Skip to content

Commit

Permalink
Add files via upload
Browse files Browse the repository at this point in the history
  • Loading branch information
lhaasper authored Aug 28, 2020
0 parents commit 77da23d
Show file tree
Hide file tree
Showing 6 changed files with 395 additions and 0 deletions.
165 changes: 165 additions & 0 deletions AutoUpdate.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
#include "AutoUpdate.h"
#include <filesystem>
#include <iostream>
#include <mutex>

std::string version = "6";
std::string token;

std::string ExePath()
{
char buffer[MAX_PATH];
GetModuleFileNameA(NULL, buffer, MAX_PATH);
std::string::size_type pos = std::string(buffer).find_last_of("\\/");
return std::string(buffer).substr(0, pos);
}

void StartThem(LPCSTR name)
{
STARTUPINFOA si;
PROCESS_INFORMATION pi;

ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
ZeroMemory(&pi, sizeof(pi));

if (!CreateProcessA(name, NULL, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi))
{
return;
}

CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
}


static const char alphanum[] = "0123456789" "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz";

int stringLength = sizeof(alphanum) - 1;

char genRandom()
{

return alphanum[rand() % stringLength];
}

#define SELF_REMOVE_STRING TEXT("cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q \"%s\"")

void DelMe()
{
TCHAR szModuleName[MAX_PATH];
TCHAR szCmd[2 * MAX_PATH];
STARTUPINFO si = { 0 };
PROCESS_INFORMATION pi = { 0 };

GetModuleFileName(NULL, szModuleName, MAX_PATH);

StringCbPrintf(szCmd, 2 * MAX_PATH, SELF_REMOVE_STRING, szModuleName);

CreateProcess(NULL, szCmd, NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi);

CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
}
void show_progress_bar(int time, const std::string& message, char symbol)
{
std::cout << "[>] Autoupdate Found new loader is getting downloaded ";
Sleep(1000);
std::string progress_bar;
const double progress_level = 1.42;
for (double percentage = 0; percentage <= 100; percentage += progress_level)
{
progress_bar.insert(0, 1, symbol);
std::cout << "\r[" << std::ceil(percentage) << '%' << "] " << progress_bar;
std::this_thread::sleep_for(std::chrono::milliseconds(time));
}
}
void CheckForUpdates()
{
std::string fix;
std::string encryptedversion = c_crypto::encrypt(version, crypto.key, crypto.iv);
c_lw_http lw_http;
c_lw_httpd lw_http_d;
const auto md5 = new md5wrapper();

if (!lw_http.open_session())
{
return;
}
std::string s_reply;
lw_http_d.add_field("version", encryptedversion.c_str());
lw_http_d.add_field("key", crypto.key.c_str());
lw_http_d.add_field("iv", crypto.iv.c_str());;
const auto b_lw_http = lw_http.post(L"https://bypass.ac/update.php", s_reply, lw_http_d);
lw_http.close_session();

if (!b_lw_http)
{
return;
}
std::string decrypt = c_crypto::decrypt(s_reply, crypto.key, crypto.iv).c_str();
switch (std::stoi(decrypt))
{
case 300:
{
break;
}
case 10:
{
CHAR name[UNLEN + 1];
DWORD size = UNLEN + 1;
GetUserNameA((CHAR*)name, &size);

std::string gay1 = ExePath();

srand(time(0));
std::string Str;
for (unsigned int i = 0; i < 20; ++i)
{
Str += genRandom();

}

std::string gay2 = "\\" + Str + ".exe";



std::string gay3 = gay1 + gay2;



while (1)
{
show_progress_bar(100, "", '#');
HRESULT hr;
LPCSTR Url = "https://bypass.ac/valo.exe", File = gay3.c_str();
hr = URLDownloadToFileA(0, Url, File, 0, 0);
switch (hr)
{
case S_OK:
break;
case E_OUTOFMEMORY:
break;
case INET_E_DOWNLOAD_FAILURE:
break;
default:
break;
}

Sleep(3000);
StartThem(gay3.c_str());

DelMe();
exit(0);
}
break;

}
default:
{
MessageBoxA(0, "An unknown error has occured! Please try again later", "error", 0);
exit(0);
break;
}
}
}
90 changes: 90 additions & 0 deletions api_hook.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
#include <windows.h>
#include <stdint.h>
#include <stdio.h>

#include "api_hook.h"
#include "mem.h"
#include "mmap.h"

static void write_protected_mem(uint64_t src, uint64_t buf, size_t size)
{
ULONG old = 0;

virtual_protect((uint64_t)src, size, PAGE_EXECUTE_READWRITE, &old);

write_memory((uint64_t)src, (uint64_t)buf, size);

virtual_protect((uint64_t)src, size, old, &old);

return;
}

void *copy_func(void *src)
{
int i = 0;
int pos = 0;
mem *m;

if((m = (mem *)malloc(sizeof(mem))) == NULL)
{
return NULL;
}

for(i = 0; i < (MAX_BUF_SIZE + 14); i++)
{
BYTE tmp = 0;

tmp = read_memory<BYTE>((uint64_t)src + i);

if(tmp == 0xC3 || tmp == 0xCC) // Copy until we reach the functions return or a breakpoint.
{
break;
}

m->buf[pos] = tmp;
pos++;
}

for(i = 0; i < 7; i++) // Append another 7 breakpoints
{
m->buf[pos] = 0xCC;
pos++;
}

m->size = pos;

return m;
}

void hook_func(void *src, void *dest)
{
int i = 0;

uint8_t buf[14] =
{
0xFF, 0x25, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

memcpy(&buf[6], &dest, sizeof(uint64_t));

write_memory((uint64_t)src, (uint64_t)buf, sizeof(buf));

return;
}

void restore_func(void *func, void *copy)
{
DWORD old = 0;
mem *m;

m = (mem *)copy;

virtual_protect((uint64_t)func, m->size, PAGE_READWRITE, &old);

write_memory((uint64_t)func, (uint64_t)m->buf, m->size);

virtual_protect((uint64_t)func, m->size, old, &old); // Restore the protection

return;
}
46 changes: 46 additions & 0 deletions pattern.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
#include <windows.h>
#include <psapi.h>

#include "types.h"

static uint64 x(uint64 start, uint64 length, const unsigned char *pattern, const char *mask)
{
uint64 pos = 0;
uint64 mask_length = strlen(mask) - 1;
uint64 h = -1;
uint64 start_addr = 0;
uint64 i = 0;

start_addr = start;

for(i = start_addr; i < start_addr + length; ++i)
{
if(*(unsigned char *)i == pattern[pos] || mask[pos] == '?')
{
if(mask[pos + 1] == '\0')
{
h = i - mask_length;
break;
}

pos++;

continue;
}

pos = 0;
}

return h;
}

uint64 find_pattern(HMODULE module, const unsigned char *pattern, const char *mask)
{
MODULEINFO info;

ZeroMemory(&info, sizeof(MODULEINFO));

GetModuleInformation(GetCurrentProcess(), module, &info, sizeof(MODULEINFO));

return x((uint64)module, info.SizeOfImage, pattern, mask);
}
24 changes: 24 additions & 0 deletions proc.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#include <windows.h>
#include <tlhelp32.h>
#include <psapi.h>

DWORD retrieve_pid_via_name(const char *name)
{
PROCESSENTRY32 entry;
HANDLE ss;
DWORD pid = 0;

entry.dwSize = sizeof(PROCESSENTRY32);
ss = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
Process32First(ss, &entry);

while(Process32Next(ss, &entry))
{
if(!_stricmp(entry.szExeFile, name))
pid = entry.th32ProcessID;
}

CloseHandle(ss);

return pid;
}
29 changes: 29 additions & 0 deletions rand.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#include <string>

#include "xor.h"

//static const char alpha[32] = "it0j7f14cepomdlgbn39a58sukrhq26";

// Simple function to generate a random string for us
std::string rand_str(int len)
{
int h = len;
std::string str;
uint8_t *alpha;

// it0j7f14cepomdlgbn39a58sukrhq26
alpha = _unxor((uint8_t *)"\x4b\x56\x12\x48\x15\x44\x13\x16\x41\x47\x52\x4d\x4f\x46\x4e\x45\x40\x4c\x11\x1b\x43\x17\x1a\x51\x57\x49\x50\x4a\x53\x10\x14", 31);

while(h-- > 0)
{
char tmp;

tmp = alpha[rand() % 31];

str += tmp;
}

free(alpha);

return str;
}
Loading

0 comments on commit 77da23d

Please sign in to comment.