Yahik0

LvL-23
  • Content Count

    11
  • Avg. Content Per Day

    0
  • Joined

  • Last visited

Community Reputation

61 Excellent

About Yahik0

  • Rank
    Leech
  • Birthday 11/21/1998

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Yahik0

    Anti Sandboxie[MASM]

    Re: Anti Sandboxie[MASM] what's the importance to code that in MASM when you're using shit things like Macro ?
  2. Yahik0

    PE Viewer (Structure Viewer)

    Re: PE Viewer (Structure Viewer) Edit Password : Level-23.eu
  3. This Method need to compile your payload with 0x500000 Image base spiteful: PoC : Code : [HIDE-THANKS] > #include #include #include /* In memory execution example */ /* Author: Amit Malik [Hidden Content] Compile in Dev C++ */ #define DEREF_32( name )*(DWORD *)(name) int main() { char file[20]; HANDLE handle; PVOID vpointer; HINSTANCE laddress; LPSTR libname; DWORD size; DWORD EntryAddr; int state; DWORD byteread; PIMAGE_NT_HEADERS nt; PIMAGE_SECTION_HEADER section; DWORD dwValueA; DWORD dwValueB; DWORD dwValueC; DWORD dwValueD; printf("Enter file name: "); scanf("%s",&file); // read the file printf("Reading file..\n"); handle = CreateFile(file,GENERIC_READ,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0); // get the file size size = GetFileSize(handle,NULL); // Allocate the space vpointer = VirtualAlloc(NULL,size,MEM_COMMIT,PAGE_READWRITE); // read file on the allocated space state = ReadFile(handle,vpointer,size,&byteread,NULL); CloseHandle(handle); printf("You can delete the file now!\n"); system("pause"); // read NT header of the file nt = PIMAGE_NT_HEADERS(PCHAR(vpointer) + PIMAGE_DOS_HEADER(vpointer)->e_lfanew); handle = GetCurrentProcess(); // get VA of entry point EntryAddr = nt->OptionalHeader.ImageBase + nt->OptionalHeader.AddressOfEntryPoint; // Allocate the space with Imagebase as a desired address allocation request PVOID memalloc = VirtualAllocEx( handle, PVOID(nt->OptionalHeader.ImageBase), nt->OptionalHeader.SizeOfImage, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE ); // Write headers on the allocated space WriteProcessMemory(handle, memalloc, vpointer, nt->OptionalHeader.SizeOfHeaders, 0 ); // write sections on the allocated space section = IMAGE_FIRST_SECTION(nt); for (ULONG i = 0; i < nt->FileHeader.NumberOfSections; i++) { WriteProcessMemory( handle, PCHAR(memalloc) + section[i].VirtualAddress, PCHAR(vpointer) + section[i].PointerToRawData, section[i].SizeOfRawData, 0 ); } // read import dirctory dwValueB = (DWORD) &(nt->OptionalHeader.DataDirectory[iMAGE_DIRECTORY_ENTRY_IMPORT]); // get the VA dwValueC = (DWORD)(nt->OptionalHeader.ImageBase) + ((PIMAGE_DATA_DIRECTORY)dwValueB)->VirtualAddress; while(((PIMAGE_IMPORT_DESCRIPTOR)dwValueC)->Name) { // get DLL name libname = (LPSTR)(nt->OptionalHeader.ImageBase + ((PIMAGE_IMPORT_DESCRIPTOR)dwValueC)->Name); // Load dll laddress = LoadLibrary(libname); // get first thunk, it will become our IAT dwValueA = nt->OptionalHeader.ImageBase + ((PIMAGE_IMPORT_DESCRIPTOR)dwValueC)->FirstThunk; // resolve function addresses while(DEREF_32(dwValueA)) { dwValueD = nt->OptionalHeader.ImageBase + DEREF_32(dwValueA); // get function name LPSTR Fname = (LPSTR)((PIMAGE_IMPORT_BY_NAME)dwValueD)->Name; // get function addresses DEREF_32(dwValueA) = (DWORD)GetProcAddress(laddress,Fname); dwValueA += 4; } dwValueC += sizeof( IMAGE_IMPORT_DESCRIPTOR ); } // call the entry point :: here we assume that everything is ok. ((void(*)(void))EntryAddr)(); } [/HIDE-THANKS]
  4. Yahik0

    [MASM]MessageBox Example

    [HIDE-THANKS] > ;------------Block 1---------- .386 .model flat,stdcall option casemap:none ;------------Block 2---------- include windows.inc include user32.inc includelib user32.lib include kernel32.inc includelib kernel32.lib ;------------block 3---------- .data szCaption db "Hello",0 szMsg db "Hello World!",0 ;------------Block 4---------- .data? retvalue dd ? ;------------Block 5---------- .code start: invoke MessageBox,NULL,addr szMsg,addr szCaption,MB_OK mov retvalue,eax xor eax,eax invoke ExitProcess,eax end start [/HIDE-THANKS]
  5. Yahik0

    PE Viewer (Structure Viewer)

    Download thanhhgfg:: [HIDE-THANKS][Hidden Content]] Password: Level-23.eu
  6. Yahik0

    Sleep Alternative

    [HIDE-THANKS] > _SleepNtDelay(10000) ;=Sleep 10s Func _SleepNtDelay($Sleep) $TimeToMs = $Sleep * 1000 DllCall("ntdll.dll", "dword", "NtDelayExecution", "int", 0, "int64*", -10 * $TimeToMs) EndFunc [/HIDE-THANKS]
  7. Yahik0

    Finantiation

    Re: Finantiation my contribution :p
  8. Yahik0

    Crypters FUD Private Staff

    Re: Crypters FUD Private Staff Good idea ! :) but how much ?
  9. Yahik0

    Hello :)

    Yop allz, Yahik0 Here :)
  10. Yahik0

    Concurso Crypter VIII

    Re: Concurso Crypter VIII can i participate? (i'm new member but i have a long experience on crypters) :)