Download: http://www.sendspace.com/file/q4y5ez
Description: You can now use over 200 native calls, without needing to import any outside function! View source code for a live demo with NtTerminateProcess being used.
The library supports all service packs for the following platforms (X86 and X86-64 alike):
- Windows NT 4.X
- Windows 2000 (Server/Workstation)
- Windows XP
- Windows 2003 Server
- Windows Vista
- Windows 2008 Server
- Windows 7 RC2
EDIT: Bugfix added.
Last edited by Guy; 18-08-09 at 05:04 PM.
ugh make a desc. for newbz cuz they dunno sh!t about this (me neither lol) :D
--edit--
oohdamn i see there IS a description xD
Still don't know what this is for though :P
Last edited by Aimed; 17-08-09 at 03:21 AM.
Obfuscation trick:
In this sample, Function X appears to be (For most disassemblers):Code:FunctionY PROC ADD ESP, 4 LEA EDX, [ESP + 4] MOV ECX, FunctionX ADD ECX, 1 JMP ECX FunctionY FunctionX PROC DB 233 DB 205 DB 226 DB 4 DB 0 RETN FunctionX ENDP
However, thanks to the way it's accessed, it is actually:Code:JMP 0044F3ED RETN
This is fairly straight forward to integrate; feel free!Code:INT 0x2E ADD AL, 0 RETN
I shall, be translating this =P
Baha; I forgot to mention the syscalls added were for Windows 7RC2, not RTM :(Originally Posted by ThievingSix
Reply With Quote