Friday, April 27, 2012


;Author SubhashDasyam
;Website http://www.subhashdasyam.com
;email  luk@inbox.com
.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\shlwapi.inc
includelib \masm32\lib\shlwapi.lib
include \masm32\include\masm32rt.inc
include \masm32\include\shell32.inc
includelib \masm32\lib\shell32.lib

.data    
    prot     db  ".htm",0
    opn      db  "open",0
   
.data?
    sBufsize    dd  ?
    szExe       dd  ?
   
.code

start:

invoke AssocQueryStringA,0,2,ADDR prot,0,0,ADDR sBufsize ;allocate 0 bytes first it return error how many bytes needed
invoke crt_malloc,sBufsize ;now call malloc and allocate the memory of the bytes returned
mov szExe,eax ;Now allocate the szExe size returned by malloc
invoke AssocQueryStringA,0,2,addr prot,ADDR opn,ADDR szExe,ADDR sBufsize ;pass correct Buffer Size
invoke MessageBoxA,0,ADDR szExe,ADDR szExe,MB_OK ;Get the path :) in szExe
end start

Wednesday, April 25, 2012

;Author SubhashDasyam
;Websites http://www.subhashdasyam.com
.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\ntdll.inc
includelib \masm32\lib\ntdll.lib
.data    
    ResFlag     db  0,0 
   
.code

start:
invoke RtlAdjustPrivilege,19,1,0,addr ResFlag ;adjust privileges accoding to the table down
invoke NtShutdownSystem,2  ;call NtShutDownSystem directly from ntdll.dll
end start
For better understand here is the table :) Happy Learning and Coding


Wednesday, April 11, 2012

This Module is for Visual Basic and serve's as an example for hooking the Win32 API's in Visual Basic

Option Explicit   
 
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long 
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long 
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (ByVal Destination As Long, ByVal Source As Long, ByVal Length As Long)  
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long 
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long 
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long 
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long 
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long 
Private Declare Function EnumProcessModules Lib "psapi" (ByVal hProcess As Long, ByRef lphModule As Long, ByVal cb As Long, ByVal lpcbNeeded As Long) As Long 
Private Declare Function GetModuleFileNameEx Lib "psapi" Alias "GetModuleFileNameExA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long 
 
Private Const MEM_RELEASE = &H8000  
Private Const MEM_COMMIT = &H1000  
Private Const MEM_RESERVE = &H2000  
Private Const PAGE_EXECUTE_READWRITE = &H40  
Private Const PROCESS_ALL_ACCESS = &H1F0FFF  
 
Private hProcess As Long 
Private FuncAddr As Long 
Private OldCode(4) As Byte 
Private NewCode(4) As Byte 
Private HookCode(4) As Byte 
Private CodeAddr As Long 
 
Private Function GetModuleHandleEx(ByVal hProcess As Long, ByVal ModuleName As String) As Long 
Dim hMods(1024) As Long 
Dim cbNeeded As Long 
Dim szModName As String 
Dim i As Integer 
 
If EnumProcessModules(hProcess, hMods(0), 1025 * 4, VarPtr(cbNeeded)) Then 
    For i = 0 To (cbNeeded / 4)  
        If hMods(i) Then 
            szModName = String(260, 0)  
            If GetModuleFileNameEx(hProcess, hMods(i), szModName, Len(szModName)) Then 
                szModName = Left(szModName, InStr(1, szModName, Chr(0)) - 1)  
                If LCase(szModName) = LCase(ModuleName) Then '  
                    GetModuleHandleEx = hMods(i)  
                    Erase hMods  
                    Exit Function 
                End If 
            End If 
        End If 
    Next i  
End If 
Erase hMods  
End Function 
 
Public Function HookNtTerminateProcess(ByVal ProcessId As Long) As Boolean 
Dim hMod As Long 
 
NewCode(0) = &HE9 ' jmp  
' xor eax,eax  
' ret 8  
HookCode(0) = &H33  
HookCode(1) = &HC0  
HookCode(2) = &HC2  
HookCode(3) = &H8  
HookCode(4) = &H0  
 
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessId)  
 
If hProcess Then 
    hMod = GetModuleHandleEx(hProcess, "c:\windows\system32\ntdll.dll")  
    If hMod Then 
        FuncAddr = GetProcAddress(hMod, "NtTerminateProcess")  
        If FuncAddr Then 
            ReadProcessMemory hProcess, ByVal FuncAddr, OldCode(0), 5, 0  
            CodeAddr = VirtualAllocEx(hProcess, ByVal 0, 5, MEM_COMMIT Or MEM_RESERVE, PAGE_EXECUTE_READWRITE)  
            If CodeAddr Then 
                CopyMemory VarPtr(NewCode(1)), VarPtr(CodeAddr - FuncAddr - 5), 4  
                WriteProcessMemory hProcess, ByVal CodeAddr, HookCode(0), 5, 0  
                WriteProcessMemory hProcess, ByVal FuncAddr, NewCode(0), 5, 0  
                HookNtTerminateProcess = True 
            End If 
        End If 
    End If 
End If 
End Function 
 
Public Sub UnhookNtTerminateProcess()  
WriteProcessMemory hProcess, ByVal FuncAddr, OldCode(0), 5, 0  
VirtualFreeEx hProcess, ByVal CodeAddr, 5, MEM_RELEASE  
CloseHandle hProcess  
End Sub

Tuesday, April 10, 2012


Anonymous VPN List




VPNs, a.k.a Virtual Private Networks



VPNs are your overall best choice for Anonymizing yourself on the internet. It's fairly easy to setup, there are wide variety and selection of providers from countries across the world. Basically, VPNs are private networks utilized for plenty of privatizing purposes, but for our purposes, you will connect to the internet through your chosen VPN's server(s), and to the rest of the world your IP address and internet identity will appear as one of the VPN company's servers. The wikipedia page on VPNs (http://en.wikipedia.org/wiki/Virtual_private_network) has more info.

USING VPN's

Use of a FREE VPN Warning:
If you don't have to pay for a product, you are the product being sold.
(i.e. Data Mining)

We won't deny to you: Free VPNs are available online, but we strongly recommend you do not go this route. They could be logging your IP address or browsing information and selling it to advertising companies, and are inherently more likely to bend easily and immedietly under any kind of legal pressure. Before you use a Free VPN you might as well look in the Security Handbook for other options you could take to anonymize yourself.

PAID VPN LIST

Following is a list of some trusted VPN providers. You gain trust by paying money for the account, but be sure to ask around for options on trusted ones. A VPN is a Internet Connection that tunnels through your ISP and masks your real IP address. Keep in mind you can pay for these with pre-paid Credit Cards from your local convenience store, ukash, or use a new service called Bitcoin, or another way to translate your money onto the internet (do a google search for "Bitcoin" for more info).

http://www.swissvpn.net - 6 CHF/month, reliable
http://perfect-privacy.com
https://www.ipredator.se
http://www.anonine.se - The service have been started its for 49 SEK permonth
https://www.vpntunnel.se - €5/month. Can pay with ukash so completely anon.
http://www.relakks.com
http://www.steganos.com
http://www.bananavpn.net > logs IPs
http://www.strongvpn.com > logs IPs
http://www.secureix.com
http://www.secretsline.com
http://www.findnot.com
http://www.trackbuster.com
http://www.vpngates.com
http://www.perfect-privacy.com
http://www.trilightzone.org
http://www.vpnaccounts.com
http://www.securstar.de
http://www.witopia.net
http://www.tiggerswelt.net
http://www.xerobank.com > logs IPs
background