Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <DllImport("kernel32.dll")>
- Public Shared Function GetModuleHandle(ByVal lpModuleName As String) As IntPtr
- End Function
- <DllImport("kernel32.dll")>
- Public Shared Function VirtualProtect(ByVal lpAddress As IntPtr, ByVal dwSize As UIntPtr, ByVal flNewProtect As UInt32, <Out()> ByRef lpflOldProtect As UInt32) As Boolean
- End Function
- <DllImport("kernel32.dll")>
- Public Shared Sub ZeroMemory(ByVal addr As IntPtr, ByVal size As IntPtr)
- End Sub
- Public Sub EraseHeader()
- Dim PAGE_READWRITE As UInt32 = 4
- Dim OldPageProtect As UInt32 = 0
- Dim pBaseAddress As IntPtr = GetModuleHandle(Nothing)
- VirtualProtect(pBaseAddress, 4096, PAGE_READWRITE, OldPageProtect)
- ZeroMemory(pBaseAddress, 4096)
- End Sub
- Public Sub AntiDump()
- Try
- Dim x(0) As Process
- x(0) = Process.GetCurrentProcess
- Dim dwOld As UInteger = 0
- Dim wNumberOfSections As Integer = 0
- Dim dwPEHeader As Integer = 0
- Dim SectionTableOffset As Integer = 0
- Dim ModuleBaseAddr As Integer = Process.GetCurrentProcess.MainModule.BaseAddress
- Dim PEHeaderDwords() As Integer = {&H0, &H8, &HC, &H10, &H16, &H1C, &H20, &H28, &H2C, &H34, &H3C, &H4C, &H50, &H54, &H58, &H60, &H64, &H68, &H6C, &H70, &H74, &H104, &H108, &H10C, &H110, &H114, &H11C}
- Dim SectionTableDwords() As Integer = {&H8, &HC, &H10, &H14, &H18, &H1C, &H24}
- Dim SectionTableWords() As Integer = {&H20}
- Dim PEHeaderWords() As Integer = {&H4, &H16, &H18, &H40, &H42, &H44, &H46, &H48, &H4A, &H4C, &H5C, &H5E}
- Dim PEHeaderBytes() As Integer = {&H1A, &H1B}
- SectionTableOffset = dwPEHeader + &HFA
- VirtualProtect(ModuleBaseAddr, 30, &H40, dwOld)
- ZeroMemory(ModuleBaseAddr, 30)
- VirtualProtect(ModuleBaseAddr, 30, dwOld, Nothing)
- For Each c As Integer In PEHeaderDwords
- VirtualProtect((ModuleBaseAddr + dwPEHeader) + c, 4, &H40, dwOld)
- ZeroMemory((ModuleBaseAddr + dwPEHeader) + c, 4)
- VirtualProtect((ModuleBaseAddr + dwPEHeader) + c, 4, dwOld, Nothing)
- Next
- For Each c As Integer In PEHeaderWords
- VirtualProtect((ModuleBaseAddr + dwPEHeader) + c, 2, &H40, dwOld)
- ZeroMemory((ModuleBaseAddr + dwPEHeader) + c, 2)
- VirtualProtect((ModuleBaseAddr + dwPEHeader) + c, 2, dwOld, Nothing)
- Next
- For Each c As Integer In PEHeaderBytes
- VirtualProtect((ModuleBaseAddr + dwPEHeader) + c, 1, &H40, dwOld)
- ZeroMemory((ModuleBaseAddr + dwPEHeader) + c, 1)
- VirtualProtect((ModuleBaseAddr + dwPEHeader) + c, 1, dwOld, Nothing)
- Next
- Dim i As Integer = 0
- Dim i2 As Integer = 0
- While i <= wNumberOfSections
- If i2 = 0 Then
- VirtualProtect((ModuleBaseAddr + dwPEHeader + &HFA + (&H28 * i)) + SectionTableWords(0), 2, &H40, dwOld)
- ZeroMemory((ModuleBaseAddr + dwPEHeader + &HFA + (&H28 * i)) + SectionTableWords(0), 2)
- VirtualProtect((ModuleBaseAddr + dwPEHeader + &HFA + (&H28 * i)) + SectionTableWords(0), 2, dwOld, Nothing)
- End If
- VirtualProtect((ModuleBaseAddr + dwPEHeader + &HFA + (&H28 * i)) + SectionTableDwords(i2), 4, &H40, dwOld)
- ZeroMemory((ModuleBaseAddr + dwPEHeader + &HFA + (&H28 * i2)) + SectionTableDwords(i2), 4)
- VirtualProtect((ModuleBaseAddr + dwPEHeader + &HFA + (&H28 * i)) + SectionTableDwords(i2), 4, dwOld, Nothing)
- i2 += 1
- If i2 = SectionTableDwords.Length Then
- i += 1
- i2 = 0
- End If
- End While
- Catch ex As Exception
- 'Get error
- End Try
- End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement