Indetectables

Código: Seleccionar todo

#cs ------------------------------------------------------- 
AutoIt Version: 3.3.8.1 
Author..........: Pink 
Script Function...: ENDLastI_S_H() 
Uso..............: ENDLastI_S_H(Filepath) 
Retorna..........: Posicion Donde termina la ultima Sección de IMAGE_SECTION_HEADER 
#ce ------------------------------------------------------- 



;Ejemplo 
local $myfile="C:\Users\Usuario\Desktop\Anotador.exe" 


msgbox(0,"",ENDLastI_S_H($myfile)) 


Func ENDLastI_S_H($file) 
    Const $l_fanew=60 
    Const $PEsize=4 
    Const $I_F_H=20 
    const $SizeS =40 
    local $LFvalue ;offset Entrada IMAGE_NT_HEADERS firma PE 
    local $Size_O_H ;izeOfOptionalHeader 
    local $NofS  ;NumberOfSections 
    local $fin_I_S_H ;IMAGE_SECTION_HEADER 


;leyendo archivo y cargando buffer 
    $hfile=fileopen($file) 
    $binary=fileread($hfile,1000) 


;offset Entrada IMAGE_NT_HEADERS firma PE 
   $LFvalue=binarymid($binary,$l_fanew+1,4) 
   $LFvalue=Dec(OLE(Stringreplace($LFvalue,"0x","",1,0))) 



     ;NumberOfSections 
    $NofS=$LFvalue+$PEsize+2 
    $NofS=BinaryMid($binary,($NofS+1),2) 
    $NofS=Dec(OLE(Stringreplace($NofS,"0x","",1,0))) 


    ;Tamaño SizeOfOptionalHeader 
    $Size_O_H=$LFvalue+$PEsize+16 
    $Size_O_H=BinaryMid($binary,($Size_O_H+1),2) 
    $Size_O_H=dec(OLE(StringReplace($Size_O_H,"0x","",1,0))) 


$fin_I_S_H=($LFvalue+$PEsize+$I_F_H+$Size_O_H)+($NofS*$SizeS) 

return $fin_I_S_H 

    fileclose($hfile);close 

EndFunc 




;Funcion OLE "Orden Little Endian" 
Func OLE($Var) 
Local $len=stringlen($Var)/2 
local $Array[$len+1] 
local $Char 
local $A=1 
local $Result 
for $i= 1 to $len 
    $Char=stringmid($Var,$A,2) 
    $A+=2 
    $Array[$i]=$Char 
    next 
for $x = $len to 1 Step -1 
    $Result&=$Array[$x] 
Next 
Return $Result 
EndFunc