Wardow escribió: Hello!

I'm here to release a RunPE Shellcode I have made.

Informations:

Gets Kernel32 and Ntdll modules addresses from PEB
Resolves needed functions pointers by walking on the EAT
Is able to apply fixups
Supports Unicode
Does apply proper section memory protection flags
Will technically never fail when the file has a relocation table (fixups)
You can pass custom arguments, program to hollow
Should be the most stable possible
There should not be any memory leak

Call chain:
ntdll!RtlZeroMemory, CreateProcessW, GetThreadContext, ReadProcessMemory, NtUnmapViewOfSection, VirtualAlloc, VirtualAllocEx, ntdll!memcpy, WriteProcessMemory, VirtualProtectEx, SetThreadContext, ResumeThread

Mostrar/Ocultar

Creditos: Wardow (Raped Pony).

//Regards.
Ikarus: Backdoor.VBS.SafeLoader
Agnitum: Trojan.VBS.Safebot.A
http://indeseables.github.io/
hermano excelente contribución
"Concentrarse en las fortalezas, reconocer las debilidades, las oportunidades y tomar la guardia contra las amenazas."

―Sun Tzu
Lindo runpe Scorpio gracias no conocia la DllCallAddress de autoit se nota que no le doy a ese lenguaje

Saludos...
Skype:crack8111
Gracias Scorpio,i will deff look at this this weekend. Gracias por traerlo
CryptoSharex.com  | Aceptando donaciones..gracias: 1CiVFiGwCtf1kpASyQB9j8dhNyJs5AfaMX
Buenisima las caracteristicas del runpe sobretodo lo de resolver las apis con el EAT,alguien sabe portarlo a vb6?
Responder

Volver a “Fuentes”