Programming and Coding
Programming and coding tips, help and solutions...
1,876 topics in this forum
-
Missing byte in shellcode
by pcfx- 8 replies
- 13.7k views
I'm working on a very simple shellcode encoder. It takes an existing shellcode and adds a continuing number on every even position in the shellcode. The shellcode i want to encode is a simple execve -> /bin/sh shellcode: \x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80 Encoded: \x31\x01\xc0\x02\x50\x03\x68\x04\x2f\x05\x2f\x06\x73\x07\x68\x08\x68\x09\x2f\x0a\x62\x0b\x69\x0c\x6e\x0d\x89\x0e\xe3\x0f\x50\x10\x89\x11\xe2\x12\x53\x13\x89\x14\xe1\x15\xb0\x16\x0b\x17\xcd\x18\x80\x19 Here is my decoder stub: global _start section .text _start: jmp short call_shellcode decoder: pop esi …
-
Function hooking on x64
by Netskyes- 10 replies
- 14.3k views
I'm trying to understand how hooking in general works, targetting x64 application. (As I'm totally beginneer, some questions might make no sense) 1. Is using assembly required to hook a function? (As inline assembly isn't supported) 2. What is the difference between jump and a trampoline? 3. Is the process of hooking procedure on x64 different? 4 - What does the following byte array actually represents? (Is it different on x64) BYTE jump[6] = { 0xe9, 0x00, 0x00, 0x00, 0x00, 0xc3 }; 5 - When finally writing to process, do we overwrite the original? ----- So if I understand correctly. (Few steps) Define original functions structure:…
-
Memory, DLL Injection C++
by Netskyes- 4 replies
- 5.5k views
Hi, I'm quite new to reverse engineering and C++. I've made an injector and I have a couple of questions regarding DLL operations. (I'm quite confused, so please be kind incase I ask something that makes no sense) Can I directly just access memory addresse's? (Or might require to execute VirtualProtect?) Lets say this address 0x140050D9E contains some data or a function, how could I read it? (Things I've heard that confuses me... base address, offset?) Appreciate it, thanks!
-
- 1 follower
- 1 reply
- 4k views
now . i want to ask how to make serial monitor like a eltima software ? any body know how to make it ?
-
SOLVED
by w0rm- 0 replies
- 12.5k views
SOLVED!
-
SOLVED
by w0rm- 0 replies
- 3.8k views
SOLVED
-
How to clone Memory ?
by w0rm- 6 replies
- 6.9k views
C++ windows how to Clone RAM ( Memory )? using API or is there any way ? Any help appreciated!
-
How to clone HDD ?
by w0rm- 0 replies
- 9.6k views
How to Clone HDD on windows x86 in C++ programming language ? Thanks NOTE: like "HDD Raw Copy Tool" does !
-
- 10 replies
- 7.5k views
hi, how to make for insert music .xm or mod in a keygen for visual basic 2005 o .net..sorry :biggrin: Sorry but I do not speak very well the Englishman An example of code it's very well
-
Few dot Net applications!
by Kick- 0 replies
- 7.5k views
Can anyone name a few application now in wild and built in using .Net ? just a couple of professional application now popular or not popular. Thanks
-
- 6 replies
- 4.4k views
I want to optimize the performance of my current web scrapper and make it as fast as my competitor's scrapper. The issue I'm facing is when user starts scrapping the site for booking process the book now link is not coming in response while in competitor's application it comes in very first second from heavily loaded web site. Please send me only professional developers and web scrappers. i am ready to pay . Thanks Kate
-
Any Tutorials For Calling Functions? 1 2
by GNIREENIGNE- 43 replies
- 16.2k views
Does anyone know of any good tutorials that show you how to properly call a function (e.g. satisfy all of the parameters of the call, stack allocation and cleanup etc.)? I've noticed a few items in some popular debuggers that might be used for this purpose, but I'm not sure about it. Thanks.
-
- 2 replies
- 4.9k views
DUE TO COPY RIGHT AND PRIVACY REASON THE THREAD HAS BEEN REMOVED
-
Delphi - Image move inside form coordinates.
by SHKODRAN- 1 reply
- 6.3k views
Hello everybody. I have created a small application, which should move images so smoothly into the desktop coordinates. I was wondering how can I limit that the image remains inside the desktop? I have try like that to move the image: procedure TForm1.Timer1Timer(Sender: TObject); Var X, Y :Integer; begin X:= random(2+1); Y:= random(2+1); Image1.Left:= Image1.Left + X; Image1.Top:= Image1.Top + Y; Image1.Refresh; end; Any help is appreciated. Thanks.
-
Branching in Assembly
by 0nion- 1 reply
- 6k views
If ( a == b ) { /////// } This above code block in assembly as JE and The Following one, if ( a != b ) { //////// } JNE ?
-
CPU "Features"
by ixiodor- 8 replies
- 10.9k views
Hi guys, I heared about DENUVO that uses a CPU bound code to make it harder to crack, some code that run only on your CPU. So i was looking for some nice trick and testings tring to emulate that. I started using CPUD changing values in EAX, my curiosity was on: MOV EAX, 0Bh CPUID This give me some values, including in EDX wich core is executing that CPUID. (core1 - core2 etc) BUT i found this "feature" , if you do: MOV ECX, 100h MOV EAX, 0Bh CPUID You reset all your registers and you get only a value in EDX, where is showed your current core... Is that normal?? I have a i7-2600, can someone with different CPU try if have same results?
-
- 7 replies
- 6.1k views
Hi guys, I'm happy to announce the release of my new disassembler called UnivDisasm. It support both x86 and x86-64 ,Intel and AMD. It support mostly all instructions found in Intel and AMD doc,including: FPU,MMX,SSE,SSE2,SSE3,SSSE3,SSE4.1,SSE4.2,SSE5,3DNOW,AVX,AVX2 ,FMA,FMA4. *AES, MPX, F16C, TSX, VME, BMI, BMI2 … *AVX512F, AVX512BW, AVX512CD, AVX512DQ, AVX512ER, AVX512PF, AVX512VBMI, AVX512IFMA. -REX,DREX,VEX,EVEX,XOP encoding support. -Intel enhancement syntax: Masking, Zeroing, Rounding, Broadcasting. -Support for VSIB memory addressing. -Support Compressed displacement called disp8*N. -Customized: UnivDisasm has an open architecture allowing for easy to…
-
So I want to write a virtualizer
by Pancake- 18 replies
- 8.8k views
Hello. Id like to create my code virtualizer, something similar to VMP, but Im havin some issues. Studying the old (1.7) vmp virtualization got the idea - you get the original bytes and encrypt/store inside VM section and place a jump to prepared piece of code which pushes onto stack EFlags, 8 registers and unique value which contains encrypted pcode pointer. Then such prepared context jumps into virtual machine. And here the vm gets byte from pcode, decrypts, finds case in switch table and executes it and so on. So after thinking for a long time i got problem emulating the stack. The original function's stack looks like that esp -> return address, esp + 4 -&…
-
Added instruction without operand in dnlib
by Perplex- 3 replies
- 5.2k views
How to add instruction without operand in dnlib, For example I wanted add Call opcode without operand, Is it possible?
-
MASM32: hello world in DOS
by alaphate- 5 replies
- 29.6k views
The code below can be compiled and linked to an .exe file. However, when I executed it, it "encountered a problem, and needs to be closed". MASM32 has no @data macro, how to get the msg's DS address? Thank you for help in advance.
-
kernel32
by laonglaing- 1 follower
- 10 replies
- 10.3k views
Hi I was wondering if it is possible to emulate keyboard press and mouse click using kernel32.dll ? instead of using user32.dll import.
-
- 2 replies
- 4.2k views
I try to build a crypto++ .lib file for make .sig file of IDA,building crypto++ .lib was succeeded , but when I try to use flair to make .sig , it tell me can't recognize those .obj file type that linked in .lib . so I open a .obj read it ,and this's what is see . Quote: 00000000 00 00 FF FF 01 00 4C 01 A6 C8 36 57 38 FE B3 0C L θ6W8 00000010 A5 D9 AB 4D AC 9B D6 B6 22 26 53 C2 47 DE 06 00 ベ玀瑳侄"&S翯? 00000020 13 0C 07 00 A6 C8 36 57 23 DD 06 00 10 00 00 00 θ6W#? 00000030 00 00 00 00 2E 64 72 65 63 74 76 65 00 00 00 00 .drectve 00000040 00 00 00 00 51 00 00 00 2C 01 00 00 00 00 00 00 Q , 00000050 00 0…
-
Manual dll map - weird problem
by Pancake- 12 replies
- 10.7k views
Hello. I got my old code with this feature which i wanted to review, and something very strange happens. All the relocations/imports etc are properly resolved but the program crashes when invoking the DllMain. If i run it in olly, everything works fine (and i see MessageBox from process attach). The loader run as administrator hangs inside DllMain not displayin anything, and run without elevated privileges just crashes. When i removed plugins from olly it also hangs like in first case. What may be the cause?? Edit: After checking the dll, the function which causes freeze (when manually mapped) is "dllmain_crt_dispatch" Edit: I am doin some mistake with allo…
-
Stuck in Compress DeflateStream
by skypeaful- 5 replies
- 17.6k views
Can anybody tell me how to convert LinqPad.Resource.dll to .bin? I try to write tool encrypt & decrypt resource for LINQPad: http://www.linqpad.net/download.aspx The tool work fine in decompress .bin file to .dll but it's stuck in compress dll to bin: Error occur -> Reading from the compression stream is not supported Here is binary exe with resource .bin include http://rgho.st/7fLwsbx6Q I hope someone can help me how to fix to improve my to for support compress .dll to .bin The code is easy, I pasted it's here: private void button1_Click(object sender, EventArgs e) //decompress .bin to .dll { OpenFi…
-
- 2 replies
- 3.9k views
Hi all, I need a professional web scrapper/programmer who can build one shopping automation application to purchase items in flash sale. I need this application on .net desktop platform. Only professionals message me. Regards, Jessi
.jpg.9b3cc680c1cdb8790b30581febacd2e2.thumb.jpg.c96ae0ad250649f0534379582bd0406e.jpg)
