VB6 ftw

Page 3 of 4 12 3 4
05/14/2009 01:40 ookamocka#31
Quote:
Originally Posted by bugaboo View Post
that's better than all jumping as a massive bunch, but still looks like a choo choo train... not something you normally see in game.
then try...

a -> c -> e
b -> c
d -> e

all at different delays... or something like that, ne thing to make it look random :)
05/14/2009 15:28 lazlo#32
If you watch the archers plvl in BI, you almost always see one noob on follow. why not make one of them imitate the normal follow by running to the location instead of jumping, unless you are simply after speed. If you are going for realisitic this would go far.
05/18/2009 18:00 Real~Death#33
this a trojan or what?avg free says so(avg gives a lot of false positives i know)but why hasswnt anyone said anything or cllosed the thread.if you actualy did get asm to work in vb6 id love to see the source
05/18/2009 18:32 ookamocka#34
Quote:
Originally Posted by Real~Death View Post
this a trojan or what?avg free says so(avg gives a lot of false positives i know)but why hasswnt anyone said anything or cllosed the thread.if you actualy did get asm to work in vb6 id love to see the source
because this is legit and those are false positives, i've seen the source code myself AND i've seen it done in AutoIt, i know cuz i'm using it for AutoIt for a bot i've already made right now :-P . . .
05/18/2009 18:48 Real~Death#35
vb6 usaualy dossent dive false pos.maby its the packer giving it?
"Trojan horse BackDoor.Hupigon5.FVI";"Infected"

btw-nothin aginst IAmHawtness i just find it suspious
05/18/2009 20:00 ookamocka#36
Quote:
Originally Posted by Real~Death View Post
vb6 usaualy dossent dive false pos.maby its the packer giving it?
"Trojan horse BackDoor.Hupigon5.FVI";"Infected"

btw-nothin aginst IAmHawtness i just find it suspious
vb6 usually doesn't play around w/ asm either... maybe that brought up the false positive? :-P
05/18/2009 20:04 Real~Death#37
Quote:
Originally Posted by ookamocka View Post
vb6 usually doesn't play around w/ asm either... maybe that brought up the false positive? :-P
well i take back what i said,i just reinstalled vb6 and made a few simple apps and seems all came up as trojans.....sorry for the mistake
05/18/2009 21:15 IAmHawtness#38
Quote:
Originally Posted by Real~Death View Post
well i take back what i said,i just reinstalled vb6 and made a few simple apps and seems all came up as trojans.....sorry for the mistake
Yeah, I don't really know what's causing the backdoor, but it's safe. I'll send the source code to you if you want.
05/18/2009 23:45 high6#39
Btw, that clsASM class is extremely unsafe.

RThwnd = CreateRemoteThread(h, ByVal 0&, 0, ByVal tmp_Addr, ByVal 0&, ByVal 0&, ByVal 0&)
VirtualFreeEx h, tmp_Addr, UBound(AsmCode) + 1, MEM_RELEASE

You are executing the code and then right away trying to free it.
05/19/2009 10:09 IAmHawtness#40
Quote:
Originally Posted by high6 View Post
Btw, that clsASM class is extremely unsafe.

RThwnd = CreateRemoteThread(h, ByVal 0&, 0, ByVal tmp_Addr, ByVal 0&, ByVal 0&, ByVal 0&)
VirtualFreeEx h, tmp_Addr, UBound(AsmCode) + 1, MEM_RELEASE

You are executing the code and then right away trying to free it.
Every single example I've seen with code injection, be it C#, Visual Basic, C++, etc., have all done it in a similar way. I don't see what's so bad about releasing the memory after it's been executed. It's not needed anymore anyways? :s
05/19/2009 10:13 high6#41
Quote:
Originally Posted by IAmHawtness View Post
Every single example I've seen with code injection, be it C#, Visual Basic, C++, etc., have all done it in a similar way. I don't see what's so bad about releasing the memory after it's been executed. It's not needed anymore anyways? :s
I am not arguing that. I am saying, you are trying to free it while it is executing...

Google WaitForSingleObject.

Not sure exactly what happens but I am guessing it doesn't free the memory because it is in use. Try calling GetLastError and see what it gives.
05/19/2009 10:48 IAmHawtness#42
Quote:
Originally Posted by high6 View Post
I am not arguing that. I am saying, you are trying to free it while it is executing...

Google WaitForSingleObject.

Not sure exactly what happens but I am guessing it doesn't free the memory because it is in use. Try calling GetLastError and see what it gives.
Okay, I can see that you're right now. It returns error 87.

However, if I use this:

Code:
VirtualFreeEx h, tmp_Addr, UBound(AsmCode) + 1, MEM_DECOMMIT
VirtualFreeEx h, tmp_Addr, UBound(AsmCode) + 1, MEM_RELEASE
Instead of MEM_RELEASE only, it doesn't return any error at all.
05/19/2009 11:53 high6#43
Quote:
Originally Posted by IAmHawtness View Post
Okay, I can see that you're right now. It returns error 87.

However, if I use this:

Code:
VirtualFreeEx h, tmp_Addr, UBound(AsmCode) + 1, MEM_DECOMMIT
VirtualFreeEx h, tmp_Addr, UBound(AsmCode) + 1, MEM_RELEASE
Instead of MEM_RELEASE only, it doesn't return any error at all.
[Only registered and activated users can see links. Click Here To Register...]

Says to not use them together.

Either way, not returning an error doesn't mean it is safe...
05/19/2009 12:11 IAmHawtness#44
Quote:
Originally Posted by high6 View Post
[Only registered and activated users can see links. Click Here To Register...]

Says to not use them together.

Either way, not returning an error doesn't mean it is safe...
Okay, weird 'cause it works just fine.

This works, too, though:

Code:
Do
Ret = WaitForSingleObject(RThwnd, 100)
DoEvents
Loop Until Ret <> WAIT_TIMEOUT

VirtualFreeEx h, ByVal tmp_Addr, 0, ByVal MEM_RELEASE
So since the msdn says not to use MEM_DECOMMIT and MEM_RELEASE together, I guess I should stick to the above code.
05/19/2009 12:42 clintonselke#45
Quote:
Originally Posted by IAmHawtness View Post
Okay, weird 'cause it works just fine.

This works, too, though:

Code:
Do
Ret = WaitForSingleObject(RThwnd, 100)
DoEvents
Loop Until Ret <> WAIT_TIMEOUT

VirtualFreeEx h, ByVal tmp_Addr, 0, ByVal MEM_RELEASE
So since the msdn says not to use MEM_DECOMMIT and MEM_RELEASE together, I guess I should stick to the above code.
I wouldn't use WAIT_TIMEOUT, i would use WAIT_OBJECT_0, bcuz timeout is just ur 100 ms (even though i would dout it would take longer than 100ms to execute the code).

Also i'd just use the following by itself as u have
VirtualFreeEx h, ByVal tmp_Addr, 0, ByVal MEM_RELEASE

in my code i use 1000 ms, and doesn't delay for that long. Just delays for the time it takes for ur remote thread to terminate.
Page 3 of 4 12 3 4