VB6 ftw

[ookamocka]

Quote:

Originally Posted by bugaboo

that's better than all jumping as a massive bunch, but still looks like a choo choo train... not something you normally see in game.

then try...

a -> c -> e
b -> c
d -> e

all at different delays... or something like that, ne thing to make it look random

[lazlo]

If you watch the archers plvl in BI, you almost always see one noob on follow. why not make one of them imitate the normal follow by running to the location instead of jumping, unless you are simply after speed. If you are going for realisitic this would go far.

[Real~Death]

this a trojan or what?avg free says so(avg gives a lot of false positives i know)but why hasswnt anyone said anything or cllosed the thread.if you actualy did get asm to work in vb6 id love to see the source

[ookamocka]

Quote:

Originally Posted by Real~Death

this a trojan or what?avg free says so(avg gives a lot of false positives i know)but why hasswnt anyone said anything or cllosed the thread.if you actualy did get asm to work in vb6 id love to see the source

because this is legit and those are false positives, i've seen the source code myself AND i've seen it done in AutoIt, i know cuz i'm using it for AutoIt for a bot i've already made right now :-P . . .

[Real~Death]

vb6 usaualy dossent dive false pos.maby its the packer giving it?
"Trojan horse BackDoor.Hupigon5.FVI";"Infected"

btw-nothin aginst IAmHawtness i just find it suspious

[ookamocka]

Quote:

Originally Posted by Real~Death

vb6 usaualy dossent dive false pos.maby its the packer giving it?
"Trojan horse BackDoor.Hupigon5.FVI";"Infected"

btw-nothin aginst IAmHawtness i just find it suspious

vb6 usually doesn't play around w/ asm either... maybe that brought up the false positive? :-P

[Real~Death]

Quote:

Originally Posted by ookamocka

vb6 usually doesn't play around w/ asm either... maybe that brought up the false positive? :-P

well i take back what i said,i just reinstalled vb6 and made a few simple apps and seems all came up as trojans.....sorry for the mistake

[IAmHawtness]

Quote:

Originally Posted by Real~Death

well i take back what i said,i just reinstalled vb6 and made a few simple apps and seems all came up as trojans.....sorry for the mistake

Yeah, I don't really know what's causing the backdoor, but it's safe. I'll send the source code to you if you want.

[high6]

Btw, that clsASM class is extremely unsafe.

RThwnd = CreateRemoteThread(h, ByVal 0&, 0, ByVal tmp_Addr, ByVal 0&, ByVal 0&, ByVal 0&)
VirtualFreeEx h, tmp_Addr, UBound(AsmCode) + 1, MEM_RELEASE

You are executing the code and then right away trying to free it.

[IAmHawtness]

Quote:

Originally Posted by high6

Btw, that clsASM class is extremely unsafe.

RThwnd = CreateRemoteThread(h, ByVal 0&, 0, ByVal tmp_Addr, ByVal 0&, ByVal 0&, ByVal 0&)
VirtualFreeEx h, tmp_Addr, UBound(AsmCode) + 1, MEM_RELEASE

You are executing the code and then right away trying to free it.

Every single example I've seen with code injection, be it C#, Visual Basic, C++, etc., have all done it in a similar way. I don't see what's so bad about releasing the memory after it's been executed. It's not needed anymore anyways? :s

[high6]

Quote:

Originally Posted by IAmHawtness

Every single example I've seen with code injection, be it C#, Visual Basic, C++, etc., have all done it in a similar way. I don't see what's so bad about releasing the memory after it's been executed. It's not needed anymore anyways? :s

I am not arguing that. I am saying, you are trying to free it while it is executing...

Google WaitForSingleObject.

Not sure exactly what happens but I am guessing it doesn't free the memory because it is in use. Try calling GetLastError and see what it gives.

[IAmHawtness]

Quote:

Originally Posted by high6

I am not arguing that. I am saying, you are trying to free it while it is executing...

Google WaitForSingleObject.

Not sure exactly what happens but I am guessing it doesn't free the memory because it is in use. Try calling GetLastError and see what it gives.

Okay, I can see that you're right now. It returns error 87.

However, if I use this:

Code:

VirtualFreeEx h, tmp_Addr, UBound(AsmCode) + 1, MEM_DECOMMIT
VirtualFreeEx h, tmp_Addr, UBound(AsmCode) + 1, MEM_RELEASE

Instead of MEM_RELEASE only, it doesn't return any error at all.

[high6]

Quote:

Originally Posted by IAmHawtness

Okay, I can see that you're right now. It returns error 87.

However, if I use this:

Code:

VirtualFreeEx h, tmp_Addr, UBound(AsmCode) + 1, MEM_DECOMMIT
VirtualFreeEx h, tmp_Addr, UBound(AsmCode) + 1, MEM_RELEASE

Instead of MEM_RELEASE only, it doesn't return any error at all.

Says to not use them together.

Either way, not returning an error doesn't mean it is safe...

[IAmHawtness]

Quote:

Originally Posted by high6

Says to not use them together.

Either way, not returning an error doesn't mean it is safe...

Okay, weird 'cause it works just fine.

This works, too, though:

Code:

Do
Ret = WaitForSingleObject(RThwnd, 100)
DoEvents
Loop Until Ret <> WAIT_TIMEOUT

VirtualFreeEx h, ByVal tmp_Addr, 0, ByVal MEM_RELEASE

So since the msdn says not to use MEM_DECOMMIT and MEM_RELEASE together, I guess I should stick to the above code.

[clintonselke]

Quote:

Originally Posted by IAmHawtness

Okay, weird 'cause it works just fine.

This works, too, though:

Code:

Do
Ret = WaitForSingleObject(RThwnd, 100)
DoEvents
Loop Until Ret <> WAIT_TIMEOUT

VirtualFreeEx h, ByVal tmp_Addr, 0, ByVal MEM_RELEASE

So since the msdn says not to use MEM_DECOMMIT and MEM_RELEASE together, I guess I should stick to the above code.

I wouldn't use WAIT_TIMEOUT, i would use WAIT_OBJECT_0, bcuz timeout is just ur 100 ms (even though i would dout it would take longer than 100ms to execute the code).

Also i'd just use the following by itself as u have
VirtualFreeEx h, ByVal tmp_Addr, 0, ByVal MEM_RELEASE

in my code i use 1000 ms, and doesn't delay for that long. Just delays for the time it takes for ur remote thread to terminate.