Programming and Coding
Programming and coding tips, help and solutions...
1,885 topics in this forum
-
- 0 replies
- 3.7k views
Hi everyone, I wanna develop a plugin for ollydbg. The plugin can record user's operations. For example, i add a breakpoint at line 40, then plugin can record this operation. Is is possible to make it? Any advice is welcome. Great thanks~~ Young
-
CreateProcess in Thread problem
by LCF-AT- 3 replies
- 7.1k views
Hi guys, have a new problem and need some advice. Problem: I created a thread and in this thread I also use a CreateProcess API to start a exe file and right after this API in my thread comes a loop to write bytes into hStdOutput handlle into new created process.All working so far but the problem is this...if the new created process does run and I do exit this process manually with mouse button then the remaining codes / following codes will not executed anymore.So thats the problem and I dont know why.I checked this also in Olly and did set soft BPs right after the loop and on thread exit but it will never reached.Does anyone have a idea why my thread will no m…
-
[C] Wrong strlen of array
by pcfx- 6 replies
- 11k views
Hi, I'm reading about some egg hunter shellcode and noticed a weird thing. If I remove the 'egg tag' in front of my actual payload i'm getting wrong strlen sizes? Why so? The shellcode isn't working in the second example without the egg tag (of course) but this has nothing to do with the strlen function, has it? shellcode1.c (Egg-tag is "Egg-Mark" without "", correct strlen of array) #include <stdio.h> #include <string.h> unsigned char egg[] = { 0x40, 0x81, 0x78, 0xf8, 0x45, 0x67, 0x67, 0x2d, 0x75, 0xf6, 0x81, 0x78, 0xfc, 0x4d, 0x61, 0x72, 0x6b, 0x75, 0xed, 0xff, 0xd0 }; unsigned char payload[] = { 0x45, 0x67, 0x67, 0x2d, 0…
-
HWID With Visual basic
by Sadare- 7 replies
- 7.6k views
Hi friends.How are you?And today i need your help to create HWID in Visual basic or delphi plz help..I need help to create HWID protected program with Delphi or Visual basic
-
- 1 reply
- 5.3k views
Hi guys, I'm analyzing some shellcodes and therefore I'm using sctest for visualization. I recreated a hello_world.nasm file which uses sys_write to print string 'Hello World' and then sys_exit to exit the program but I can't create a graph file. The .dot file seems corrupted. root@pcfx:~/shellcode/shell_hello_world# cat hello_world.nasm ; Filename: hello_world.nasm ; Author: PCFX ; Description : ; BITS 32 global _start section .text _start: jmp short message GOBACK: xor eax, eax xor ebx, ebx xor edx, edx mov al, 0x4 mov bl, 0x1 pop ecx mov dl, 0xc int 0x80 xor eax, eax xor ebx, ebx mov al, 0x1 int 0x80 message: call GOBACK d…
-
WriteProcessMemory alternative
by GautamGreat- 12 replies
- 7.7k views
Hello. I was thinking is there any alternative way to patch process memory without using WriteProcessMemory API? Actually I know crackers can get my patched bytes by just putting a bp on WriteProcessMemory so I want to know is there any other way to handle this? Hope for the Best
-
what's the price of firewall
by kb432- 0 replies
- 7.8k views
what would be the costs of firewall (ring0) ? (source code) Windows firewall.
-
- 2 replies
- 4.3k views
Hi, i wrote a simple shellcode which executes /sbin/shutdown via sys_execve. When I execute it in my Ubuntu VM it doesn't shutdown completely but remains in the 'shutdown state' (see attachement). My shellcode length is 51 bytes. I also tried a shellcode example from shell-storm.org which is 56 bytes, but the result was the same. Also I think the following 3 lines (5 bytes) in shell-storm shellcode are not necessary but I might be wrong.. 8048062: 31 d2 xor edx,edx 8048069: 89 e7 mov edi,esp 804808f: 56 push esi EDIT: Hm well i guess it's necessary to xor edx register becaus…
-
Trivial C runtime. Linker error
by Loizos- 2 replies
- 4.7k views
I am giving a shot on BigBoote's tutorial "Writing your own packer". Right at the beginning of the project I ran into linking problems. As a result of not using the default libraries(on purpose) , the linker complains about the unresolved external symbol __ DllMainCRTStartup@12 In order to fix the linking error the author suggested on replacing the DllMain function with DllMainCRTStartup.He claims that this will fix the linker's error and at the same time be the EP.I've tried replacing the Boiler-Plate DllMain function with the DllMainCRTStartup but the problem is still there.I have done my research and I can't seem to find anyone tha…
-
[C#] How to convert 1D List to 2D List
by Perplex- 0 replies
- 4.5k views
The correct approach convert 1D List to 2D List (Randomly)? Please look at the my approach is correct ? List<Tuple<object, object, object>> OneDimensionalLists = new List<Tuple<object, object, object>>(); List<List<Tuple<object, object, object>>> TwoDimensionalLists = new List<List<Tuple<object, object, object>>>(); int i1 = 0; for (int i = 0; i < OneDimensionalLists.Count; i++) { TwoDimensionalLists.Add(new List<Tuple<object, object, object>>()); var random = new Random(seed); int next …
-
Missing byte in shellcode
by pcfx- 8 replies
- 13.8k views
I'm working on a very simple shellcode encoder. It takes an existing shellcode and adds a continuing number on every even position in the shellcode. The shellcode i want to encode is a simple execve -> /bin/sh shellcode: \x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80 Encoded: \x31\x01\xc0\x02\x50\x03\x68\x04\x2f\x05\x2f\x06\x73\x07\x68\x08\x68\x09\x2f\x0a\x62\x0b\x69\x0c\x6e\x0d\x89\x0e\xe3\x0f\x50\x10\x89\x11\xe2\x12\x53\x13\x89\x14\xe1\x15\xb0\x16\x0b\x17\xcd\x18\x80\x19 Here is my decoder stub: global _start section .text _start: jmp short call_shellcode decoder: pop esi …
-
Function hooking on x64
by Netskyes- 10 replies
- 14.6k views
I'm trying to understand how hooking in general works, targetting x64 application. (As I'm totally beginneer, some questions might make no sense) 1. Is using assembly required to hook a function? (As inline assembly isn't supported) 2. What is the difference between jump and a trampoline? 3. Is the process of hooking procedure on x64 different? 4 - What does the following byte array actually represents? (Is it different on x64) BYTE jump[6] = { 0xe9, 0x00, 0x00, 0x00, 0x00, 0xc3 }; 5 - When finally writing to process, do we overwrite the original? ----- So if I understand correctly. (Few steps) Define original functions structure:…
-
Memory, DLL Injection C++
by Netskyes- 4 replies
- 5.5k views
Hi, I'm quite new to reverse engineering and C++. I've made an injector and I have a couple of questions regarding DLL operations. (I'm quite confused, so please be kind incase I ask something that makes no sense) Can I directly just access memory addresse's? (Or might require to execute VirtualProtect?) Lets say this address 0x140050D9E contains some data or a function, how could I read it? (Things I've heard that confuses me... base address, offset?) Appreciate it, thanks!
-
- 1 follower
- 1 reply
- 4.1k views
now . i want to ask how to make serial monitor like a eltima software ? any body know how to make it ?
-
SOLVED
by w0rm- 0 replies
- 12.6k views
SOLVED!
-
SOLVED
by w0rm- 0 replies
- 3.8k views
SOLVED
-
How to clone Memory ?
by w0rm- 6 replies
- 7k views
C++ windows how to Clone RAM ( Memory )? using API or is there any way ? Any help appreciated!
-
How to clone HDD ?
by w0rm- 0 replies
- 9.7k views
How to Clone HDD on windows x86 in C++ programming language ? Thanks NOTE: like "HDD Raw Copy Tool" does !
-
- 10 replies
- 7.5k views
hi, how to make for insert music .xm or mod in a keygen for visual basic 2005 o .net..sorry :biggrin: Sorry but I do not speak very well the Englishman An example of code it's very well
-
Few dot Net applications!
by Kick- 0 replies
- 7.5k views
Can anyone name a few application now in wild and built in using .Net ? just a couple of professional application now popular or not popular. Thanks
-
- 6 replies
- 4.5k views
I want to optimize the performance of my current web scrapper and make it as fast as my competitor's scrapper. The issue I'm facing is when user starts scrapping the site for booking process the book now link is not coming in response while in competitor's application it comes in very first second from heavily loaded web site. Please send me only professional developers and web scrappers. i am ready to pay . Thanks Kate
-
Any Tutorials For Calling Functions? 1 2
by GNIREENIGNE- 43 replies
- 16.5k views
Does anyone know of any good tutorials that show you how to properly call a function (e.g. satisfy all of the parameters of the call, stack allocation and cleanup etc.)? I've noticed a few items in some popular debuggers that might be used for this purpose, but I'm not sure about it. Thanks.
-
- 2 replies
- 5k views
DUE TO COPY RIGHT AND PRIVACY REASON THE THREAD HAS BEEN REMOVED
-
Delphi - Image move inside form coordinates.
by SHKODRAN- 1 reply
- 6.4k views
Hello everybody. I have created a small application, which should move images so smoothly into the desktop coordinates. I was wondering how can I limit that the image remains inside the desktop? I have try like that to move the image: procedure TForm1.Timer1Timer(Sender: TObject); Var X, Y :Integer; begin X:= random(2+1); Y:= random(2+1); Image1.Left:= Image1.Left + X; Image1.Top:= Image1.Top + Y; Image1.Refresh; end; Any help is appreciated. Thanks.
-
Branching in Assembly
by 0nion- 1 reply
- 6.1k views
If ( a == b ) { /////// } This above code block in assembly as JE and The Following one, if ( a != b ) { //////// } JNE ?
.jpg.9b3cc680c1cdb8790b30581febacd2e2.thumb.jpg.c96ae0ad250649f0534379582bd0406e.jpg)
