Jump to content
Tuts 4 You

Forums

  1. General Discussions and Site Issues

    1. The Board Rules & Frequently Asked Questions   (102,117 visits to this link)

      Very important! Please read before posting...

    2. General Discussions and Off Topic

      General and off-topic conversations and discussions here...

      9,481
      posts
    3. Site Bug Reports and Technical Issues

      Bugs and issues regarding this website and board...

      1,935
      posts
  2. Reverse Code Engineering

    1. Challenge of Reverse Engineering

      Try a challenge or contribute your own, any platform or operating system...

      12,297
      posts
    2. Hardware Reverse Engineering

      Reverse engineering of hardware, firmware and industrial controllers...

      135
      posts
    3. Internet and Network Security

      Discussions on network security, holes, exploits and other issues...

      396
      posts
    4. Malware Reverse Engineering

      Debug, disassemble and document interesting trojans, virus', malware, etc.

      1,299
      posts
    5. Reverse Engineering Articles

      Share links to an interesting blog, news page or other RE related site...

      1,178
      posts
    6. Employment and Job Vacancies

      Discussions and employment opportunities in your field of expertise...

      135
      posts
    7. Search On Tuts 4 You   (38,594 visits to this link)

      Use the search engine on the main page as an additional resource...

  3. Developers Forums

    1. Programming and Coding

      Programming and coding tips, help and solutions...

      10,563
      posts
    2. Programming Resources

      Share interesting links and information from blogs, news articles and other resources...

      226
      posts
    3. Software Security

      Discussions on securing your software against reverse engineering...

      547
      posts
  4. Community Projects

    1. TitanEngine Community Edition

      The next generation reverse engineering framework...

      283
      posts
    2. Scylla Imports Reconstruction

      Development and support forum for the Scylla project...

      463
      posts
    3. x64dbg

      An open-source x64/x32 debugger for windows...

      964
      posts
    4. Future Community Projects

      Looking for support and interested partners for a future project?

      124
      posts
    5. Community Projects Archive

      Old and inactive projects moved to long term support...

      507
      posts
  5. The Demoscene

    1. Scene Artists / Demoscene

      Share your graphics, ASCII, module, demo, intro ideas and works...

      7,294
      posts
  • Posts

    • LCF-AT
      Hi, I use this lib already for testing but have some trouble with that one.First,After some testing I see a problem using extra paramter for the RegEx flags /***/flags global/multiline etc.In the inc file of PCRE81S.inc I can find a value called PCRE_MULTILINE (equ 00000002h) and tried to use it with pcre_compile function but it dosent return all results like I also get at RegEx101 page using PCRE.I also dont check why there are so much flags I could set with that function so I thought I could do that only or mainly with the RegEx string patter I do use.Now its more complex again and no more same handling like with the Online tool. In the description of PCRE I can read this about modifers. https://www.pcre.org/original/doc/html/pcretest.html Perl-compatible modifiers The /i, /m, /s, and /x modifiers set the PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, or PCRE_EXTENDED options, respectively, when pcre[16|32]_compile() is called. These four modifier letters have the same effect as they do in Perl. I dont see any global modifer here I could use.Why?So I would need to use /gm for my case.Is global flag not supported in this version etc?I dont check that yet. PS: "Not reinventing the wheel makes more sense" - Maybe you're right but as you know already that I mostly have trouble to check this stuff.Dont ask me why so I dont know it too.I think "I do think" anyhow else than others.Not sure whether its better or not. greetz
    • kao
      How about PCRE lib for Masm32? Google will get you few hits - haven't tried the lib myself, however.   Offtopic: Not reinventing the wheel makes more sense. But you always prefer to do it your own way..
    • Steve
      THANK YOU FOR ANSWER Mr.Whoknows and Mr.h4sh3m but what it's wrong...? function _GetProcessId(szProcName: PChar): Integer;
      var
      pe32: PROCESSENTRY32;
      hHandle: THandle;
      begin  
        hHandle:= CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); 
        pe32.dwSize:= sizeof(PROCESSENTRY32);
        if not Process32First(hHandle,pe32) then
        begin  result:= 0;  exit;  end;
        while Process32Next(hHandle,pe32) do
        begin 
          if StrComp(szProcName,pe32.szExeFile)=0 then
          begin
            CloseHandle(hHandle);
             begin
              result:= pe32.th32ProcessID;     exit;
             end;
          end;
        end;
        CloseHandle(hHandle);
        begin  result:= 0;  exit;  end;
      end; function _ScanForBytes():Cardinal;
      const
        szByte: array[0..3] of byte = ($74, $BF, $33,$C0);
      var
        hHandle :THandle;
        sysInfo :SYSTEM_INFO;
        mbi:MEMORY_BASIC_INFORMATION;
        dwMemAddr,x:ULONG;
        BytesRead: DWord;
        szMemDump: array of byte;
      begin  Result:=0;
        hHandle:= OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_OPERATION or PROCESS_VM_READ,False,_GetProcessId('Test.exe'));
        if (hHandle = 0) then begin Result:=0;  end;
        GetSystemInfo(sysInfo);
        dwMemAddr:= dword(sysInfo.lpMinimumApplicationAddress);
        while (dwMemAddr < dword(sysInfo.lpMaximumApplicationAddress)) do
        begin
         if VirtualQueryEx(hHandle,Ptr(dwMemAddr), mbi,SizeOf(mbi))= SizeOf(mbi)then
         begin
           if(mbi.Protect <> PAGE_NOACCESS) and (mbi.State = MEM_COMMIT) then
           begin
            //GetMem(szMemDump, Mbi.RegionSize+1);
            szMemDump:=GetMemory(mbi.RegionSize+1);
            SetLength(szMemDump, Mbi.RegionSize);
            ReadProcessMemory(hHandle,Pointer(dwMemAddr),szMemDump, Mbi.RegionSize, BytesRead );
            for x:= x to mbi.RegionSize-1 do
            begin
           //if( memcmp( (void*)(szMemDump+x), (void*)szByte, strlen( szByte ) ) == 0 )
             if CompareMem(@szMemDump[x], @szByte[0], Length(szByte)) then
             begin
              FreeMem(szMemDump);
              Result:=Int64(dwMemAddr + x );
             end;
            end;
            FreeMem( szMemDump );
           end;
         end;
          dwMemAddr := Int64(mbi.BaseAddress)+mbi.RegionSize;
        end;
        CloseHandle(hHandle);
        begin  result:= 0; exit;  end;
      end;
  • Blog Comments

  • File Comments

  • Image Comments

×