Forums

Ok, I just finished reading. Congratulations, it was a good read and made me smile a couple of times... BUT IT'S INCOMPLETE    I have a couple of comments: 1) It looks like you're really determined to 0-out DllCharacteristics to get predictable addresses... but is that really necessary? Other than the WoW64 execution flag exploit, I don't see any real benefit to this. What am I missing? Also, the lack of the execution flag will cause this sample to fail on a real x86 OS. 2) You add 0x1000 to both the raw and virtual addresses because you don't have the real size of the virus. However, there is a real easy trick to get the size: just wrap your viral code with two labels (say _virii_start and _virii_end) and then you can get the real size by substracting _virii_start from  _virii_end. 3) Small QoL improvement: since you provided a huge list of API addresses, you could add a comment at the end of each line, indicating the actual API name.   Again, kudos to you for your work! I can't wait to read the missing part! 

HI LCF-AT Your current implementation has a few issues that need to be addressed: The select and setSelectionRange methods are used for input or text area elements, not plain strings. The navigator.clipboard.writeText method directly accepts a string, so you don't need to manipulate DOM elements to copy text. Below is a corrected and simplified example using the modern Clipboard API: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Copy to Clipboard Example</title> </head> <body> <button id="copyButton">Copy Text</button> <script> // Define the text to copy const HOLD1 = "Some_Text_to_COPY"; // Function to copy text to clipboard function copyToClipboard(text) { navigator.clipboard.writeText(text) .then(() => { console.log('Text copied to clipboard:', text); alert('Text copied to clipboard: ' + text); }) .catch(err => { console.error('Failed to copy text:', err); }); } // Add event listener to button document.getElementById('copyButton').addEventListener('click', () => { copyToClipboard(HOLD1); }); </script> </body> </html> I hope it can help and works for you.

yes you call it inside a assembly loader app

Thanks again but I would like using IDM with my file name instead of using browser download itself. Just bad that its not possible so far. Anyway, I will try to continue testing the code. Thanks for helping @Kanes, I'm pretty sure next questions will come soon.   greetz

From what I see it's not possible because IDM captures the download at the network level. you can try using fetch with a Blob to prevent IDM from intercepting   <!DOCTYPE html> <html> <body> <script> let link_to_DL = "https://www.w3schools.com/html/mov_bbb.mp4"; let title = "Test Title.mp4"; let input = document.createElement("input"); input.type = "button"; input.value = link_to_DL; input.onclick = () => download(link_to_DL, title); document.body.appendChild(input).style.cursor = "pointer"; function download(fileURL, fileName) { fetch(fileURL) .then(res => res.blob()) .then(blob => { const a = document.createElement('a'); a.href = URL.createObjectURL(blob); a.download = fileName; a.click(); URL.revokeObjectURL(a.href); }) .catch(err => alert("Download error: " + err)); } </script> </body> </html>