D4rkC10ud Posted October 15, 2012 Share Posted October 15, 2012 fun with AutoIt. #include <winapi.au3> $strucGetKernelHandle_x86 = DllStructCreate("char[64]"); $GetKernelHandle_x86 = Chr(0x64)&Chr(0xA1)&Chr(0x30)&Chr(0x0)&Chr(0x0)&Chr(0x0)&Chr(0x8B)&Chr(0x40)&Chr(0x0C)&Chr(0x8B) $GetKernelHandle_x86 &= Chr(0x40)&Chr(0x1c)&Chr(0x8B)&Chr(0x0)&Chr(0x8B)&Chr(0x40)&Chr(0x08)&Chr(0xC3) DllStructSetData($strucGetKernelHandle_x86, 1, $GetKernelHandle_x86) $hKernel32 = _WinAPI_CallWindowProc(DllStructGetPtr($strucGetKernelHandle_x86), 0, 0, 0, 0) MsgBox(0, "Address of Kernel32.dll", Hex($hKernel32)) I precompiled this code for retrieving address of kernel32.dll GetKernelHandle_x86: mov eax, [fs:030h] mov eax, [eax+0ch] mov eax, [eax+01ch] mov eax, [eax] mov eax, [eax+08h] ret Link to comment Share on other sites More sharing options...
legend Posted October 15, 2012 Share Posted October 15, 2012 (edited) $GetKernelHandle_x86 = Chr(0x64)&Chr(0xA1)&Chr(0x30)&Chr(0x0)&Chr(0x0)&Chr(0x0)&Chr(0x8B)&Chr(0x40)&Chr(0x0C)&Chr(0x8B) $GetKernelHandle_x86 &= Chr(0x40)&Chr(0x1c)&Chr(0x8B)&Chr(0x0)&Chr(0x8B)&Chr(0x40)&Chr(0x08)&Chr(0xC3) why are you trying to hide the text...? Edited October 15, 2012 by Melba23 Resized text Link to comment Share on other sites More sharing options...
BrewManNH Posted October 15, 2012 Share Posted October 15, 2012 It doesn't appear the OP is hiding the text, just putting characters in there that don't print out normally. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
guinness Posted October 15, 2012 Share Posted October 15, 2012 legend, It's not hard to find out what is written there, use ConsoleWrite & also please use the default text/size in the future. Thanks. UDF List: _AdapterConnections() • _AlwaysRun() • _AppMon() • _AppMonEx() • _ArrayFilter/_ArrayReduce • _BinaryBin() • _CheckMsgBox() • _CmdLineRaw() • _ContextMenu() • _ConvertLHWebColor()/_ConvertSHWebColor() • _DesktopDimensions() • _DisplayPassword() • _DotNet_Load()/_DotNet_Unload() • _Fibonacci() • _FileCompare() • _FileCompareContents() • _FileNameByHandle() • _FilePrefix/SRE() • _FindInFile() • _GetBackgroundColor()/_SetBackgroundColor() • _GetConrolID() • _GetCtrlClass() • _GetDirectoryFormat() • _GetDriveMediaType() • _GetFilename()/_GetFilenameExt() • _GetHardwareID() • _GetIP() • _GetIP_Country() • _GetOSLanguage() • _GetSavedSource() • _GetStringSize() • _GetSystemPaths() • _GetURLImage() • _GIFImage() • _GoogleWeather() • _GUICtrlCreateGroup() • _GUICtrlListBox_CreateArray() • _GUICtrlListView_CreateArray() • _GUICtrlListView_SaveCSV() • _GUICtrlListView_SaveHTML() • _GUICtrlListView_SaveTxt() • _GUICtrlListView_SaveXML() • _GUICtrlMenu_Recent() • _GUICtrlMenu_SetItemImage() • _GUICtrlTreeView_CreateArray() • _GUIDisable() • _GUIImageList_SetIconFromHandle() • _GUIRegisterMsg() • _GUISetIcon() • _Icon_Clear()/_Icon_Set() • _IdleTime() • _InetGet() • _InetGetGUI() • _InetGetProgress() • _IPDetails() • _IsFileOlder() • _IsGUID() • _IsHex() • _IsPalindrome() • _IsRegKey() • _IsStringRegExp() • _IsSystemDrive() • _IsUPX() • _IsValidType() • _IsWebColor() • _Language() • _Log() • _MicrosoftInternetConnectivity() • _MSDNDataType() • _PathFull/GetRelative/Split() • _PathSplitEx() • _PrintFromArray() • _ProgressSetMarquee() • _ReDim() • _RockPaperScissors()/_RockPaperScissorsLizardSpock() • _ScrollingCredits • _SelfDelete() • _SelfRename() • _SelfUpdate() • _SendTo() • _ShellAll() • _ShellFile() • _ShellFolder() • _SingletonHWID() • _SingletonPID() • _Startup() • _StringCompact() • _StringIsValid() • _StringRegExpMetaCharacters() • _StringReplaceWholeWord() • _StringStripChars() • _Temperature() • _TrialPeriod() • _UKToUSDate()/_USToUKDate() • _WinAPI_Create_CTL_CODE() • _WinAPI_CreateGUID() • _WMIDateStringToDate()/_DateToWMIDateString() • Au3 script parsing • AutoIt Search • AutoIt3 Portable • AutoIt3WrapperToPragma • AutoItWinGetTitle()/AutoItWinSetTitle() • Coding • DirToHTML5 • FileInstallr • FileReadLastChars() • GeoIP database • GUI - Only Close Button • GUI Examples • GUICtrlDeleteImage() • GUICtrlGetBkColor() • GUICtrlGetStyle() • GUIEvents • GUIGetBkColor() • Int_Parse() & Int_TryParse() • IsISBN() • LockFile() • Mapping CtrlIDs • OOP in AutoIt • ParseHeadersToSciTE() • PasswordValid • PasteBin • Posts Per Day • PreExpand • Protect Globals • Queue() • Resource Update • ResourcesEx • SciTE Jump • Settings INI • SHELLHOOK • Shunting-Yard • Signature Creator • Stack() • Stopwatch() • StringAddLF()/StringStripLF() • StringEOLToCRLF() • VSCROLL • WM_COPYDATA • More Examples... Updated: 22/04/2018 Link to comment Share on other sites More sharing options...
D4rkC10ud Posted October 15, 2012 Author Share Posted October 15, 2012 this is not text but shellcode:) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now