junio 2017, 17:12 pm
Elektro, thank you very much.
2  Programación / Programación Visual Basic / Can't find DLL entry point RtlGetNtVersionNumber in ntdll.dll en: 11 Junio 2017, 15:18 pm
Hello,

i have th following declaration of RtlGetNtVersionNumber:

Código:
Public Declare Sub RtlGetNtVersionNumber Lib "ntdll.dll" (ByRef MajorVersion As Long, ByRef MinorVersion As Long, ByRef BuildNumber As Integer)

and using like this:

Código
  1.  
  2. Dim OsBuild As Integer
  3. Dim MaN As Long, MiN As Long
  4. Dim FilePath As String
  5.  
  6. Call RtlGetNtVersionNumber(MaN, MiN, OsBuild)
  7. Select Case OsBuild
  8.    Case 2600
  9.        FilePath = "\WinXPSssdt.txt"
  10.    Case 3750
  11.        FilePath = "\Win2k3x86Sssdt.txt"
  12.    Case 6000
  13.        FilePath = "\VistaX86Sssdt.txt"
  14.    Case 7600
  15.        FilePath = "\Win7x86Sssdt.txt"
  16.    Case 9200
  17.        FilePath = "\Win8x86Sssdt.txt"
  18.    Case 9600
  19.        FilePath = "\Win81x86Sssdt.txt"
  20.    Case 10240
  21.        FilePath = "\Win10Th1x86Sssdt.txt"
  22.    Case 10586
  23.        FilePath = "\Win10Th2x86Sssdt.txt"
  24.    Case Else
  25.        MsgBox "Current System is not supported", vbExclamation, "Error": End
  26. End Select
  27.  

but i'm getting this error saying:

"Can't find DLL entry point RtlGetNtVersionNumber in ntdll.dll"

some idea how solve?

thank you by any suggestion.


3  Programación / Programación Visual Basic / Manual Map dll injection en VB6? en: 23 Mayo 2017, 07:18 am
Olá amigos, venho procurando algum código de Manual Map dll Injection en VB6, mas até agora só encontrei RunPE's. Alguém saberia informar se já foi deixado aqui algo desse tipo?

Gracias
4  Programación / Scripting / javascript deobfuscation en: 4 Mayo 2016, 23:36 pm
Hello friends,

I have a javascript code and this .js is crypted with a a very strange algorithm.

Then I want any help for try decrypt this script, he contains some functions that I'm needing for implement in a another project.

I had discovered that site used for ofuscate was https://javascriptobfuscator.com/javascript-Obfuscator.aspx

Any help will welcome.

Here is original code: http://pastebin.com/KRQWffhr

obfuscated and I had used this site http://javascriptbeautifier.com/ and he made half of deobfuscation and this is final result: http://pastebin.com/Laipv8ND
5  Programación / Programación Visual Basic / Re: dll injector 32 bits and x64 dll file don't work in notepad.exe x64 en: 3 Marzo 2016, 22:39 pm
Desgraciadamente no sé delphi... pero vamos, si la DLL esta bién generada esque tiene que funcionar...  :-\



@fary

aquí está el archivo DLL compilado para que pueda probar.

PS: Este archivo DLL sólo muestra un cuadro de mensaje.

Si es posible, también quería un ejemplo de su DLL probado con el código del inyector



@fary, por favor podía leer mi última respuesta?

gracias. :D

MOD EDIT: No hacer doble post.
6  Programación / Programación Visual Basic / Re: dll injector 32 bits and x64 dll file don't work in notepad.exe x64 en: 3 Marzo 2016, 22:04 pm
Si. La dll como la generas?

generada con Delphi XE5 configurado para proyecto del 64 bits (dll)

Código:
library Project1;

uses
  System.SysUtils,
  System.Classes,
  Variants,
  Winapi.Windows;

type ENoThread = class(Exception);

function StartFunc(InVal:DWORD):DWORD;stdcall;
begin
MessageBoxW(0,'I am in your target : Dll file','woO!',0)
end;

procedure MakeThread;
var AId:DWORD;
     AHandle:HWND;
begin
  AHandle:=CreateThread(nil,0,@StartFunc,nil,0,AId);
  if (AHandle = 0) then raise ENoThread.Create('Could not create thread');
end;

procedure mydllproc(Reason: Integer);
begin
  case Reason of
    DLL_PROCESS_ATTACH:
      begin
         MakeThread;
      end;
  end;
end;

begin
  DllProc := mydllproc;
  mydllproc(DLL_PROCESS_ATTACH);

end.
7  Programación / Programación Visual Basic / Re: dll injector 32 bits and x64 dll file don't work in notepad.exe x64 en: 3 Marzo 2016, 21:36 pm
El código funciona....  :rolleyes:

En Windows 7 64bit?
8  Programación / Programación Visual Basic / dll injector 32 bits and x64 dll file don't work in notepad.exe x64 en: 3 Marzo 2016, 01:37 am
hola,

Tengo un inyector DLL compilado con Visual Basic 6 y estoy tratando de inyectar mi DLL (x64) en notepad.exe x64, pero nada funciona.


Había buscado en la web acerca de esto y vi esto:


Citar
[IMPORTANT: 32-BIT / 64-BIT]

This is a portability table:

32bit program inject 32bit dll in a 32bit target
32bit program inject 64bit dll in a 64bit target
64bit program inject 32bit dll in a 32bit target
64bit program inject 64bit dll in a 64bit target


Si esto es cierto, por lo que mi inyector deberá está trabajando.

¿Puede alguien ayudarme por favor?

código utilizado:

Módulo1.bas

Código:
Option Explicit

Private Const INFINITE                  As Long = &HFFFF

Private Const TOKEN_ADJUST_PRIVILEGES   As Long = &H20
Private Const TOKEN_QUERY               As Long = &H8
Private Const SE_PRIVILEGE_ENABLED      As Long = &H2
Private Const ANYSIZE_ARRAY             As Long = 1

Private Const SE_DEBUG_NAME             As String = "SeDebugPrivilege"

Private Const PAGE_READWRITE            As Long = &H4
Private Const MEM_RELEASE               As Long = &H8000
Private Const MEM_COMMIT                As Long = &H1000

Private Const STANDARD_RIGHTS_REQUIRED  As Long = &HF0000
Private Const SYNCHRONIZE               As Long = &H100000
Private Const PROCESS_VM_OPERATION As Long = (&H8)
Private Const PROCESS_VM_WRITE As Long = (&H20)

Private Const TH32CS_SNAPPROCESS As Long = 2&


Private Const PROCESS_ALL_ACCESS        As Long = _
                                        (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or PROCESS_VM_WRITE Or PROCESS_VM_OPERATION Or &HFFF)

Private Type PROCESSENTRY32
    dwSize As Long
    cntUsage As Long
    th32ProcessID As Long
    th32DefaultHeapID As Long
    th32ModuleID As Long
    cntThreads As Long
    th32ParentProcessID As Long
    pcPriClassBase As Long
    dwFlags As Long
    szexeFile As String * 260
End Type

Private Type Luid
    lowpart                     As Long
    highpart                    As Long
End Type

Private Type LUID_AND_ATTRIBUTES
    pLuid                       As Luid
    Attributes                  As Long
End Type

Private Type TOKEN_PRIVILEGES
    PrivilegeCount              As Long
    Privileges(ANYSIZE_ARRAY)   As LUID_AND_ATTRIBUTES
End Type

Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lpAddress As Any, ByRef dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Private Declare Function OpenProcessToken Lib "advapi32" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As Luid) As Long
Private Declare Function AdjustTokenPrivileges Lib "advapi32" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As Any, ReturnLength As Long) As Long
Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32.dll" (ByVal lFlags As Long, lProcessID As Long) As Long
Private Declare Function ProcessFirst Lib "kernel32.dll" Alias "Process32First" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32.dll" Alias "Process32Next" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long


Public Function InjectByPID(ByVal sDllPath As String, ByVal lProcessID As Long) As Boolean
    Dim lProc As Long
    Dim lLibAdd As Long
    Dim lMem As Long
    Dim lRet As Long
    Dim lThread As Long

    On Local Error GoTo InjectByPID_Error

    '//Adjust token privileges to open system processes
    Call AdjustPrivileges(GetCurrentProcess)

    '// Open the process with all access
    lProc = OpenProcess(PROCESS_ALL_ACCESS, False, lProcessID)
    If lProc = 0 Then GoTo InjectByPID_Error

    '// Get the address of LoadLibrary
    lLibAdd = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
    If lLibAdd = 0 Then GoTo InjectByPID_Error

    '// Allocate memory to hold the path to the Dll File in the process's memory
    lMem = VirtualAllocEx(lProc, 0, Len(sDllPath), MEM_COMMIT, PAGE_READWRITE)
    If lMem = 0 Then GoTo InjectByPID_Error

    '// Write the path to the Dll File in the location just created
    Call WriteProcessMemory(lProc, ByVal lMem, ByVal sDllPath, Len(sDllPath), lRet)
    If lRet = 0 Then GoTo InjectByPID_Error

    '// Create a remote thread that starts begins at the LoadLibrary function and _
     is passed are memory pointer
    lThread = CreateRemoteThread(lProc, ByVal 0, 0, ByVal lLibAdd, ByVal lMem, 0, 0&)
    If lThread = 0 Then GoTo InjectByPID_Error

    '// Wait for the thread to finish
    Call WaitForSingleObject(lThread, INFINITE)

    '// Free the memory created on the other process
    Call VirtualFreeEx(lProc, lMem, Len(sDllPath), MEM_RELEASE)

    '//Release the handle to the other process
    Call CloseHandle(lProc)

    InjectByPID = True

    On Error GoTo 0
    Exit Function

InjectByPID_Error:
    '// Free the memory created on the other process
    Call VirtualFreeEx(lProc, lMem, Len(sDllPath), MEM_RELEASE)
    '//Release the handle to the other process
    Call CloseHandle(lProc)
End Function

Public Function AdjustPrivileges(ByVal lProcessID As Long) As Boolean
    Dim lToken              As Long
    Dim tTOKEN_PRIVILEGES   As TOKEN_PRIVILEGES

    On Local Error GoTo AdjustPrivileges_Error

    If Not OpenProcessToken(lProcessID, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, lToken) = 0 Then
        With tTOKEN_PRIVILEGES
            If LookupPrivilegeValue(vbNullString, SE_DEBUG_NAME, .Privileges(0).pLuid) = 0 Then
                Exit Function
            End If
            .PrivilegeCount = 1
            .Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
        End With
        If Not AdjustTokenPrivileges(lToken, 0, tTOKEN_PRIVILEGES, Len(tTOKEN_PRIVILEGES), 0&, 0&) = 0 Then
            AdjustPrivileges = True
        End If
    End If

    On Error GoTo 0
    Exit Function

AdjustPrivileges_Error:

End Function

'Get PID
Public Function whereISmyFUFUprocess(ByVal ProcessName As String) As Long
    Dim procSnapshot As Long
    Dim uProcess As PROCESSENTRY32
    Dim success As Long
    Dim ProcessId As Long
    Dim ProcessId_found As Boolean

    ProcessId_found = False
    
    procSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)

    If procSnapshot = -1 Then Exit Function

    uProcess.dwSize = Len(uProcess)
    success = ProcessFirst(procSnapshot, uProcess)

    If success = 1 Then
        Do
            If LCase(VBA.Left$(uProcess.szexeFile, InStr(1, uProcess.szexeFile, Chr(0)) - 1)) = LCase(ProcessName) Then
                ProcessId = uProcess.th32ProcessID
                Debug.Print "First process found with PID: " & ProcessId
                    If ProcessId_found = True Then
                        Debug.Print "Second process found with PID: " & ProcessId
                        whereISmyFUFUprocess = ProcessId
                        Exit Do
                    End If
                  ProcessId_found = True
            End If
        Loop While ProcessNext(procSnapshot, uProcess)

    End If
    
    If whereISmyFUFUprocess = 0 Then
        whereISmyFUFUprocess = ProcessId
    End If
    
    Call CloseHandle(procSnapshot)
    
End Function


Form 1

Código:
Private Declare Sub Sleep Lib "kernel32.dll" (ByVal dwMilliseconds As Long)


Private Sub Command1_Click()

Dim PID As Long


' // Run Notepad
    Shell "notepad.exe", vbNormalFocus
    
    Sleep 1000
    
   PID = whereISmyFUFUprocess("notepad.exe")
  
   Sleep 1000
  
   InjectByPID "Project1.dll", PID

End Sub
9  Programación / Programación Visual Basic / Cómo deshabilitar Aero en Windows 7? en: 5 Enero 2016, 13:33 pm
He probado el código de abajo, pero no funciona para mí. ¿Alguna sugestion?

Código:
Private Const DWM_EC_DISABLECOMPOSITION As Long = 0
Private Const DWM_EC_ENABLECOMPOSITION As Long = 1
 
Private Declare Function DwmEnableComposition Lib "dwmapi" (uCompositionAction As Long) As Long
 
Private Function SUCCEEDED(hr As Long) As Boolean
    SUCCEEDED = (hr >= 0)
End Function
Private Function FAILED(hr As Long) As Boolean
    FAILED = (hr < 0)
End Function
 
Private Sub Form_Load()
    If SUCCEEDED(DwmEnableComposition(DWM_EC_DISABLECOMPOSITION)) Then
        MsgBox "Vista Aero est Desactive"
    Else
        MsgBox "Vista Aero n'a pas pu etre Desactive"
    End If
 
End Sub
 
Private Sub Form_QueryUnload(Cancel As Integer, UnloadMode As Integer)
    MsgBox Cancel
    MsgBox UnloadMode
    If SUCCEEDED(DwmEnableComposition(DWM_EC_ENABLECOMPOSITION)) Then
        MsgBox "Vista Aero est Active"
    Else
        MsgBox "Vista Aero n'a pas pu etre active"
    End If
 
End Sub
10  Programación / .NET (C#, VB.NET, ASP) / Re: VB: Cómo alinear la posición de dos rectángulos en proyecto Servidor - Cliente? en: 3 Enero 2016, 19:40 pm
Already solved. Thank you friend.
Páginas: [1] 2
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines