Forums

Hi Can anyone share the Tutorial for using Titanengine or its utility? Thanks

Hey Folks I Wanted To Share with u a poc I worked on today The Idea Behind It Is Instead of Hardcoding API Names or even their hashes in case u used api hashing we can receive this data from a server instead u can even encrypt the data sent this will complicate the analysis her is my poc have fun its very simple working on improving it and making another one but uses api hashing maybe u learn a thing or two from this    https://gist.github.com/vxcute/30b1ea4ab792c1395e8c9cb8e92c384f

Hi again, I have another question about WM_NOTIFY message.So MSDN said I should check lparams NMHDR structure and check hwndFrom or idFrom member to see which control has send a notify.So that means I have to notice / remember each handle of a control what it is.Is there a method to check at WM_NOTIFY what control it is (listview / treeview etc)? I'am also asking because I found that on MSDN too...NM_CUSTOMDRAW code https://docs.microsoft.com/en-us/windows/win32/controls/nm-customdraw NM_CUSTOMDRAW #ifdef LIST_VIEW_CUSTOM_DRAW lpNMCustomDraw = (LPNMLVCUSTOMDRAW) lParam; #elif TOOL_TIPS_CUSTOM_DRAW lpNMCustomDraw = (LPNMTTCUSTOMDRAW) lParam; #elif TREE_VIEW_CUSTOM_DRAW lpNMCustomDraw = (LPNMTVCUSTOMDRAW) lParam; #elif TOOL_BAR_CUSTOM_DRAW lpNMCustomDraw = (LPNMTBCUSTOMDRAW) lParam; #else lpNMCustomDraw = (LPNMCUSTOMDRAW) lParam; #endif ...so how to check which X-CUSTOMDRAW must be handled at the NM_CUSTOMDRAW code if I NOT know the control (LV,TV,etc without checking it)? In the end I have a short question about lparam variable.Normal I do write something like this to check for content in the structs... .elseif eax == WM_NOTIFY mov ecx, lParam .if [ecx].NMHDR.code == LVN_BEGINDRAG ...so I have to move lparam into register first.Is it also possible without using a register and access / pointing with lparam holder directly? .elseif eax == WM_NOTIFY .if [lParam].NMHDR.code == LVN_BEGINDRAG or .if [[lParam]].NMHDR.code == LVN_BEGINDRAG Somehow like this etc?I tried but dosent work.Just wanna know why it works using a register DWORD but not using lParam whats also a DWORD.I also can not use a other variable like that when I copy the lParam content into.Its seems I always have to use a register to copy lParam into.Not working with a variable.Something like it works in C code. case WM_NOTIFY: switch (((LPNMHDR)lParam)->code) { case LVN_BEGINDRAG: greetz

Key is "SOL"  Unpacked. unpacked.exe

So easy  you can unpack it under 10 sec just Use SimpleAssemblyExplorer 1. Use String and Flow Options ( or if its doesnt have cflow , just use String Only Options ) then Deobfuscate 2. and if Its have a Delegates ( make sure you checked the Delegates Call Options ) then Deobfuscate 3. and Drag and Drop to De4dot ( this will automaticly clean the rest ) and this the results