: : : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know. : : : : : : : : : : : : : : : : : : : : C:Dos : : : : C:Dos Run : : : : Run Dos Run : : : : : : : hi i have 3 questions really first one is : : : wot does this virus do i have made it but wot does it do : : : second question is : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot : : : please help : : : thanks from : : : mark : : : : : Hi m8, here's the answers: : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down. : : The compiling is most easy: : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc... : : : : Hope this helps... : : : : EtHeO out... : : : : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self. : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do.. : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe. : : hope that helps everyone looking into it. : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while. : [blue] : C:Dos : C:Dos Run : Run Dos Run : [/blue] : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out from mark
: : : : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know. : : : : : : : : : : : : : : : : : : : : : : : : : C:Dos : : : : : C:Dos Run : : : : : Run Dos Run : : : : : : : : : hi i have 3 questions really first one is : : : : wot does this virus do i have made it but wot does it do : : : : second question is : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot : : : : please help : : : : thanks from : : : : mark : : : : : : : Hi m8, here's the answers: : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down. : : : The compiling is most easy: : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc... : : : : : : Hope this helps... : : : : : : EtHeO out... : : : : : : : : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self. : : : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do.. : : : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe. : : : : hope that helps everyone looking into it. : : : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while. : : [blue] : : C:Dos : : C:Dos Run : : Run Dos Run : : [/blue] : : : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out : from : mark :
don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site. [blue] C:Dos C:Dos Run Run Dos Run [/blue]
: : : : : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know. : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : C:Dos : : : : : : C:Dos Run : : : : : : Run Dos Run : : : : : : : : : : : hi i have 3 questions really first one is : : : : : wot does this virus do i have made it but wot does it do : : : : : second question is : : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it : : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot : : : : : please help : : : : : thanks from : : : : : mark : : : : : : : : : Hi m8, here's the answers: : : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down. : : : : The compiling is most easy: : : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop : : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc... : : : : : : : : Hope this helps... : : : : : : : : EtHeO out... : : : : : : : : : : : : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self. : : : : : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do.. : : : : : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe. : : : : : : hope that helps everyone looking into it. : : : : : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while. : : : [blue] : : : C:Dos : : : C:Dos Run : : : Run Dos Run : : : [/blue] : : : : : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out : : from : : mark : : : : : don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site. : [blue] : C:Dos : C:Dos Run : Run Dos Run : [/blue] : thanks mate i will for it as weell and could u look aswell please then if any of us find sumthing post it on here ok thaks from mark
: : : : : : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know. : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : C:Dos : : : : : : : C:Dos Run : : : : : : : Run Dos Run : : : : : : : : : : : : : hi i have 3 questions really first one is : : : : : : wot does this virus do i have made it but wot does it do : : : : : : second question is : : : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it : : : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot : : : : : : please help : : : : : : thanks from : : : : : : mark : : : : : : : : : : : Hi m8, here's the answers: : : : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down. : : : : : The compiling is most easy: : : : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop : : : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc... : : : : : : : : : : Hope this helps... : : : : : : : : : : EtHeO out... : : : : : : : : : : : : : : : : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self. : : : : : : : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do.. : : : : : : : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe. : : : : : : : : hope that helps everyone looking into it. : : : : : : : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while. : : : : [blue] : : : : C:Dos : : : : C:Dos Run : : : : Run Dos Run : : : : [/blue] : : : : : : : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out : : : from : : : mark : : : : : : : : : don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site. : : [blue] : : C:Dos : : C:Dos Run : : Run Dos Run : : [/blue] : : : thanks mate i will for it as weell and could u look aswell please then if any of us find sumthing post it on here ok thaks : from : mark
Hi all i managed to find sum code all u do is put it in a module here it is [blue] Enum RegHive HKEY_CLASSES_ROOT = &H80000000 HK_CR = &H80000000 HKEY_CURRENT_USER = &H80000001 HK_CU = &H80000001 HKEY_LOCAL_MACHINE = &H80000002 HK_LM = &H80000002 HKEY_USERS = &H80000003 HK_US = &H80000003 HKEY_CURRENT_CONFIG = &H80000005 HK_CC = &H80000005 HKEY_DYN_DATA = &H80000006 HK_DD = &H80000006 End Enum
Enum RegType REG_SZ = 1 'Unicode nul terminated string REG_BINARY = 3 'Free form binary REG_DWORD = 4 '32-bit number End Enum
Public Const ERROR_SUCCESS = 0& Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long Public Declare Function RegEnumKey Lib "advapi32.dll" Alias "RegEnumKeyA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, ByVal cbName As Long) As Long
Public Function DelRegValue(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String) Dim hCurKey As Long Dim lRegResult As Long lRegResult = RegOpenKey(hKey, strPath, hCurKey) lRegResult = RegDeleteValue(hCurKey, strValue) lRegResult = RegCloseKey(hCurKey) End Function
Public Function DelRegKey(ByVal hKey As RegHive, ByVal strPath As String) As Long Dim lRegResult As Long lRegResult = RegDeleteKey(hKey, strPath) DelRegKey = lRegResult End Function
Public Function CreateRegKey(hKey As RegHive, strPath As String) Dim hCurKey As Long Dim lRegResult As Long lRegResult = RegCreateKey(hKey, strPath, hCurKey) If lRegResult <> ERROR_SUCCESS Then 'there is a problem End If lRegResult = RegCloseKey(hCurKey) End Function Public Function GetRegString(hKey As RegHive, strPath As String, strValue As String, Optional Default As String) As String Dim hCurKey As Long Dim lResult As Long Dim lValueType As Long Dim strBuffer As String Dim lDataBufferSize As Long Dim intZeroPos As Integer Dim lRegResult As Long 'Set up default value If Not IsEmpty(Default) Then GetRegString = Default Else GetRegString = "" End If lRegResult = RegOpenKey(hKey, strPath, hCurKey) lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, ByVal 0&, lDataBufferSize) If lRegResult = ERROR_SUCCESS Then If lValueType = REG_SZ Then strBuffer = String(lDataBufferSize, " ") lResult = RegQueryValueEx(hCurKey, strValue, 0&, 0&, ByVal strBuffer, lDataBufferSize) intZeroPos = InStr(strBuffer, Chr$(0)) If intZeroPos > 0 Then GetRegString = Left$(strBuffer, intZeroPos - 1) Else GetRegString = strBuffer End If End If Else 'there is a problem End If lRegResult = RegCloseKey(hCurKey) End Function
Public Function SaveRegString(hKey As RegHive, strPath As String, strValue As String, strData As String) Dim hCurKey As Long Dim lRegResult As Long lRegResult = RegCreateKey(hKey, strPath, hCurKey) lRegResult = RegSetValueEx(hCurKey, strValue, 0, REG_SZ, ByVal strData, Len(strData)) If lRegResult <> ERROR_SUCCESS Then 'there is a problem End If lRegResult = RegCloseKey(hCurKey) End Function
Public Function GetRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, Optional Default As Long) As Long Dim lRegResult As Long Dim lValueType As Long Dim lBuffer As Long Dim lDataBufferSize As Long Dim hCurKey As Long 'Set up default value If Not IsEmpty(Default) Then GetRegLong = Default Else GetRegLong = 0 End If lRegResult = RegOpenKey(hKey, strPath, hCurKey) lDataBufferSize = 4 '4 bytes = 32 bits = long lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, lBuffer, lDataBufferSize) If lRegResult = ERROR_SUCCESS Then If lValueType = REG_DWORD Then GetRegLong = lBuffer End If Else 'there is a problem End If lRegResult = RegCloseKey(hCurKey) End Function
Public Function SaveRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, ByVal lData As Long) Dim hCurKey As Long Dim lRegResult As Long lRegResult = RegCreateKey(hKey, strPath, hCurKey) lRegResult = RegSetValueEx(hCurKey, strValue, 0&, REG_DWORD, lData, 4) If lRegResult <> ERROR_SUCCESS Then 'there is a problem End If lRegResult = RegCloseKey(hCurKey) End Function
Public Function GetRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, Optional Default As Variant) As Variant Dim lValueType As Long Dim byBuffer() As Byte Dim lDataBufferSize As Long Dim lRegResult As Long Dim hCurKey As Long If Not IsEmpty(Default) Then If VarType(Default) = vbArray + vbByte Then GetRegByte = Default Else GetRegByte = 0 End If Else GetRegByte = 0 End If lRegResult = RegOpenKey(hKey, strPath, hCurKey) lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, ByVal 0&, lDataBufferSize) If lRegResult = ERROR_SUCCESS Then If lValueType = REG_BINARY Then ReDim byBuffer(lDataBufferSize - 1) As Byte lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, byBuffer(0), lDataBufferSize) GetRegByte = byBuffer End If Else 'there is a problem End If lRegResult = RegCloseKey(hCurKey) End Function
Public Function SaveRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, byData() As Byte) Dim lRegResult As Long Dim hCurKey As Long lRegResult = RegCreateKey(hKey, strPath, hCurKey) lRegResult = RegSetValueEx(hCurKey, strValueName, 0&, REG_BINARY, byData(0), UBound(byData()) + 1) lRegResult = RegCloseKey(hCurKey) End Function
Public Function CopyRegByte(ByVal From_hKey As RegHive, ByVal From_strPath As String, _ ByVal From_strKeyName As String, ByVal To_strPath As String, _ Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
If To_hKey = 0 Then To_hKey = From_hKey Else To_hKey = To_hKey End If If To_strKeyName = "" Then To_strKeyName = From_strKeyName Else To_strKeyName = To_strKeyName End If
Dim mybytes As Variant mybytes = GetRegByte(From_hKey, From_strPath, From_strKeyName) thelen = UBound(mybytes) Dim x() As Byte ReDim x(thelen) For i = 0 To UBound(mybytes) x(i) = mybytes(i) Next i rslt = SaveRegByte(To_hKey, To_strPath, To_strKeyName, x) End Function
Public Function CopyRegString(ByVal From_hKey As RegHive, ByVal From_strPath As String, _ ByVal From_strKeyName As String, ByVal To_strPath As String, _ Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
If To_hKey = 0 Then To_hKey = From_hKey Else To_hKey = To_hKey End If If To_strKeyName = "" Then To_strKeyName = From_strKeyName Else To_strKeyName = To_strKeyName End If
Dim mystring As String mystring = GetRegString(From_hKey, From_strPath, From_strKeyName) rslt = SaveRegString(To_hKey, To_strPath, To_strKeyName, mystring)
End Function
Public Function CopyRegLong(ByVal hKey As RegHive, ByVal From_strPath As String, _ ByVal From_strKeyName As String, ByVal To_strPath As String, _ Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
If To_hKey = 0 Then To_hKey = From_hKey Else To_hKey = To_hKey End If If To_strKeyName = "" Then To_strKeyName = From_strKeyName Else To_strKeyName = To_strKeyName End If
Dim mylong As Long mylong = GetRegLong(From_hKey, From_strPath, From_strKeyName) rslt = SaveRegLong(To_hKey, To_strPath, To_strKeyName, mylong)
End Function Public Function GetRegSubKeyList(ByVal hKey As RegHive, ByVal strPath As String) On Error Resume Next Dim lResult As Long, lKeyValue As Long, lDataTypeValue As Long, lValueLength As Long Dim sValue As String, td As Double, i As Long, Ret As Boolean, tmprst() Do Until Ret = True lResult = RegOpenKey(hKey, strPath, lKeyValue) sValue = Space$(2048) lValueLength = Len(sValue) lResult = RegEnumKey(lKeyValue, i, sValue, lValueLength) If (lResult = 0) And (Err.Number = 0) Then ReDim Preserve tmprst(i) tmprst(i) = Left$(sValue, InStr(sValue, Chr(0)) - 1) Else Ret = True End If lResult = RegCloseKey(lKeyValue) i = i + 1 Loop GetRegSubKeyList = tmprst End Function [/blue] and also when i send the trojan to do it's work how do i no the victims ip or if i send it to a person through msn can i find out then but i really dont want to do that cos they no where they get the virus from so really all i want is to no how i get the users ip from mark
: : : : : : : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know. : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : C:Dos : : : : : : : : C:Dos Run : : : : : : : : Run Dos Run : : : : : : : : : : : : : : : hi i have 3 questions really first one is : : : : : : : wot does this virus do i have made it but wot does it do : : : : : : : second question is : : : : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it : : : : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot : : : : : : : please help : : : : : : : thanks from : : : : : : : mark : : : : : : : : : : : : : Hi m8, here's the answers: : : : : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down. : : : : : : The compiling is most easy: : : : : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop : : : : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc... : : : : : : : : : : : : Hope this helps... : : : : : : : : : : : : EtHeO out... : : : : : : : : : : : : : : : : : : : : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self. : : : : : : : : : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do.. : : : : : : : : : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe. : : : : : : : : : : hope that helps everyone looking into it. : : : : : : : : : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while. : : : : : [blue] : : : : : C:Dos : : : : : C:Dos Run : : : : : Run Dos Run : : : : : [/blue] : : : : : : : : : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out : : : : from : : : : mark : : : : : : : : : : : : : don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site. : : : [blue] : : : C:Dos : : : C:Dos Run : : : Run Dos Run : : : [/blue] : : : : : thanks mate i will for it as weell and could u look aswell please then if any of us find sumthing post it on here ok thaks : : from : : mark : : Hi all i managed to find sum code all u do is put it in a module : here it is : [blue] : Enum RegHive : HKEY_CLASSES_ROOT = &H80000000 : HK_CR = &H80000000 : HKEY_CURRENT_USER = &H80000001 : HK_CU = &H80000001 : HKEY_LOCAL_MACHINE = &H80000002 : HK_LM = &H80000002 : HKEY_USERS = &H80000003 : HK_US = &H80000003 : HKEY_CURRENT_CONFIG = &H80000005 : HK_CC = &H80000005 : HKEY_DYN_DATA = &H80000006 : HK_DD = &H80000006 : End Enum : : Enum RegType : REG_SZ = 1 'Unicode nul terminated string : REG_BINARY = 3 'Free form binary : REG_DWORD = 4 '32-bit number : End Enum : : Public Const ERROR_SUCCESS = 0& : Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long : Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long : Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long : Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long : Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long : Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long : Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long : Public Declare Function RegEnumKey Lib "advapi32.dll" Alias "RegEnumKeyA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, ByVal cbName As Long) As Long : : Public Function DelRegValue(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String) : Dim hCurKey As Long : Dim lRegResult As Long : lRegResult = RegOpenKey(hKey, strPath, hCurKey) : lRegResult = RegDeleteValue(hCurKey, strValue) : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function DelRegKey(ByVal hKey As RegHive, ByVal strPath As String) As Long : Dim lRegResult As Long : lRegResult = RegDeleteKey(hKey, strPath) : DelRegKey = lRegResult : End Function : : Public Function CreateRegKey(hKey As RegHive, strPath As String) : Dim hCurKey As Long : Dim lRegResult As Long : lRegResult = RegCreateKey(hKey, strPath, hCurKey) : If lRegResult <> ERROR_SUCCESS Then : 'there is a problem : End If : lRegResult = RegCloseKey(hCurKey) : End Function : Public Function GetRegString(hKey As RegHive, strPath As String, strValue As String, Optional Default As String) As String : Dim hCurKey As Long : Dim lResult As Long : Dim lValueType As Long : Dim strBuffer As String : Dim lDataBufferSize As Long : Dim intZeroPos As Integer : Dim lRegResult As Long : 'Set up default value : If Not IsEmpty(Default) Then : GetRegString = Default : Else : GetRegString = "" : End If : lRegResult = RegOpenKey(hKey, strPath, hCurKey) : lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, ByVal 0&, lDataBufferSize) : If lRegResult = ERROR_SUCCESS Then : If lValueType = REG_SZ Then : strBuffer = String(lDataBufferSize, " ") : lResult = RegQueryValueEx(hCurKey, strValue, 0&, 0&, ByVal strBuffer, lDataBufferSize) : intZeroPos = InStr(strBuffer, Chr$(0)) : If intZeroPos > 0 Then : GetRegString = Left$(strBuffer, intZeroPos - 1) : Else : GetRegString = strBuffer : End If : End If : Else : 'there is a problem : End If : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function SaveRegString(hKey As RegHive, strPath As String, strValue As String, strData As String) : Dim hCurKey As Long : Dim lRegResult As Long : lRegResult = RegCreateKey(hKey, strPath, hCurKey) : lRegResult = RegSetValueEx(hCurKey, strValue, 0, REG_SZ, ByVal strData, Len(strData)) : If lRegResult <> ERROR_SUCCESS Then : 'there is a problem : End If : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function GetRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, Optional Default As Long) As Long : Dim lRegResult As Long : Dim lValueType As Long : Dim lBuffer As Long : Dim lDataBufferSize As Long : Dim hCurKey As Long : 'Set up default value : If Not IsEmpty(Default) Then : GetRegLong = Default : Else : GetRegLong = 0 : End If : lRegResult = RegOpenKey(hKey, strPath, hCurKey) : lDataBufferSize = 4 '4 bytes = 32 bits = long : lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, lBuffer, lDataBufferSize) : If lRegResult = ERROR_SUCCESS Then : If lValueType = REG_DWORD Then : GetRegLong = lBuffer : End If : Else : 'there is a problem : End If : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function SaveRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, ByVal lData As Long) : Dim hCurKey As Long : Dim lRegResult As Long : lRegResult = RegCreateKey(hKey, strPath, hCurKey) : lRegResult = RegSetValueEx(hCurKey, strValue, 0&, REG_DWORD, lData, 4) : If lRegResult <> ERROR_SUCCESS Then : 'there is a problem : End If : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function GetRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, Optional Default As Variant) As Variant : Dim lValueType As Long : Dim byBuffer() As Byte : Dim lDataBufferSize As Long : Dim lRegResult As Long : Dim hCurKey As Long : If Not IsEmpty(Default) Then : If VarType(Default) = vbArray + vbByte Then : GetRegByte = Default : Else : GetRegByte = 0 : End If : Else : GetRegByte = 0 : End If : lRegResult = RegOpenKey(hKey, strPath, hCurKey) : lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, ByVal 0&, lDataBufferSize) : If lRegResult = ERROR_SUCCESS Then : If lValueType = REG_BINARY Then : ReDim byBuffer(lDataBufferSize - 1) As Byte : lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, byBuffer(0), lDataBufferSize) : GetRegByte = byBuffer : End If : Else : 'there is a problem : End If : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function SaveRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, byData() As Byte) : Dim lRegResult As Long : Dim hCurKey As Long : lRegResult = RegCreateKey(hKey, strPath, hCurKey) : lRegResult = RegSetValueEx(hCurKey, strValueName, 0&, REG_BINARY, byData(0), UBound(byData()) + 1) : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function CopyRegByte(ByVal From_hKey As RegHive, ByVal From_strPath As String, _ : ByVal From_strKeyName As String, ByVal To_strPath As String, _ : Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String) : : If To_hKey = 0 Then : To_hKey = From_hKey : Else : To_hKey = To_hKey : End If : If To_strKeyName = "" Then : To_strKeyName = From_strKeyName : Else : To_strKeyName = To_strKeyName : End If : : Dim mybytes As Variant : mybytes = GetRegByte(From_hKey, From_strPath, From_strKeyName) : thelen = UBound(mybytes) : Dim x() As Byte : ReDim x(thelen) : For i = 0 To UBound(mybytes) : x(i) = mybytes(i) : Next i : rslt = SaveRegByte(To_hKey, To_strPath, To_strKeyName, x) : End Function : : Public Function CopyRegString(ByVal From_hKey As RegHive, ByVal From_strPath As String, _ : ByVal From_strKeyName As String, ByVal To_strPath As String, _ : Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String) : : If To_hKey = 0 Then : To_hKey = From_hKey : Else : To_hKey = To_hKey : End If : If To_strKeyName = "" Then : To_strKeyName = From_strKeyName : Else : To_strKeyName = To_strKeyName : End If : : Dim mystring As String : mystring = GetRegString(From_hKey, From_strPath, From_strKeyName) : rslt = SaveRegString(To_hKey, To_strPath, To_strKeyName, mystring) : : End Function : : Public Function CopyRegLong(ByVal hKey As RegHive, ByVal From_strPath As String, _ : ByVal From_strKeyName As String, ByVal To_strPath As String, _ : Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String) : : If To_hKey = 0 Then : To_hKey = From_hKey : Else : To_hKey = To_hKey : End If : If To_strKeyName = "" Then : To_strKeyName = From_strKeyName : Else : To_strKeyName = To_strKeyName : End If : : Dim mylong As Long : mylong = GetRegLong(From_hKey, From_strPath, From_strKeyName) : rslt = SaveRegLong(To_hKey, To_strPath, To_strKeyName, mylong) : : End Function : Public Function GetRegSubKeyList(ByVal hKey As RegHive, ByVal strPath As String) : On Error Resume Next : Dim lResult As Long, lKeyValue As Long, lDataTypeValue As Long, lValueLength As Long : Dim sValue As String, td As Double, i As Long, Ret As Boolean, tmprst() : Do Until Ret = True : lResult = RegOpenKey(hKey, strPath, lKeyValue) : sValue = Space$(2048) : lValueLength = Len(sValue) : lResult = RegEnumKey(lKeyValue, i, sValue, lValueLength) : If (lResult = 0) And (Err.Number = 0) Then : ReDim Preserve tmprst(i) : tmprst(i) = Left$(sValue, InStr(sValue, Chr(0)) - 1) : Else : Ret = True : End If : lResult = RegCloseKey(lKeyValue) : i = i + 1 : Loop : GetRegSubKeyList = tmprst : End Function : [/blue] : and also when i send the trojan to do it's work how do i no the victims ip or if i send it to a person through msn can i find out then but i really dont want to do that cos they no where they get the virus from so really all i want is to no how i get the users ip : from : mark : : :
I'm not sure if a simple ping will detect the open port on the victim or not, I'm not that familier with how a ping works on the reciving side, you could always have it listen on a certain port and responsed back, then do a sweep on that port, only problem is dynamic IP's - one other option would be to have the program check the IP every so often and send it some where so you can retrive it later. [blue] C:Dos C:Dos Run Run Dos Run [/blue]
[b][red]This message was edited by lavey666uk at 2004-4-7 5:32:46[/red][/b][hr] you can find out the ip of the host with an api and then build a notify mechanism.. also .. you will need to consider firewalls !
my advice.. search the vb section of pscode.com for specifc things.. ie; retrieve ip. email notification.
There are also some really nice code samples out there for reverse connection
: [b][red]This message was edited by lavey666uk at 2004-4-7 5:32:46[/red][/b][hr] : you can find out the ip of the host with an api and then build a notify mechanism.. : also .. you will need to consider firewalls ! : : my advice.. search the vb section of pscode.com for specifc things.. ie; retrieve ip. : email notification. : : There are also some really nice code samples out there for reverse connection : : Wot is a recerse connection does it mean it will tell me the ip of the victim in a email or something and do u have any code fo retrieving ip address from mark
: : : : : : : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know. : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : C:Dos : : : : : : : : C:Dos Run : : : : : : : : Run Dos Run : : : : : : : : : : : : : : : hi i have 3 questions really first one is : : : : : : : wot does this virus do i have made it but wot does it do : : : : : : : second question is : : : : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it : : : : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot : : : : : : : please help : : : : : : : thanks from : : : : : : : mark : : : : : : : : : : : : : Hi m8, here's the answers: : : : : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down. : : : : : : The compiling is most easy: : : : : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop : : : : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc... : : : : : : : : : : : : Hope this helps... : : : : : : : : : : : : EtHeO out... : : : : : : : : : : : : : : : : : : : : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self. : : : : : : : : : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do.. : : : : : : : : : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe. : : : : : : : : : : hope that helps everyone looking into it. : : : : : : : : : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while. : : : : : [blue] : : : : : C:Dos : : : : : C:Dos Run : : : : : Run Dos Run : : : : : [/blue] : : : : : : : : : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out : : : : from : : : : mark : : : : : : : : : : : : : don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site. : : : [blue] : : : C:Dos : : : C:Dos Run : : : Run Dos Run : : : [/blue] : : : : : thanks mate i will for it as weell and could u look aswell please then if any of us find sumthing post it on here ok thaks : : from : : mark : : Hi all i managed to find sum code all u do is put it in a module : here it is : [blue] : Enum RegHive : HKEY_CLASSES_ROOT = &H80000000 : HK_CR = &H80000000 : HKEY_CURRENT_USER = &H80000001 : HK_CU = &H80000001 : HKEY_LOCAL_MACHINE = &H80000002 : HK_LM = &H80000002 : HKEY_USERS = &H80000003 : HK_US = &H80000003 : HKEY_CURRENT_CONFIG = &H80000005 : HK_CC = &H80000005 : HKEY_DYN_DATA = &H80000006 : HK_DD = &H80000006 : End Enum : : Enum RegType : REG_SZ = 1 'Unicode nul terminated string : REG_BINARY = 3 'Free form binary : REG_DWORD = 4 '32-bit number : End Enum : : Public Const ERROR_SUCCESS = 0& : Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long : Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long : Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long : Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long : Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long : Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long : Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long : Public Declare Function RegEnumKey Lib "advapi32.dll" Alias "RegEnumKeyA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, ByVal cbName As Long) As Long : : Public Function DelRegValue(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String) : Dim hCurKey As Long : Dim lRegResult As Long : lRegResult = RegOpenKey(hKey, strPath, hCurKey) : lRegResult = RegDeleteValue(hCurKey, strValue) : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function DelRegKey(ByVal hKey As RegHive, ByVal strPath As String) As Long : Dim lRegResult As Long : lRegResult = RegDeleteKey(hKey, strPath) : DelRegKey = lRegResult : End Function : : Public Function CreateRegKey(hKey As RegHive, strPath As String) : Dim hCurKey As Long : Dim lRegResult As Long : lRegResult = RegCreateKey(hKey, strPath, hCurKey) : If lRegResult <> ERROR_SUCCESS Then : 'there is a problem : End If : lRegResult = RegCloseKey(hCurKey) : End Function : Public Function GetRegString(hKey As RegHive, strPath As String, strValue As String, Optional Default As String) As String : Dim hCurKey As Long : Dim lResult As Long : Dim lValueType As Long : Dim strBuffer As String : Dim lDataBufferSize As Long : Dim intZeroPos As Integer : Dim lRegResult As Long : 'Set up default value : If Not IsEmpty(Default) Then : GetRegString = Default : Else : GetRegString = "" : End If : lRegResult = RegOpenKey(hKey, strPath, hCurKey) : lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, ByVal 0&, lDataBufferSize) : If lRegResult = ERROR_SUCCESS Then : If lValueType = REG_SZ Then : strBuffer = String(lDataBufferSize, " ") : lResult = RegQueryValueEx(hCurKey, strValue, 0&, 0&, ByVal strBuffer, lDataBufferSize) : intZeroPos = InStr(strBuffer, Chr$(0)) : If intZeroPos > 0 Then : GetRegString = Left$(strBuffer, intZeroPos - 1) : Else : GetRegString = strBuffer : End If : End If : Else : 'there is a problem : End If : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function SaveRegString(hKey As RegHive, strPath As String, strValue As String, strData As String) : Dim hCurKey As Long : Dim lRegResult As Long : lRegResult = RegCreateKey(hKey, strPath, hCurKey) : lRegResult = RegSetValueEx(hCurKey, strValue, 0, REG_SZ, ByVal strData, Len(strData)) : If lRegResult <> ERROR_SUCCESS Then : 'there is a problem : End If : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function GetRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, Optional Default As Long) As Long : Dim lRegResult As Long : Dim lValueType As Long : Dim lBuffer As Long : Dim lDataBufferSize As Long : Dim hCurKey As Long : 'Set up default value : If Not IsEmpty(Default) Then : GetRegLong = Default : Else : GetRegLong = 0 : End If : lRegResult = RegOpenKey(hKey, strPath, hCurKey) : lDataBufferSize = 4 '4 bytes = 32 bits = long : lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, lBuffer, lDataBufferSize) : If lRegResult = ERROR_SUCCESS Then : If lValueType = REG_DWORD Then : GetRegLong = lBuffer : End If : Else : 'there is a problem : End If : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function SaveRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, ByVal lData As Long) : Dim hCurKey As Long : Dim lRegResult As Long : lRegResult = RegCreateKey(hKey, strPath, hCurKey) : lRegResult = RegSetValueEx(hCurKey, strValue, 0&, REG_DWORD, lData, 4) : If lRegResult <> ERROR_SUCCESS Then : 'there is a problem : End If : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function GetRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, Optional Default As Variant) As Variant : Dim lValueType As Long : Dim byBuffer() As Byte : Dim lDataBufferSize As Long : Dim lRegResult As Long : Dim hCurKey As Long : If Not IsEmpty(Default) Then : If VarType(Default) = vbArray + vbByte Then : GetRegByte = Default : Else : GetRegByte = 0 : End If : Else : GetRegByte = 0 : End If : lRegResult = RegOpenKey(hKey, strPath, hCurKey) : lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, ByVal 0&, lDataBufferSize) : If lRegResult = ERROR_SUCCESS Then : If lValueType = REG_BINARY Then : ReDim byBuffer(lDataBufferSize - 1) As Byte : lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, byBuffer(0), lDataBufferSize) : GetRegByte = byBuffer : End If : Else : 'there is a problem : End If : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function SaveRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, byData() As Byte) : Dim lRegResult As Long : Dim hCurKey As Long : lRegResult = RegCreateKey(hKey, strPath, hCurKey) : lRegResult = RegSetValueEx(hCurKey, strValueName, 0&, REG_BINARY, byData(0), UBound(byData()) + 1) : lRegResult = RegCloseKey(hCurKey) : End Function : : Public Function CopyRegByte(ByVal From_hKey As RegHive, ByVal From_strPath As String, _ : ByVal From_strKeyName As String, ByVal To_strPath As String, _ : Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String) : : If To_hKey = 0 Then : To_hKey = From_hKey : Else : To_hKey = To_hKey : End If : If To_strKeyName = "" Then : To_strKeyName = From_strKeyName : Else : To_strKeyName = To_strKeyName : End If : : Dim mybytes As Variant : mybytes = GetRegByte(From_hKey, From_strPath, From_strKeyName) : thelen = UBound(mybytes) : Dim x() As Byte : ReDim x(thelen) : For i = 0 To UBound(mybytes) : x(i) = mybytes(i) : Next i : rslt = SaveRegByte(To_hKey, To_strPath, To_strKeyName, x) : End Function : : Public Function CopyRegString(ByVal From_hKey As RegHive, ByVal From_strPath As String, _ : ByVal From_strKeyName As String, ByVal To_strPath As String, _ : Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String) : : If To_hKey = 0 Then : To_hKey = From_hKey : Else : To_hKey = To_hKey : End If : If To_strKeyName = "" Then : To_strKeyName = From_strKeyName : Else : To_strKeyName = To_strKeyName : End If : : Dim mystring As String : mystring = GetRegString(From_hKey, From_strPath, From_strKeyName) : rslt = SaveRegString(To_hKey, To_strPath, To_strKeyName, mystring) : : End Function : : Public Function CopyRegLong(ByVal hKey As RegHive, ByVal From_strPath As String, _ : ByVal From_strKeyName As String, ByVal To_strPath As String, _ : Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String) : : If To_hKey = 0 Then : To_hKey = From_hKey : Else : To_hKey = To_hKey : End If : If To_strKeyName = "" Then : To_strKeyName = From_strKeyName : Else : To_strKeyName = To_strKeyName : End If : : Dim mylong As Long : mylong = GetRegLong(From_hKey, From_strPath, From_strKeyName) : rslt = SaveRegLong(To_hKey, To_strPath, To_strKeyName, mylong) : : End Function : Public Function GetRegSubKeyList(ByVal hKey As RegHive, ByVal strPath As String) : On Error Resume Next : Dim lResult As Long, lKeyValue As Long, lDataTypeValue As Long, lValueLength As Long : Dim sValue As String, td As Double, i As Long, Ret As Boolean, tmprst() : Do Until Ret = True : lResult = RegOpenKey(hKey, strPath, lKeyValue) : sValue = Space$(2048) : lValueLength = Len(sValue) : lResult = RegEnumKey(lKeyValue, i, sValue, lValueLength) : If (lResult = 0) And (Err.Number = 0) Then : ReDim Preserve tmprst(i) : tmprst(i) = Left$(sValue, InStr(sValue, Chr(0)) - 1) : Else : Ret = True : End If : lResult = RegCloseKey(lKeyValue) : i = i + 1 : Loop : GetRegSubKeyList = tmprst : End Function : [/blue] : and also when i send the trojan to do it's work how do i no the victims ip or if i send it to a person through msn can i find out then but i really dont want to do that cos they no where they get the virus from so really all i want is to no how i get the users ip : from : mark : : : hey m8, thanx for the code. Anywayz, read my tutorial on IP adresses. You'll find it in this messageboard. EtHeO out...
: [b][red]This message was edited by lavey666uk at 2004-4-7 5:32:46[/red][/b][hr] : you can find out the ip of the host with an api and then build a notify mechanism.. : also .. you will need to consider firewalls ! : : my advice.. search the vb section of pscode.com for specifc things.. ie; retrieve ip. : email notification. : : There are also some really nice code samples out there for reverse connection
I couldn't reply to mark's message, so I post my reply here. A reverse connection is the victims computer to seek a connection with yours. That way, you will always know whether the victim is online and running your trojan. Email notification is the trojan sending an email to you, every time it is online. EtHeO out...
thanks for ur info on how to find the ip in msn and that. but wot peice of reg api code do i use as i dont really want them to no that i have given it to them i want it to be like sent in an email or downloaded then it sends me an email with there ip and any other info like if it is running or not and also is there a way to intergrate the trojan with an exsiting prog like a small game i have downloaded can i add it to the game small game thanks from mark please help
mark... u need a program called a binder .. do a google search there are loadsa good ones out there...
: thanks for ur info on how to find the ip in msn and that. but wot peice of reg api code do i use as i dont really want them to no that i have given it to them i want it to be like sent in an email or downloaded then it sends me an email with there ip and any other info like if it is running or not and also is there a way to intergrate the trojan with an exsiting prog like a small game i have downloaded can i add it to the game small game : thanks : from : mark please help : :
thanks for ur info but i really need to no the code for the reg api thing that lets me no wot the ip of the victims pc is and when the trojan is running help would be greate full please help or is there any code that does it please help from mark ps i have searched for binders but cant find any (strange as it seem's)
: thanks for ur info but i really need to no the code for the reg api thing that lets me no wot the ip of the victims pc is and when the trojan is running help would be greate full please help or is there any code that does it : please help : from : mark : ps i have searched for binders but cant find any (strange as it seem's) : Binding tools: Silk Rope, Saran Wrap, EliteWrap search google for these tools, download them, and use them to bind your trojan to the program people would want to download EtHeO out...
: : thanks for ur info but i really need to no the code for the reg api thing that lets me no wot the ip of the victims pc is and when the trojan is running help would be greate full please help or is there any code that does it : : please help : : from : : mark : : ps i have searched for binders but cant find any (strange as it seem's) : : : Binding tools: : Silk Rope, Saran Wrap, EliteWrap : search google for these tools, download them, and use them to bind your trojan to the program people would want to download right i have sent to trojan to sum 1 and tryped his ip in but it is taking foever to connect to him it just says connecting the when i click send message a runtime error displays which is '40006' and the comment says wrong protocol or connection state for the request transaction or request is this due to it trying to connect still or is a a general run time error HE HAS NO FIREWALL please help asap thanks
[b][red]This message was edited by lavey666uk at 2004-4-7 14:10:28[/red][/b][hr] mark.. just a pointer for you..
Always test your trojan b4 sending it to someone.. I run a spare box to test this kinda stuff on.. now seeing as you built this in vb u can control the test (for reg writes, etc)....
anyway.. back to your question.. wrong protocol/state means u you dont have a conection.
Comments
: : : :
: : : :
: : : :
: : : :
: : : : C:Dos
: : : : C:Dos Run
: : : : Run Dos Run
: : : :
: : : hi i have 3 questions really first one is
: : : wot does this virus do i have made it but wot does it do
: : : second question is
: : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: : : please help
: : : thanks from
: : : mark
: : :
: : Hi m8, here's the answers:
: : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
: : The compiling is most easy:
: : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
: : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
: :
: : Hope this helps...
: :
: : EtHeO out...
: :
:
:
: didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.
:
: for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..
:
: on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.
:
: hope that helps everyone looking into it.
:
: just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.
: [blue]
: C:Dos
: C:Dos Run
: Run Dos Run
: [/blue]
:
hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out
from
mark
: : : : :
: : : : :
: : : : :
: : : : :
: : : : : C:Dos
: : : : : C:Dos Run
: : : : : Run Dos Run
: : : : :
: : : : hi i have 3 questions really first one is
: : : : wot does this virus do i have made it but wot does it do
: : : : second question is
: : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: : : : please help
: : : : thanks from
: : : : mark
: : : :
: : : Hi m8, here's the answers:
: : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
: : : The compiling is most easy:
: : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
: : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
: : :
: : : Hope this helps...
: : :
: : : EtHeO out...
: : :
: :
: :
: : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.
: :
: : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..
: :
: : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.
: :
: : hope that helps everyone looking into it.
: :
: : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.
: : [blue]
: : C:Dos
: : C:Dos Run
: : Run Dos Run
: : [/blue]
: :
: hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out
: from
: mark
:
don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site.
[blue]
C:Dos
C:Dos Run
Run Dos Run
[/blue]
: : : : : :
: : : : : :
: : : : : :
: : : : : :
: : : : : : C:Dos
: : : : : : C:Dos Run
: : : : : : Run Dos Run
: : : : : :
: : : : : hi i have 3 questions really first one is
: : : : : wot does this virus do i have made it but wot does it do
: : : : : second question is
: : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: : : : : please help
: : : : : thanks from
: : : : : mark
: : : : :
: : : : Hi m8, here's the answers:
: : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
: : : : The compiling is most easy:
: : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
: : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
: : : :
: : : : Hope this helps...
: : : :
: : : : EtHeO out...
: : : :
: : :
: : :
: : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.
: : :
: : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..
: : :
: : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.
: : :
: : : hope that helps everyone looking into it.
: : :
: : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.
: : : [blue]
: : : C:Dos
: : : C:Dos Run
: : : Run Dos Run
: : : [/blue]
: : :
: : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out
: : from
: : mark
: :
:
:
: don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site.
: [blue]
: C:Dos
: C:Dos Run
: Run Dos Run
: [/blue]
:
thanks mate i will for it as weell and could u look aswell please then if any of us find sumthing post it on here ok thaks
from
mark
: : : : : : :
: : : : : : :
: : : : : : :
: : : : : : :
: : : : : : : C:Dos
: : : : : : : C:Dos Run
: : : : : : : Run Dos Run
: : : : : : :
: : : : : : hi i have 3 questions really first one is
: : : : : : wot does this virus do i have made it but wot does it do
: : : : : : second question is
: : : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: : : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: : : : : : please help
: : : : : : thanks from
: : : : : : mark
: : : : : :
: : : : : Hi m8, here's the answers:
: : : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
: : : : : The compiling is most easy:
: : : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
: : : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
: : : : :
: : : : : Hope this helps...
: : : : :
: : : : : EtHeO out...
: : : : :
: : : :
: : : :
: : : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.
: : : :
: : : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..
: : : :
: : : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.
: : : :
: : : : hope that helps everyone looking into it.
: : : :
: : : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.
: : : : [blue]
: : : : C:Dos
: : : : C:Dos Run
: : : : Run Dos Run
: : : : [/blue]
: : : :
: : : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out
: : : from
: : : mark
: : :
: :
: :
: : don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site.
: : [blue]
: : C:Dos
: : C:Dos Run
: : Run Dos Run
: : [/blue]
: :
: thanks mate i will for it as weell and could u look aswell please then if any of us find sumthing post it on here ok thaks
: from
: mark
Hi all i managed to find sum code all u do is put it in a module
here it is
[blue]
Enum RegHive
HKEY_CLASSES_ROOT = &H80000000
HK_CR = &H80000000
HKEY_CURRENT_USER = &H80000001
HK_CU = &H80000001
HKEY_LOCAL_MACHINE = &H80000002
HK_LM = &H80000002
HKEY_USERS = &H80000003
HK_US = &H80000003
HKEY_CURRENT_CONFIG = &H80000005
HK_CC = &H80000005
HKEY_DYN_DATA = &H80000006
HK_DD = &H80000006
End Enum
Enum RegType
REG_SZ = 1 'Unicode nul terminated string
REG_BINARY = 3 'Free form binary
REG_DWORD = 4 '32-bit number
End Enum
Public Const ERROR_SUCCESS = 0&
Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Public Declare Function RegEnumKey Lib "advapi32.dll" Alias "RegEnumKeyA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, ByVal cbName As Long) As Long
Public Function DelRegValue(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String)
Dim hCurKey As Long
Dim lRegResult As Long
lRegResult = RegOpenKey(hKey, strPath, hCurKey)
lRegResult = RegDeleteValue(hCurKey, strValue)
lRegResult = RegCloseKey(hCurKey)
End Function
Public Function DelRegKey(ByVal hKey As RegHive, ByVal strPath As String) As Long
Dim lRegResult As Long
lRegResult = RegDeleteKey(hKey, strPath)
DelRegKey = lRegResult
End Function
Public Function CreateRegKey(hKey As RegHive, strPath As String)
Dim hCurKey As Long
Dim lRegResult As Long
lRegResult = RegCreateKey(hKey, strPath, hCurKey)
If lRegResult <> ERROR_SUCCESS Then
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function
Public Function GetRegString(hKey As RegHive, strPath As String, strValue As String, Optional Default As String) As String
Dim hCurKey As Long
Dim lResult As Long
Dim lValueType As Long
Dim strBuffer As String
Dim lDataBufferSize As Long
Dim intZeroPos As Integer
Dim lRegResult As Long
'Set up default value
If Not IsEmpty(Default) Then
GetRegString = Default
Else
GetRegString = ""
End If
lRegResult = RegOpenKey(hKey, strPath, hCurKey)
lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, ByVal 0&, lDataBufferSize)
If lRegResult = ERROR_SUCCESS Then
If lValueType = REG_SZ Then
strBuffer = String(lDataBufferSize, " ")
lResult = RegQueryValueEx(hCurKey, strValue, 0&, 0&, ByVal strBuffer, lDataBufferSize)
intZeroPos = InStr(strBuffer, Chr$(0))
If intZeroPos > 0 Then
GetRegString = Left$(strBuffer, intZeroPos - 1)
Else
GetRegString = strBuffer
End If
End If
Else
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function
Public Function SaveRegString(hKey As RegHive, strPath As String, strValue As String, strData As String)
Dim hCurKey As Long
Dim lRegResult As Long
lRegResult = RegCreateKey(hKey, strPath, hCurKey)
lRegResult = RegSetValueEx(hCurKey, strValue, 0, REG_SZ, ByVal strData, Len(strData))
If lRegResult <> ERROR_SUCCESS Then
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function
Public Function GetRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, Optional Default As Long) As Long
Dim lRegResult As Long
Dim lValueType As Long
Dim lBuffer As Long
Dim lDataBufferSize As Long
Dim hCurKey As Long
'Set up default value
If Not IsEmpty(Default) Then
GetRegLong = Default
Else
GetRegLong = 0
End If
lRegResult = RegOpenKey(hKey, strPath, hCurKey)
lDataBufferSize = 4 '4 bytes = 32 bits = long
lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, lBuffer, lDataBufferSize)
If lRegResult = ERROR_SUCCESS Then
If lValueType = REG_DWORD Then
GetRegLong = lBuffer
End If
Else
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function
Public Function SaveRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, ByVal lData As Long)
Dim hCurKey As Long
Dim lRegResult As Long
lRegResult = RegCreateKey(hKey, strPath, hCurKey)
lRegResult = RegSetValueEx(hCurKey, strValue, 0&, REG_DWORD, lData, 4)
If lRegResult <> ERROR_SUCCESS Then
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function
Public Function GetRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, Optional Default As Variant) As Variant
Dim lValueType As Long
Dim byBuffer() As Byte
Dim lDataBufferSize As Long
Dim lRegResult As Long
Dim hCurKey As Long
If Not IsEmpty(Default) Then
If VarType(Default) = vbArray + vbByte Then
GetRegByte = Default
Else
GetRegByte = 0
End If
Else
GetRegByte = 0
End If
lRegResult = RegOpenKey(hKey, strPath, hCurKey)
lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, ByVal 0&, lDataBufferSize)
If lRegResult = ERROR_SUCCESS Then
If lValueType = REG_BINARY Then
ReDim byBuffer(lDataBufferSize - 1) As Byte
lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, byBuffer(0), lDataBufferSize)
GetRegByte = byBuffer
End If
Else
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function
Public Function SaveRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, byData() As Byte)
Dim lRegResult As Long
Dim hCurKey As Long
lRegResult = RegCreateKey(hKey, strPath, hCurKey)
lRegResult = RegSetValueEx(hCurKey, strValueName, 0&, REG_BINARY, byData(0), UBound(byData()) + 1)
lRegResult = RegCloseKey(hCurKey)
End Function
Public Function CopyRegByte(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
ByVal From_strKeyName As String, ByVal To_strPath As String, _
Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
If To_hKey = 0 Then
To_hKey = From_hKey
Else
To_hKey = To_hKey
End If
If To_strKeyName = "" Then
To_strKeyName = From_strKeyName
Else
To_strKeyName = To_strKeyName
End If
Dim mybytes As Variant
mybytes = GetRegByte(From_hKey, From_strPath, From_strKeyName)
thelen = UBound(mybytes)
Dim x() As Byte
ReDim x(thelen)
For i = 0 To UBound(mybytes)
x(i) = mybytes(i)
Next i
rslt = SaveRegByte(To_hKey, To_strPath, To_strKeyName, x)
End Function
Public Function CopyRegString(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
ByVal From_strKeyName As String, ByVal To_strPath As String, _
Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
If To_hKey = 0 Then
To_hKey = From_hKey
Else
To_hKey = To_hKey
End If
If To_strKeyName = "" Then
To_strKeyName = From_strKeyName
Else
To_strKeyName = To_strKeyName
End If
Dim mystring As String
mystring = GetRegString(From_hKey, From_strPath, From_strKeyName)
rslt = SaveRegString(To_hKey, To_strPath, To_strKeyName, mystring)
End Function
Public Function CopyRegLong(ByVal hKey As RegHive, ByVal From_strPath As String, _
ByVal From_strKeyName As String, ByVal To_strPath As String, _
Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
If To_hKey = 0 Then
To_hKey = From_hKey
Else
To_hKey = To_hKey
End If
If To_strKeyName = "" Then
To_strKeyName = From_strKeyName
Else
To_strKeyName = To_strKeyName
End If
Dim mylong As Long
mylong = GetRegLong(From_hKey, From_strPath, From_strKeyName)
rslt = SaveRegLong(To_hKey, To_strPath, To_strKeyName, mylong)
End Function
Public Function GetRegSubKeyList(ByVal hKey As RegHive, ByVal strPath As String)
On Error Resume Next
Dim lResult As Long, lKeyValue As Long, lDataTypeValue As Long, lValueLength As Long
Dim sValue As String, td As Double, i As Long, Ret As Boolean, tmprst()
Do Until Ret = True
lResult = RegOpenKey(hKey, strPath, lKeyValue)
sValue = Space$(2048)
lValueLength = Len(sValue)
lResult = RegEnumKey(lKeyValue, i, sValue, lValueLength)
If (lResult = 0) And (Err.Number = 0) Then
ReDim Preserve tmprst(i)
tmprst(i) = Left$(sValue, InStr(sValue, Chr(0)) - 1)
Else
Ret = True
End If
lResult = RegCloseKey(lKeyValue)
i = i + 1
Loop
GetRegSubKeyList = tmprst
End Function
[/blue]
and also when i send the trojan to do it's work how do i no the victims ip or if i send it to a person through msn can i find out then but i really dont want to do that cos they no where they get the virus from so really all i want is to no how i get the users ip
from
mark
: : : : : : : :
: : : : : : : :
: : : : : : : :
: : : : : : : :
: : : : : : : : C:Dos
: : : : : : : : C:Dos Run
: : : : : : : : Run Dos Run
: : : : : : : :
: : : : : : : hi i have 3 questions really first one is
: : : : : : : wot does this virus do i have made it but wot does it do
: : : : : : : second question is
: : : : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: : : : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: : : : : : : please help
: : : : : : : thanks from
: : : : : : : mark
: : : : : : :
: : : : : : Hi m8, here's the answers:
: : : : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
: : : : : : The compiling is most easy:
: : : : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
: : : : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
: : : : : :
: : : : : : Hope this helps...
: : : : : :
: : : : : : EtHeO out...
: : : : : :
: : : : :
: : : : :
: : : : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.
: : : : :
: : : : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..
: : : : :
: : : : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.
: : : : :
: : : : : hope that helps everyone looking into it.
: : : : :
: : : : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.
: : : : : [blue]
: : : : : C:Dos
: : : : : C:Dos Run
: : : : : Run Dos Run
: : : : : [/blue]
: : : : :
: : : : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out
: : : : from
: : : : mark
: : : :
: : :
: : :
: : : don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site.
: : : [blue]
: : : C:Dos
: : : C:Dos Run
: : : Run Dos Run
: : : [/blue]
: : :
: : thanks mate i will for it as weell and could u look aswell please then if any of us find sumthing post it on here ok thaks
: : from
: : mark
:
: Hi all i managed to find sum code all u do is put it in a module
: here it is
: [blue]
: Enum RegHive
: HKEY_CLASSES_ROOT = &H80000000
: HK_CR = &H80000000
: HKEY_CURRENT_USER = &H80000001
: HK_CU = &H80000001
: HKEY_LOCAL_MACHINE = &H80000002
: HK_LM = &H80000002
: HKEY_USERS = &H80000003
: HK_US = &H80000003
: HKEY_CURRENT_CONFIG = &H80000005
: HK_CC = &H80000005
: HKEY_DYN_DATA = &H80000006
: HK_DD = &H80000006
: End Enum
:
: Enum RegType
: REG_SZ = 1 'Unicode nul terminated string
: REG_BINARY = 3 'Free form binary
: REG_DWORD = 4 '32-bit number
: End Enum
:
: Public Const ERROR_SUCCESS = 0&
: Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
: Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
: Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
: Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
: Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
: Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
: Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
: Public Declare Function RegEnumKey Lib "advapi32.dll" Alias "RegEnumKeyA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, ByVal cbName As Long) As Long
:
: Public Function DelRegValue(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lRegResult = RegDeleteValue(hCurKey, strValue)
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function DelRegKey(ByVal hKey As RegHive, ByVal strPath As String) As Long
: Dim lRegResult As Long
: lRegResult = RegDeleteKey(hKey, strPath)
: DelRegKey = lRegResult
: End Function
:
: Public Function CreateRegKey(hKey As RegHive, strPath As String)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: If lRegResult <> ERROR_SUCCESS Then
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
: Public Function GetRegString(hKey As RegHive, strPath As String, strValue As String, Optional Default As String) As String
: Dim hCurKey As Long
: Dim lResult As Long
: Dim lValueType As Long
: Dim strBuffer As String
: Dim lDataBufferSize As Long
: Dim intZeroPos As Integer
: Dim lRegResult As Long
: 'Set up default value
: If Not IsEmpty(Default) Then
: GetRegString = Default
: Else
: GetRegString = ""
: End If
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, ByVal 0&, lDataBufferSize)
: If lRegResult = ERROR_SUCCESS Then
: If lValueType = REG_SZ Then
: strBuffer = String(lDataBufferSize, " ")
: lResult = RegQueryValueEx(hCurKey, strValue, 0&, 0&, ByVal strBuffer, lDataBufferSize)
: intZeroPos = InStr(strBuffer, Chr$(0))
: If intZeroPos > 0 Then
: GetRegString = Left$(strBuffer, intZeroPos - 1)
: Else
: GetRegString = strBuffer
: End If
: End If
: Else
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function SaveRegString(hKey As RegHive, strPath As String, strValue As String, strData As String)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: lRegResult = RegSetValueEx(hCurKey, strValue, 0, REG_SZ, ByVal strData, Len(strData))
: If lRegResult <> ERROR_SUCCESS Then
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function GetRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, Optional Default As Long) As Long
: Dim lRegResult As Long
: Dim lValueType As Long
: Dim lBuffer As Long
: Dim lDataBufferSize As Long
: Dim hCurKey As Long
: 'Set up default value
: If Not IsEmpty(Default) Then
: GetRegLong = Default
: Else
: GetRegLong = 0
: End If
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lDataBufferSize = 4 '4 bytes = 32 bits = long
: lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, lBuffer, lDataBufferSize)
: If lRegResult = ERROR_SUCCESS Then
: If lValueType = REG_DWORD Then
: GetRegLong = lBuffer
: End If
: Else
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function SaveRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, ByVal lData As Long)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: lRegResult = RegSetValueEx(hCurKey, strValue, 0&, REG_DWORD, lData, 4)
: If lRegResult <> ERROR_SUCCESS Then
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function GetRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, Optional Default As Variant) As Variant
: Dim lValueType As Long
: Dim byBuffer() As Byte
: Dim lDataBufferSize As Long
: Dim lRegResult As Long
: Dim hCurKey As Long
: If Not IsEmpty(Default) Then
: If VarType(Default) = vbArray + vbByte Then
: GetRegByte = Default
: Else
: GetRegByte = 0
: End If
: Else
: GetRegByte = 0
: End If
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, ByVal 0&, lDataBufferSize)
: If lRegResult = ERROR_SUCCESS Then
: If lValueType = REG_BINARY Then
: ReDim byBuffer(lDataBufferSize - 1) As Byte
: lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, byBuffer(0), lDataBufferSize)
: GetRegByte = byBuffer
: End If
: Else
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function SaveRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, byData() As Byte)
: Dim lRegResult As Long
: Dim hCurKey As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: lRegResult = RegSetValueEx(hCurKey, strValueName, 0&, REG_BINARY, byData(0), UBound(byData()) + 1)
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function CopyRegByte(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
: ByVal From_strKeyName As String, ByVal To_strPath As String, _
: Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
:
: If To_hKey = 0 Then
: To_hKey = From_hKey
: Else
: To_hKey = To_hKey
: End If
: If To_strKeyName = "" Then
: To_strKeyName = From_strKeyName
: Else
: To_strKeyName = To_strKeyName
: End If
:
: Dim mybytes As Variant
: mybytes = GetRegByte(From_hKey, From_strPath, From_strKeyName)
: thelen = UBound(mybytes)
: Dim x() As Byte
: ReDim x(thelen)
: For i = 0 To UBound(mybytes)
: x(i) = mybytes(i)
: Next i
: rslt = SaveRegByte(To_hKey, To_strPath, To_strKeyName, x)
: End Function
:
: Public Function CopyRegString(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
: ByVal From_strKeyName As String, ByVal To_strPath As String, _
: Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
:
: If To_hKey = 0 Then
: To_hKey = From_hKey
: Else
: To_hKey = To_hKey
: End If
: If To_strKeyName = "" Then
: To_strKeyName = From_strKeyName
: Else
: To_strKeyName = To_strKeyName
: End If
:
: Dim mystring As String
: mystring = GetRegString(From_hKey, From_strPath, From_strKeyName)
: rslt = SaveRegString(To_hKey, To_strPath, To_strKeyName, mystring)
:
: End Function
:
: Public Function CopyRegLong(ByVal hKey As RegHive, ByVal From_strPath As String, _
: ByVal From_strKeyName As String, ByVal To_strPath As String, _
: Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
:
: If To_hKey = 0 Then
: To_hKey = From_hKey
: Else
: To_hKey = To_hKey
: End If
: If To_strKeyName = "" Then
: To_strKeyName = From_strKeyName
: Else
: To_strKeyName = To_strKeyName
: End If
:
: Dim mylong As Long
: mylong = GetRegLong(From_hKey, From_strPath, From_strKeyName)
: rslt = SaveRegLong(To_hKey, To_strPath, To_strKeyName, mylong)
:
: End Function
: Public Function GetRegSubKeyList(ByVal hKey As RegHive, ByVal strPath As String)
: On Error Resume Next
: Dim lResult As Long, lKeyValue As Long, lDataTypeValue As Long, lValueLength As Long
: Dim sValue As String, td As Double, i As Long, Ret As Boolean, tmprst()
: Do Until Ret = True
: lResult = RegOpenKey(hKey, strPath, lKeyValue)
: sValue = Space$(2048)
: lValueLength = Len(sValue)
: lResult = RegEnumKey(lKeyValue, i, sValue, lValueLength)
: If (lResult = 0) And (Err.Number = 0) Then
: ReDim Preserve tmprst(i)
: tmprst(i) = Left$(sValue, InStr(sValue, Chr(0)) - 1)
: Else
: Ret = True
: End If
: lResult = RegCloseKey(lKeyValue)
: i = i + 1
: Loop
: GetRegSubKeyList = tmprst
: End Function
: [/blue]
: and also when i send the trojan to do it's work how do i no the victims ip or if i send it to a person through msn can i find out then but i really dont want to do that cos they no where they get the virus from so really all i want is to no how i get the users ip
: from
: mark
:
:
:
I'm not sure if a simple ping will detect the open port on the victim or not, I'm not that familier with how a ping works on the reciving side, you could always have it listen on a certain port and responsed back, then do a sweep on that port, only problem is dynamic IP's - one other option would be to have the program check the IP every so often and send it some where so you can retrive it later.
[blue]
C:Dos
C:Dos Run
Run Dos Run
[/blue]
you can find out the ip of the host with an api and then build a notify mechanism..
also .. you will need to consider firewalls !
my advice.. search the vb section of pscode.com for specifc things.. ie; retrieve ip.
email notification.
There are also some really nice code samples out there for reverse connection
: you can find out the ip of the host with an api and then build a notify mechanism..
: also .. you will need to consider firewalls !
:
: my advice.. search the vb section of pscode.com for specifc things.. ie; retrieve ip.
: email notification.
:
: There are also some really nice code samples out there for reverse connection
:
:
Wot is a recerse connection does it mean it will tell me the ip of the victim in a email or something
and do u have any code fo retrieving ip address
from
mark
: : : : : : : :
: : : : : : : :
: : : : : : : :
: : : : : : : :
: : : : : : : : C:Dos
: : : : : : : : C:Dos Run
: : : : : : : : Run Dos Run
: : : : : : : :
: : : : : : : hi i have 3 questions really first one is
: : : : : : : wot does this virus do i have made it but wot does it do
: : : : : : : second question is
: : : : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: : : : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: : : : : : : please help
: : : : : : : thanks from
: : : : : : : mark
: : : : : : :
: : : : : : Hi m8, here's the answers:
: : : : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
: : : : : : The compiling is most easy:
: : : : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
: : : : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
: : : : : :
: : : : : : Hope this helps...
: : : : : :
: : : : : : EtHeO out...
: : : : : :
: : : : :
: : : : :
: : : : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.
: : : : :
: : : : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..
: : : : :
: : : : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.
: : : : :
: : : : : hope that helps everyone looking into it.
: : : : :
: : : : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.
: : : : : [blue]
: : : : : C:Dos
: : : : : C:Dos Run
: : : : : Run Dos Run
: : : : : [/blue]
: : : : :
: : : : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out
: : : : from
: : : : mark
: : : :
: : :
: : :
: : : don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site.
: : : [blue]
: : : C:Dos
: : : C:Dos Run
: : : Run Dos Run
: : : [/blue]
: : :
: : thanks mate i will for it as weell and could u look aswell please then if any of us find sumthing post it on here ok thaks
: : from
: : mark
:
: Hi all i managed to find sum code all u do is put it in a module
: here it is
: [blue]
: Enum RegHive
: HKEY_CLASSES_ROOT = &H80000000
: HK_CR = &H80000000
: HKEY_CURRENT_USER = &H80000001
: HK_CU = &H80000001
: HKEY_LOCAL_MACHINE = &H80000002
: HK_LM = &H80000002
: HKEY_USERS = &H80000003
: HK_US = &H80000003
: HKEY_CURRENT_CONFIG = &H80000005
: HK_CC = &H80000005
: HKEY_DYN_DATA = &H80000006
: HK_DD = &H80000006
: End Enum
:
: Enum RegType
: REG_SZ = 1 'Unicode nul terminated string
: REG_BINARY = 3 'Free form binary
: REG_DWORD = 4 '32-bit number
: End Enum
:
: Public Const ERROR_SUCCESS = 0&
: Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
: Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
: Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
: Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
: Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
: Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
: Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
: Public Declare Function RegEnumKey Lib "advapi32.dll" Alias "RegEnumKeyA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, ByVal cbName As Long) As Long
:
: Public Function DelRegValue(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lRegResult = RegDeleteValue(hCurKey, strValue)
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function DelRegKey(ByVal hKey As RegHive, ByVal strPath As String) As Long
: Dim lRegResult As Long
: lRegResult = RegDeleteKey(hKey, strPath)
: DelRegKey = lRegResult
: End Function
:
: Public Function CreateRegKey(hKey As RegHive, strPath As String)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: If lRegResult <> ERROR_SUCCESS Then
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
: Public Function GetRegString(hKey As RegHive, strPath As String, strValue As String, Optional Default As String) As String
: Dim hCurKey As Long
: Dim lResult As Long
: Dim lValueType As Long
: Dim strBuffer As String
: Dim lDataBufferSize As Long
: Dim intZeroPos As Integer
: Dim lRegResult As Long
: 'Set up default value
: If Not IsEmpty(Default) Then
: GetRegString = Default
: Else
: GetRegString = ""
: End If
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, ByVal 0&, lDataBufferSize)
: If lRegResult = ERROR_SUCCESS Then
: If lValueType = REG_SZ Then
: strBuffer = String(lDataBufferSize, " ")
: lResult = RegQueryValueEx(hCurKey, strValue, 0&, 0&, ByVal strBuffer, lDataBufferSize)
: intZeroPos = InStr(strBuffer, Chr$(0))
: If intZeroPos > 0 Then
: GetRegString = Left$(strBuffer, intZeroPos - 1)
: Else
: GetRegString = strBuffer
: End If
: End If
: Else
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function SaveRegString(hKey As RegHive, strPath As String, strValue As String, strData As String)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: lRegResult = RegSetValueEx(hCurKey, strValue, 0, REG_SZ, ByVal strData, Len(strData))
: If lRegResult <> ERROR_SUCCESS Then
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function GetRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, Optional Default As Long) As Long
: Dim lRegResult As Long
: Dim lValueType As Long
: Dim lBuffer As Long
: Dim lDataBufferSize As Long
: Dim hCurKey As Long
: 'Set up default value
: If Not IsEmpty(Default) Then
: GetRegLong = Default
: Else
: GetRegLong = 0
: End If
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lDataBufferSize = 4 '4 bytes = 32 bits = long
: lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, lBuffer, lDataBufferSize)
: If lRegResult = ERROR_SUCCESS Then
: If lValueType = REG_DWORD Then
: GetRegLong = lBuffer
: End If
: Else
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function SaveRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, ByVal lData As Long)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: lRegResult = RegSetValueEx(hCurKey, strValue, 0&, REG_DWORD, lData, 4)
: If lRegResult <> ERROR_SUCCESS Then
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function GetRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, Optional Default As Variant) As Variant
: Dim lValueType As Long
: Dim byBuffer() As Byte
: Dim lDataBufferSize As Long
: Dim lRegResult As Long
: Dim hCurKey As Long
: If Not IsEmpty(Default) Then
: If VarType(Default) = vbArray + vbByte Then
: GetRegByte = Default
: Else
: GetRegByte = 0
: End If
: Else
: GetRegByte = 0
: End If
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, ByVal 0&, lDataBufferSize)
: If lRegResult = ERROR_SUCCESS Then
: If lValueType = REG_BINARY Then
: ReDim byBuffer(lDataBufferSize - 1) As Byte
: lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, byBuffer(0), lDataBufferSize)
: GetRegByte = byBuffer
: End If
: Else
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function SaveRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, byData() As Byte)
: Dim lRegResult As Long
: Dim hCurKey As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: lRegResult = RegSetValueEx(hCurKey, strValueName, 0&, REG_BINARY, byData(0), UBound(byData()) + 1)
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function CopyRegByte(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
: ByVal From_strKeyName As String, ByVal To_strPath As String, _
: Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
:
: If To_hKey = 0 Then
: To_hKey = From_hKey
: Else
: To_hKey = To_hKey
: End If
: If To_strKeyName = "" Then
: To_strKeyName = From_strKeyName
: Else
: To_strKeyName = To_strKeyName
: End If
:
: Dim mybytes As Variant
: mybytes = GetRegByte(From_hKey, From_strPath, From_strKeyName)
: thelen = UBound(mybytes)
: Dim x() As Byte
: ReDim x(thelen)
: For i = 0 To UBound(mybytes)
: x(i) = mybytes(i)
: Next i
: rslt = SaveRegByte(To_hKey, To_strPath, To_strKeyName, x)
: End Function
:
: Public Function CopyRegString(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
: ByVal From_strKeyName As String, ByVal To_strPath As String, _
: Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
:
: If To_hKey = 0 Then
: To_hKey = From_hKey
: Else
: To_hKey = To_hKey
: End If
: If To_strKeyName = "" Then
: To_strKeyName = From_strKeyName
: Else
: To_strKeyName = To_strKeyName
: End If
:
: Dim mystring As String
: mystring = GetRegString(From_hKey, From_strPath, From_strKeyName)
: rslt = SaveRegString(To_hKey, To_strPath, To_strKeyName, mystring)
:
: End Function
:
: Public Function CopyRegLong(ByVal hKey As RegHive, ByVal From_strPath As String, _
: ByVal From_strKeyName As String, ByVal To_strPath As String, _
: Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
:
: If To_hKey = 0 Then
: To_hKey = From_hKey
: Else
: To_hKey = To_hKey
: End If
: If To_strKeyName = "" Then
: To_strKeyName = From_strKeyName
: Else
: To_strKeyName = To_strKeyName
: End If
:
: Dim mylong As Long
: mylong = GetRegLong(From_hKey, From_strPath, From_strKeyName)
: rslt = SaveRegLong(To_hKey, To_strPath, To_strKeyName, mylong)
:
: End Function
: Public Function GetRegSubKeyList(ByVal hKey As RegHive, ByVal strPath As String)
: On Error Resume Next
: Dim lResult As Long, lKeyValue As Long, lDataTypeValue As Long, lValueLength As Long
: Dim sValue As String, td As Double, i As Long, Ret As Boolean, tmprst()
: Do Until Ret = True
: lResult = RegOpenKey(hKey, strPath, lKeyValue)
: sValue = Space$(2048)
: lValueLength = Len(sValue)
: lResult = RegEnumKey(lKeyValue, i, sValue, lValueLength)
: If (lResult = 0) And (Err.Number = 0) Then
: ReDim Preserve tmprst(i)
: tmprst(i) = Left$(sValue, InStr(sValue, Chr(0)) - 1)
: Else
: Ret = True
: End If
: lResult = RegCloseKey(lKeyValue)
: i = i + 1
: Loop
: GetRegSubKeyList = tmprst
: End Function
: [/blue]
: and also when i send the trojan to do it's work how do i no the victims ip or if i send it to a person through msn can i find out then but i really dont want to do that cos they no where they get the virus from so really all i want is to no how i get the users ip
: from
: mark
:
:
:
hey m8, thanx for the code. Anywayz, read my tutorial on IP adresses. You'll find it in this messageboard.
EtHeO out...
: you can find out the ip of the host with an api and then build a notify mechanism..
: also .. you will need to consider firewalls !
:
: my advice.. search the vb section of pscode.com for specifc things.. ie; retrieve ip.
: email notification.
:
: There are also some really nice code samples out there for reverse connection
I couldn't reply to mark's message, so I post my reply here. A reverse connection is the victims computer to seek a connection with yours. That way, you will always know whether the victim is online and running your trojan.
Email notification is the trojan sending an email to you, every time it is online.
EtHeO out...
thanks
from
mark please help
: thanks for ur info on how to find the ip in msn and that. but wot peice of reg api code do i use as i dont really want them to no that i have given it to them i want it to be like sent in an email or downloaded then it sends me an email with there ip and any other info like if it is running or not and also is there a way to intergrate the trojan with an exsiting prog like a small game i have downloaded can i add it to the game small game
: thanks
: from
: mark please help
:
:
please help
from
mark
ps i have searched for binders but cant find any (strange as it seem's)
: please help
: from
: mark
: ps i have searched for binders but cant find any (strange as it seem's)
:
Binding tools:
Silk Rope, Saran Wrap, EliteWrap
search google for these tools, download them, and use them to bind your trojan to the program people would want to download
EtHeO out...
: : please help
: : from
: : mark
: : ps i have searched for binders but cant find any (strange as it seem's)
: :
: Binding tools:
: Silk Rope, Saran Wrap, EliteWrap
: search google for these tools, download them, and use them to bind your trojan to the program people would want to download
right i have sent to trojan to sum 1 and tryped his ip in but it is taking foever to connect to him it just says connecting the when i click send message a runtime error displays which is '40006' and the comment says
wrong protocol or connection state for the request transaction or request is this due to it trying to connect still or is a a general run time error
HE HAS NO FIREWALL
please help asap thanks
mark.. just a pointer for you..
Always test your trojan b4 sending it to someone.. I run a spare box to test this kinda stuff on.. now seeing as you built this in vb u can control the test (for reg writes, etc)....
anyway.. back to your question.. wrong protocol/state means u you dont have a conection.