[Tutorial] How to make an undetected module.

**wr194t** · 10-25-2007

These are the strings that you will edit all together:

Code:

GetWindowThreadProcessId
OpenProcess
WriteProcessMemory
CloseHandle
FindWindow
GetKeyPress
ReadProcessMem
WriteAByte
WriteAnInt
WriteALong
ReadAByte
ReadAnInt
ReadALong
ReadAFloat
WriteAFloat
hWnd
pid
phandle

Note: If you don't have all of the strings as shown below in your module:

Code:

WriteAByte
WriteAnInt
WriteALong
ReadAByte
ReadAnInt
ReadALong
ReadAFloat
WriteAFloat

Then just edit the ones you do have.

Ok so these are some of the parts that need editing (the coloured parts):

Code:

Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) AsLong
Public Declare Function GetKeyPress Lib "user32" Alias "GetAsyncKeyState" (ByVal key As Long) As Integer
Public Declare Function ReadProcessMem Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As

Lets start with the first line:

Code:

Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long

After "user32" paste this code:

Code:

Alias "GetWindowThreadProcessId"

Now you can edit the function name and your code will look like this:

Code:

Public Declare Function GWTPId Lib "user32" Alias "GetWindowThreadProcessId"(ByVal hWnd As Long, lpdwProcessId As Long) As Long

Do the exact same method with the following strings:

Code:

GetWindowThreadProcessId (This string has just being shown above.)
OpenProcess
WriteProcessMemory
CloseHandle

But not these ones:

Code:

FindWindow
GetKeyPress
ReadProcessMem

Because they already have the Alias parts added in their line of code so you would just edit the function names.

And as for:

Code:

WriteAByte
WriteAnInt
WriteALong
ReadAByte
ReadAnInt
ReadALong
ReadAFloat
WriteAFloat
hWnd
pid
phandle

All you do is Search & Replace and your done. have fun with your undetected module.

+rep me if this tutorial helped or was useful to you

Note2: Make your own string names up so your module is truly undetected.

Credits:
The hard work: Cobra
Re-write: wr194t (AKA 5c0tt.)

**obsedianpk** · 10-25-2007

ahh i wud test it , but since i already made my UDM

looks a bit to easy but i think it has a chance of 97% to work

well done

**wr194t** · 10-25-2007

Originally Posted by obsedianpk

ahh i wud test it , but since i already made my UDM

looks a bit to easy but i think it has a chance of 97% to work

well done

Thank you for your comment and yeah it is quite easy. Some people have had difficulty with this tutorial so i re-wrote it to make it is easier to follow.

**pbsucks** · 10-25-2007

I have already tried to rename for myself but it didnt work

i have forgotten to make the "alias" part

but know it works great

thx very much...

**nub_g0t_high** · 10-25-2007

Thank You

helped me out alot.

**FOXXX** · 10-26-2007

a nother dumb question!!
is this to make VB6 undetected?

**wr194t** · 10-26-2007

Originally Posted by FOXXX

a nother dumb question!!
is this to make VB6 undetected?

Makes your VB6 module undetected.

**w00t?** · 10-27-2007

ot: man why u got banned from W/R/H/A/X ?

**wr194t** · 10-27-2007

Originally Posted by w00t?

ot: man why u got banned from W/R/H/A/X ?

Because theDude doesn't like D X T. I didn't do anything.

**RGewrsgywergeryt4yerhrh** · 10-28-2007

Wr194t help me Theres these WriteAFloat and ReadALong when ive gotta replace them with what i replace them :S

**wr194t** · 10-28-2007

Originally Posted by micopiira5

Wr194t help me Theres these WriteAFloat and ReadALong when ive gotta replace them with what i replace them :S

Just replace them with some made up things like asdf65jnf56hs67. You also have to use that edited string with your hacks.

**olie122333** · 10-28-2007

ty really helpful

**olie122333** · 10-28-2007

i would add to your rep but i need to share around my reps apparently so it won't let me give u another (i gave you one earlier)

**wr194t** · 10-28-2007

Thank you.

**wr194t** · 10-31-2007

By the way when you edit:

Code:

OpenProcess
WriteProcessMemory
CloseHandle

You would do this:

Code:

OpenProcess = Alias "OpenProcess"
WriteProcessMemory = Alias "WriteProcessMemory"
CloseHandle = Alias "CloseHandle"

Don't use:

Code:

Alias "GetWindowThreadProcessId"

On more than one line of coding.

PS: Sorry for double posting.

Thread: [Tutorial] How to make an undetected module.

Thread Tools

Display

[Tutorial] How to make an undetected module.

The Following 12 Users Say Thank You to wr194t For This Useful Post:

Aww i dint get that

ty

doh

Similar Threads

[Tutorial] how to make undetected module

[Video Tutorial] How to make an undetected module.

[Tutorial] How to make a module undetected.

[Tutorial] How to make your own undetected module in VB6

[Tutorial] How to make your own undetected module in VB6