|
Mostrar Temas
|
Páginas: [1]
|
1
|
Programación / Programación Visual Basic / Can't find DLL entry point RtlGetNtVersionNumber in ntdll.dll
|
en: 11 Junio 2017, 15:18 pm
|
Hello, i have th following declaration of RtlGetNtVersionNumber: Public Declare Sub RtlGetNtVersionNumber Lib "ntdll.dll" (ByRef MajorVersion As Long, ByRef MinorVersion As Long, ByRef BuildNumber As Integer) and using like this: Dim OsBuild As Integer Dim MaN As Long, MiN As Long Dim FilePath As String Call RtlGetNtVersionNumber(MaN, MiN, OsBuild) Select Case OsBuild Case 2600 FilePath = "\WinXPSssdt.txt" Case 3750 FilePath = "\Win2k3x86Sssdt.txt" Case 6000 FilePath = "\VistaX86Sssdt.txt" Case 7600 FilePath = "\Win7x86Sssdt.txt" Case 9200 FilePath = "\Win8x86Sssdt.txt" Case 9600 FilePath = "\Win81x86Sssdt.txt" Case 10240 FilePath = "\Win10Th1x86Sssdt.txt" Case 10586 FilePath = "\Win10Th2x86Sssdt.txt" Case Else MsgBox "Current System is not supported", vbExclamation, "Error": End End Select
but i'm getting this error saying: "Can't find DLL entry point RtlGetNtVersionNumber in ntdll.dll" some idea how solve? thank you by any suggestion.
|
|
|
4
|
Programación / Programación Visual Basic / dll injector 32 bits and x64 dll file don't work in notepad.exe x64
|
en: 3 Marzo 2016, 01:37 am
|
hola, Tengo un inyector DLL compilado con Visual Basic 6 y estoy tratando de inyectar mi DLL (x64) en notepad.exe x64, pero nada funciona. Había buscado en la web acerca de esto y vi esto: [IMPORTANT: 32-BIT / 64-BIT]
This is a portability table:
32bit program inject 32bit dll in a 32bit target 32bit program inject 64bit dll in a 64bit target 64bit program inject 32bit dll in a 32bit target 64bit program inject 64bit dll in a 64bit target
Si esto es cierto, por lo que mi inyector deberá está trabajando. ¿Puede alguien ayudarme por favor? código utilizado: Módulo1.basOption Explicit
Private Const INFINITE As Long = &HFFFF
Private Const TOKEN_ADJUST_PRIVILEGES As Long = &H20 Private Const TOKEN_QUERY As Long = &H8 Private Const SE_PRIVILEGE_ENABLED As Long = &H2 Private Const ANYSIZE_ARRAY As Long = 1
Private Const SE_DEBUG_NAME As String = "SeDebugPrivilege"
Private Const PAGE_READWRITE As Long = &H4 Private Const MEM_RELEASE As Long = &H8000 Private Const MEM_COMMIT As Long = &H1000
Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000 Private Const SYNCHRONIZE As Long = &H100000 Private Const PROCESS_VM_OPERATION As Long = (&H8) Private Const PROCESS_VM_WRITE As Long = (&H20)
Private Const TH32CS_SNAPPROCESS As Long = 2&
Private Const PROCESS_ALL_ACCESS As Long = _ (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or PROCESS_VM_WRITE Or PROCESS_VM_OPERATION Or &HFFF)
Private Type PROCESSENTRY32 dwSize As Long cntUsage As Long th32ProcessID As Long th32DefaultHeapID As Long th32ModuleID As Long cntThreads As Long th32ParentProcessID As Long pcPriClassBase As Long dwFlags As Long szexeFile As String * 260 End Type
Private Type Luid lowpart As Long highpart As Long End Type
Private Type LUID_AND_ATTRIBUTES pLuid As Luid Attributes As Long End Type
Private Type TOKEN_PRIVILEGES PrivilegeCount As Long Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES End Type
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long Private Declare Function VirtualFreeEx Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lpAddress As Any, ByRef dwSize As Long, ByVal dwFreeType As Long) As Long Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long Private Declare Function OpenProcessToken Lib "advapi32" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long Private Declare Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As Luid) As Long Private Declare Function AdjustTokenPrivileges Lib "advapi32" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As Any, ReturnLength As Long) As Long Private Declare Function GetCurrentProcess Lib "kernel32" () As Long Private Declare Function CreateToolhelp32Snapshot Lib "kernel32.dll" (ByVal lFlags As Long, lProcessID As Long) As Long Private Declare Function ProcessFirst Lib "kernel32.dll" Alias "Process32First" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long Private Declare Function ProcessNext Lib "kernel32.dll" Alias "Process32Next" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Public Function InjectByPID(ByVal sDllPath As String, ByVal lProcessID As Long) As Boolean Dim lProc As Long Dim lLibAdd As Long Dim lMem As Long Dim lRet As Long Dim lThread As Long
On Local Error GoTo InjectByPID_Error
'//Adjust token privileges to open system processes Call AdjustPrivileges(GetCurrentProcess)
'// Open the process with all access lProc = OpenProcess(PROCESS_ALL_ACCESS, False, lProcessID) If lProc = 0 Then GoTo InjectByPID_Error
'// Get the address of LoadLibrary lLibAdd = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA") If lLibAdd = 0 Then GoTo InjectByPID_Error
'// Allocate memory to hold the path to the Dll File in the process's memory lMem = VirtualAllocEx(lProc, 0, Len(sDllPath), MEM_COMMIT, PAGE_READWRITE) If lMem = 0 Then GoTo InjectByPID_Error
'// Write the path to the Dll File in the location just created Call WriteProcessMemory(lProc, ByVal lMem, ByVal sDllPath, Len(sDllPath), lRet) If lRet = 0 Then GoTo InjectByPID_Error
'// Create a remote thread that starts begins at the LoadLibrary function and _ is passed are memory pointer lThread = CreateRemoteThread(lProc, ByVal 0, 0, ByVal lLibAdd, ByVal lMem, 0, 0&) If lThread = 0 Then GoTo InjectByPID_Error
'// Wait for the thread to finish Call WaitForSingleObject(lThread, INFINITE)
'// Free the memory created on the other process Call VirtualFreeEx(lProc, lMem, Len(sDllPath), MEM_RELEASE)
'//Release the handle to the other process Call CloseHandle(lProc)
InjectByPID = True
On Error GoTo 0 Exit Function
InjectByPID_Error: '// Free the memory created on the other process Call VirtualFreeEx(lProc, lMem, Len(sDllPath), MEM_RELEASE) '//Release the handle to the other process Call CloseHandle(lProc) End Function
Public Function AdjustPrivileges(ByVal lProcessID As Long) As Boolean Dim lToken As Long Dim tTOKEN_PRIVILEGES As TOKEN_PRIVILEGES
On Local Error GoTo AdjustPrivileges_Error
If Not OpenProcessToken(lProcessID, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, lToken) = 0 Then With tTOKEN_PRIVILEGES If LookupPrivilegeValue(vbNullString, SE_DEBUG_NAME, .Privileges(0).pLuid) = 0 Then Exit Function End If .PrivilegeCount = 1 .Privileges(0).Attributes = SE_PRIVILEGE_ENABLED End With If Not AdjustTokenPrivileges(lToken, 0, tTOKEN_PRIVILEGES, Len(tTOKEN_PRIVILEGES), 0&, 0&) = 0 Then AdjustPrivileges = True End If End If
On Error GoTo 0 Exit Function
AdjustPrivileges_Error:
End Function
'Get PID Public Function whereISmyFUFUprocess(ByVal ProcessName As String) As Long Dim procSnapshot As Long Dim uProcess As PROCESSENTRY32 Dim success As Long Dim ProcessId As Long Dim ProcessId_found As Boolean
ProcessId_found = False procSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)
If procSnapshot = -1 Then Exit Function
uProcess.dwSize = Len(uProcess) success = ProcessFirst(procSnapshot, uProcess)
If success = 1 Then Do If LCase(VBA.Left$(uProcess.szexeFile, InStr(1, uProcess.szexeFile, Chr(0)) - 1)) = LCase(ProcessName) Then ProcessId = uProcess.th32ProcessID Debug.Print "First process found with PID: " & ProcessId If ProcessId_found = True Then Debug.Print "Second process found with PID: " & ProcessId whereISmyFUFUprocess = ProcessId Exit Do End If ProcessId_found = True End If Loop While ProcessNext(procSnapshot, uProcess)
End If If whereISmyFUFUprocess = 0 Then whereISmyFUFUprocess = ProcessId End If Call CloseHandle(procSnapshot) End Function
Form 1Private Declare Sub Sleep Lib "kernel32.dll" (ByVal dwMilliseconds As Long)
Private Sub Command1_Click()
Dim PID As Long
' // Run Notepad Shell "notepad.exe", vbNormalFocus Sleep 1000 PID = whereISmyFUFUprocess("notepad.exe") Sleep 1000 InjectByPID "Project1.dll", PID
End Sub
|
|
|
5
|
Programación / Programación Visual Basic / Cómo deshabilitar Aero en Windows 7?
|
en: 5 Enero 2016, 13:33 pm
|
He probado el código de abajo, pero no funciona para mí. ¿Alguna sugestion? Private Const DWM_EC_DISABLECOMPOSITION As Long = 0 Private Const DWM_EC_ENABLECOMPOSITION As Long = 1 Private Declare Function DwmEnableComposition Lib "dwmapi" (uCompositionAction As Long) As Long Private Function SUCCEEDED(hr As Long) As Boolean SUCCEEDED = (hr >= 0) End Function Private Function FAILED(hr As Long) As Boolean FAILED = (hr < 0) End Function Private Sub Form_Load() If SUCCEEDED(DwmEnableComposition(DWM_EC_DISABLECOMPOSITION)) Then MsgBox "Vista Aero est Desactive" Else MsgBox "Vista Aero n'a pas pu etre Desactive" End If End Sub Private Sub Form_QueryUnload(Cancel As Integer, UnloadMode As Integer) MsgBox Cancel MsgBox UnloadMode If SUCCEEDED(DwmEnableComposition(DWM_EC_ENABLECOMPOSITION)) Then MsgBox "Vista Aero est Active" Else MsgBox "Vista Aero n'a pas pu etre active" End If End Sub
|
|
|
6
|
Programación / .NET (C#, VB.NET, ASP) / VB: Cómo alinear la posición de dos rectángulos en proyecto Servidor - Cliente?
|
en: 1 Enero 2016, 14:15 pm
|
Tengo un problema en relación con dos rectángulos (en servidor y cliente, respectivamente). El rectángulo rojo se dibuja en el lado del servidor, y el rectángulo con un agujero se crea en el lado del cliente. Pero el rectángulo con el agujero que se dibuja en el lado del cliente, nunca se queda en la misma posición que ya se definió en Server. Todas las sugerencias son bienvenidas. Por lo tanto, mi resultado hasta ahora esto es: Del lado del servidorDim mRect As Rectangle Dim d
'=========================== DRAW RECTANGLE IN PICTUREBOX ===================================
Private Sub PictureBoxREMOTO_MouseDown(sender As Object, e As MouseEventArgs) Handles PictureBoxREMOTO.MouseDown mRect = New Rectangle(e.X - d.x, e.Y - d.y, 0, 0) PictureBoxREMOTO.Invalidate() End Sub
Private Sub PictureBoxREMOTO_MouseMove(sender As Object, e As MouseEventArgs) Handles PictureBoxREMOTO.MouseMove
If e.Button = Windows.Forms.MouseButtons.Left Then
Dim gp As New System.Drawing.Drawing2D.GraphicsPath
mRect = New Rectangle(mRect.Left, mRect.Top, e.X - d.x - mRect.Left, e.Y - d.y - mRect.Top)
PictureBoxREMOTO.Invalidate() End If End Sub
Private Sub PictureBoxREMOTO_Paint(sender As Object, e As PaintEventArgs) Handles PictureBoxREMOTO.Paint Dim mRect2 = New Rectangle(mRect.Location, mRect.Size) mRect2.Offset(d)
Using pen As New Pen(Color.Red, 3) e.Graphics.DrawRectangle(pen, mRect2) End Using End Sub
Private Sub PictureBoxREMOTO_MouseUp(sender As Object, e As MouseEventArgs) Handles PictureBoxREMOTO.MouseUp
Dim MENSAJE As String = "HOLE:" & mRect.Left & ":" & mRect.Top & ":" & e.X - d.x - mRect.Left & ":" & e.Y - d.y - mRect.Top ENVIO = System.Text.Encoding.UTF7.GetBytes(MENSAJE)
'mRect = New Rectangle(e.X - d.x, e.Y - d.y, 0, 0) 'PictureBoxREMOTO.Invalidate()
End Sub
Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load d = PictureBoxREMOTO.PointToClient(PictureBoxREMOTO.Location) End Sub
'=========================================================================================
Lado del clientePrivate j As Integer Private z As Integer Private l As Integer Private m As Integer
Private Sub DDMain() BeginInvoke(New Action(AddressOf Rise_DD)) End Sub
Private Sub Rise_DD()
Form2.m = j Form2.n = z Form2.o = l Form2.p = m
Form2.Button1_Click(Me, Nothing)
End Sub
Public Sub ORDENES(ByVal ORDEN As String)
Dim PARTES As String() = ORDEN.Split(":") POSICIONX = PARTES(1) POSICIONY = PARTES(2) Cursor.Position = New Point(POSICIONX, POSICIONY)
Select Case PARTES(0)
Case "HOLE"
'Coordinates of rectangle drawn on Server
j = PARTES(1) z = PARTES(2) l = PARTES(3) m = PARTES(4)
DDMain()
'MessageBox.Show(PARTES(1) & " - " & PARTES(2) & " - " & PARTES(3) & " - " & PARTES(4)) 'Coordinates of rectangle drawed on Server
End Select
End Sub
Form2 del lado del clientePublic m As Integer Public n As Integer Public o As Integer Public p As Integer
Public Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim mRect As Rectangle
Dim gp As New System.Drawing.Drawing2D.GraphicsPath
gp.AddRectangle(New Rectangle(0, 0, Me.Width, Me.Height))
mRect = New Rectangle(m, n, o, p)
gp.AddRectangle(mRect)
Me.Region = New Region(gp)
Me.Invalidate()
End Sub
|
|
|
7
|
Programación / Programación Visual Basic / VB6: Problema con función "ProcessExists"
|
en: 24 Noviembre 2015, 14:58 pm
|
Buen día amigos, Tengo dos funciones que sirven para verificar si un proceso que ya está en marcha, pero return false cuando el proceso se está ejecutando. ¿Podría alguien ayudarme con esto, por favor? Aquí dejo las funciones que estoy utilizando:
''''''''''''''''''''''''''''''''' PROCESS EXISTS '''''''''''''''''''''
Private Const MAX_PATH = 260 Private Const PROCESS_QUERY_INFORMATION = &H400
Private Declare Function OpenProcess Lib "kernel32" ( _ ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessID As Long) As Long Private Declare Function EnumProcesses Lib "PSAPI.DLL" ( _ lpidProcess As Long, ByVal cb As Long, cbNeeded As Long) As Long Private Declare Function EnumProcessModules Lib "PSAPI.DLL" ( _ ByVal hProcess As Long, lphModule As Long, ByVal cb As Long, lpcbNeeded As Long) As Long Private Declare Function GetModuleBaseName Lib "PSAPI.DLL" Alias "GetModuleBaseNameA" ( _ ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long Private Const PROCESS_VM_READ = &H10 Private Const PROCESS_QUERY_INFORMATION = &H400
Private Type PROCESSENTRY32 dwSize As Long cntUsage As Long th32ProcessID As Long th32DefaultHeapID As Long th32ModuleID As Long cntThreads As Long th32ParentProcessID As Long pcPriClassBase As Long dwFlags As Long szExeFile As String * MAX_PATH End Type Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long Private Const TH32CS_SNAPPROCESS As Long = 2& Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Private Function FindProcessID(ByVal pExename As String) As Long
Dim ProcessID As Long, hSnapshot As Long Dim uProcess As PROCESSENTRY32, rProcessFound As Long Dim Pos As Integer, szExename As String hSnapshot = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0&) If hSnapshot = -1 Then Exit Function End If uProcess.dwSize = Len(uProcess) rProcessFound = ProcessFirst(hSnapshot, uProcess) Do While rProcessFound Pos = InStr(1, uProcess.szExeFile, vbNullChar) If Pos Then szExename = Left$(uProcess.szExeFile, Pos - 1) End If If LCase$(szExename) = LCase$(pExename) Then ProcessID = uProcess.th32ProcessID Exit Do Else rProcessFound = ProcessNext(hSnapshot, uProcess) End If Loop CloseHandle hSnapshot FindProcessID = ProcessID
End Function
Private Function IsProcessRunning2(PID As Long) As Boolean Dim hProcess As Long hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, 0, PID) CloseHandle hProcess IsProcessRunning2 = hProcess End Function
Private Function IsProcessRunning(ByVal sProcess As String) As Boolean Const MAX_PATH As Long = 260 Dim lProcesses() As Long, lModules() As Long, N As Long, lRet As Long, hProcess As Long Dim sName As String sProcess = UCase$(sProcess) ReDim lProcesses(1023) As Long If EnumProcesses(lProcesses(0), 1024 * 4, lRet) Then For N = 0 To (lRet \ 4) - 1 hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, lProcesses(N)) If hProcess Then ReDim lModules(1023) If EnumProcessModules(hProcess, lModules(0), 1024 * 4, lRet) Then sName = String$(MAX_PATH, vbNullChar) GetModuleBaseName hProcess, lModules(0), sName, MAX_PATH sName = Left$(sName, InStr(sName, vbNullChar) - 1) If Len(sName) = Len(sProcess) Then If sProcess = UCase$(sName) Then IsProcessRunning = True: Exit Function End If End If End If CloseHandle hProcess Next N End If End Function
Desde ya muchas gracias
|
|
|
8
|
Programación / Programación Visual Basic / Funcíon siendo detecta por los antivirus
|
en: 8 Junio 2015, 03:17 am
|
hola, tengo una función del un Stub en un joiner (Función "split") que está siendo detectado por antivirus en la siguiente línea: V50 = V40 Esta línea es una de las más importantes de esta función Por favor, alguien me podría ayudar con alguna modificación para esta función? Segue lo código de la Funcíon: Private Function Separa(ByVal V1 As String, Optional ByVal V2 As String, Optional ByVal V3 As Long = -1) As String()
Dim V40 As Long, V50 As Long, V6 As Long, V7 As Long, V8 As Long, V9() As String
V6 = Len(V1)
If V2 = vbNullString Then V2 = " " V7 = Len(V2)
If V3 = 0 Then GoTo QuitHere If V6 = 0 Then GoTo QuitHere If InStr(1, V1, V2, vbBinaryCompare) = 0 Then GoTo QuitHere
ReDim V9(0) V40 = 1 V50 = 1
Do If V8 + 1 = V3 Then V9(V8) = Mid$(V1, V40) Exit Do End If
V50 = InStr(V50, V1, V2, vbBinaryCompare)
If V50 = 0 Then If Not V40 = V6 Then V9(V8) = Mid$(V1, V40) End If Exit Do End If
V9(V8) = Mid$(V1, V40, V50 - V40) V8 = V8 + 1
ReDim Preserve V9(V8)
V40 = V50 + V7 V50 = V40 Loop
ReDim Preserve V9(V8) Separa = V9
Exit Function
QuitHere: ReDim Separa(-1 To -1)
End Function
|
|
|
|
|
|
|