Jump to content
Tuts 4 You

All Activity

This stream auto-updates

  1. Past hour
  2. Today
  3. It's a decent writeup, thanks for the effort! However, you stopped 2 steps too early: 1) The undetected file ("df65l1.l56") is not malicious per-se. It contains encrypted code - but without matching decryption code it's harmless. No wonder it gets only 3/60 detections on VirusTotal. Autoit script ("df65l") is the one that decrypts it. 2) Inside the AutoIt script, there's a DLL called "u0bhc83.dll". This DLL has only one real purpose - to decrypt and execute malicious code from "C:/p8yqa7ux6/df65l1.l56". VT detection of the DLL 22/69. 3) Final malicious code is a banking trojan cal
  4. Yellow101

    PDF files.

    Hello, to edit and convert a PDF file, I think Renee PDF Aide could be a good choice. New version of this software can not only convert PDF files to editable file formats like Word, Excel, PowerPoint, Text, extract image from PDF, etc., but also provides many useful edit functions like split, optimize, merge, de/encrypt, rotate and add watermark to PDF function. Split function inside Renee PDF Aide could help you delete unnecessary pages from target PDF files by specifying the pages you do not want. Here is how it go through. Hope it can help you. https://www.reneelab.com/how-to-free-conv
  5. A victim related to me got infected with a virus, and I decided to perform some reverse engineering on it. The victim received an e-mail that claimed to be an invoice from a portuguese company called "Galp". This seems to be a virus specifically made for this scam since the code has function and variables names that make sense if interpreted as portuguese language. I would like to mention that I'm trying to keep this guide as educational as possible so that newer people can also get something out of it and, therefore, there may be some statements and explanations that are not needed
  6. Yesterday
  7. Xyl2k

    Denuvo - In The News

    no idea deepzero, i don't really check how their cracks work, i'm just interested into archiving new installers design for defacto2 but i guess this kind of shenanigans wouldn't pass nukenets. and yet i still remember the codex AC:O release, although i haven't played it i've read the nfo https://defacto2.net/f/b42cb65
  8. joker33337

    Denuvo - In The News

    EMPRESS, CODEX (when EMPRESS was their cracker) and other P2P cracks - dumping and patching to replace the hardware infromation through ugly exception abuse CPY, STEAMPUNKS - license generation and inecjtion through a dll but some CPY newer releases take a step back and do some kind hooking inside important VM handlers instead of patching every CPUID out there CODEX AC:O release - complete removal of both vmprotect and denuvo This is a load of bullshit considering the whole "dox, arrest, investigation and release" occurred over a span of three days. In case of CPY a
  9. deepzero

    Denuvo - In The News

    Well, they modify the exe to load a dll and the dll then does the "patching in memory". Smells pretty loadery to me. There was one codex crack though that fully defeated the denuvo+vmp combo, inc. full devirtualization. That is unique afaik.
  10. senuzulme99

    PE Self Injection Not Working

    I grab exception message. It's look like:
  11. deepzero

    Denuvo - In The News

    Did anyone follow this denuvo business closer? So far all the cracks are loader-based, except for that one CODEX crack which fully defeated everything, right?
  12. senuzulme99

    PE Self Injection Not Working

    Thanks for supply sources.
  13. HostageOfCode

    PE Self Injection Not Working

    https://github.com/x64dbg/TitanEngine https://docs.microsoft.com/en-us/windows/win32/api/errhandlingapi/nf-errhandlingapi-addvectoredexceptionhandler
  14. senuzulme99

    PE Self Injection Not Working

    How can I find Titan Engine, and how can I add exception handler to thread?
  15. senuzulme99

    PE Self Injection Not Working

    I tried put AddressOfEntryPoint instead BaseOfCode but, issue still continues.
  16. HostageOfCode

    PE Self Injection Not Working

    Doubt it will work this way you will have to add exeption handler to this thread... I would try with titan engine it can statically load pe image and run it with it's own debugger and exception handler.
  17. kao

    PE Self Injection Not Working

    BaseOfCode is not the correct field, try using AddressOfEntryPoint instead. EDIT: another guess: some anti-malware solution might hate "read+write+execute" memory pages and deny access to them. Try changing memory access rights to "read+execute" after copying your executable.
  18. Blah

    Denuvo - In The News

    yeah man..every now and than i go over to defacto and read.. these days you can easily find a website (not hidden or anything) with just "codex" game iso relesses for example..than you have re -packers using scene fixes/ isos and adding all the updates and dlc's with their own installers etc..and nothing happens hahaha that to me alone is nuts things have changed big time...
  19. Teddy Rogers

    Denuvo - In The News

    It is always interesting to reflect on how the game cracking scene has evolved over the years. Now we have poles, donations and real time drama... 🙃 Ted.
  20. I'm working on different PE Injection technique. I want inject PE file into virtual memory of current executable. After that, I want execute injected PE file, I wrote inject code but my method is not working. Dos header and NT header parse correct, I write correctly sections and create new thread on the entrypoint of the .text section, but thread not working. What is the problem here? #include <iostream> #include <windows.h> int main() { DWORD* ImageBase; void* pImageBase; IMAGE_NT_HEADERS* NTHeader; IMAGE_DOS_HEADER* DOSHeader; IMAGE_NT_HEADERS* mem_NTHead
  21. Last week
  22. sama

    Python to Assembly code

    a global variable of dwordsize .data? Seed dd ?
  23. tarequl.hassan

    Python to Assembly code

    .Data alphabet db "0123456789", 0 xor esi, esi nextChar: invoke nrandom, 10 movzx edx, byte ptr alphabet[eax] mov byte ptr serial[esi], dl shl edx, 4 add ebx, edx inc esi cmp esi, 8 jb nextChar Mov byte ptr ds: [serial], 38h invoke SetDlgItemText,hWin,1001,addr serial This also works!!!
  24. Blah

    Denuvo - In The News

    https://www.reddit.com/r/CrackWatch/comments/lqibnh/empress_there_and_back_again/
  25. k3s_m3z4r

    Python to Assembly code

    Is the problem moving the code? Just try this; (compatible with "generate proc") Randomize proc call GetTickCount mov deger1, eax Ret Randomize endp Random proc rdtsc mul edx mov eax,edx ret Random endp http://masm32.com/board/index.php?topic=838.0 ->can be examined in more detail.
  26. tarequl.hassan

    Python to Assembly code

    What is the seed?
  27. tarequl.hassan

    Python to Assembly code

    call QueryPerformanceCounter test eax, eax I am having problem here.
  1. Load more activity
×
×
  • Create New...