Jump to content
Tuts 4 You

All Activity

This stream auto-updates     

  1. Today
  2. Just be mindful of UIPI and process elevation levels if you plan on using SendMessage. Otherwise you will need to look at changing window message filters (ChangeWindowMessageFilterEx) of lower privileged windows. You can check if your messages are being blocked by calling GetLastError and checking for access denied (5)... Ted.
  3. Yesterday
  4. Another option is to use WM_COPYDATA https://docs.microsoft.com/en-us/windows/win32/dataxchg/wm-copydata The following example demonstrates how to send information between two applications using the WM_COPYDATA message: https://docs.microsoft.com/en-us/windows/win32/dataxchg/using-data-copy
  5. Hi Ted, after some trying and remembering I found out a way using FindWindow/Ex functions. invoke FindWindow,NULL,chr$("App1") .if eax != FALSE mov edi, eax xor esi, esi .while eax != FALSE invoke FindWindowEx,edi,esi,chr$("Edit"),NULL .if eax != FALSE mov esi, eax invoke GetDlgCtrlID,esi .if eax != FALSE .if eax == 1002 ; EDIT ID of App1 invoke SendMessage,esi,WM_SETTEXT,0,_buffer .break .endif .endif .endif .endw .endif Seems to work. Should be ok for my task. greetz
  6. Depends on how much data you intend on exchanging as there are a number of different options. This link explains some of them... https://docs.microsoft.com/en-au/windows/win32/ipc/interprocess-communications Ted.
  7. Hi guys, I have a new small question. I would like to start a new other process from my app using CreateProcess function.Now if the new other app runs I would like to send some datas into the other app like to an edit control. Example: App 1 and App 2.Both can run for itself without to need each other.Now I wanna start App 2 from App 1 = both apps running.Here I would like already to send some datas from App 1 into App 2 on startup like PID / Handle infos etc and if App 2 runs it should check whether infos was send on startup or not to know that App 1 is waiting for some infos from App 2.App 2 should now send infos to App 1 so in my case example it should just send text from clipboard into a specific Edit control of App 1 so that App 1 does get this info and shows them into the specific Edit control.You know what I mean right? How can I do this?Normal if I run another process from app 1 then I have the PROCESS_INFORMATION of the new created process.Somehow here I should send some infos to this process into any specific static location so that App 1 does check this locations on start to know aha I must send datas to app 1.Something like that you know.I think I just need the PID and HWND and ID of Edit control of app 1 in app 2 and sending then anyhow new text into app 1.Similar like SendMessage,WM_SETTEXT in own process.Has anyone done this before already and could tell how I could do this? greetz
  8. GoleSang

    Self Protection {Unpack me 2}

    pleas explain how u unpack it?
  9. TobitoFatito

    Few thoughts on .NET obfuscators

    I'd be sure that they made a devirt only if i saw the koivmhelper.dll without dnguard, for some reason i think that they check the parameters and the calls with the handle invoker Why would i think of that? well i've searched the 'devirted' file and i've only seen this change (on vcall opcodes) which basically changes the methodinfo.invoke to be invoked from the .dll? (which makes it easy to change the result and also check the parameters and the call) Another thing i found is that they load all the stuff from the resources instead of the metadata stream (the stuff that cant be preserved with dnspy saving) which makes me think the same thing. Final thing, i had the original vpnhunter exe with koivm and the types and methods were not differently named... which means that it hadn't been koivm'ed on top of the devirt
  10. MistHill

    [DevirtualizeMe] Themida

    No, thanks. Compared to Themida v2, the themida v3 does not have a great improvement over the VMs. There are two types of VMs in this UnPackMe, Dolphin and Tiger.
  11. I know I can do it with dnlib or one by one with DnSpy, but is there other app that ready to use for doing this? example, I want to replace ldc.i4 50 call int32 MyApp.MainForm::getInt(int32) with ldc.i4 5 nop
  12. Last week
  13. mamo434376

    +36 Protection / MM-VMP

    Language : .NET Platform : Windows OS Version : All Packer / Protector : My Class Protector Description : oh maaan my class protector xd ---------------------------------------- Good Luck! İyi Şanslar! удачи Protector Screen Shot: UnpackME Screen Shot: unpackme.exe
  14. DefCon42

    KoiVM Modded 2019

    That's an interesting point. What *is* the point in that?
  15. Washi

    KoiVM Modded 2019

    I am mostly wondering why an unpackme needs an anti VM mechanism in place. I am not running any foreign binaries on my host machine. Yes I can patch it myself, but what is the point? Given the fact that it also takes a huge amount of time to even start up, I find it a little unsettling if I have to be honest.
  16. mamo434376

    KoiVM Modded 2019

    I don't care about the password. Security of important codes
  17. ewwink

    Custom Confuserex Modded

    The real challenge for this unpack me is cleaning control flow, if you use public tool it will crash because infinite loop, like private static void _qwe00_Protector_BXkY(string[] args) { Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); for (;;){ Application.Run(new _qwe00_Protector_uDNw()); } } UnpackMe1-cleaned.zip
  18. XenocodeRCE

    KoiVM Modded 2019

    hello (not unpacked, but key found) password is : VM-ed data is not memory safe, dump memory string with process hacker 2
  19. ewwink

    KoiVM Modded 2019

    If you search this forum there are no people that succeed devirutalize koivm, there are two reasons: first, koivm seem to be avoided because the creator of koivm are respected by senior .net reverser here. second, devirtualization is hard and take a lot time.
  20. mamo434376

    KoiVM Modded 2019

    nobody could open xd
  21. https://www.theguardian.com/technology/2019/jul/12/tokyo-cryptocurrency-exchange-hack-bitpoint-bitcoin
  22. JMC31337


    Michelangelo virus
  23. xSilent


    Language: .NET Platform: Windows / any OS with Mono OS Version: Any Protection: My little VM Description: I'm just curious about how strong my VM is so far. Good luck Screenshot: KeygenMe.7z
  24. JMC31337


    BlackRouter or variant thereof Also found at https://www.kernelmode.info/forum/viewtopic.php?t=5405 Pass: infected BlackRouter.zip
  25. evlncrn8

    [Help] How to protect autoit script

    well that was painful to watch, i suggest you re-read the instructions before... and perhaps also learn how to use cff explorer...
  26. mamo434376

    [CrackMe].Net Reactor Modded

    thnx bro ❤️
  27. SoloTurk

    [Help] How to protect autoit script

    Sorry where did I fail. Does anyone know about how to do it?
  28. DefCon42

    [DevirtualizeMe] Themida

    Impressive! Should I upload a different VM as well if you want to take a shot at it?
  1. Load more activity
  • Create New...