ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!

[ ORVX.PW ] - $1 SMTP-cPanels-RDPs-Combolists & More!

REFUNDING ALLOWED

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Binder (2 exes in one)

Started By TheLord, Jan 17 2015 01:12 PM

Next
»

Please log in to reply

Binder (2 exes in one)

Offline

13
Rep

96
Likes

SYSENTER

Posts: 164

Threads: 24

Joined: Jan 15, 2015

Credits: 0

Eight years registered

#1

Posted 17 January 2015 - 01:12 PM

This source of simple binder.
It seek "---HACKERS_CUT_HERE---" and load all bytes past this text. Then xoring it with 0xFF + pos key. When deciphering is done, starts new process, system32/lsass.exe, frozing it, load EP from EAX and clear all process memory. After this, writing deciphered bytes to lsass process and replacing EAX with his own entrypoint address. Dont work when binded exe is non-ASLR on ASLR systems.

This method is called thread inject or something similiar.

Hidden Content
You'll be able to see the hidden content once you reply to this topic or

Please Login or Register to see this Hidden Content

.

Back to top
2

~~rambo 5~~

Offline

2
Rep

7
Likes

Member

Posts: 28

Threads: 0

Joined: Jan 21, 2015

Credits: 0

Eight years registered

#2

Posted 21 January 2015 - 11:47 PM

wow nice thanks

Back to top
1

~~pruned_14736011~~

Offline

2
Rep

0
Likes

Member

Posts: 54

Threads: 0

Joined: Jan 31, 2015

Credits: 0

Eight years registered

#3

Posted 31 January 2015 - 03:27 PM

thanks a lot

Back to top
0

Offline

2
Rep

0
Likes

Lurker

Posts: 2

Threads: 0

Joined: Feb 04, 2015

Credits: 0

Eight years registered

#4

Posted 04 February 2015 - 05:49 PM

thanks a lot

Back to top
0

~~pruned_1821534~~

Offline

2
Rep

0
Likes

Addicted

Posts: 200

Threads: 2

Joined: Feb 16, 2015

Credits: 0

Eight years registered

#5

Posted 17 February 2015 - 10:49 PM

THANKS

Back to top
0

Offline

2
Rep

0
Likes

New Member

Posts: 18

Threads: 0

Joined: Feb 24, 2015

Credits: 0

Eight years registered

#6

Posted 24 February 2015 - 10:31 AM

THANK YOU VERY GOOD

Back to top
0

ggnoobs

Offline

2
Rep

4
Likes

Junkie

Posts: 349

Threads: 3

Joined: Jan 30, 2015

Credits: 0

Eight years registered

#7

Posted 25 February 2015 - 12:03 PM

This source of simple binder.
It seek "---HACKERS_CUT_HERE---" and load all bytes past this text. Then xoring it with 0xFF + pos key. When deciphering is done, starts new process, system32/lsass.exe, frozing it, load EP from EAX and clear all process memory. After this, writing deciphered bytes to lsass process and replacing EAX with his own entrypoint address. Dont work when binded exe is non-ASLR on ASLR systems.

This method is called thread inject or something similiar.

nice photo

Back to top
0

Offline

2
Rep

0
Likes

Lurker

Posts: 5

Threads: 0

Joined: Feb 26, 2015

Credits: 0

Eight years registered

#8

Posted 27 February 2015 - 07:39 AM

TNAKS!

Back to top
0

Offline

2
Rep

0
Likes

Lurker

Posts: 5

Threads: 0

Joined: Mar 05, 2015

Credits: 0

Eight years registered

#9

Posted 07 March 2015 - 08:45 PM

thx

Back to top
0

Offline

2
Rep

0
Likes

Advanced Member

Posts: 105

Threads: 0

Joined: Mar 17, 2015

Credits: 0

Eight years registered

#10

Posted 18 March 2015 - 02:29 AM

thanks

Back to top
0

Next
»

Back to Source Codes

Users browsing this thread:

About Us

Nulled is a community where you can find tons of great leaks, make new friends, participate in active discussions and much more.

Navigation

Extras

Help Documents

Copyright Infringement

Account