Closed DARK-DEVIL-66 closed 8 months ago
When you search for the string literal "$77"
, you will find it in r77def.h
and R77Const.cs
- as described in the documentation. Then, you only need to replace both occurrences and recompile.
actually my payload name is services.exe so i want to add except to inject that payload what i need to do that ?
In that case, you don't need to change the $77
prefix at all, since your exeutable name isn't $77services.exe
.
You can write the helper signature at compile time to your executable. That way it will never be injected. There's a chapter in the documentation which you can find on the main page that describes how to write the helper signature. It's just a modification of two bytes of your executable.
your project contine install.exe so can i use it for $77services.exe
You don't need the $77
prefix. Just change your services.exe
file.
See Documentation section 4.9 r77 Header:
You need to write 0x7277
(0x7727 in little endian) at file offset 64 in services.exe
. If you are interested why that is, there's more on that topic in that chapter.
but i dont"t have services.exe source code
Are you sure you have read the page about the r77 header? You can literally change 2 bytes in your executable file and make it non-injectable (see my previous message).
ok let say i changed 0x7277 but wic exe i need to execute in client pc $77services.exe and install.exe i am right ?
You allways need to use Install.exe
to install the rootkit. Your service.exe
doesn't need to be named $77services.exe
. All you need to do is write the helper signature (0x7277) to services.exe
.
I assume that your question is answered, so I'm going to cose this issue. But feel free to re-open if you still have questions...
when i change the prefix with my word like abc it does not work for hidding tcp connetion i can find by using netstat -ano
Hi Bro
i want to know How to Change and whare to change $77 to my own Perfix ?
wich visual studio is supported ?