Jump to content
Tuts 4 You

Blogs

 

Imports Fixer Overview

Get the latest release here Report bugs, or post suggestions here Today I decided to present a new tool meant for rebuilding imports and that will hopefully replace ImpREC. I called it "Imports Fixer" and for convenience will call it "IF" hereafter. It has been a long time that the project has been private inside SnD (more than 4 years) and I think that the time has come to go for a first public release. A lot of work and effort has been done so far in order to try to compete with the so beloved ImpREC. I will present here for now a general overview of what IF can do, will do and probably can't do (for the moment ). If you are familiar with ImpREC the following explanations shouldn't be problematic. So for impatient folks who got bored from ImpREC, here is the new Imports Fixer 1.5a *PUBLIC VERSION* As you can see there are 4 tabs : Processes & Modules : To get started simply select the process from the list and the loaded modules inside the running process will be automatically loaded. You can right click a process to either dump it or kill it (the dumping is more fun than killing ) Well here is the dumper tool. You can use it in collapsed mode if you do not wish to dump other memory regions and add them to the end of the main dump. You can also dump the PE header or a specific section by right clicking the desired section. If you want to add other memory regions to the file then use the dumper tool in the expanded mode (by clicking the arrow) you will then have a map view of the memory. Simply drag and drop selected region into the main dump and it will be automatically added (be sure to not exceed the max number of sections allowed). IT & IAT Get Imports : retrieves and tries to resolve thunks starting from IAT begin Load Imports : load imports from pre-saved tree Save Imports : save imports tree Write Imports : writes import table to the dumped file Show invalid thunks : show non resolved thunks Clear Imports : talks for itself Enter the OEP and press the IAT auto search button to serach for a possible valid IAT. If it fails try to manually to fill the IAT RVA and Size. When you get imports you will have have a set of options : you can cut, invalidate or show calls for the api : you can also edit manually the api by double clicking it : Hex Editor : Time for some editing. A hex viewer/editor within executable imagesize. Options to search for a sequence of bytes, to go to an address and to modify a byte are also present. Disassembling & Debugging : This section is under construction. The disassembling part is ready though, but I wanted to have a full working debugging and disassembling engine before releasing the whole package. But if you are curious here is an overview of what the disassembling would look like : IF main menu : Tools : Converter tool : converts values into different formats (VA : Virtual Address, RVA : Relative Virtual Address, Offset : Address on disk) Hex calculator : basic assembler operations and hextodec, dectohex conversions. Preferences : The options are very clear I think, you will get used to them very quickly. As you see IF can be hidden in tray and called when needed : Help : Documentation : includes a detailed help file of all functionalities supported by IF. Check for updates : will update automatically IF after detecting a new version. Next version update list : will give you ongoing info about updates I'm working on for next versions. History : All IF updates since 1.0 version. About : includes greetingz section. Well that's it for today, if you appreciate the work an encouraging comment would be nice I am not telling at all that it is a perfect tool, but I can say that this is an active project with some nice features and that all suggestions are welcome to improve it. SC.

SuperCRacker

SuperCRacker

 

Serial Fishing Series - Vietnamese

-In tutorial, I will instruct you to use Ollydbg (For anyone to understand Vietnamese) -Includes: Serial Fishing
-Author: DAHipHop
-Type Movie: Application (.exe)
-Language: Vietnamese -Tutorial 1:
/>http://www.mediafire.com/?1zhtjjjvmyj -Tutorial 2:
/>http://www.mediafire.com/?zhhm52dhzxq -Tutorial 3:
/>http://www.mediafire.com/?mm0fojoddmm -Tutorial 4:
/>http://www.mediafire.com/?mt3i4doqtkq -Tutorial 5:
/>http://www.mediafire.com/?vh4vdwwygqo -Tutorial 6:
/>http://www.mediafire.com/?djwmojmtym2 -Tutorial 7:
/>http://www.mediafire.com/?rngzmtguzej -Tutorial 8:
/>http://www.mediafire.com/?m2jwn0yzdqj -Tutorial 9:
/>http://www.mediafire.com/?uc1ntojj30w -Tutorial 10:
/>http://www.mediafire.com/?z2mw2fzyuho -Tutorial 11:
/>http://www.mediafire.com/?fnzyyoewzmy -Tutorial 12:
/>http://www.mediafire.com/?yuwi2iaq4om -Tutorial 13:
/>http://www.mediafire.com/?yltm2mytanm -Tutorial 14:
/>http://www.mediafire.com/?tm3zz3utzjy -Tutorial 15:
/>http://www.mediafire.com/?nzn3onzudum -Tutorial 16:
/>http://www.mediafire.com/?edd2mhy3jyn -Tutorial 17:
/>http://www.mediafire.com/?tmkaiqgigzi -Tutorial 18:
/>http://www.mediafire.com/?zqmdhnzajoz -Tutorial 19:
/>http://www.mediafire.com/?mnzuzd34nmj -Tutorial 20:
/>http://www.mediafire.com/?noiunclxylm -Tutorial 21:
/>http://www.mediafire.com/?zmumg1tzije -Tutorial 22:
/>http://www.mediafire.com/?ywzlnhjmkyx -Tutorial 23:
/>http://www.mediafire.com/?zixmtln2ymz -Tutorial 24:
/>http://www.mediafire.com/?vzztmydigml -Tutorial 25:
/>http://www.mediafire.com/?qztjgaumzjz -Tutorial 26:
/>http://www.mediafire.com/?zylzzwqgwqt -Tutorial 27:
/>http://www.mediafire.com/?wmjtmm01ymy -Tutorial 28:
/>http://www.mediafire.com/?m2d3lrlyz2w -Tutorial 29:
/>http://www.mediafire.com/?zmwumywwwie -Tutorial 30:
/>http://www.mediafire.com/?dz2nzlbtwwm -Tutorial 31:
/>http://www.mediafire.com/?onn4mzyhydo -Tutorial 32:
/>http://www.mediafire.com/?znommnwhkk1 -Tutorial 33:
/>http://www.mediafire.com/?zezuy0nymqm -Tutorial 34:
/>http://www.mediafire.com/?nxynbyzgmty -Tutorial 35:
/>http://www.mediafire.com/?mj2dmnzdyjn -Tutorial 36:
/>http://www.mediafire.com/?3z5zn3hjdwo -Tutorial 37:
/>http://www.mediafire.com/?2hzmyxmdmen -Tutorial 38:
/>http://www.mediafire.com/?zhnnlimgjj2 -Tutorial 39:
/>http://www.mediafire.com/?m4yynmmmqju -Tutorial 40:
/>http://www.mediafire.com/?jmj0y1nzvud -Tutorial 41:
/>http://www.mediafire.com/?tuoz2hdnynz -Tutorial 42:
/>http://www.mediafire.com/?zwwjjdn1ij3 -Tutorial 43:
/>http://www.mediafire.com/?mugvkf3mzhn -Tutorial 44:
/>http://www.mediafire.com/?nzoiyrt2jjw P.S: Fix link Tutorial 30,33,34,35 and update Tutorial 41,42,43,44

dahiphop

dahiphop

 

GetRelocSize

Some packers leave a dll's relocation directory intact (e.g. Armadildo). You just have to know the original reloc dir RVA which is easy to find in most cases. However, you need to define the right reloc table size, since the PE loader subtracts every block from the size and checks for 0. That means, you can't just guess and make it big enough to contain all elements. It has to be the exact size of the table. Well, I was looking for a tool that could calculate the size but couldn't find any. I started coding my own and that's the result It takes a PE file, displays the correct size for the reloc table and optionally writes the right size to the file. Supports both normal and PE32+ executables. BEWARE! KOMMANDLINE-APPLIKASHUN! Source and binary attached

Killboy

Killboy

 

Endless fun with tab controls

Anyone who ever tried to implement tab controls using plain Windows API will probably agree with me that it's a ****ing PITA to get it working properly. Some of the problems you'll most likely be facing, mostly because of poor documentation: Handling and adjusting the windows for each tab
Getting Windows to draw the themed background on the windows
Adding transparent (32-bit) icons to tabs
After a lot of googling and guessing around, I got most of this stuff working. I came up with a bunch of functions to help with getting tab controls work without having to deal with all the hassle. The functions should be used exclusively, that is without modifying tab items yourself as the functions assume certain conditions and might cause undefined behaviour if things aren't as expected. Some of the things you shouldn't do: - Add a tab without using the appropiate function - Remove a tab without using the appropiate function - Change the tab items' lParam value (they hold the window handles) - Change the tab's ImageList - Call SetProp on the tab window with "TabCtrlCurWnd" ;D You can still modify the tab control's GWLP_USERDATA. A quick overview over the functions: int AddTab(HWND TabWindow, HWND Window, char * Caption, int Index) Adds a tab item to the tab control and associates the window to it. The window is moved and resized to fit the tab control dimensions. bool RemoveTab(HWND TabWindow, int Index) Removes the tab item from the tab control. bool TabCleanup(HWND TabWindow) Removes all tab items from the tab control. Cleans up internal resources and hides all windows associated with it. It's recommended to call this function before the tab control is destroyed, e.g. if you get a WM_CLOSE message in your dialogbox proc. bool SetTabIcon(HWND TabWindow, int Index, HICON Icon) Sets the tab item's icon. Supports 32bit icons (24bit + 8bit alpha) if comctl32.dll v6 is used (ie. visual styles enabled). The icon should be 16x16 in size and at least contain an 8bit (256 colors) channel. int TabToFront(HWND TabWindow, int Index) Selects the specified tab and shows the appropiate window. For a more detailed overview over the functions take a look at tabs.h In order for the tab selection to work, you will have to add this piece of code to the tab control's parent window handler (usually the dialog procedure): case WM_NOTIFY:
switch(((NMHDR *)lParam)->code)
{
case TCN_SELCHANGE: // Get currently selected tab window to front
TabToFront(TabWindow, -1);
break;
default:
return false;
}
break; Alright, that should be it Attached are the .h and .cpp and an example project.

Killboy

Killboy

 

Komodo PGMP Project Information

So as many of you know, I have been working on a very neat project! It's open source, it runs on LINUX and Windows, it uses cryptography and it eventually will pack and protect files. I'm really proud of this project for a number of reasons. It's creative and unique, but more importantly I made the choice to share my code with the world. Once the code goes up on the project sites SourceForge and Google Code. People will be able to use the source in their projects, hopefully it will promote new ideas for cryptography and how we can implement cryptographic libraries into antivirus technology to improve methods of detection, and create actual methods of detecting cryptographic algorithms used in malicious code. If your interested in the project please join the group and show some support! I'm looking for a graphic artist for help with the art on the wiki and art for the software. I also need someone who is good with documentation and instruction as well. If your interested please contact me on the forum. I will be sure to add your names to the GPL and list your name in the project contributor list. I promised some updates here is the Visual C++ GUI for the Windows version Current functionality for the front end (this is the dobrexor) just had to re-compile the crypto lib to support unicode and make some changes to the code. The Linux version is hopefully with a lot of work going to run in Qt. But for now here is a screen shot of the Win32 GUI. I just finished up the RSAKeyGen functions this evening. So As it stands the application is generating public and private keys supporting 1024, 2048 and 4096 bits. I'll be working on moving the code over to get the functions working for the file encryption and decryption.

D1N

D1N

 

Qt4 development and design with NetBeans

OK, so like I was saying I needed a crash course in Qt development with C++. I just wanted to let everyone know that the experience is great so far... I actually was a bit nervous about using Qt with my latest project but needed something that would allow me to develop a nice clean looking interface and run smoothly on both LINUX and Windows. I like sharing my various programming learning experiences plus it kinda motivates me to try new things. I had some issues at first configuring NetBeans to include qt headers, compile and build but with a little bit of persistence and some researching I got it! I had to find the correct path for the lib and configure run params in the build configuration. I think one of the most important things here from a development standpoint is the fact that you get to learn multiple devenv and how to cross compile and support your code on multiple operating systems. The example: A simple button that terminates the application, responds to the user action and well close the program. The example is in chapter 1 of C++ GUI programming with Qt 4, Second Edition by James Blanchette and Mark Summerfield. /*
* File: main.cpp
* Author: d1n
*
* Created on January 20, 2009, 11:03 PM
*/

#include <stdlib.h>
#include <qapplication.h>
#include <qpushbutton.h>
#include <qobject.h>

int main(int argc, char *argv[]) {
QApplication app(argc, argv);
QPushButton *button = new QPushButton("Quit");
QObject::connect(button, SIGNAL(clicked()),
&app, SLOT(quit()));
button->show();
return app.exec();
} If your interested grab qt4 supported on LINUX and WINDOWS. Qt can be found here and NetBeans here You can find more information about setting up NetBeans with Qt here

D1N

D1N

 

Komodo - DobReXor FE

I have received a few questions regarding the usage and some requests for a GUI/FE. Now that most of the functions and data types are finished and working! I decided to devote some time to the interface. I have decided to add a plug-in feature for the Windows version, which will be useful for me and other coders. This idea was mainly in part due to the decrypting stub, some people may want to develop addons which they do not want to share their source so this is a happy medium for people who want to keep their work private. Komodo is being compiled and designed using CodeGear RAD Studio for MS Windows. The LINUX version will most likely be developed using Qt for application development, this may take a bit longer as I'm going in for a crash course on Qt, I don't think it will be too difficult. I have a book and there is plenty of help in the docs and free pizza. Yes, the Windows version will support compression (based on aPLib v0.44 compression library) and expect it to have some bugs as well. I need to speak with ap0x about anti-debugging before Komodo will support any tricks. The string obfuscation is using a simple XOR which is then HexEncoded, hope to add one more extra layer of protection - That's a surprise. ;-) DobReXor [console] should be out for testing soon, the FE will take a bit but be patient as the wait will be well worth it. Komodo/DobReXor * Packing EXEs * Encrypting, Signing, Decrypting, Verification, * AES * RSA * string to XOR to HexEncoder / HexDecoder to XOR to string. Currently working on GUI and Plug-in manager. D1N

D1N

D1N

 

DobReXor RSA / AES / Implementation

Just a few updates on DobReXor, I've managed to finish one of the most important classes which executes the following instructions. I will explain more in detail next week when time permits. I have attached the encrypted, decrypted, files along with the public and private keys for anyone who wants to analyse them. Please send all questions here or feel free to comment on my blog. D1N Target - notes.txt AES/RSA/Encryption/Decryption usage Result - notes.enc RSA Algorithm Key Generation: 1. Generate two large random primes, p and q, of approximately equal size such that their product n = pq is of the required bit length, e.g. 1024 bits. [see note 1]. 2. Compute n = pq and (φ) phi = (p-1)(q-1). 3. Choose an integer e, 1 < e < phi, such that gcd(e, phi) = 1. [see note 2]. 4. Compute the secret exponent d, 1 < d < phi, such that ed ≡ 1 (mod phi). [see note 3]. 5. The public key is (n, e) and the private key is (n, d). Keep all the values d, p, q and phi secret. * n is known as the modulus. * e is known as the public exponent or encryption exponent or just the exponent. * d is known as the secret exponent or decryption exponent. File Encryption Sender A does the following:- 1. Obtains the recipient B's public key (n, e). 2. Represents the plaintext message as a positive integer m [see note 4]. 3. Computes the ciphertext c = me mod n. 4. Sends the ciphertext c to B. File Decryption Recipient B does the following:- 1. Uses his private key (n, d) to compute m = cd mod n. 2. Extracts the plain-text from the message representative m.

D1N

D1N

 

DobReXor (Work in Progress)

I plan on releasing more information related to this project in the next couple of weeks. I started developing DobReXor back in mid December. It's made a lot of progress and I've managed to port the code over to Linux. The application is supported on both Windows and Linux. It was a tough decision for me because I wanted to make my first cryptographic project unique, but I also wanted to focus on two topics of interest to me, obfuscation being one of them and malware being the other and how they can be used together or for better lack of words cryptovirology, but not in terms of what we have seen in the past. This is different. Like I said, I was shooting for something creative and unique. Possibly something that can be used in presentations. We hear a lot about software being exploited, protocol vulnerabilities being discovered which in turn eventually improves the quality and usability of the product or service. This tool was designed to be an attack tool for the purpose of researching weaknesses in anti-virus software. The goal is to improve anti-virus software. The issue here is that most (not all - there are some exceptions) modern anti-virus vendors are not prepared to deal strong cryptography and secure key management used in conjunction with malicious software. It's simple to use heuristics, signatures, emulation to detect a file and define it as being malicious. However, when you add secure key management and self decrypting files where parts of the secure key can be split up and stored somewhere until decryption in which case each part is reconstructed thus allowing the file decryption to take place makes detection very difficult and not just from anti-virus but a forensic standpoint as well. This tool may also serve as a good example for people with questions about obfuscating character sequences. I've seen this topic come up a lot in the past so hopefully my work can be used as an example. I'm open to anyone who would like to join me and improve this tool. I will be posting updates soon. The project will be open source. Thank you for all the support! - D1N Usage example Examples of obfuscated strings based on different user input

D1N

D1N

 

favorite music track... this week...

I usually listen to streams on XTC radio or ETN while I'm coding and this week I heard a sick little beat by Marcus Schossow - Girls Suckcces. If you like vocal trance you might enjoy this track. He has some other great tracks as well. The guys really talented and I always like seeing creative musicians come up in the scene. music is off the hook! Listen: Girls Suckccess DJ Marcus Schossow Marcus Schossow

D1N

D1N

 

Visual C++ Winsock Programming using MSDN

Well here I am again, this week I finished up chapter 15 and decided to test some of my knowledge and basic understanding of C++. I went ahead and took a quick break from Beginning Visual C++ and spent the better part of the day reading another book called Network Programming for Microsoft Windows Second Edition. It's a wonderful book which explains the very basic fundamentals of winsock design. The first chapter introduces winsock in a nutshell. You know in my years of dabbling with an equally wonderful programming language (Delphi/Pascal) I never really received the full benefits of having the MSDN at my finger tips. I always wondered how are these developers coding this stuff! I didn't realize at the time that MSDN is the best place to start. In reality it's this huge library or network of intense documentation and instructions on virtually everything with respect with Microsoft development. A very useful tool indeed! So I really wanted to test my basic understanding of programming and figured I'd experiment with a simple console based client/server application. It was a bit perplexing when I first looked at some of the snippets but what was important about this process wasn't necessarily understanding the code (which was obvious) it was really the fact that this is the very first time I have truly used the MSDN for help and I understood a good 80% of what I was reading the first time around. I admit I had some trouble and went back a few times to underscore some of the important information usually overlooked by most people who are new to C++, for instance why are we linking ws2_32.lib and mswsock.lib, advapi.lib, etc... These were questions that concerned me and with a little bit of curiosity and persistence I learned something new. I honestly believe that many of us who start off make good programmers long before we ever write any code. It's that desire to learn and the enjoyment we feel when we actually do follow through with a commitment. It's an achievement and it feels good. Coding is much more than simply producing something - a program or a "tool". It's an art and a passion. You know when we use a plugin or a tool or some script we often forget the time and sacrifice the individual put into the code. I think this experience has changed me in a way because I see these achievements others have displayed and my respect has gone way up. When you see 500 or so lines of code that may have taken days or weeks for someone to develop or a nice interface that someone had to manually go in and create hundreds of event handlers for you forget or you just simply don't understand the effort behind the creation nor the respect for the brilliance behind the mind. It's amazing really. Moreover, if we stop trying and just wait for someone else to code a new tool or develop another script or reverse another application we might be waiting forever and that tool may never come. Which is why I'm determined to do this and do it the right way, page by page and line by line. I'm convinced now... There is only one right way to code and thats with your mind and your heart, otherwise you'll never finish it. Now, this eh winsock application is really cool MSDN put out this example for a client and server and i've actually created a project for those of you who want to play with it. You can also check out this link to read up it took me maybe a three to four hours to finish. Getting Started with Winsock - MSDN http://msdn.microsoft.com/en-us/library/ms738545(VS.85).aspx Here is the result

D1N

D1N

 

Visual C++ the beginning...

So I figured I would blog about my first month learning Visual C++ it's defiantly been a learning experience and a fun one at that! I was looking for a good book to get started on C++ so I went to the used book store and picked up Beginning Visual C++ 2005 by Ivor Horton. It's a wonderful book and he does a very good job explaining the fundamentals of the C++ language (ISO/ANSI C++ and C++/CLI) I'm currently wrapping up chapter 15 and figured now would be a great time to share my progress. I finally finished all of the basic color and draw elements in my sketcher program. I did this without copying and pasting any code.

D1N

D1N

 

Awesome chiptune Depeche Mode Enjoy The Silence

I found myself searching youtube for chiptunes and for some reason I was like... I wonder if anyone has ever created a chiptune for any of the Depeche Mode songs and sure enough I found one. If you find anymore please post links. Thanks!

D1N

D1N

 

A little bit PNG Compression

Ok, it was for me a little joy to create a few new avatars, you might seen them around. Don't be sad if not, I think to build for them maybe a little avatar gallery. Well, since imageshack or other imagehoster have they limitations its still important to think about the filesize. I surely think on this many times for example in portable apps or template developing processes. My personally max. limit of avatars is something around 10kb, its just a fine value and you can add things later because its far away from 20kb (an avarate limit). You might have tasted PNGOut, its also included in XnView, but I don't liked that it consumes so much RAM in Xtreme! Pro and the resulting filesize wasn't what I originally dreamed of. I just came across the developing forum of portableapps to these Command-line Tools advpng.exe, pngcrush.exe and optipng.exe They are all packed together at: http://renttopwn.com/png-tests/ Its not only perfect that you can run the compression process with no probs next to other things, you get also better results. Just try it you. You will favourite PNG more than GIF or JPEG from this days. Or recompress your template. How small can you get it now?? Another great or almost related to its flexibility tool for recompression is http://psydk.org/PngOptimizer If you ever had stuff like something from http://portableapps.com/ and know it can be smaller without any loss, try this out. The tool can look in subfolders and recompress every TGA, GIF and PNG and work also with drag 'n drop. Just the right thing! Maybe the programmer adds the TIFF support soon. We'll see, we'll see..

cond0lence

cond0lence

 

Cryptocrack Unpacker [ap0x SDK]

This is an unpacker for Cryptocrack's PE Protector 0.93 I've done with ap0x's Unpack SDK some time ago. It was supposed to be included with the new version as a VC++ example. He doesnt seem to come round to release the new version anytime soon (that dude is busy ) so I thought I might as well upload it here. It contains include files and libs to use the dlls with VC++ without having to link excplicitly (ie. GetProcAddress). Keep in mind that you cant use the updater module since the dlls cant be replaced at runtime... There might be some other stuff in there some of you might find interesting, the approach of getting imports and a stripped down PE-realigning function for dumps... Put it to good use :">

Killboy

Killboy

 

Realigner 1.0

I know I mentioned this a while ago here at the forum but I never actually added this to UE. Why? Because it was developed for the company I work for and got payed to do it. But code itself isn't such a big mystery but it is uber cool (TF2 player what 'r gonna do) because it uses only one API to do the realignment and that is because it is needed to be Windows 2000 compliant. And that was then... The same API call definition as in y0da's realign15.dll. This was done to retain compliance with my old unpackers which used y0da's realigner. And now... I added a new API called nicely IsPE32FileValid and you know what it does. But what you don't know is how does it do it. Meaning what is checked. And the answer is.... Everything, and it also checks for Microsoft PECOFF version differences between NT and 9x OSes making some files invalid on 9x . Here is a brief list: 1) Everything said in PECOFF 8.0 (ImageBase, PE32 field data...) 2) Table content (TLS, Imports [also validates by using existing libraries], Resources) 3) Section content, accessibility and file alignment And there is a much cooler API called FixBrokenPE32File which will NOT be added to Realigner because... Well because it is uber cool and I don't wanna release it just yet. So Realigner comes with two APIs: RealignPE and IsPE32FileValid. And that is it for now. I plan on adding reloc stripping before this little thing gets added to UE. Stay tunned because it could happen very, very soon...

ap0x

ap0x

 

Relocater 1.0

This is a separate part of Unpacking Engine made to deal with relocations whose fixing is crucial in process of dll unpacking. So how does it work? There are two ways. First which is very, very slow gets relocations addresses by setting the breakpoint directly in packers relocation code (you do this!). This is very slow due to the fact the number of relocations is always very large. That is why another way of fixing relocations was developed. It is very fast, simple, generic and easy to use. To fix relocations you need to do the following: 1) Make sure that debugee dll gets loaded on any bases address other than its ImageBase (done with dll loader) 2) Set two breakpoints. One before relocation code, other just after. 3) Make two memory snapshots of target memory. One before relocation, one after. 4) Export relocation table created by memory state compare. This is very easy but it does not recreate the original relocation table. Why? Because null relocations which can be present in the relocation table are either stripped by the packer or can't be detected by comparing since they don't invoke any memory change. Therefore this method is simple and painless especially when we consider that all decent packers compress relocation table, not just walk trough the original one.

ap0x

ap0x

 

Docking Windows To Screen Edges

This is a rather simple but effective way to keep a window from being dragged out of the screen area. Add this piece of code to your window/dialog procedure: case WM_MOVING:
long scrx, scry;
RECT * rect;
rect = (RECT *)lParam;
scrx = GetSystemMetrics(SM_CXSCREEN);
scry = GetSystemMetrics(SM_CYSCREEN);
if(rect->right > scrx)
OffsetRect(rect, scrx - rect->right, 0);
if(rect->bottom > scry)
OffsetRect(rect, 0, scry - rect->bottom);
if(rect->left < 0)
OffsetRect(rect, -rect->left, 0);
if(rect->top < 0)
OffsetRect(rect, 0, -rect->top);
return true; Just thought it might be useful to someone...

Killboy

Killboy

 

Bool Isappthemedthistime4real(void);

Maybe you've been trying to find out whether an application (yours, that is) is using visual styles or not before. While you normally know if it does or not (you added the manifest, didn't you), when writing example code or libraries for GUI stuff, it sometimes turns out to be useful to know. I ran across such a case when I dealt with tab controls. Without visual styles tab sheets have the same background as normal dialogs whereas with visual styles enabled, the bg is white... Have you seen the gradient on tabs used by Windows settings dialogs or .NET apps ? There's a function called EnableThemeDialogTexture that applies that background to a window. However, if you call that function on an OS supporting visual styles in an app that does not have them enabled, it will still apply the white background. Which, as you can imagine, looks kinda gay.. Now, there is another function exported by uxtheme.dll called IsAppThemed which is actually supposed to do what it says. Funny thing is, it always returns true on XP, on Vista they seem to have fixed it though. So, it seems like we have to do that ourselves As you might know, you have to enable visual styles with a manifest. What the manifest actually does, is linking to a certain version of comctl32.dll. This is achieved through the so called SxS (Side by Side) directory which keeps all sorts of versions of the same dll. The manifest works like some sort of import table, you tell it the name and the version(!) of the dll to load. The trick with visual styles is that the comctl32.dll located in system32 has version 5.x which doesn't apply any visual styles. This is the one that gets loaded when you import it via the import table. If you add the manifest, it will require version 6 of comctl32.dll which enables visual styles. So, this is how we're going to check for visual styles: load comctl32.dll, call DllGetVersion and check if the major version number is above 5. If it is, the program is using visual styles, otherwise it isn't. If comctl32 does not export DllGetVersion we're on an OS below 2000, in that case we'll just return false because it doesn't support visual styles at all. Otherwise, we'll check if dwMajorVersion of the DLLVERSIONINFO struct is 6 or above, if it is, visual styles are enabled. As easy as that Anyway, for the lazy ones, here's a way to implement it: bool VisualStylesEnabled(){
HMODULE hMod;
DLLGETVERSIONPROC pDllGetVersion;
DLLVERSIONINFO DllVersion;

hMod = GetModuleHandle("comctl32.dll");
if(hMod){
pDllGetVersion = (DLLGETVERSIONPROC)GetProcAddress(hMod, "DllGetVersion");
if(pDllGetVersion){
DllVersion.cbSize = sizeof(DLLVERSIONINFO);
if(pDllGetVersion(&DllVersion) == S_OK){
return (DllVersion.dwMajorVersion >= 6);
}
}
}
return false;
} Be sure to add: #include <shlwapi.h> to the beginning of your source code, this is needed for the definition of DLLGETVERSIONPROC and DLLVERSIONINFO. Hope this helped removing some confusion on that topic, sorry if it went the other way around Win32 is a bitch, if you don't like it, switch to Java or .NET or use Linux But isn't the weird stuff what makes it so unique and adorable

Killboy

Killboy

 

Mp3 Player Sourcecode [delphi]

Well here is current source code to the mp3 player I have working on using bass.dll, It's proberly very basic for the more expirenced delphi programmers, But this project was done to improve my delphi skills and also give me a little time in photoshop to play around, belive it or not the interface and buttons took more time than the coding LOL. you will find a few good custom functions in this source as I added the ability to send the currently playing song to paltalk room(chat program) this has been done by emnuChildProc to find the text box handel, But I have made a custom function that will use this even if there is more than 1 instanstnce of a control name and the handel changes each and every time... Anyway have a look and tell me what you guys think CheesyMp3SC.rar

Departure

Departure

  • Blog Comments

    • Arttomov
      To Someone likes to solve crossword, somebody likes to play chess.
      I like RE because I need to strain my brain like when I solve a crossword, think and analyze like when I play chess. After every cracking, I get a moral satisfaction, I'm happy with my success, success in cracking my friends.
      I'm glad when I receive a message from the developers, where they are grateful for cracking  of their program and promise to eliminate the hole in the protection of the program in the next release.
      I thank everyone who writes articles about RE, makes tutorials, new tools, shares my knowledge with others.
    • abdelhamid
      am just a beginner , and believe me... Reverse Engineering is taking a huge part in my personal life
      i wanna be that professional cracker ! programmer , i need to learn more and more
      i won't stop what am doing because i love it ! from deep of my heart
      this is not just a hobby for me , its a way of thinking .
    • abdelhamid
      CriticalError  ==> this is the password
    • TheMind
      time factor maybe...I got an interest on reversing sometime 6 yrs ago but work schedule is pushing me away. I still remember the old days where a good site (astatalk) emerge and helping each other. Yes, reversing is a long process, if you put space on the process then you'll be lost just like me, been idle in re for so many years..
    • collins
      to CC.
  • Blog Statistics

    • Total Blogs
      24
    • Total Entries
      50
×