회원ouxG3XZunit BADY; interface uses Windows, AddressClass, MemoryUnit, SysUtils; var BodyAlloc: Array [0 .. 2] of DWORD; BodyAddr: Array [0 .. 3] of DWORD; function BodySet1: Boolean; function BodySetValue1(Value: Single): Boolean; implementation function BodySet1: Boolean; var i: Integer; MBI: Memory_Basic_Information; PtrSize: DWORD; ReadBuf: Array [0 .. $3000] of Byte; begin try for i := 0 to 2 do BodyAlloc[i] := DWORD(VirtualAllocEx(hProcess, nil, $3000, MEM_COMMIT, PAGE_EXECUTE_READWRITE)); BodyAddr[0] := RPM4Byte(CShell + Body); BodyAddr[1] := RPM4Byte(BodyAddr[0] + $2448); BodyAddr[2] := RPM4Byte(BodyAddr[1] + $4); for i := 0 to 2 do begin VirtualQueryEx(hProcess, ptr(BodyAddr[i]), MBI, SizeOf(MBI)); PtrSize := MBI.RegionSize - (BodyAddr[i] - DWORD(MBI.BaseAddress)); if PtrSize >= $3000 then PtrSize := $3000; ReadProcessMemory(hProcess, ptr(BodyAddr[i]), @ReadBuf, PtrSize, PNativeUInt(nil)^); WriteProcessMemory(hProcess, ptr(BodyAlloc[i]), @ReadBuf, PtrSize, PNativeUInt(nil)^); PtrSize := 0; ZeroMemory(@ReadBuf, SizeOf(ReadBuf)); end; WPM4Byte(CShell + Body, BodyAlloc[0]); WPM4Byte(BodyAlloc[0] + $2448, BodyAlloc[1]); WPM4Byte(BodyAlloc[1] + $4, BodyAlloc[2]); Result := True; except Result := False; end; end; function BodySetValue1(Value: Single): Boolean; begin try PBYTE(@Value)^ := PBYTE(@Value)^ xor $3A; PBYTE(Pointer(DWORD(@Value) + 3))^ := PBYTE(Pointer(DWORD(@Value) + 3))^ xor $B8; WPM4Byte(BodyAlloc[2] + $660, PDWORD(@Value)^); except end; end; end.2022.10.28 14:22
댓글8
꾸준히 거래하면서 소스 파실 실력자분 구해요.. ㅠㅠ
디코 보십숑
뭐노 이 사기꾼 년은 ㅋㅋ
unit BADY;
interface
uses
Windows, AddressClass, MemoryUnit, SysUtils;
var
BodyAlloc: Array [0 .. 2] of DWORD;
BodyAddr: Array [0 .. 3] of DWORD;
function BodySet1: Boolean;
function BodySetValue1(Value: Single): Boolean;
implementation
function BodySet1: Boolean;
var
i: Integer;
MBI: Memory_Basic_Information;
PtrSize: DWORD;
ReadBuf: Array [0 .. $3000] of Byte;
begin
try
for i := 0 to 2 do
BodyAlloc[i] := DWORD(VirtualAllocEx(hProcess, nil, $3000, MEM_COMMIT, PAGE_EXECUTE_READWRITE));
BodyAddr[0] := RPM4Byte(CShell + Body);
BodyAddr[1] := RPM4Byte(BodyAddr[0] + $2448);
BodyAddr[2] := RPM4Byte(BodyAddr[1] + $4);
for i := 0 to 2 do
begin
VirtualQueryEx(hProcess, ptr(BodyAddr[i]), MBI, SizeOf(MBI));
PtrSize := MBI.RegionSize - (BodyAddr[i] - DWORD(MBI.BaseAddress));
if PtrSize >= $3000 then
PtrSize := $3000;
ReadProcessMemory(hProcess, ptr(BodyAddr[i]), @ReadBuf, PtrSize, PNativeUInt(nil)^);
WriteProcessMemory(hProcess, ptr(BodyAlloc[i]), @ReadBuf, PtrSize, PNativeUInt(nil)^);
PtrSize := 0;
ZeroMemory(@ReadBuf, SizeOf(ReadBuf));
end;
WPM4Byte(CShell + Body, BodyAlloc[0]);
WPM4Byte(BodyAlloc[0] + $2448, BodyAlloc[1]);
WPM4Byte(BodyAlloc[1] + $4, BodyAlloc[2]);
Result := True;
except
Result := False;
end;
end;
function BodySetValue1(Value: Single): Boolean;
begin
try
PBYTE(@Value)^ := PBYTE(@Value)^ xor $3A;
PBYTE(Pointer(DWORD(@Value) + 3))^ := PBYTE(Pointer(DWORD(@Value) + 3))^ xor $B8;
WPM4Byte(BodyAlloc[2] + $660, PDWORD(@Value)^);
except
end;
end;
end.
델판가
개 널린 소스 올려서 뭐 함,,
디코 아이디 뭔가요?
일챗 확인해주세요