Thread: [H.E.L.P]Strings Crypter

Today i was working in OpCrypter and Avira detects Trojan Gen
So...
I was looking in to the source and the line


SetThreadContext(PI.hThread, tess); is the Viral



Then i found the Strings Crypter on the Internet:


http://itsecuritylab.eu/index.php/20...for-beginners/

And the encrypted string is:

stealth_api_SetThreadContext = #58#82#193#233#193#160#149#72#62#0#25#109#123#93#2 14#46;




But HOw can i use the encrypted String in the OPCrypter??


thanx guys

somebody???

maybe just try calling api dynamic

jjj

http://itsecuritylab.eu/wp-content/u...sEncrypter.png

i dont understand How can i use this image in OP CRYPTER: [url]http://www.opensc.ws/delphi-snippets/9367-op-crypter.html

Can u teach me??

thanx

For example:

Code:

type
   xCopyFileW                      = function (lpExistingFileName, lpNewFileName: PWideChar; bFailIfExists: BOOL): BOOL; stdcall;
var
   pCopyFileW                      : xCopyFileW;

procedure blub;
var
  hKernel32   : Cardinal;
begin
  hKernel32 := LoadLibraryW(PWideChar(Kernel32));
    if hKernel32 <> 0 then
    begin
      @pCopyFileW := GetProcAddress(hKernel32,PChar('CopyFileW'));
    end;
end;

imo, if you don't know what a context switch is you shouldn't be messing with crypters.
I'll be blunt: If you don't know how to add the unit it requires to your project then maybe you should try to learn delphi instead of just learning how to fud stuff/mod sources.

It probably seems like I'm being mean Please.... play around with it yourself! This is the only way you'll learn. If someone tells you how to do this you won't learn anything and you won't get better at delphi.

Unless of course you just want to make money and don't care about learning...

use different api?
http://undocumented.ntinternals.net/...extThread.html
NtSetContextThread

Code:

function  NtSetContextThread(ThreadHandle : THandle; Context : PCONTEXT): NTSTATUS; stdcall; external 'ntdll';

edit: i just realised the SetThreadContext api isnt dynamically loaded. perhaps you need full example on how to do this:

Code:

program Example;

uses
  Windows, SysUtils, Dialogs;


const
  sGetEnvironmentVariableA : PAnsiChar = 'GetEnvironmentVariableA';
  sKernel32 : PAnsiChar = 'Kernel32.dll';
  lpName : AnsiString = 'TMP';


type
  TGetEnvironmentVariableA =
    function (lpName: PAnsiChar; lpBuffer: PAnsiChar; nSize: DWORD): DWORD; stdcall;


var
  hKernel32 : Cardinal;
  xGetEnvironmentVariableA : TGetEnvironmentVariableA;
  lpBuffer : AnsiString;
  dwSize: DWORD;


begin
  hKernel32 := GetModuleHandleA(sKernel32);
  @xGetEnvironmentVariableA := GetProcAddress(hKernel32, sGetEnvironmentVariableA);
  if Assigned(xGetEnvironmentVariableA) then
  begin
    dwSize := {x}GetEnvironmentVariableA(PAnsiChar(lpName), nil, 0);
    if dwSize > 0 then
    begin
      SetLength(lpBuffer, dwSize - 1);
      xGetEnvironmentVariableA(PAnsiChar(lpName), PAnsiChar(lpBuffer), dwSize);
      ShowMessage(lpBuffer);
    end;
  end;
end.