API tools faq
paste
Advertisement
Guest User

Share EX2 Loader

a guest
Mar 5th, 2013
49,437
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C# 3.88 KB | None | 0 0
raw download clone embed print report diff
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Runtime.InteropServices;
  6.  
  7. namespace ShareLoader
  8. {
  9.     class Program
  10.     {
  11.         static void Main(string[] args)
  12.         {
  13.             STARTUPINFO si = new STARTUPINFO();
  14.             PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
  15.             CreateProcess("share.exe", null,
  16.                 IntPtr.Zero, IntPtr.Zero, false,
  17.                 ProcessCreationFlags.CREATE_SUSPENDED,
  18.                 IntPtr.Zero, null, ref si, out pi);
  19.  
  20.             int written;
  21.             byte[] buffer = new byte[1];
  22.             WriteProcessMemory(pi.hProcess, 0x004B06B9, buffer, 1, out written);
  23.             WriteProcessMemory(pi.hProcess, 0x0049B225, buffer, 1, out written);
  24.  
  25.             buffer[0] = 0xeb;
  26.             WriteProcessMemory(pi.hProcess, 0x0049B523, buffer, 1, out written);
  27.             WriteProcessMemory(pi.hProcess, 0x0049D1B8, buffer, 1, out written);
  28.             WriteProcessMemory(pi.hProcess, 0x0049B4B4, buffer, 1, out written);
  29.             WriteProcessMemory(pi.hProcess, 0x004B06C4, buffer, 1, out written);
  30.             WriteProcessMemory(pi.hProcess, 0x0049B236, buffer, 1, out written);
  31.             WriteProcessMemory(pi.hProcess, 0x004B0743, buffer, 1, out written);
  32.             WriteProcessMemory(pi.hProcess, 0x004B0785, buffer, 1, out written);
  33.             WriteProcessMemory(pi.hProcess, 0x004B0821, buffer, 1, out written);
  34.            
  35.             ResumeThread(pi.hThread);
  36.         }
  37.  
  38.         [DllImport("kernel32.dll")]
  39.         static extern bool WriteProcessMemory(IntPtr hProcess, int lpBaseAddress,
  40.                byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten);
  41.  
  42.         [DllImport("kernel32.dll")]
  43.         static extern bool CreateProcess(string lpApplicationName,
  44.                string lpCommandLine, IntPtr lpProcessAttributes,
  45.                IntPtr lpThreadAttributes,
  46.                bool bInheritHandles, ProcessCreationFlags dwCreationFlags,
  47.                IntPtr lpEnvironment, string lpCurrentDirectory,
  48.                ref STARTUPINFO lpStartupInfo,
  49.                out PROCESS_INFORMATION lpProcessInformation);
  50.  
  51.         [DllImport("kernel32.dll")]
  52.         static extern uint ResumeThread(IntPtr hThread);
  53.     }
  54.  
  55.     public struct STARTUPINFO
  56.     {
  57.         public uint cb;
  58.         public string lpReserved;
  59.         public string lpDesktop;
  60.         public string lpTitle;
  61.         public uint dwX;
  62.         public uint dwY;
  63.         public uint dwXSize;
  64.         public uint dwYSize;
  65.         public uint dwXCountChars;
  66.         public uint dwYCountChars;
  67.         public uint dwFillAttribute;
  68.         public uint dwFlags;
  69.         public short wShowWindow;
  70.         public short cbReserved2;
  71.         public IntPtr lpReserved2;
  72.         public IntPtr hStdInput;
  73.         public IntPtr hStdOutput;
  74.         public IntPtr hStdError;
  75.     }
  76.  
  77.     public struct PROCESS_INFORMATION
  78.     {
  79.         public IntPtr hProcess;
  80.         public IntPtr hThread;
  81.         public uint dwProcessId;
  82.         public uint dwThreadId;
  83.     }
  84.  
  85.     [Flags]
  86.     public enum ProcessCreationFlags : uint
  87.     {
  88.         ZERO_FLAG = 0x00000000,
  89.         CREATE_BREAKAWAY_FROM_JOB = 0x01000000,
  90.         CREATE_DEFAULT_ERROR_MODE = 0x04000000,
  91.         CREATE_NEW_CONSOLE = 0x00000010,
  92.         CREATE_NEW_PROCESS_GROUP = 0x00000200,
  93.         CREATE_NO_WINDOW = 0x08000000,
  94.         CREATE_PROTECTED_PROCESS = 0x00040000,
  95.         CREATE_PRESERVE_CODE_AUTHZ_LEVEL = 0x02000000,
  96.         CREATE_SEPARATE_WOW_VDM = 0x00001000,
  97.         CREATE_SHARED_WOW_VDM = 0x00001000,
  98.         CREATE_SUSPENDED = 0x00000004,
  99.         CREATE_UNICODE_ENVIRONMENT = 0x00000400,
  100.         DEBUG_ONLY_THIS_PROCESS = 0x00000002,
  101.         DEBUG_PROCESS = 0x00000001,
  102.         DETACHED_PROCESS = 0x00000008,
  103.         EXTENDED_STARTUPINFO_PRESENT = 0x00080000,
  104.         INHERIT_PARENT_AFFINITY = 0x00010000
  105.     }
  106. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!