Last active
October 16, 2023 16:07
-
-
Save trevorsaudi/18d5bdc719f1542daecadee1f82812d4 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <iostream> | |
| #define KEY 'A' // our key | |
| // Function to encrypt/decrypt strings | |
| void XOR(LPSTR data, int data_len) { | |
| for (int i = 0; i < data_len; i++) { | |
| data[i] ^= KEY; | |
| } | |
| } | |
| int main() { | |
| // Load the user32.dll library | |
| HMODULE user32Dll = GetModuleHandleW(L"user32.dll"); | |
| // Define a function pointer for MessageBoxW | |
| typedef int (WINAPI* MessageBoxWFunc)( | |
| HWND hwnd, | |
| LPCWSTR lpText, | |
| LPCWSTR lpCaption, | |
| UINT uType | |
| ); | |
| // Encrypted version of "MessageBoxW" | |
| char messageboxfunc[] = { 0x0C, 0x24, 0x32, 0x32, 0x20, 0x26, 0x24, 0x03, 0x2E, 0x39, 0x16, 0x00 }; // NULL-terminated string | |
| // Decrypt the API name | |
| XOR(messageboxfunc, strlen(messageboxfunc)); | |
| // Get the MessageBoxW function address using decrypted API name | |
| MessageBoxWFunc pMessageBoxW = (MessageBoxWFunc)GetProcAddress(user32Dll, messageboxfunc); | |
| LPCWSTR Text = L"Hello hackers!"; | |
| LPCWSTR Title = L"Title"; | |
| // Invoke the function | |
| int result = pMessageBoxW(nullptr, Text, Title, MB_OK); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment