Programming and Coding

How do i add an executable code / exe to another executable's body. So when the first file runs it will also execute the second files body from the first one? i have heard like code cave but with all modification. how do i do it ? In C or C++ programming language?

1) cmp dword_4298B8, eax jnz short loc_xxxx dword_4298B8 is initialized as "dd ? " then how to compare with eax? dword_4298B8 ---> dd ? 2) Can you give me an example of array and accessing it and allocating it in ASM when i do reverse egnineering! Thanks 3) mov WORD PTR [ebx], 2 WHAT IS THIS ABOVE "WORD PTR" ?

Hello. I am trying to devlop a GUI app for a console app. I need some help. I want to capture real time text of console in memo. How can i do it? I tried some function that available of internet but there is problem it freez the app so anyone have any other idea delphi.wikia.com/wiki/Capture_Console_Output_Realtime_To_Memo Its no working

Large or medium .Net projects (Winform or WPF) that are not obfuscated? I tried before Paint.Net & ILSpy.

I'm studying x86 architecture and assembly in order to have the basis for studying reversing and exploit development. I'm following a course on opensecuritytraining.info. I see a Hello World example: push ebp mov ebp, esp push offset aHelloWorld; "Hello world\n" call ds:__imp__printf add esp, 4 mov eax, 1234h pop ebp retn This code was generated by Windows Visual C++ 2005 with buffer overflow protection turned off and disassembled with IDA Pro 4.9 Free Version. I'm trying to understand what each line does. the first line is push ebp. I know ebp stands for base pointer. What is its function? I see that in the second line the value in esp is…

Hi. Making a new thread for this, but is actually a sub-problem coming from my other thread. I'm trying to make a loader (now in c++), which would use the ReadProcessMemory API. The process is created by the loader with CreateProcess(address,NULL,NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&startup_info,&process_info) I noticed, that while it reads the memory of an "Imag" memory block, it returns 0x00 (or 0xCC ?) when trying to read from a private memory area. How is this bypassable?

Hello Friends, I'm trying to implement one key generation logic developed in java in to c#. So can anyone tell me how to convert it in c# so that both the java and C# programs will work in similar manner. My java method which will implement the key is as below. public static String calculateOTP(byte[] seedValue, String userPIN, String challenge) { try { SHA1 sha1 = new SHA1(); byte[] hashedChallenge = sha1.digest(challenge.getBytes()); sha1.init(); sha1.update(seedValue); sha1.update(hashedChallenge); sha1.finish(); byte[] otp0byte = sha1.digest(); in…

Hi guys, at the moment I try to study a little bit how HLS streamings are working and wanna ask whether anyone of you has some knowledge and experience with that theme.I found some sites (mosty any IPTV) where you can find listet links of TV channel playlists in m3u8 format.Normaly I can use commandline tools like ffmpeg / livestreamer to play / download them but now I wanna know how to handle such links manually to play / download them.After a manually check of a playlist file I can find inside some informations and another links to other m3u8 files using diffrent quallity etc.As next I did download one of them and can find inside another infos about splitet ts file…

Hi guys, so I have a question about using / calculate / handling a HSCROLL control.So I would like to create a HSCROLL control what gets set and moved correctly and nice dependent on a tab control (X tabs = dynamic).Problem is I dont get it really good working. Lets say I have only one tab so then the thumbtrack should take the entire place in the hscroller and if I add more tabs then it should get smaller and smaller etc like in Notepad app for example.Next problem are the positions to set them correctly + calculate the right value to adjust everything you know.I made a example for testing.Maybe you can check this. invoke GetDlgItem,hWnd,IDC_HSCROLL mov…

Hello everybody: There is a question bothers me for a long time. I want to get my computer's UserName、Domain、PassWord between LogonUI.exe and StartShell(Winlogon Notification Events),so i must HOOK it(LogonUI.exe),and i only want to HOOK it.I have referencesed some information,but failed. So,everybody,How to HOOK LogonUI.exe can get UserName、Domain、PassWord? Thanks.

Hi guys, I have again found a problem and dont know whats the reason for this.I have a PC with a onBoard grafic 1 GB so I told this before on other topic.The problem I have is that I always have any kind of flickering / delay on the screen if I move any window or resize it also with any notepad file it happens.Its more worst if I do it in my Sandbox or also in VM too.Next problem is watching videos so there I always see any not vissible line moving from bottom to top (looks like a scissors cut) especially if there is much moving action in the video.I am really not sure why it is so and whether the onBoard grafic is the problem or not or whether any setting in the BIO…

Hi everyone, I wanna develop a plugin for ollydbg. The plugin can record user's operations. For example, i add a breakpoint at line 40, then plugin can record this operation. Is is possible to make it? Any advice is welcome. Great thanks~~ Young

Hi guys, have a new problem and need some advice. Problem: I created a thread and in this thread I also use a CreateProcess API to start a exe file and right after this API in my thread comes a loop to write bytes into hStdOutput handlle into new created process.All working so far but the problem is this...if the new created process does run and I do exit this process manually with mouse button then the remaining codes / following codes will not executed anymore.So thats the problem and I dont know why.I checked this also in Olly and did set soft BPs right after the loop and on thread exit but it will never reached.Does anyone have a idea why my thread will no m…

Hi, I'm reading about some egg hunter shellcode and noticed a weird thing. If I remove the 'egg tag' in front of my actual payload i'm getting wrong strlen sizes? Why so? The shellcode isn't working in the second example without the egg tag (of course) but this has nothing to do with the strlen function, has it? shellcode1.c (Egg-tag is "Egg-Mark" without "", correct strlen of array) #include <stdio.h> #include <string.h> unsigned char egg[] = { 0x40, 0x81, 0x78, 0xf8, 0x45, 0x67, 0x67, 0x2d, 0x75, 0xf6, 0x81, 0x78, 0xfc, 0x4d, 0x61, 0x72, 0x6b, 0x75, 0xed, 0xff, 0xd0 }; unsigned char payload[] = { 0x45, 0x67, 0x67, 0x2d, 0…

Hi friends.How are you?And today i need your help to create HWID in Visual basic or delphi plz help..I need help to create HWID protected program with Delphi or Visual basic

Hi guys, I'm analyzing some shellcodes and therefore I'm using sctest for visualization. I recreated a hello_world.nasm file which uses sys_write to print string 'Hello World' and then sys_exit to exit the program but I can't create a graph file. The .dot file seems corrupted. root@pcfx:~/shellcode/shell_hello_world# cat hello_world.nasm ; Filename: hello_world.nasm ; Author: PCFX ; Description : ; BITS 32 global _start section .text _start: jmp short message GOBACK: xor eax, eax xor ebx, ebx xor edx, edx mov al, 0x4 mov bl, 0x1 pop ecx mov dl, 0xc int 0x80 xor eax, eax xor ebx, ebx mov al, 0x1 int 0x80 message: call GOBACK d…

Hello. I was thinking is there any alternative way to patch process memory without using WriteProcessMemory API? Actually I know crackers can get my patched bytes by just putting a bp on WriteProcessMemory so I want to know is there any other way to handle this? Hope for the Best

what would be the costs of firewall (ring0) ? (source code) Windows firewall.

Hi, i wrote a simple shellcode which executes /sbin/shutdown via sys_execve. When I execute it in my Ubuntu VM it doesn't shutdown completely but remains in the 'shutdown state' (see attachement). My shellcode length is 51 bytes. I also tried a shellcode example from shell-storm.org which is 56 bytes, but the result was the same. Also I think the following 3 lines (5 bytes) in shell-storm shellcode are not necessary but I might be wrong.. 8048062: 31 d2 xor edx,edx 8048069: 89 e7 mov edi,esp 804808f: 56 push esi EDIT: Hm well i guess it's necessary to xor edx register becaus…

I am giving a shot on BigBoote's tutorial "Writing your own packer". Right at the beginning of the project I ran into linking problems. As a result of not using the default libraries(on purpose) , the linker complains about the unresolved external symbol __ DllMainCRTStartup@12 In order to fix the linking error the author suggested on replacing the DllMain function with DllMainCRTStartup.He claims that this will fix the linker's error and at the same time be the EP.I've tried replacing the Boiler-Plate DllMain function with the DllMainCRTStartup but the problem is still there.I have done my research and I can't seem to find anyone tha…

The correct approach convert 1D List to 2D List (Randomly)? Please look at the my approach is correct ? List<Tuple<object, object, object>> OneDimensionalLists = new List<Tuple<object, object, object>>(); List<List<Tuple<object, object, object>>> TwoDimensionalLists = new List<List<Tuple<object, object, object>>>(); int i1 = 0; for (int i = 0; i < OneDimensionalLists.Count; i++) { TwoDimensionalLists.Add(new List<Tuple<object, object, object>>()); var random = new Random(seed); int next …

I'm working on a very simple shellcode encoder. It takes an existing shellcode and adds a continuing number on every even position in the shellcode. The shellcode i want to encode is a simple execve -> /bin/sh shellcode: \x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80 Encoded: \x31\x01\xc0\x02\x50\x03\x68\x04\x2f\x05\x2f\x06\x73\x07\x68\x08\x68\x09\x2f\x0a\x62\x0b\x69\x0c\x6e\x0d\x89\x0e\xe3\x0f\x50\x10\x89\x11\xe2\x12\x53\x13\x89\x14\xe1\x15\xb0\x16\x0b\x17\xcd\x18\x80\x19 Here is my decoder stub: global _start section .text _start: jmp short call_shellcode decoder: pop esi …

I'm trying to understand how hooking in general works, targetting x64 application. (As I'm totally beginneer, some questions might make no sense) 1. Is using assembly required to hook a function? (As inline assembly isn't supported) 2. What is the difference between jump and a trampoline? 3. Is the process of hooking procedure on x64 different? 4 - What does the following byte array actually represents? (Is it different on x64) BYTE jump[6] = { 0xe9, 0x00, 0x00, 0x00, 0x00, 0xc3 }; 5 - When finally writing to process, do we overwrite the original? ----- So if I understand correctly. (Few steps) Define original functions structure:…

Hi, I'm quite new to reverse engineering and C++. I've made an injector and I have a couple of questions regarding DLL operations. (I'm quite confused, so please be kind incase I ask something that makes no sense) Can I directly just access memory addresse's? (Or might require to execute VirtualProtect?) Lets say this address 0x140050D9E contains some data or a function, how could I read it? (Things I've heard that confuses me... base address, offset?) Appreciate it, thanks!

now . i want to ask how to make serial monitor like a eltima software ? any body know how to make it ?