• Fuentes

 #485832  por Scorpio
 
Wardow escribió: Hello!

I'm here to release a RunPE Shellcode I have made.

Informations:

Gets Kernel32 and Ntdll modules addresses from PEB
Resolves needed functions pointers by walking on the EAT
Is able to apply fixups
Supports Unicode
Does apply proper section memory protection flags
Will technically never fail when the file has a relocation table (fixups)
You can pass custom arguments, program to hollow
Should be the most stable possible
There should not be any memory leak

Call chain:
ntdll!RtlZeroMemory, CreateProcessW, GetThreadContext, ReadProcessMemory, NtUnmapViewOfSection, VirtualAlloc, VirtualAllocEx, ntdll!memcpy, WriteProcessMemory, VirtualProtectEx, SetThreadContext, ResumeThread
Creditos: Wardow (Raped Pony).

//Regards.
 #485836  por comand
 
hermano excelente contribución
 #485839  por crack81
 
Lindo runpe Scorpio gracias no conocia la DllCallAddress de autoit se nota que no le doy a ese lenguaje

Saludos...
 #485888  por n0z
 
Gracias Scorpio,i will deff look at this this weekend. Gracias por traerlo
 #485918  por top10
 
Buenisima las caracteristicas del runpe sobretodo lo de resolver las apis con el EAT,alguien sabe portarlo a vb6?