AdvanceVB

I’ve seen so many posts from ppl complaining about CopyMemory, vbaCopyBytes and so on being dettected by Avira and some other AVs but there are many more APIs to do the same.

Here is a simple example, moving 4 bytes using lstrcpynW, more than enough to patch an address and do whatever we want.

Private Declare Function lstrcpynW Lib “kernel32″ (ByVal lDstVal As Long, ByVal lSrcVal As Long, ByVal iMaxLength As Long) As Long

Private Sub Form_Load()
Dim lSource As Long
Dim lDst As Long

lDst = 0
lSource = 123
lstrcpynW VarPtr(lDst), VarPtr(lSource), 4
Debug.Print lSource = lDst

End Sub

Im not working on this anymore so, here it goes, its a multi-thread module, no ocx, dlls, timers or anything like that just API and black magic. Its 100% stable when compiled. Tested on W7. Im not taking full credit for this, I did coded it but is entirely based on a source that ntaryl gave me a week ago (I guess is from vbgood, but no author name was included)

OK,  the author is izero from slovakia.  =D

Download