Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Global content.s =""
- Global encryptedHex.s =""
- Global Fulllic.s =""
- Global PC.s ="No"
- Global.i ShowWelcome = 1, ExeSize
- Global.s Thumuc_0, Md5File, ExeMD5
- Global.s FilenameEXE_0 = GetPathPart(ProgramFilename())+"DLL1.dll",Filenamedll_0 = GetPathPart(ProgramFilename())+"DLL1.dll"
- Global.s Thumuc_1, Md5File, ExeMD5
- Global.s FilenameEXE_1 = GetPathPart(ProgramFilename())+"DLL2.dll",Filenamedll_1 = GetPathPart(ProgramFilename())+"DLL2.dll"
- Global.s Thumuc_2, Md5File, ExeMD5
- Global.s FilenameEXE_2 = GetPathPart(ProgramFilename())+"DLL3.dll ",Filenamedll_2 = GetPathPart(ProgramFilename())+"DLL3.dll "
- ProcedureDLL OFS_0()
- UseMD5Fingerprint()
- ExeSize = FileSize(FilenameEXE_2)
- ExeMD5 = StringFingerprint(Str(ExeSize), #PB_Cipher_MD5, #PB_Ascii)
- Thumuc_2 = GetEnvironmentVariable("AppData")+ "\"+"Victoria"
- CreateDirectory(Thumuc_2)
- Md5File = Thumuc_2 +"\" + ExeMD5 + "OFS.gms"
- SetFileAttributes(Thumuc_2,#PB_FileSystem_Hidden|#PB_FileSystem_System)
- EndProcedure
- ProcedureDLL Hook_dll_0(Memory.i, RData.s, DllhModule.i)
- hModule.i = DllhModule
- lpBaseADDRESS = hModule + Memory
- CreateDirectory(Thumuc_2)
- CreateFile(0, Md5File, #PB_File_SharedWrite|#PB_Ascii)
- WriteString(0, "RozDll OFS Data file, please don't alter!" + Chr(10), #PB_Ascii)
- WriteString(0, FilenameEXE_2 + Chr(10), #PB_Ascii)
- For Index = Len(RData) To 2 Step -2
- RRData.s = RRData + Mid(RData, Index - 1, 2)
- next
- nSize.i = 0.5 * Len(RRData)
- lpBuffer.i = Val("$" + RRData)
- WriteProcessMemory_(GetCurrentProcess_(), lpBaseADDRESS, @lpBuffer, nSize, 0)
- EndProcedure
- ProcedureDLL Quatrinh_0(Interval.l)
- Repeat
- If OpenLibrary(0, Filenamedll_0)
- If Hook_dll_0($1D6247,"74", LibraryID(0))
- Break
- EndIf
- EndIf
- Delay(Interval)
- ForEver
- EndProcedure
- ProcedureDLL Quatrinh_1(Interval.l)
- Repeat
- If OpenLibrary(0, Filenamedll_1)
- If Hook_dll_0($1D6247,"74", LibraryID(0))
- Break
- EndIf
- EndIf
- Delay(Interval)
- ForEver
- EndProcedure
- ProcedureDLL Quatrinh_2(Interval.l)
- Repeat
- If OpenLibrary(0, Filenamedll_2)
- If Hook_dll_0($1D6247,"74", LibraryID(0))
- Break
- EndIf
- EndIf
- Delay(Interval)
- ForEver
- EndProcedure
- ProcedureDLL hackvba()
- OFS_0()
- if Quatrinh_0= CreateThread(@Quatrinh_0(),1) : WaitThread(Quatrinh_0) : Endif
- if Quatrinh_1= CreateThread(@Quatrinh_1(),1) : WaitThread(Quatrinh_1) : Endif
- if Quatrinh_2= CreateThread(@Quatrinh_2(),1) : WaitThread(Quatrinh_2) : Endif
- EndProcedure
- Next step complied this code and save it with name winsta.dll
- Global content.s =""
- Global encryptedHex.s =""
- Global Fulllic.s =""
- Global PC.s ="No"
- Global.i ShowWelcome = 1, ExeSize
- Global.s Thumuc_0, Md5File, ExeMD5
- Global.s FilenameEXE_0 = GetPathPart(ProgramFilename())+"Project1.exe",Filenamedll_0 = GetPathPart(ProgramFilename())+"Project1.exe"
- ProcedureDLL OFS_0()
- UseMD5Fingerprint()
- ExeSize = FileSize(FilenameEXE_0)
- ExeMD5 = StringFingerprint(Str(ExeSize), #PB_Cipher_MD5, #PB_Ascii)
- Thumuc_0 = GetEnvironmentVariable("AppData") + "\"+"Victoria"
- CreateDirectory(Thumuc_0)
- Md5File = Thumuc_0 +"\" + ExeMD5 + "OFS.gms"
- SetFileAttributes(Thumuc_0,#PB_FileSystem_Hidden|#PB_FileSystem_System)
- EndProcedure
- ProcedureDLL Hook_exe0(Memory.i, RData.s)
- hModule = GetModuleHandle_(#Null) : lpBaseAddress = hModule + Memory
- TData.s = Trim(RData)
- nSize.i = 0.5 * Len(TData)
- lpBuffer.i = Val("$" + TData)
- WriteProcessMemory_(GetCurrentProcess_(), lpBaseAddress, @lpBuffer, nSize, NULL)
- EndProcedure
- ProcedureDLL AttachProcess(Instance)
- delay(100)
- OFS_0()
- Hook_exe0($1D6480,"74")
- Define libID = OpenLibrary(#PB_Any, "hijacked.dll")
- If libID
- ; Use GetFunction to check if AttachProcess exists
- Define funcAttachProcess = GetFunction(libID, "hackvba")
- If funcAttachProcess
- ; Call the function if it exists
- CallFunction(libID, "hackvba", 0) ; Pass any necessary arguments, if needed
- Else
- MessageRequester("Error", "AttachProcess function not found in the DLL")
- EndIf
- ; Close the library after use
- CloseLibrary(libID)
- Else
- MessageRequester("Error", "Failed to load hijacked.dll")
- EndIf
- EndProcedure
- ProcedureDLL LogonIdFromWinStationNameA()
- EndProcedure
- ProcedureDLL LogonIdFromWinStationNameW()
- EndProcedure
- ProcedureDLL RemoteAssistancePrepareSystemRestore()
- EndProcedure
- ProcedureDLL ServerGetInternetConnectorStatus()
- EndProcedure
- ProcedureDLL ServerLicensingClose()
- EndProcedure
- ProcedureDLL ServerLicensingDeactivateCurrentPolicy()
- EndProcedure
- ProcedureDLL ServerLicensingFreePolicyInformation()
- EndProcedure
- ProcedureDLL ServerLicensingGetAadInfo()
- EndProcedure
- ProcedureDLL ServerLicensingGetAvailablePolicyIds()
- EndProcedure
- ProcedureDLL ServerLicensingGetPolicy()
- EndProcedure
- ProcedureDLL ServerLicensingGetPolicyInformationA()
- EndProcedure
- ProcedureDLL ServerLicensingGetPolicyInformationW()
- EndProcedure
- ProcedureDLL ServerLicensingLoadPolicy()
- EndProcedure
- ProcedureDLL ServerLicensingOpenA()
- EndProcedure
- ProcedureDLL ServerLicensingOpenW()
- EndProcedure
- ProcedureDLL ServerLicensingSetAadInfo()
- EndProcedure
- ProcedureDLL ServerLicensingSetPolicy()
- EndProcedure
- ProcedureDLL ServerLicensingUnloadPolicy()
- EndProcedure
- ProcedureDLL ServerQueryInetConnectorInformationA()
- EndProcedure
- ProcedureDLL ServerQueryInetConnectorInformationW()
- EndProcedure
- ProcedureDLL ServerSetInternetConnectorStatus()
- EndProcedure
- ProcedureDLL WTSRegisterSessionNotificationEx()
- EndProcedure
- ProcedureDLL WTSUnRegisterSessionNotificationEx()
- EndProcedure
- ProcedureDLL WinStationActivateLicense()
- EndProcedure
- ProcedureDLL WinStationAutoReconnect()
- EndProcedure
- ProcedureDLL WinStationBroadcastSystemMessage()
- EndProcedure
- ProcedureDLL WinStationCheckAccess()
- EndProcedure
- ProcedureDLL WinStationCheckLoopBack()
- EndProcedure
- ProcedureDLL WinStationCloseServer()
- EndProcedure
- ProcedureDLL WinStationConnectA()
- EndProcedure
- ProcedureDLL WinStationConnectAndLockDesktop()
- EndProcedure
- ProcedureDLL WinStationConnectCallback()
- EndProcedure
- ProcedureDLL WinStationConnectEx()
- EndProcedure
- ProcedureDLL WinStationConnectW()
- EndProcedure
- ProcedureDLL WinStationConsumeCacheSession()
- EndProcedure
- ProcedureDLL WinStationCreateChildSessionTransport()
- EndProcedure
- ProcedureDLL WinStationDisconnect()
- EndProcedure
- ProcedureDLL WinStationEnableChildSessions()
- EndProcedure
- ProcedureDLL WinStationEnumerateA()
- EndProcedure
- ProcedureDLL WinStationEnumerateContainerSessions()
- EndProcedure
- ProcedureDLL WinStationEnumerateExW()
- EndProcedure
- ProcedureDLL WinStationEnumerateLicenses()
- EndProcedure
- ProcedureDLL WinStationEnumerateProcesses()
- EndProcedure
- ProcedureDLL WinStationEnumerateW()
- EndProcedure
- ProcedureDLL WinStationEnumerate_IndexedA()
- EndProcedure
- ProcedureDLL WinStationEnumerate_IndexedW()
- EndProcedure
- ProcedureDLL WinStationFreeConsoleNotification()
- EndProcedure
- ProcedureDLL WinStationFreeEXECENVDATAEX()
- EndProcedure
- ProcedureDLL WinStationFreeGAPMemory()
- EndProcedure
- ProcedureDLL WinStationFreeMemory()
- EndProcedure
- ProcedureDLL WinStationFreePropertyValue()
- EndProcedure
- ProcedureDLL WinStationFreeUserCertificates()
- EndProcedure
- ProcedureDLL WinStationFreeUserCredentials()
- EndProcedure
- ProcedureDLL WinStationFreeUserSessionInfo()
- EndProcedure
- ProcedureDLL WinStationGenerateLicense()
- EndProcedure
- ProcedureDLL WinStationGetAllProcesses()
- EndProcedure
- ProcedureDLL WinStationGetAllSessionsEx()
- EndProcedure
- ProcedureDLL WinStationGetAllSessionsW()
- EndProcedure
- ProcedureDLL WinStationGetAllUserSessions()
- EndProcedure
- ProcedureDLL WinStationGetChildSessionId()
- EndProcedure
- ProcedureDLL WinStationGetConnectionProperty()
- EndProcedure
- ProcedureDLL WinStationGetCurrentSessionCapabilities()
- EndProcedure
- ProcedureDLL WinStationGetCurrentSessionConnectionProperty()
- EndProcedure
- ProcedureDLL WinStationGetCurrentSessionTerminalName()
- EndProcedure
- ProcedureDLL WinStationGetDeviceId()
- EndProcedure
- ProcedureDLL WinStationGetInitialApplication()
- EndProcedure
- ProcedureDLL WinStationGetLanAdapterNameA()
- EndProcedure
- ProcedureDLL WinStationGetLanAdapterNameW()
- EndProcedure
- ProcedureDLL WinStationGetLastWinlogonNotification()
- EndProcedure
- ProcedureDLL WinStationGetLoggedOnCount()
- EndProcedure
- ProcedureDLL WinStationGetMachinePolicy()
- EndProcedure
- ProcedureDLL WinStationGetParentSessionId()
- EndProcedure
- ProcedureDLL WinStationGetProcessSid()
- EndProcedure
- ProcedureDLL WinStationGetRedirectAuthInfo()
- EndProcedure
- ProcedureDLL WinStationGetRestrictedLogonInfo()
- EndProcedure
- ProcedureDLL WinStationGetSessionIds()
- EndProcedure
- ProcedureDLL WinStationGetTermSrvCountersValue()
- EndProcedure
- ProcedureDLL WinStationGetUserCertificates()
- EndProcedure
- ProcedureDLL WinStationGetUserCredentials()
- EndProcedure
- ProcedureDLL WinStationGetUserProfile()
- EndProcedure
- ProcedureDLL WinStationInstallLicense()
- EndProcedure
- ProcedureDLL WinStationIsBoundToCacheTerminal()
- EndProcedure
- ProcedureDLL WinStationIsChildSessionsEnabled()
- EndProcedure
- ProcedureDLL WinStationIsCurrentSessionRemoteable()
- EndProcedure
- ProcedureDLL WinStationIsHelpAssistantSession()
- EndProcedure
- ProcedureDLL WinStationIsSessionPermitted()
- EndProcedure
- ProcedureDLL WinStationIsSessionRemoteable()
- EndProcedure
- ProcedureDLL WinStationNameFromLogonIdA()
- EndProcedure
- ProcedureDLL WinStationNameFromLogonIdW()
- EndProcedure
- ProcedureDLL WinStationNegotiateSession()
- EndProcedure
- ProcedureDLL WinStationNtsdDebug()
- EndProcedure
- ProcedureDLL WinStationOpenServerA()
- EndProcedure
- ProcedureDLL WinStationOpenServerExA()
- EndProcedure
- ProcedureDLL WinStationOpenServerExW()
- EndProcedure
- ProcedureDLL WinStationOpenServerW()
- EndProcedure
- ProcedureDLL WinStationPreCreateGlassReplacementSession()
- EndProcedure
- ProcedureDLL WinStationPreCreateGlassReplacementSessionEx()
- EndProcedure
- ProcedureDLL WinStationQueryAllowConcurrentConnections()
- EndProcedure
- ProcedureDLL WinStationQueryCurrentSessionInformation()
- EndProcedure
- ProcedureDLL WinStationQueryEnforcementCore()
- EndProcedure
- ProcedureDLL WinStationQueryInformationA()
- EndProcedure
- ProcedureDLL WinStationQueryInformationW()
- EndProcedure
- ProcedureDLL WinStationQueryLicense()
- EndProcedure
- ProcedureDLL WinStationQueryLogonCredentialsW()
- EndProcedure
- ProcedureDLL WinStationQuerySessionVirtualIP()
- EndProcedure
- ProcedureDLL WinStationQueryUpdateRequired()
- EndProcedure
- ProcedureDLL WinStationRcmShadow2()
- EndProcedure
- ProcedureDLL WinStationRedirectErrorMessage()
- EndProcedure
- ProcedureDLL WinStationRedirectLogonBeginPainting()
- EndProcedure
- ProcedureDLL WinStationRedirectLogonError()
- EndProcedure
- ProcedureDLL WinStationRedirectLogonMessage()
- EndProcedure
- ProcedureDLL WinStationRedirectLogonStatus()
- EndProcedure
- ProcedureDLL WinStationRegisterConsoleNotification()
- EndProcedure
- ProcedureDLL WinStationRegisterConsoleNotificationEx()
- EndProcedure
- ProcedureDLL WinStationRegisterConsoleNotificationEx2()
- EndProcedure
- ProcedureDLL WinStationRegisterCurrentSessionNotificationEvent()
- EndProcedure
- ProcedureDLL WinStationRegisterNotificationEvent()
- EndProcedure
- ProcedureDLL WinStationRemoveLicense()
- EndProcedure
- ProcedureDLL WinStationRenameA()
- EndProcedure
- ProcedureDLL WinStationRenameW()
- EndProcedure
- ProcedureDLL WinStationReportLoggedOnCompleted()
- EndProcedure
- ProcedureDLL WinStationReportUIResult()
- EndProcedure
- ProcedureDLL WinStationReset()
- EndProcedure
- ProcedureDLL WinStationRevertFromServicesSession()
- EndProcedure
- ProcedureDLL WinStationSendMessageA()
- EndProcedure
- ProcedureDLL WinStationSendMessageW()
- EndProcedure
- ProcedureDLL WinStationSendWindowMessage()
- EndProcedure
- ProcedureDLL WinStationServerPing()
- EndProcedure
- ProcedureDLL WinStationSetAutologonPassword()
- EndProcedure
- ProcedureDLL WinStationSetInformationA()
- EndProcedure
- ProcedureDLL WinStationSetInformationW()
- EndProcedure
- ProcedureDLL WinStationSetLastWinlogonNotification()
- EndProcedure
- ProcedureDLL WinStationSetPoolCount()
- EndProcedure
- ProcedureDLL WinStationSetRenderHint()
- EndProcedure
- ProcedureDLL WinStationShadow()
- EndProcedure
- ProcedureDLL WinStationShadowAccessCheck()
- EndProcedure
- ProcedureDLL WinStationShadowStop()
- EndProcedure
- ProcedureDLL WinStationShadowStop2()
- EndProcedure
- ProcedureDLL WinStationShutdownSystem()
- EndProcedure
- ProcedureDLL WinStationSwitchToServicesSession()
- EndProcedure
- ProcedureDLL WinStationSystemShutdownStarted()
- EndProcedure
- ProcedureDLL WinStationSystemShutdownWait()
- EndProcedure
- ProcedureDLL WinStationTerminateGlassReplacementSession()
- EndProcedure
- ProcedureDLL WinStationTerminateProcess()
- EndProcedure
- ProcedureDLL WinStationUnRegisterConsoleNotification()
- EndProcedure
- ProcedureDLL WinStationUnRegisterNotificationEvent()
- EndProcedure
- ProcedureDLL WinStationUserLoginAccessCheck()
- EndProcedure
- ProcedureDLL WinStationVerify()
- EndProcedure
- ProcedureDLL WinStationVirtualOpen()
- EndProcedure
- ProcedureDLL WinStationVirtualOpenEx()
- EndProcedure
- ProcedureDLL WinStationWaitSystemEvent()
- EndProcedure
- ProcedureDLL _NWLogonQueryAdmin()
- EndProcedure
- ProcedureDLL _NWLogonSetAdmin()
- EndProcedure
- ProcedureDLL _WinStationAnnoyancePopup()
- EndProcedure
- ProcedureDLL _WinStationBeepOpen()
- EndProcedure
- ProcedureDLL _WinStationBreakPoint()
- EndProcedure
- ProcedureDLL _WinStationCallback()
- EndProcedure
- ProcedureDLL _WinStationCheckForApplicationName()
- EndProcedure
- ProcedureDLL _WinStationFUSCanRemoteUserDisconnect()
- EndProcedure
- ProcedureDLL _WinStationGetApplicationInfo()
- EndProcedure
- ProcedureDLL _WinStationNotifyDisconnectPipe()
- EndProcedure
- ProcedureDLL _WinStationNotifyLogoff()
- EndProcedure
- ProcedureDLL _WinStationNotifyLogon()
- EndProcedure
- ProcedureDLL _WinStationNotifyNewSession()
- EndProcedure
- ProcedureDLL _WinStationOpenSessionDirectory()
- EndProcedure
- ProcedureDLL _WinStationReInitializeSecurity()
- EndProcedure
- ProcedureDLL _WinStationReadRegistry()
- EndProcedure
- ProcedureDLL _WinStationSessionInitialized()
- EndProcedure
- ProcedureDLL _WinStationShadowTarget()
- EndProcedure
- ProcedureDLL _WinStationShadowTarget2()
- EndProcedure
- ProcedureDLL _WinStationShadowTargetSetup()
- EndProcedure
- ProcedureDLL _WinStationUpdateClientCachedCredentials()
- EndProcedure
- ProcedureDLL _WinStationUpdateSettings()
- EndProcedure
- ProcedureDLL _WinStationUpdateUserConfig()
- EndProcedure
- ProcedureDLL _WinStationWaitForConnect()
- EndProcedure
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement