Loader By Vb6

[ahmadmansoor]

Hi all

anybody have a Good example on how create a loader useing vb6 ..... i need a real example (code and file).

pls i need help in this .......

and may it include the way on how hook API , put Hw-bp and something like this , it is not problem if it depended on anthor dll file (coded by C++)

pls help

Thanks in adv

[DrPepUr]

This should get ya started.....remember PSC.com can be your friend

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=40478&lngWId=1

[ahmadmansoor]

This should get ya started.....remember PSC.com can be your friend

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=40478&lngWId=1

@dustyh1981 :

First : thanks u very much for ur fast replay , but my friend i am a member in this form too .and i know all file in it .....but realy i don't find any usefull example to create a Loader (i maen real Loader )..which use CreateProcessA & CreateThread & all Api connected with this subject....

and the way to put Hardware Breakpoints in some places in the memory and patch it or patch the EAX or like this...

anyway thanks u for ur example it contain this Function ValHex which is usefull too...

why i need this : because i need it to create tools for patch FingerPrint of arm and make it support for copy memory 2....

pls any some help :it is not problem if the project depended on anthor dll file (coded by C++).

and if u don't like to put it in public form can u PM me pls . and many thanks for all..

ur best friend Ahmadmansoor....

[HVC]

Maybe searching for a debugger source, would serve your purposes better.

The kind of loaders you are describing are specific (or, more correctly specialized) debuggers.

http://web.vip.hr/inga.vip/index.htm

Check the Debuggy source code.

Edited March 5, 2008 by HVC

[ahmadmansoor]

Maybe searching for a debugger source, would serve your purposes better.

The kind of loaders you are describing are specific (or, more correctly specialized) debuggers.

http://web.vip.hr/inga.vip/index.htm

Check the Debuggy source code.

Many thanks for u i have this file .... and it is more complex to understand ...

it is in the same site www.planet-source-code.com it call DebuggerA06...

my friends all i need is example for create loader not Assembler ....

Thanks u for ur replay

[Nieylana]

Hi all

anybody have a Good example on how create a loader useing vb6 ..... i need a real example (code and file).

pls i need help in this .......

and may it include the way on how hook API , put Hw-bp and something like this , it is not problem if it depended on anthor dll file (coded by C++)

pls help

Thanks in adv

look at my WTLoader and source... feel free to use pieces of it

[blaCke]

VB6 is sick why you don't use c++ instead?

[ahmadmansoor]

Hi all

anybody have a Good example on how create a loader useing vb6 ..... i need a real example (code and file).

pls i need help in this .......

and may it include the way on how hook API , put Hw-bp and something like this , it is not problem if it depended on anthor dll file (coded by C++)

pls help

Thanks in adv

look at my WTLoader and source... feel free to use pieces of it

Dear friend Nieylana : where I can find ur WTLoader and source :biggrin: ....and many thanks for ur help ..

and I hope i can help u when the time come :happy: ...

CTf : sorry to tell u that i am not so good in C+++ ..I love C++ but I love VB more ...If there anyway to help me then thanks

Edited December 5, 2008 by ahmadmansoor

[Nieylana]

it's in the Tools of Trade section

[Apakekdah]

1 year ago i did create tuts how to writing loader, but language in indonesian...

and i was learn this from Shub tut's... so thx to him

here you go :

Loader.rar

hope this is what you want.

[Jatt]

actually i m also looking for something like that , which can

pause procees

patch bytes

resume again

with no possibility of failing in patching bytes

dont know any coding , plz guide how i can do it easily ,

u can send me private things via pm

Thanks alot

[Nieylana]

without programming skills, ur out of luck mate

[lucasjockey]

Option ExplicitPrivate Type STARTUPINFO
	cb As Long
	lpReserved As String
	lpDesktop As String
	lpTitle As String
	dwX As Long
	dwY As Long
	dwXSize As Long
	dwYSize As Long
	dwXCountChars As Long
	dwYCountChars As Long
	dwFillAttribute As Long
	dwFlags As Long
	wShowWindo As Integer
	cbReserved2 As Integer
	lpReserved2 As Byte
	hStdInput As Long
	hStdOutput As Long
	hStdError As Long
End TypePrivate Type PROCESS_INFORMATION
	hProcess As Long
	hThread As Long
	dwProcessId As Long
	dwThreadId As Long
End TypePrivate Const pointer = &HA378D8
Private Const STATUS_PENDING = &H103&
Private Const PROCESS_QUERY_INFORMATION = &H400
Private Const NORMAL_PRIORITY_CLASS = &H20&
Private Const HIGH_PRIORITY_CLASS = &H80&
Private Const GWL_WNDPROC = (-4)	Private pInfo As PROCESS_INFORMATION
	Private sInfo As STARTUPINFO
	Private sNull As StringPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Long, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As LongPrivate Declare Function CreateProcess Lib "kernel32" Alias "CreateProcessA" (ByVal lpApplicationName As String, ByVal lpCommandLine As String, lpProcessAttributes As Any, lpThreadAttributes As Any, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, lpEnvironment As Any, ByVal lpCurrentDriectory As String, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
Public Function MC2(file As String)
Dim ProcExecS As Long
ProcExecS = CreateProcess(file, ByVal 0&, ByVal 0&, ByVal 0&, 1&, NORMAL_PRIORITY_CLASS, ByVal 0&, sNull, sInfo, pInfo)
If ProcExecS Then
WriteProcessMemory pInfo.hProcess, &H42874C, &H57EB, 2, 0&
WriteProcessMemory pInfo.hProcess, &H4287B6, &H57EB, 2, 0&
CloseHandle pInfo.hProcess
End If
End Function

For VB ;D

[ahmadmansoor]

@lucasjockey , Apakekdah : First many thanks for ur help but my friend the problem not just write this line of code because we have pass this (i am writting an engine like a debugger ) ...but I miss some thing like this :

HW-BP in VB6.0 . if anyone could write a Function for it .or anybody have a dll file contain a function for that .

make page guard to hunt OEP .

options to Hide debugger.

thats all ....if anybody could help in this

I like VB6.0 and its easy to code .... ..just thats

Edited December 15, 2008 by ahmadmansoor

[Apakekdah]

oh... i see...

ap0x was create a plugin to create an unpacker...

like some stuff like breakpoint...

try to check out from he site...

[0xFF]

Right now i have no time to write you an example, but i will give you the steps you take:

CreateProcess() -> CloseHandle() [hThread] -> WriteProcessMemory() [hProcess] -> CloseHandle() [hProcess];

hThread and hProcess are in the PROCESS_INFORMATION structure when you used CreateProcess to fill it in.

Edit: The buffer you write contains the information you're going to write, could be a single BYTE or an array of a kind, and the address should be a pointer to integer if i'm not mastiking, and.... the lpNumberOfBytesToWrite parameter should be the size of the buffer (in BYTES), so use sizeof() macro, i hope this helped you.

Edited December 16, 2008 by Rot1

[ahmadmansoor]

@Apakekdah:many thanks I have try ap0x engine ...but not wrok for me ...and I connect ap0x ...and he say that he will put an example in VB6.0 soon ...when I don't know ..hope he will remmber

@Rot1 : the step I know it ....put do it ,this is the problem ...hope u could it ....many thanks

[0xFF]

@Apakekdah:many thanks I have try ap0x engine ...but not wrok for me ...and I connect ap0x ...and he say that he will put an example in VB6.0 soon ...when I don't know ..hope he will remmber

@Rot1 : the step I know it ....put do it ,this is the problem ...hope u could it ....many thanks

Remember i promised you an example ? here it is... (Delphi, i recommend you learning Delphi instead of VB):

var 
 pi: TProcessInformation; //PROCESS_INFORMATION structure
 si: TStartupInfo; // STARTUP_INFO structure
const
  buffer: array[0..2] of byte = ($90, $90);
begin
 if not CreateProcess( 'lol.exe ', .... , si, pi ) then
  begin
   ShowMessageFmt( 'Error @ CreateProcess: %d', [GetLastError] ); //Dialogs
   Exit; //Exit from the procedure
  end; WriteProcessMemory(pi.hProcess, Ptr($00578B12), buffer, sizeof(buffer), ... );
 CloseHandle(pi.hThread);
 CloseHandle(pi.hProcess); //when you finish with it.
end;

place that code in a button or w.e

this example will write 2 nop's @ 00578B12 (random address)

[ahmadmansoor]

My friend I am talk about HW-BP (Hradware break Piont ) this what I want ...not CreateProcess ....and do some else stuf ....my word is very clear I think

this is what I want :

HW-BP in VB6.0 . if anyone could write a Function for it .or anybody have a dll file contain a function for that .

make page guard to hunt OEP .

options to Hide debugger.

not else ..anyway many thanks

Edited December 17, 2008 by ahmadmansoor

[0xFF]

My friend I am talk about HW-BP (Hradware break Piont ) this what I want ...not CreateProcess ....and do some else stuf ....my word is very clear I think

this is what I want :

HW-BP in VB6.0 . if anyone could write a Function for it .or anybody have a dll file contain a function for that .

make page guard to hunt OEP .

options to Hide debugger.

not else ..anyway many thanks

to hide your debugger, i would suggest hooking IsDebuggerPresent(), and about set HW-BP, SetThreadContext()

[Killboy]

ahmad:

read up on MSDN, it gives a great understanding of how to code a debugger.

you'll need a debug loop (look up WaitForDebugEvent, should link to most APIs, structs etc.) to set and catch hardware breakpoints

google for drizzt's debug engine, it's got great code for setting the debug regs and conditions, also memory breakpoints (pageguard)

yes, it is written in masm.

yes, you gotta do something yourself.

heck, you just gotta convert it to VB, you dont have to look up DR7 flags in the intel manuals

if you dont put that minimum effort into it, i'm afraid it's never gonna work out...

...or just wait for ap0x to finish his SDK, that's easier ofc

[0xFF]

ahmad:

read up on MSDN, it gives a great understanding of how to code a debugger.

you'll need a debug loop (look up WaitForDebugEvent, should link to most APIs, structs etc.) to set and catch hardware breakpoints

google for drizzt's debug engine, it's got great code for setting the debug regs and conditions, also memory breakpoints (pageguard)

yes, it is written in masm.

yes, you gotta do something yourself.

heck, you just gotta convert it to VB, you dont have to look up DR7 flags in the intel manuals

if you dont put that minimum effort into it, i'm afraid it's never gonna work out...

...or just wait for ap0x to finish his SDK, that's easier ofc

That person just wants to get spoon feed, he's not trying to study himself a little.

[atom0s]

That person just wants to get spoon feed, he's not trying to study himself a little.

You have little to no room to talk with what you have done in your past.

@Ahmad:

You can find some fairly decent debuggers over at:

http://planetsourcecode.com/

Can't say how in-depth they go for things such as hardware breakpoints but heres a few that might be useful:

http://planetsourcecode.com/vb/scripts/Sho...22&lngWId=1

http://planetsourcecode.com/vb/scripts/Sho...32&lngWId=1