Hi there nononsence, I had a look at your first script a couple of days ago and i thought it was very functional. Definitely unprecedented speed as far as drive-finding goes as the right drive is being found instantly after code execution. However, with this latest package i get a virus warning for Form1.vb upon unpacking: HTML/ADODB.Exploit.Gen I assume this is because of this line: Dim objOStream = CreateObject("ADODB.Stream") Since the same will obviously happen on other peoples computers you might want to use some other method here, otherwise they might think its actually malware...
Maybe try declare "ADODB.Stream" as a string variable and pass that variable to create object line. That may alter the heuristics (or it may not). Obviously the laziness at that particular Virus company is just to assume all ADODB connections are bad. Dim strADO = "ADODB.Stream" Dim objOStream = CreateObject(strADO) Be curious for know if they catch that.
we have a winner, that one passed virus total. Edit when I uploaded the the whole form1.vb it got 2 hits again.
It seems if you create a text, gif, tiff, jpg file which exceeds a certain buffer size and import via Server.CreateObject("ADODB.Stream") you gain administrator rights over IE6,7,8. AKA the buffer exploit.
I did some checking; for the ADODB-Alarm to be triggered these codebits have to be present in the script: Code: Dim CreateObject("ADODB.Stream") file.exe .Open .SaveToFile If any of these lines/parameters are removed then the alarm is not being triggered anymore...
I changed the first one, as Mr Jinie sugested and it passed VT changeing the rest would break things, Ill see if Visual Studio will let me change the extension to .txt It looks like removing the three instances of .exe allows it to pass VT I dont think any thing broke thanks.
Unfortunately this doesnt work either because it still contains: Code: Dim "ADODB.Stream" CreateObject file.exe .Open .SaveToFile As long as these codebits are present, no matter if mixed with other code or not, the alarm will be triggered. Only removing at least one of these parameters will stop the alarm from going off. Annoying, i know, but i think the only way to fix this for good is to convert to a different method altogether...
Ah, i didnt see your edit. Well in that case ignore my last reply. Good to hear you already figured out a way...
Cool, if you have a fix, otherwise, ADODB-Stream is not the only method for reading text file into a blob. Maybe try FSO OpenAsTextStream method instead
this is the code to make GRLDR and it has to cannotate the files in binary, its kinda ugly to do with VB. when I finly got it to work I was stunned and wont mess with it anymore
Im still debating weather to make the key and the cert, slic match up automaticly, it doesnt seem to matter which key you install.
Ok thats cool, but when a key is installed from this it would be good to see the change in textbox1 also have you thought about using grldr for mac pc's Excellent work tho bro Alfa
I dont intend on deveolping this very far, and I dont want to compete with Daz, my intention is to help people move past the batch script with a working code example. VB is just about as easy as Batch programming, if someone were intrested they could look at the code and start customizing add logo install, spam their user name all over it whatever I dont understand the key thing, the textbox shows which key will be installed do you want it to show the same key after it is installed? if slmger returns with out error the key is installed.