Jump to content
Tuts 4 You

All Activity

This stream auto-updates     

  1. Today
  2. Hi, How to set condition expression to pause when special cmd meets? Ollydbg has a feature, which called "Command is one of" condition expression in "Condition to pause run trace" panel. Have searched expressions at x64_dbg introduction paper, but not found a proper solution. So I am wandering if there is any expression in x64_dbg which I do'n't know. Hoping someone could provide any idea about this problem.
  3. Yesterday
  4. Modify

    ConfuserEx Light Test

    Language : C# Platform : Windows OS Version : Windows 7 Above Packer / Protector : ConfuserEx Plus Extra Description : Provide key, how? UnPackMe.7z
  5. atom0s

    Visual C++ Edit only 500 char maximum length!

    MFC just wraps around CreateWindow using EDIT as the control class. Setting the limit of the text just wraps around SendMessage using the limit length message id. So it would be whatever Windows limits the default EDIT control to. Should work fine with using 0 as the value for the length to let it max out to what Windows can handle though.
  6. Last week
  7. fearless

    Visual C++ Edit only 500 char maximum length!

    Maybe something in the MFC is setting the default max to 500 chars. Anyway to ignore the MFC CEdit stuff and just create a standard Edit control instead?
  8. Visual C++ Edit only 500 char maximum length! Any way to make it hold more datas? Already tried: https://stackoverflow.com/questions/180853/cedit-control-maximum-length-in-characters-it-can-display
  9. xxx22xxx

    My First Keygenme

    ist impossible to make a keygen for your Keygenme! because it generate everytime new Code !
  10. Snowden should tweet something about this release hopefully
  11. check here https://edwardsnowden.com/docs/doc/media-35684.pdf at p.20
  12. OnlyMe

    My First Keygenme

    Language : Python 2.x Platform : Windows x64/x86 OS Version : Windows (I'm not testing other platforms) Packer / Protector : UPX / PyInstaller Description : Hello, it is my first keygenme. I don't know other programming language because of I had been written with Python. I think of it is easy. Screenshot :  main.exe
  13. It would be interesting to know why the main window does not have "GHIDRA" in the title. And also interesting to at least see maybe the analysis menu or a decompilation. So far I wonder if it is just another interactive disassembler which based on the screenshot can hardly be compared to IDA. Well we wait a couple more months :D. Probably they are trying to get some goodwill releasing a dated but reasonably relevant tool which has some unique advantages since they will be the first intel outfit to do it, can contribute to academia with a research paper, and show they are not always in sabotage mode. As well given the dumps, probably they refocused their efforts and energies. I used to assume they had a near perfect decompiler which could even handle self-modifying code. I am still quite certain this exists but its very upper echelon stuff by those who intensely all surveil each other with invasive subvocal monitoring not stuff that could be leaked by your average contractor. We just get to see some mid level breadcrumbs occasionally at best. Anyway the system has a nasty defensive mechanisms and maybe its easier to get some RE slaves to do the dirty work than make and hide "perfect" tools. We can only speculate about a lot of the ruling class secrets but rest assured money has never kept them in power since Ancient Egypt and on - they always kept reasonably large technological advantages hidden up their sleeves.
  14. Beast_Hunter

    Debugger Detected

    Every One Thanks Alot Now its Ruining In x69dbg. i am really thankfull to you will for helping me out.
  15. Beast_Hunter

    Debugger Detected

    yes i just installed the scyllahide and yes i scaned the software.
  16. deepzero

    Debugger Detected

    Good, finding that is the first step. Now you can google and search this board how to hide x64dbg+scyllahide from VMProtect.
  17. Insid3Code

    Debugger Detected

    According to similar soft, the used protection is VMProtect...
  18. Hi again, I did debug the function nopoll_conn_tls_new which dosent create a successfully connection to the websocketstest.com site over port 443.Only thing I see is that it calls a few times the SSL_connect function of OpenSSL.In case of success it returns eax TRUE (1) what I get for other sites over port 443 and in other cases 0 or -1 it calls after SSL_get_error function.In this case it retruns first value 2 and does try to connect again and after that the error function returns value 5. 649438F4 |> /8B45 E8 /MOV EAX,DWORD PTR SS:[EBP-0x18] 649438F7 |. |8B40 7C |MOV EAX,DWORD PTR DS:[EAX+0x7C] 649438FA |. |C74424 04 FFFFFFFF |MOV DWORD PTR SS:[ESP+0x4],-0x1 64943902 |. |890424 |MOV DWORD PTR SS:[ESP],EAX 64943905 |. |E8 46AC0000 |CALL 6494E550 ; <JMP.&SSLEAY32.SSL_get_error> 6494390A |. |8945 E0 |MOV DWORD PTR SS:[EBP-0x20],EAX 6494390D |. |8B45 E0 |MOV EAX,DWORD PTR SS:[EBP-0x20] 64943910 |. |83F8 03 |CMP EAX,0x3 <---- SSL_ERROR_WANT_WRITE 64943913 |. |0F84 82000000 |JE 6494399B 64943919 |. |83F8 05 |CMP EAX,0x5 <---- SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ 6494391C |. |74 07 |JE SHORT 64943925 6494391E |. |83F8 02 |CMP EAX,0x2 <---- SSL_ERROR_WANT_READ 64943921 |. |74 7B |JE SHORT 6494399E 64943923 |. |EB 42 |JMP SHORT 64943967 64943925 |> |E8 02590000 |CALL 6494922C ; [WSAGetLastError WSAGetLastError returns NULL after getting error code 5 above. https://docs.huihoo.com/doxygen/openssl/1.0.1c/include_2openssl_2ssl_8h.html In the doc of OpenSSL I see this error info. https://www.openssl.org/docs/man1.0.2/ssl/SSL_get_error.html SSL_ERROR_SYSCALL Some non-recoverable I/O error occurred. The OpenSSL error queue may contain more information on the error. For socket I/O on Unix systems, consult errno for details. Has anyone a clue for that maybe and how to handle that error?The fileversion of libeay32.dll and ssleay32.dll used by nopoll 0.9.8.11.I tried a newer version of both dlls but get same bad result. greetz
  19. deepzero

    Debugger Detected

    Do you have ScyllaHide installed? https://github.com/x64dbg/ScyllaHide If yes, what's the configuration? Did you scan the software to identify the protection?
  20. Rever7eR

    Debugger Detected

    i don't know what you're trying to do , and am not good at unpacking put i know one thing if you want to bypass IsDebuggerPresent you can load the software to the debugger and go to EBX register => follow in dump and change the value from 1 to 0 or you can simply use a plugin to do this job someone correct me if am wrong
  21. LCF-AT

    Feedback and Ideas

    Hi again, not sure about that so its not same like making some kind of single reply bookmarks you know.In the profile page for example I can choose "see reputation activity" and get a list of all who pressed a like button etc and something like that I would like to have for single replys I do mark for myself (as I told before already).Maybe its possible to add another button into the like button list..."Thanks,Haha,Confused,Sad,Like,......--> Mark <--"....you know.Just my idea so far.Not sure whether you can do that or whether its possible to make that on this forum but you know what I mean right.I think its a good idea. About MFC.So in this case I only can follow a topic.If the topic has many sites and tons of replys then I also can not find quickly what I am looking for you know.Its not same like the idea about marking / bookmark single replys. greetz
  22. Beast_Hunter

    Debugger Detected

    i found the api isdebuggerpresent and what should can i do?
  23. Beast_Hunter

    Debugger Detected

    thanks bro and thanks alot for advice i am new here nice meeting you.
  24. Teddy Rogers

    Feedback and Ideas

    Could you make use of Managed Followed Content as a substitute for bookmarking? Ted.
  25. Here's an apparent pic of the tool in action. No idea how old this pic would be in terms of features and so on for it.
  26. Hi again, I was trying again to connect to "wss://echo.websocket.org/?encoding=text" site and still without success over port 443 and "nopoll_conn_is_ok" & "nopoll_conn_is_ready" do return FALSE after I did called "nopoll_conn_tls_new" function.The connection always fails and I cant find the reason for that.I also tried to add extra header infos but also dosent work. .data extraheader db 13,10 db "User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:64.0) Gecko/20100101 Firefox/64.0",13,10 db "Sec-WebSocket-Extensions: permessage-deflate",13,10 db "Accept-Language: de,en-US;q=0.7,en;q=0.3",13,10 db "DNT: 1",13,10 db "Pragma: no-cache",13,10 db "Cache-Control: no-cache",13,10 db "Accept-Encoding: gzip, deflate, br",0 .code invoke nopoll_ctx_new mov ctx, eax invoke nopoll_conn_opts_new mov opts, eax invoke nopoll_conn_opts_ssl_peer_verify,opts,nopoll_false invoke nopoll_conn_opts_set_extra_headers,opts,addr extraheader invoke nopoll_conn_tls_new,ctx,opts,chr$("echo.websocket.org"),chr$("443"),0,chr$('/?encoding=text'),0,chr$("https://www.websocket.org") mov conn, eax invoke nopoll_conn_is_ok,conn ; retruns FALSE invoke nopoll_conn_is_ready,conn ; retruns FALSE invoke nopoll_conn_is_tls_on,conn ; retruns FALSE too --------------------------------------------- In this case nopoll does send this request... GET /?encoding=text HTTP/1.1 Host: echo.websocket.org Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: aTsAAGYfAAacawAANaUaAA== Sec-WebSocket-Version: 13 Origin: https://www.websocket.org User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:64.0) Gecko/20100101 Firefox/64.0 Sec-WebSocket-Extensions: permessage-deflate Accept-Language: de,en-US;q=0.7,en;q=0.3 DNT: 1 Pragma: no-cache Cache-Control: no-cache Connection: keep-alive, Upgrade Accept-Encoding: gzip, deflate, br Firefox does send this... https://echo.websocket.org/?encoding=text Host: echo.websocket.org User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:64.0) Gecko/20100101 Firefox/64.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: https://www.websocket.org Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: Pa96ptrVCH+r9Xa0aZgNaA== DNT: 1 Connection: keep-alive, Upgrade Pragma: no-cache Cache-Control: no-cache Upgrade: websocket Looks pretty same except the Connection paramter (keep-alive, Upgrade).Has anyone any clue what could be wrong in my case?Just wanna know why it fails and whats the reason for this and how to get it work. PS: nopoll_conn_tls_new function returns a context and not FALSE. greetz
  27. Insid3Code

    Debugger Detected

    Looks like Themida/Winlicense message box...
  28. LCF-AT

    Feedback and Ideas

    Hi again, ah ok now I see that search options. Sorry,my faul.Just wonder why I didnt seen that before.Thank you NOP for the info.About post markings,no I dont wanna use or set browser bookmarks.I would like to have something what keeps here only and without to use any extern handling etc you know.Maybe you can implement such post markings (similar like the like button / as I told before / mark | unmark) and maybe its also possible to set a colored frame around the posts the user did mark for himself to see it quickly if the user X does trace around any topics etc you know.Just only a idea. greetz
  1. Load more activity
×