AdvanceVB

Last month I purchased a better host (the one I have right now is provided for free for a friend) so I was thinking on expand the blog to something better, maybe adding some other sections (ASM, C++ and so on) Im not planning to cover everything but I myself use some C++ and ASM and I know several users does too so I though It’ll be a good idea, plus some services like a pastebin, file upload and so.

I personally dont have much time in my hands so I want to listen from you guys if its worth it or not. I know the blog by itself have a pretty decent amount of regular visitors so I would like to hear your opinion (pros, cons, ideas, etc).

Folks I’m in the process of moving out, I already drove from Miami to California (about 44 hs) and I still have to fly back to Argentina so I’m not gonna be really active for the next couple weeks at least. meanwhile Karcrak has been releasing some amazing stuff and I know he have a really interesting tuto too, so stay tunned and  have fun =D

Im a happy mofucka!!!! Yeah some good bands in town =D

I’ve seen so many posts from ppl complaining about CopyMemory, vbaCopyBytes and so on being dettected by Avira and some other AVs but there are many more APIs to do the same.

Here is a simple example, moving 4 bytes using lstrcpynW, more than enough to patch an address and do whatever we want.

Private Declare Function lstrcpynW Lib “kernel32″ (ByVal lDstVal As Long, ByVal lSrcVal As Long, ByVal iMaxLength As Long) As Long

Private Sub Form_Load()
Dim lSource As Long
Dim lDst As Long

lDst = 0
lSource = 123
lstrcpynW VarPtr(lDst), VarPtr(lSource), 4
Debug.Print lSource = lDst

End Sub

Im not working on this anymore so, here it goes, its a multi-thread module, no ocx, dlls, timers or anything like that just API and black magic. Its 100% stable when compiled. Tested on W7. Im not taking full credit for this, I did coded it but is entirely based on a source that ntaryl gave me a week ago (I guess is from vbgood, but no author name was included)

OK,  the author is izero from slovakia.  =D

Download

Im reposting this here cause Ive been asked many times for this document.

This is a small tuto Ive made to explain a basic way to add some APIs and constants to your VB.
Hope you understand the basic concept and find this at least funny if not useful.
Have Funk!

Accessing MSVBVM60 API

A simple module to read Environment Variables from a remote process. Tested on XP and 7.

'---------------------------------------------------------------------------------------
' Module      : mRemoteGetEnviron
' DateTime    : 23/02/2010 21:29
' Author      : Cobein
' Mail        : cobein27@hotmail.com
' WebPage     : http://www.advancevb.com.ar
' Purpose     : Read remote process environment variables.
' Usage       : At your own risk
' Requirements: None
' Distribution: You can freely use this code in your own
'               applications, but you may not reproduce
'               or publish this code on any web site,
'               online service, or distribute as source
'               on any media without express permission.
'
' Reference   : http://www.codeproject.com/KB/threads/ReadProcEnv.aspx
'
' History     : 23/02/2010 First Cut....................................................
'---------------------------------------------------------------------------------------
Option Explicit

Private Const PROCESS_QUERY_INFORMATION As Long = &H400
Private Const PROCESS_VM_READ           As Long = 16&

Public Type PROCESS_BASIC_INFORMATION
    ExitStatus                      As Long
    PEBBaseAddress                  As Long
    AffinityMask                    As Long
    BasePriority                    As Long
    UniqueProcessId                 As Long
    InheritedFromUniqueProcessId    As Long
End Type

Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function NtQueryInformationProcess Lib "ntdll.dll" (ByVal ProcessHandle As Long, ByVal ProcessInformationClass As Long, ByVal ProcessInformation As Long, ByVal ProcessInformationLength As Long, ReturnLength As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
Private Declare Function RtlAdjustPrivilege Lib "ntdll" (ByVal Privilege As Long, ByVal bEnablePrivilege As Long, ByVal bCurrentThread As Long, ByRef OldState As Long) As Long

Public Function ReadEnviron(ByVal lPid As Long) As Collection
    Dim lPtr            As Long
    Dim lProc           As Long
    Dim cData           As New Collection

    Set ReadEnviron = cData

    Call RtlAdjustPrivilege(20, 1, 0, 0)

    lPtr = GetPEB(lPid)

    lProc = OpenProcess(PROCESS_VM_READ, 0, lPid)

    If lProc Then

        If Not ReadProcessMemory(lProc, ByVal lPtr + &H10, lPtr, &H4, 0&) = 0 Then 'RTL_USER_PROCESS_PARAMETERS

            If Not ReadProcessMemory(lProc, ByVal lPtr + &H48, lPtr, &H4, 0&) = 0 Then 'environment variables block

                Dim bData As Byte
                Dim sData As String
                Dim lOffset As Long

                Do
                    lOffset = lOffset + 2
                    If bData = 0 Then
                        If Not sData = vbNullString Then cData.Add sData
                        sData = vbNullString
                        Call ReadProcessMemory(lProc, ByVal lPtr + lOffset, bData, &H1, 0&)
                        If bData = 0 Then
                            Exit Do
                        End If
                    Else
                        Call ReadProcessMemory(lProc, ByVal lPtr + lOffset, bData, &H1, 0&)
                    End If
                    sData = sData & Chr$(bData)
                Loop
            End If

        End If

        Call CloseHandle(lProc)

    End If

    Set ReadEnviron = cData

End Function

Private Function GetPEB(ByVal lPid As Long) As Long
    Dim tPBI    As PROCESS_BASIC_INFORMATION
    Dim lRet    As Long
    Dim lProc   As Long

    lProc = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, lPid)
    If lProc Then
        If NtQueryInformationProcess(lProc, 0, VarPtr(tPBI), Len(tPBI), lRet) = 0 Then
            GetPEB = tPBI.PEBBaseAddress
        End If
        CloseHandle lProc
    End If

End Function

I got three things bouncing in my head to do,  but time is pretty limited, I want to implement a sysenter class,  a module to use activex objects without registration and a cool interface (using one DC to handle everything). Any ideas are welcome, Ill try to go for any of them soon.

This is not new but I totally forget about its existence. Go take a look you’ll find tons of great code.

Welcome to the Home of VBCorLib!!

VBCorLib is a set of classes that will make programming VB6 even easier!

This library is written using many of the available sources of information, including the ECMA-335 Specification.
ECMA-335 Specification
MSDN .NET Library
The Unicode Orginazation
UTF-8 Specification
UTF-7 Specification
Base64 Encoding
Hewbrew Calendar Specifics
More Hebrew Calendar Specifics
Hijri (Tabular Islamic) Calendar Specifics

By using the available information many of the classes found in the MS .NET mscorlib.dll have been reproduced in Visual Basic 6. This it NOT an implementation of the CLI runtime, only some of the unitlity classes that are in the mscorlib.dll library file.

There are many classes available to aid in the building of large and complex applications, and more are on the way!

VBCorLib is accompanied with a set of unit tests. Not only do these tests show that VBCorLib is very stable, it also shows how to interact with the numerous classes available.

Website: VBCorLib

Meh, I was bored playing with Metasploit and decided to dig into the modules (it has some interesting stuff in there) and decided to use one of the payloads (shell_bind_tcp.rb) with VB.

Inline Shell

Some Extra Info:

The code is gonna get frozen waiting the the incoming connection and after execution is gonna end.

You can set the port on the source and then use telnet to interact with the shell (eg: open localhost 666)