API tools faq
paste
Guest User

Untitled

a guest
Dec 14th, 2018
72
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.74 KB | None | 0 0
raw download clone embed print report
  1. ; CONFIG HERE
  2. $INIFILE="C:\\TEMP\uaf.ui3"
  3. $OUTFILE="C:\\TEMP\extracted.exe"
  4. ; ->
  5.  
  6. Global Const $4063A0C69862A72A9 = 0x1
  7. Global Const $53675A741B726EAC88522D14B9F334E1 = 24
  8. Global Const $368080A29D90F5BA0B1D1E0DEAF11686 = 0xF0000000
  9. Global Const $2BADE2A6917E4FD3141FF478399B9C29 = 0x0004
  10. Global Const $D7B87DBC9EBFE9B98E86AC402AF30278 = 0x0002
  11. Global Const $A4E74B3D571DD28A4BD46AFED2FF9A21 = 0x00000001
  12. Global Const $B939F5E560A162C57C19FFD63367B64E = 1
  13. Global Const $72C3DED1B4617DC9E36E9F0FA1ECD04B = 0x00008001
  14. Global Const $B6D07C74BD5D1C5988597C22A366633F = 0x00008002
  15. Global Const $AC23469B485C91685E66323634795BB3 = 0x00008003
  16. Global Const $A2FCA4C08C8A3F1468D8E746E31AB5CB = 0x00008004
  17. Global Const $487AA7ED5C22C2DBED5BE8784863E3CA = 0x00006603
  18. Global Const $F23BABECD6E4A8BB507295A70C116B81 = 0x0000660e
  19. Global Const $893529605D2CC4E08C633862AF17D045 = 0x0000660f
  20. Global Const $D55A30AD6906FF18C3F0AD47673624E1 = 0x00006610
  21. Global Const $D9E2A9D97C7FFBAD9D504886A359FB4A = 0x00006601
  22. Global Const $4350DEA878C5E4A2BAB83C4406A8B26B = 0x00006602
  23. Global Const $75A2FB145F3605CA0DA3CA48D7B9C281 = 0x00006801
  24. Global Const $1295974546E6E9CA72B1205FD83C6F10 = 0
  25. Global $FDA831CE40AFAB1CCB2F146F9D71CF0F[3]
  26. Global $6D8EA853F0F9D4F4725A7B18BA8E68E5, $6C3C44D956C1D408BA305F8620833447, $D7D52CFFCBB6745185B9DB4AFA2C8C13, $FF9A003592FB5AC6C447DC74647093B4, $B9B82D98583A5C233FD445FABDD55983, $F39285179624EA59225A0BF28273C515, $79E6B6AD0E3929343C8227B45FDD4FFB
  27. Global $3C02906DBD82FAE9BEDF15FA83019CD3 = @MIN + 1, $10408E6F4EE9BCC475D45187F7A61581 = @MIN + 1, $576E7ACF370C475C1F7CFFC8287D4894, $D670D931AB625312A06C6E78CAF5F4FA, $5D33270AF08A87ABF453DC3CE78E09EC, $FD207A895B0E415C87F1962728B8263A, $EF334541C41BF1292618BD324F33ECFF, $38FB60076F054E3721B05607F1809456
  28. Global $C53E1AA287D0B74A8A796B2D3DB2DAE2, $C8E8F8600975B3E41D4C0AFA85BEDAB0, $3B3F342DCB843A363757E1DD2813D3FF, $8F5EBE1328FC2B2DC6016A70C366F083
  29.  
  30. Func _S0xF3480212E0F51234A3E6D08DDB50D175()
  31. Return $FDA831CE40AFAB1CCB2F146F9D71CF0F[1]
  32. EndFunc ;==>_S0xF3480212E0F51234A3E6D08DDB50D175
  33. Func _S0xFEF25B33C8D60CC3EE98893C3D856F5E()
  34. Return $FDA831CE40AFAB1CCB2F146F9D71CF0F[0]
  35. EndFunc ;==>_S0xFEF25B33C8D60CC3EE98893C3D856F5E
  36.  
  37.  
  38. Func _S0x47756EC5C5FD73FD84CEA64B25829197($81D6022EF7D3BCE20A60C58E8584A9F6)
  39. $FDA831CE40AFAB1CCB2F146F9D71CF0F[2] = $81D6022EF7D3BCE20A60C58E8584A9F6
  40. EndFunc ;==>_S0x47756EC5C5FD73FD84CEA64B25829197
  41. Func _S0x37D8322BEC6A5294DB414339A4FCB2E2()
  42. Return $FDA831CE40AFAB1CCB2F146F9D71CF0F[2]
  43. EndFunc ;==>_S0x37D8322BEC6A5294DB414339A4FCB2E2
  44. Func _S0x5D1574E9146FA08D0703DB81C21510C2($AC907458A37E739C43AC302BC278DC56)
  45. $FDA831CE40AFAB1CCB2F146F9D71CF0F[1] = $AC907458A37E739C43AC302BC278DC56
  46. EndFunc ;==>_S0x5D1574E9146FA08D0703DB81C21510C2
  47.  
  48. Func _S0x2EABB265E59944565B0DD219B9D60CB0()
  49. If $FDA831CE40AFAB1CCB2F146F9D71CF0F[0] > 0 Then $FDA831CE40AFAB1CCB2F146F9D71CF0F[0] -= 1
  50. EndFunc ;==>_S0x2EABB265E59944565B0DD219B9D60CB0
  51. Func _S0xA60577F031C8B499DA0DEFE5CE3A8003()
  52. $FDA831CE40AFAB1CCB2F146F9D71CF0F[0] += 1
  53. EndFunc ;==>_S0xA60577F031C8B499DA0DEFE5CE3A8003
  54.  
  55. Func _S0xC4FD912398EE22E2D27771CBC8825110($9E20A0458DAA1298D365D27214FAAED2, $0D80EF9D3AB46B8CEAAD8908F022A4EB, $9BDC1F591B6EF9C92870FA376DF86B27 = $AC23469B485C91685E66323634795BB3)
  56. Local $7EA3F329EC056519C6B44D5B56C67BF4
  57. Local $E39FD4A997F64354F410AD2280DACE64
  58. Local $355B31994C3D5AF204FC3A39293C8ECF
  59. Local $D6F948BD77DF837704932DE0EFDF89C4
  60. Local $1FEB07F98C57EBB486E8D43A0EAA2B46
  61. _Crypt__S0xC8217D78780E72F524EC8E3C8A152959()
  62. Do
  63. $7EA3F329EC056519C6B44D5B56C67BF4 = DllCall(_S0xF3480212E0F51234A3E6D08DDB50D175(), "bool", "CryptCreateHash", "handle", _S0x37D8322BEC6A5294DB414339A4FCB2E2(), "uint", $9BDC1F591B6EF9C92870FA376DF86B27, "ptr", 0, "dword", 0, "handle*", 0)
  64. If @error Or Not $7EA3F329EC056519C6B44D5B56C67BF4[0] Then
  65. $D6F948BD77DF837704932DE0EFDF89C4 = 1
  66. $1FEB07F98C57EBB486E8D43A0EAA2B46 = -1
  67. ExitLoop
  68. EndIf
  69. $E39FD4A997F64354F410AD2280DACE64 = $7EA3F329EC056519C6B44D5B56C67BF4[5]
  70. $355B31994C3D5AF204FC3A39293C8ECF = DllStructCreate("byte[" & BinaryLen($9E20A0458DAA1298D365D27214FAAED2) & "]")
  71. DllStructSetData($355B31994C3D5AF204FC3A39293C8ECF, 1, $9E20A0458DAA1298D365D27214FAAED2)
  72. $7EA3F329EC056519C6B44D5B56C67BF4 = DllCall(_S0xF3480212E0F51234A3E6D08DDB50D175(), "bool", "CryptHashData", "handle", $E39FD4A997F64354F410AD2280DACE64, "struct*", $355B31994C3D5AF204FC3A39293C8ECF, "dword", DllStructGetSize($355B31994C3D5AF204FC3A39293C8ECF), "dword", $B939F5E560A162C57C19FFD63367B64E)
  73. If @error Or Not $7EA3F329EC056519C6B44D5B56C67BF4[0] Then
  74. $D6F948BD77DF837704932DE0EFDF89C4 = 2
  75. $1FEB07F98C57EBB486E8D43A0EAA2B46 = -1
  76. ExitLoop
  77. EndIf
  78. $7EA3F329EC056519C6B44D5B56C67BF4 = DllCall(_S0xF3480212E0F51234A3E6D08DDB50D175(), "bool", "CryptDeriveKey", "handle", _S0x37D8322BEC6A5294DB414339A4FCB2E2(), "uint", $0D80EF9D3AB46B8CEAAD8908F022A4EB, "handle", $E39FD4A997F64354F410AD2280DACE64, "dword", $A4E74B3D571DD28A4BD46AFED2FF9A21, "handle*", 0)
  79. If @error Or Not $7EA3F329EC056519C6B44D5B56C67BF4[0] Then
  80. $D6F948BD77DF837704932DE0EFDF89C4 = 3
  81. $1FEB07F98C57EBB486E8D43A0EAA2B46 = -1
  82. ExitLoop
  83. EndIf
  84. $D6F948BD77DF837704932DE0EFDF89C4 = 0
  85. $1FEB07F98C57EBB486E8D43A0EAA2B46 = $7EA3F329EC056519C6B44D5B56C67BF4[5]
  86. Until True
  87. If $E39FD4A997F64354F410AD2280DACE64 <> 0 Then DllCall(_S0xF3480212E0F51234A3E6D08DDB50D175(), "bool", "CryptDestroyHash", "handle", $E39FD4A997F64354F410AD2280DACE64)
  88. Return SetError($D6F948BD77DF837704932DE0EFDF89C4, 0, $1FEB07F98C57EBB486E8D43A0EAA2B46)
  89. EndFunc ;==>_S0xC4FD912398EE22E2D27771CBC8825110
  90.  
  91. Func _Crypt__S0xC8217D78780E72F524EC8E3C8A152959()
  92. If _S0xFEF25B33C8D60CC3EE98893C3D856F5E() = 0 Then
  93. Local $AC907458A37E739C43AC302BC278DC56 = DllOpen("Advapi32.dll")
  94. If @error Then Return SetError(1, 0, False)
  95. _S0x5D1574E9146FA08D0703DB81C21510C2($AC907458A37E739C43AC302BC278DC56)
  96. Local $7EA3F329EC056519C6B44D5B56C67BF4
  97. Local $1283CADC840375F6321D7C638C5F87B9 = $53675A741B726EAC88522D14B9F334E1
  98. If @OSVersion = "WIN_2000" Then $1283CADC840375F6321D7C638C5F87B9 = $4063A0C69862A72A9 ; Provide backwards compatibility with win2000
  99. $7EA3F329EC056519C6B44D5B56C67BF4 = DllCall(_S0xF3480212E0F51234A3E6D08DDB50D175(), "bool", "CryptAcquireContext", "handle*", 0, "ptr", 0, "ptr", 0, "dword", $1283CADC840375F6321D7C638C5F87B9, "dword", $368080A29D90F5BA0B1D1E0DEAF11686)
  100. If @error Or Not $7EA3F329EC056519C6B44D5B56C67BF4[0] Then
  101. DllClose(_S0xF3480212E0F51234A3E6D08DDB50D175())
  102. Return SetError(2, 0, False)
  103. Else
  104. _S0x47756EC5C5FD73FD84CEA64B25829197($7EA3F329EC056519C6B44D5B56C67BF4[1])
  105. EndIf
  106. EndIf
  107. _S0xA60577F031C8B499DA0DEFE5CE3A8003()
  108. Return True
  109. EndFunc ;==>_Crypt__S0xC8217D78780E72F524EC8E3C8A152959
  110. Func _S0x9A130944BC5ED49CF25A0ABCA629E5FB($02B22F23B39C315A51A9C34E85169CF0, $36B1AD8489BDCDE71CAB1832D9D98905, $0D80EF9D3AB46B8CEAAD8908F022A4EB, $E98169F6C5800EBC810E454C14E4F93B = True)
  111. Local $355B31994C3D5AF204FC3A39293C8ECF
  112. Local $D6F948BD77DF837704932DE0EFDF89C4
  113. Local $1FEB07F98C57EBB486E8D43A0EAA2B46
  114. Local $F6BE7241B22CBE0FD8A6C00CC2D28253
  115. Local $5CD9EFE0DFB53DD11B0F6BC84F859B35
  116. Local $7EA3F329EC056519C6B44D5B56C67BF4
  117. _Crypt__S0xC8217D78780E72F524EC8E3C8A152959()
  118. Do
  119. If $0D80EF9D3AB46B8CEAAD8908F022A4EB <> $1295974546E6E9CA72B1205FD83C6F10 Then
  120. $36B1AD8489BDCDE71CAB1832D9D98905 = _S0xC4FD912398EE22E2D27771CBC8825110($36B1AD8489BDCDE71CAB1832D9D98905, $0D80EF9D3AB46B8CEAAD8908F022A4EB)
  121. If @error Then
  122. $D6F948BD77DF837704932DE0EFDF89C4 = 1
  123. $1FEB07F98C57EBB486E8D43A0EAA2B46 = -1
  124. ExitLoop
  125. EndIf
  126. EndIf
  127. $355B31994C3D5AF204FC3A39293C8ECF = DllStructCreate("byte[" & BinaryLen($02B22F23B39C315A51A9C34E85169CF0) + 1000 & "]")
  128. DllStructSetData($355B31994C3D5AF204FC3A39293C8ECF, 1, $02B22F23B39C315A51A9C34E85169CF0)
  129. $7EA3F329EC056519C6B44D5B56C67BF4 = DllCall(_S0xF3480212E0F51234A3E6D08DDB50D175(), "bool", "CryptDecrypt", "handle", $36B1AD8489BDCDE71CAB1832D9D98905, "handle", 0, "bool", $E98169F6C5800EBC810E454C14E4F93B, "dword", 0, "struct*", $355B31994C3D5AF204FC3A39293C8ECF, "dword*", BinaryLen($02B22F23B39C315A51A9C34E85169CF0))
  130. If @error Or Not $7EA3F329EC056519C6B44D5B56C67BF4[0] Then
  131. $D6F948BD77DF837704932DE0EFDF89C4 = 2
  132. $1FEB07F98C57EBB486E8D43A0EAA2B46 = -1
  133. ExitLoop
  134. EndIf
  135. $5CD9EFE0DFB53DD11B0F6BC84F859B35 = $7EA3F329EC056519C6B44D5B56C67BF4[6]
  136. $F6BE7241B22CBE0FD8A6C00CC2D28253 = DllStructCreate("byte[" & $5CD9EFE0DFB53DD11B0F6BC84F859B35 & "]", DllStructGetPtr($355B31994C3D5AF204FC3A39293C8ECF))
  137. $D6F948BD77DF837704932DE0EFDF89C4 = 0
  138. $1FEB07F98C57EBB486E8D43A0EAA2B46 = DllStructGetData($F6BE7241B22CBE0FD8A6C00CC2D28253, 1)
  139. Until True
  140. Return $1FEB07F98C57EBB486E8D43A0EAA2B46
  141. EndFunc ;==>_S0x9A130944BC5ED49CF25A0ABCA629E5FB
  142.  
  143. Func _S0x6754396CF0678EFE96699CF2AAC9BD57($s_String, $s_Start, $s_End, $v_Case = -1)
  144. Local $s_case = ""
  145. If $v_Case = Default Or $v_Case = -1 Then $s_case = "(?i)"
  146. Local $s_pattern_escape = "(\.|\||\*|\?|\+|\(|\)|\{|\}|\[|\]|\^|\$|\\)"
  147. $s_Start = StringRegExpReplace($s_Start, $s_pattern_escape, "\\$1")
  148. $s_End = StringRegExpReplace($s_End, $s_pattern_escape, "\\$1")
  149. If $s_Start = "" Then $s_Start = "\A"
  150. If $s_End = "" Then $s_End = "\z"
  151. Local $a_ret = StringRegExp($s_String, "(?s)" & $s_case & $s_Start & "(.*?)" & $s_End, 3)
  152. If @error Then Return SetError(1, 0, 0)
  153. Return $a_ret
  154. EndFunc ;==>_S0x6754396CF0678EFE96699CF2AAC9BD57
  155.  
  156. $79E6B6AD0E3929343C8227B45FDD4FFB = IniRead($INIFILE, "Setting", "Keys", '')
  157. ;MsgBox(0,"Keys are",$79E6B6AD0E3929343C8227B45FDD4FFB)
  158.  
  159. $FA39CF41CED8EB2810F4476D567D84F0 = _S0x6754396CF0678EFE96699CF2AAC9BD57(FileRead($INIFILE), "[Data]", "[eData]")
  160. ;MsgBox(0,"eData is",$FA39CF41CED8EB2810F4476D567D84F0)
  161.  
  162. $C53E1AA287D0B74A8A796B2D3DB2DAE2 = $FA39CF41CED8EB2810F4476D567D84F0[0]
  163. $C53E1AA287D0B74A8A796B2D3DB2DAE2 = _S0x9A130944BC5ED49CF25A0ABCA629E5FB($C53E1AA287D0B74A8A796B2D3DB2DAE2, $79E6B6AD0E3929343C8227B45FDD4FFB, 0x00006602)
  164.  
  165. FileWrite($OUTFILE, $C53E1AA287D0B74A8A796B2D3DB2DAE2)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!