Jump to content
Tuts 4 You

All Activity

This stream auto-updates     

  1. Today
  2. First check your compiled program in olly/64dbg to know if the loops are there in assembly code or have been optimized/removed. If loops are removed, try removing compiler optimization and run it again to see if anything new happens? You can try any of these options. 1. If you are using gcc, then try running with gcc -o0. I don't know about msvc. 2. Declare the target variables with volatile keyword, like "volatile int a = k2[ j ]" 3. Write some complex statement inside the loops so that compiler doesn't dare to optimize, or something that creates side effect, like "printf(".")". Now recompile and check the assembly codes again to make sure loops are there. If you don't get any difference in time again, then maybe this wasn't what you were looking for. Personally I am not sure about the speed difference in such case, so far I only know about difference when you write it like, int a = 2; and class myClass; int a = myClass.b;
  3. I wanna know about the speed of different data types declarations, from your reply: it doesn't matter how I declare them?
  4. The optimizer is just going to delete those loops. Even if it didnt there wouldnt be a difference because memory is just memory and these ints will just end up in the cache / inlined. What are you trying to find out exactly?
  5. Found something interesting: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724408(v=vs.85).aspx The resolution of the GetTickCount function is limited to the resolution of the system timer, which is typically in the range of 10 milliseconds to 16 milliseconds. https://docs.microsoft.com/en-us/windows/desktop/api/timeapi/nf-timeapi-timegettime The default precision of the timeGetTime function can be five milliseconds or more, depending on the machine. Replaced GetTickCount with timeGetTime and result are a just bit better: I just have to add "#include <mmsystem.h>" I guess you shouldn't rely on GetTickCount/timeGetTime that much!
  6. Local variables definition versus class (instance) variable definition speed: int K2[3] = { 0xd76aa478, 0xe8c7b756, 0x242070db}; void Function() { int K1[3] = { 0xd76aa478, 0xe8c7b756, 0x242070db}; int before2 = GetTickCount(); for (int ki2=0;ki2<1000000;ki2++) { for (int j=0;j<3;j++) { int a = K2[j]; } } int after2 = GetTickCount(); int before1 = GetTickCount(); for (int ki1=0;ki1<1000000;ki1++) { for (int j=0;j<3;j++) { int a = K1[j]; } } int after1 = GetTickCount(); // the results: int dif1 = after1-before1; int dif2 = after2-before2; } K1 version (local variable version) speed suppose to be much faster since is defined on stack, sometimes: dif1 = 0x01F, dif2 = 0x10; sometimes have very close values and are even equal; and sometimes (rare) even dif1 = 0 while dif2 = 0x13 Can someone explain what's going on?
  7. Yesterday
  8. abdelhamid

    Can you Help me with this Program (Assembly)

    awesome ! thanks
  9. abdelhamid

    write program in assembly

    thank you so much ! this is helpful
  10. I dont have a PC at hand to test, but I guess cmd /c takes a string, and you give it one: the "C:\...ffmpeg.exe". The "-i ...." arguments fall off the edge and are not part of the argument you pass to cmd /c for execution. Solution would be to put QM around the whole thing. For that to work you need to escape the the QMs inside the string with \" . As in cmd.exe /c "\"C:\FFMPEG_Sets\ffmpeg-3.3.4-win32-static\bin 1 2\ffmpeg.exe\" -i \"https://....m3u8\" (...)" I am not sure how your "- |" piping works on windows though. Another solution would be to execute ffmpeg.exe directly and then pass it its arguments as usual.
  11. sama

    write program in assembly

    invoke GetDlgItemInt,Hwnd,IDC_Edit1,0,FALSE push eax invoke GetDlgItemInt,Hwnd,IDC_Edit2,0,FALSE pop ebx add ebx,eax result is in EBX just format it and print it out edit: Remarks The GetDlgItemInt function retrieves the text of the specified control by sending the control a WM_GETTEXT message. The function translates the retrieved text by stripping any extra spaces at the beginning of the text and then converting the decimal digits. The function stops translating when it reaches the end of the text or encounters a nonnumeric character. The GetDlgItemInt function returns zero if the translated value is greater than INT_MAX (for signed numbers) or UINT_MAX (for unsigned numbers). https://docs.microsoft.com/en-us/windows/desktop/api/winuser/nf-winuser-getdlgitemint
  12. Hi guys, I have some trouble again with that quotation marks issues for paths etc.Just wanna ask again how to do it right and how to handle it without to get any errors starting commandline tools with paths and arguments.I get always problems if paths using spaces and if not all works.In this case I try to qms for the path but it also fails. Example: Below without qms for ffmpeg path so I changed the bin folder and added some spaces for testing... cmd.exe /c C:\FFMPEG_Sets\ffmpeg-3.3.4-win32-static\bin 1 2\ffmpeg.exe -i "https:///.....m3u8" -vcodec copy -acodec copy -f mpegts - | "C:\Program Files\VideoLAN\VLC\vlc.exe" - Now in cmd window I get this error "Der Befehl "C:\FFMPEG_Sets\ffmpeg-3.3.4-win32-static\bin" ist entweder falsch geschrieben oder konnte nicht gefunden werden."Wrong written or could not found.Now I try same with qms... cmd.exe /c "C:\FFMPEG_Sets\ffmpeg-3.3.4-win32-static\bin 1 2\ffmpeg.exe" -i "https://....m3u8" -vcodec copy -acodec copy -f mpegts - | "C:\Program Files\VideoLAN\VLC\vlc.exe" - ..and I get this error.. Der Befehl "C:\FFMPEG_Sets\ffmpeg-3.3.4-win32-static\bin" ist entweder falsch geschrieben oder konnte nicht gefunden werden. Der Befehl "l" ist entweder falsch geschrieben oder konnte nicht gefunden werden. Der Befehl "h" ist entweder falsch geschrieben oder konnte nicht gefunden werden. Anyhow its confusing compeletly.Normaly I would like to set all paths with qms to prevent problems if there are paths with spaces.Could anyone tell me again how to handle that correctly now using qms with CreateProcess function?I see also diffrents using ShellExecute/Ex function.At the end I would like to use just one function only and correctly. Are there any strange rules about the qms?Or is there any function I could use to verify the qms I did set in a commandline like they above?Or any function what could set qms in a whole commandline automatically or something like that?Getting almost crazy with that qms BS each time if I try to work with comandline.Anyway,so maybe you could help again a little to fix my problem with that. Thank you EDIT: Only method I could use to make it simple is using GetCurrentDirectory & SetCurrentDirectory functions each time before I build and call the commandline.Seems to work so far. greetz
  13. Downpour

    Can you Help me with this Program (Assembly)

    To store all the paths you could use an INI-File with a structure like: [Settings] Count = Number of paths [0] Path = Path to the program to execute Param = Parameter value ... You could read the Count and Param value with GetPrivateProfileInt and the path with GetPrivateProfileString. To store the path and parameter you can create a structure in MASM that holds both values and allocate memory to store the stuff inside. After loading the INI-File you can iterate through your array and compare the Param attribute and execute the program if it's a match. This may not be the best solution but it should be pretty simple.
  14. abdelhamid

    Can you Help me with this Program (Assembly)

    hello there , thank you for answering my question ... am just a beginner can you help to create this function !? regards ,
  15. abdelhamid

    write program in assembly

    my man ! am not working with console applications ! this is simple , 20 + 15 , i want the user to choose those two numbers if you know what i mean
  16. abdelhamid

    write program in assembly

    i want to add two numbers , base 10 can you give me an example of coverting base 10 to hex ! what functions we need to do that ?
  17. Nemo

    write program in assembly

    here's a good example.. Program to sum two numbers it kind of depends on what numbers you want to add, base 16(hex) , base 10(normal)... if it is base 10 you need to convert to hex first add then convert result back to base 10..
  18. Predator

    write program in assembly

    suppose we have to add 20 and 15, you must move the numbers into register, call addition and push it MOV EAX, 20 MOV EBX, 15 ADD EAX,EBX PUSH EAX The result is in EAX bye Predator
  19. The program only runs on your computer because of where your files are located.. i.e. 'C:\RCE\RAMODBG v1.1\OLLYDBG.EXE' you could use '.\RAMODBG v1.1\OLLYDBG.EXE' if program is run from 'C:\RCE directory' or maybe put something in to change the base location of your tools.. make a function for the create process/resume.. then just pass variable to it..
  20. abdelhamid

    Just another cracker!

    am just a beginner , and believe me... Reverse Engineering is taking a huge part in my personal life i wanna be that professional cracker ! programmer , i need to learn more and more i won't stop what am doing because i love it ! from deep of my heart this is not just a hobby for me , its a way of thinking .
  21. i tried to write a small program that run some useful tools that i need , unfortunately the program run only in my computer how can i fix that problem , another question ... i'm just a beginner so the i've repeated CreateProcess and ResumeThread so many times i guess am doing this wrong ! please correct me i called this small Program EX_Runner the source code , .386 .model flat, stdcall ;32 bit memory model option casemap :none ;case sensitive include EX_Runner.inc include comdlg32.inc includelib comdlg32.lib .const sla db"\",0 FilterStr db "Executable Files","*.exe",0,0 .data olly db "C:\RCE\RAMODBG v1.1\OLLYDBG.EXE",0 IDA db "C:\RCE\Tools\IDA Pro\IDA Pro Advanced (32-bit).exe",0 reflector db "C:\Program Files\Red Gate\.NET Reflector\Desktop 8.5\Reflector.exe",0 qu db "C:\RCE\Tools\QUnpack32\Explorer.exe",0 stripper db "C:\RCE\Tools\Unpacking Kit 2012\ARMADILLO\stripper_v213b9\_stripperX.exe",0 dillodie db "C:\RCE\Tools\Unpacking Kit 2012\ARMADILLO\Dillodie\dilloDIE.exe",0 die db "C:\RCE\Tools\DIE_1.01_win\die.exe",0 peid db "C:\RCE\Tools\PEiD-0.95-20081021\PEiD.exe",0 exepeinfo db "C:\RCE\Tools\Exeinfope\exeinfope.exe",0 impREC db "C:\RCE\Tools\ImpREC 1.7e\ImportREC.exe",0 lordpe db "C:\RCE\Tools\lordPE\LordPE.EXE",0 scylla db "C:\RCE\Tools\Scylla v0.9.7c\Scylla_x86.exe",0 .data? buffer db 512 dup (?) WFD WIN32_FIND_DATA<> ofn OPENFILENAME<> SSI STARTUPINFO<> PI PROCESS_INFORMATION<> .code start: invoke GetModuleHandle,NULL mov hInstance,eax invoke InitCommonControls invoke DialogBoxParam,hInstance,IDD_DIALOG1,NULL,addr DlgProc,NULL invoke ExitProcess,0 ;######################################################################## DlgProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM mov eax,uMsg .if eax==WM_INITDIALOG .elseif eax==WM_COMMAND .if wParam==1002 invoke CreateProcess,addr olly,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI invoke ResumeThread,PI.hThread .elseif wParam==1003 invoke CreateProcess,addr IDA,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI invoke ResumeThread,PI.hThread .elseif wParam==1004 invoke CreateProcess,addr reflector,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI invoke ResumeThread,PI.hThread .elseif wParam==1005 invoke CreateProcess,addr reflector,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI invoke ResumeThread,PI.hThread .elseif wParam==1006 invoke CreateProcess,addr exepeinfo,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI invoke ResumeThread,PI.hThread .elseif wParam==1007 invoke CreateProcess,addr peid,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI invoke ResumeThread,PI.hThread .elseif wParam==1008 invoke CreateProcess,addr die,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI invoke ResumeThread,PI.hThread .elseif wParam==1011 invoke CreateProcess,addr dillodie,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI invoke ResumeThread,PI.hThread .elseif wParam==1012 invoke CreateProcess,addr stripper,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI invoke ResumeThread,PI.hThread .elseif wParam==1013 invoke CreateProcess,addr qu,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI invoke ResumeThread,PI.hThread .elseif wParam==1014 invoke CreateProcess,addr scylla,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI invoke ResumeThread,PI.hThread .elseif wParam==1015 invoke CreateProcess,addr lordpe,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI invoke ResumeThread,PI.hThread .elseif wParam==1016 invoke CreateProcess,addr impREC,0,0,0,FALSE,CREATE_SUSPENDED,0,0,addr SSI,addr PI invoke ResumeThread,PI.hThread .endif .elseif eax==WM_CLOSE invoke EndDialog,hWin,0 .else mov eax,FALSE ret .endif mov eax,TRUE ret DlgProc endp end start am using RadASM IDE ! Regards ,
  22. abdelhamid

    write program in assembly

    Hello there ! how to write a program add two numbers and print the result in text box in order to print the result we can use SetDlgItemText Funtion , the problem is i don't know how to add two numbers .. what functions we need ? am using MASM32 , and RadASM IDE Regards,
  23. abdelhamid

    Serial Fishing Series - Vietnamese

    CriticalError ==> this is the password
  24. Last week
  25. LCF-AT

    Flash Games question

    Hi atom0s, sorry for late answer.Yes,some AS code inside needs to adjust to get it run without a loader swf and also to load the single parts directly from the combined SWF file.I think its doable so I see all frames inside using diffrent names / values to access the right ones also if its combined later.Problem is I cant handle that AS language yet to make that adjustments in the AS code using FFDEC tool.Thats the reason why I did ask whether anyone has some AS knowledge to check that out on a example file/s I have.The AS codes for accessing the parts is stored at the bottom and also have not much text inside which needs to be editied. greetz
  26. Hi again, just wanna ask whether anyone could find out how to load this dialog now? greetz
  27. !Eddy420CZ

    CrackMe ^v11

    Really good I know that is mistake , CrackMe receives all codes of a certain length. But it will change in the new work.
  28. 1. lea edx, [esp+13h] 2. mov eax, [esp+408h] 3. add eax, edx 4. movzx eax, byte ptr [eax] Let's look at above code snippet. * There is an array at esp+13h. * There is a counter variable at esp+408h Also remember that lea doesnt actually load the dereferences value, but rather stores the address. lea edx, [esp+13] -------> edx = esp+13 So we have: First line: load the starting address of the array into edx -> edx = esp+13 Second line: load the value of the counter variable into eax -> eax = [esp+408] third line: add them together. we are adding the base address of the array (edx = esp+13) and the value of the counter variable (eax = [esp+408]). So we store in eax a pointer into the array at the specified index. fourth line: load a byte from the pointer we just calculated. So we load a byte from the byte array at address esp+13 at index [esp+408]. Conceptually, the four lines can be summed up in C as : int diff = string[index]. Where string is the array esp+13, and index is the int-variable at esp+408. ----------- Maybe this pseudo-assembly makes it more clear. The four lines can be rewritten as: mov eax, byte ptr [esp + 13h + dword ptr [esp+408h]] again, esp+13 is the base address of the array, dword ptr [esp+408] is the index variable.
  1. Load more activity
×