[Tutorial] How to make an undetected module.

[wr194t]

These are the strings that you will edit all together:

Code:

GetWindowThreadProcessId
OpenProcess
WriteProcessMemory
CloseHandle
FindWindow
GetKeyPress
ReadProcessMem
WriteAByte
WriteAnInt
WriteALong
ReadAByte
ReadAnInt
ReadALong
ReadAFloat
WriteAFloat
hWnd
pid
phandle

Note: If you don't have all of the strings as shown below in your module:

Code:

WriteAByte
WriteAnInt
WriteALong
ReadAByte
ReadAnInt
ReadALong
ReadAFloat
WriteAFloat

Then just edit the ones you do have.

Ok so these are some of the parts that need editing (the coloured parts):

Code:

Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) AsLong
Public Declare Function GetKeyPress Lib "user32" Alias "GetAsyncKeyState" (ByVal key As Long) As Integer
Public Declare Function ReadProcessMem Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As

Lets start with the first line:

Code:

Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long

After "user32" paste this code:

Code:

Alias "GetWindowThreadProcessId"

Now you can edit the function name and your code will look like this:

Code:

Public Declare Function GWTPId Lib "user32" Alias "GetWindowThreadProcessId"(ByVal hWnd As Long, lpdwProcessId As Long) As Long

Do the exact same method with the following strings:

Code:

GetWindowThreadProcessId (This string has just being shown above.)
OpenProcess
WriteProcessMemory
CloseHandle

But not these ones:

Code:

FindWindow
GetKeyPress
ReadProcessMem

Because they already have the Alias parts added in their line of code so you would just edit the function names.

And as for:

Code:

WriteAByte
WriteAnInt
WriteALong
ReadAByte
ReadAnInt
ReadALong
ReadAFloat
WriteAFloat
hWnd
pid
phandle

All you do is Search & Replace and your done. have fun with your undetected module.

+rep me if this tutorial helped or was useful to you

Note2: Make your own string names up so your module is truly undetected.

Credits:
The hard work: Cobra
Re-write: wr194t (AKA 5c0tt.)

[obsedianpk]

ahh i wud test it , but since i already made my UDM

looks a bit to easy but i think it has a chance of 97% to work

well done

[wr194t]

Quote:

Originally Posted by obsedianpk

ahh i wud test it , but since i already made my UDM

looks a bit to easy but i think it has a chance of 97% to work

well done

Thank you for your comment and yeah it is quite easy. Some people have had difficulty with this tutorial so i re-wrote it to make it is easier to follow.

[pbsucks]

I have already tried to rename for myself but it didnt work

i have forgotten to make the "alias" part

but know it works great

thx very much...

[nub_g0t_high]

Thank You

helped me out alot.

[FOXXX]

a nother dumb question!!
is this to make VB6 undetected?

[wr194t]

Quote:

Originally Posted by FOXXX

a nother dumb question!!
is this to make VB6 undetected?

Makes your VB6 module undetected.

[w00t?]

ot: man why u got banned from W/R/H/A/X ?

[wr194t]

Quote:

Originally Posted by w00t?

ot: man why u got banned from W/R/H/A/X ?

Because theDude doesn't like D X T. I didn't do anything.

[micopiira5]

Wr194t help me Theres these WriteAFloat and ReadALong when ive gotta replace them with what i replace them :S