Programming and Coding

what would be the costs of firewall (ring0) ? (source code) Windows firewall.

Hi, i wrote a simple shellcode which executes /sbin/shutdown via sys_execve. When I execute it in my Ubuntu VM it doesn't shutdown completely but remains in the 'shutdown state' (see attachement). My shellcode length is 51 bytes. I also tried a shellcode example from shell-storm.org which is 56 bytes, but the result was the same. Also I think the following 3 lines (5 bytes) in shell-storm shellcode are not necessary but I might be wrong.. 8048062: 31 d2 xor edx,edx 8048069: 89 e7 mov edi,esp 804808f: 56 push esi EDIT: Hm well i guess it's necessary to xor edx register becaus…

I am giving a shot on BigBoote's tutorial "Writing your own packer". Right at the beginning of the project I ran into linking problems. As a result of not using the default libraries(on purpose) , the linker complains about the unresolved external symbol __ DllMainCRTStartup@12 In order to fix the linking error the author suggested on replacing the DllMain function with DllMainCRTStartup.He claims that this will fix the linker's error and at the same time be the EP.I've tried replacing the Boiler-Plate DllMain function with the DllMainCRTStartup but the problem is still there.I have done my research and I can't seem to find anyone tha…

The correct approach convert 1D List to 2D List (Randomly)? Please look at the my approach is correct ? List<Tuple<object, object, object>> OneDimensionalLists = new List<Tuple<object, object, object>>(); List<List<Tuple<object, object, object>>> TwoDimensionalLists = new List<List<Tuple<object, object, object>>>(); int i1 = 0; for (int i = 0; i < OneDimensionalLists.Count; i++) { TwoDimensionalLists.Add(new List<Tuple<object, object, object>>()); var random = new Random(seed); int next …

I'm working on a very simple shellcode encoder. It takes an existing shellcode and adds a continuing number on every even position in the shellcode. The shellcode i want to encode is a simple execve -> /bin/sh shellcode: \x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80 Encoded: \x31\x01\xc0\x02\x50\x03\x68\x04\x2f\x05\x2f\x06\x73\x07\x68\x08\x68\x09\x2f\x0a\x62\x0b\x69\x0c\x6e\x0d\x89\x0e\xe3\x0f\x50\x10\x89\x11\xe2\x12\x53\x13\x89\x14\xe1\x15\xb0\x16\x0b\x17\xcd\x18\x80\x19 Here is my decoder stub: global _start section .text _start: jmp short call_shellcode decoder: pop esi …

I'm trying to understand how hooking in general works, targetting x64 application. (As I'm totally beginneer, some questions might make no sense) 1. Is using assembly required to hook a function? (As inline assembly isn't supported) 2. What is the difference between jump and a trampoline? 3. Is the process of hooking procedure on x64 different? 4 - What does the following byte array actually represents? (Is it different on x64) BYTE jump[6] = { 0xe9, 0x00, 0x00, 0x00, 0x00, 0xc3 }; 5 - When finally writing to process, do we overwrite the original? ----- So if I understand correctly. (Few steps) Define original functions structure:…

Hi, I'm quite new to reverse engineering and C++. I've made an injector and I have a couple of questions regarding DLL operations. (I'm quite confused, so please be kind incase I ask something that makes no sense) Can I directly just access memory addresse's? (Or might require to execute VirtualProtect?) Lets say this address 0x140050D9E contains some data or a function, how could I read it? (Things I've heard that confuses me... base address, offset?) Appreciate it, thanks!

now . i want to ask how to make serial monitor like a eltima software ? any body know how to make it ?

SOLVED!

SOLVED

C++ windows how to Clone RAM ( Memory )? using API or is there any way ? Any help appreciated!

How to Clone HDD on windows x86 in C++ programming language ? Thanks NOTE: like "HDD Raw Copy Tool" does !

hi, how to make for insert music .xm or mod in a keygen for visual basic 2005 o .net..sorry :biggrin: Sorry but I do not speak very well the Englishman An example of code it's very well

Can anyone name a few application now in wild and built in using .Net ? just a couple of professional application now popular or not popular. Thanks

I want to optimize the performance of my current web scrapper and make it as fast as my competitor's scrapper. The issue I'm facing is when user starts scrapping the site for booking process the book now link is not coming in response while in competitor's application it comes in very first second from heavily loaded web site. Please send me only professional developers and web scrappers. i am ready to pay . Thanks Kate

Does anyone know of any good tutorials that show you how to properly call a function (e.g. satisfy all of the parameters of the call, stack allocation and cleanup etc.)? I've noticed a few items in some popular debuggers that might be used for this purpose, but I'm not sure about it. Thanks.

DUE TO COPY RIGHT AND PRIVACY REASON THE THREAD HAS BEEN REMOVED

Hello everybody. I have created a small application, which should move images so smoothly into the desktop coordinates. I was wondering how can I limit that the image remains inside the desktop? I have try like that to move the image: procedure TForm1.Timer1Timer(Sender: TObject); Var X, Y :Integer; begin X:= random(2+1); Y:= random(2+1); Image1.Left:= Image1.Left + X; Image1.Top:= Image1.Top + Y; Image1.Refresh; end; Any help is appreciated. Thanks.

If ( a == b ) { /////// } This above code block in assembly as JE and The Following one, if ( a != b ) { //////// } JNE ?

Hi guys, I heared about DENUVO that uses a CPU bound code to make it harder to crack, some code that run only on your CPU. So i was looking for some nice trick and testings tring to emulate that. I started using CPUD changing values in EAX, my curiosity was on: MOV EAX, 0Bh CPUID This give me some values, including in EDX wich core is executing that CPUID. (core1 - core2 etc) BUT i found this "feature" , if you do: MOV ECX, 100h MOV EAX, 0Bh CPUID You reset all your registers and you get only a value in EDX, where is showed your current core... Is that normal?? I have a i7-2600, can someone with different CPU try if have same results?

Hi guys, I'm happy to announce the release of my new disassembler called UnivDisasm. It support both x86 and x86-64 ,Intel and AMD. It support mostly all instructions found in Intel and AMD doc,including: FPU,MMX,SSE,SSE2,SSE3,SSSE3,SSE4.1,SSE4.2,SSE5,3DNOW,AVX,AVX2 ,FMA,FMA4. *AES, MPX, F16C, TSX, VME, BMI, BMI2 … *AVX512F, AVX512BW, AVX512CD, AVX512DQ, AVX512ER, AVX512PF, AVX512VBMI, AVX512IFMA. -REX,DREX,VEX,EVEX,XOP encoding support. -Intel enhancement syntax: Masking, Zeroing, Rounding, Broadcasting. -Support for VSIB memory addressing. -Support Compressed displacement called disp8*N. -Customized: UnivDisasm has an open architecture allowing for easy to…

Hello. Id like to create my code virtualizer, something similar to VMP, but Im havin some issues. Studying the old (1.7) vmp virtualization got the idea - you get the original bytes and encrypt/store inside VM section and place a jump to prepared piece of code which pushes onto stack EFlags, 8 registers and unique value which contains encrypted pcode pointer. Then such prepared context jumps into virtual machine. And here the vm gets byte from pcode, decrypts, finds case in switch table and executes it and so on. So after thinking for a long time i got problem emulating the stack. The original function's stack looks like that esp -> return address, esp + 4 -&…

How to add instruction without operand in dnlib, For example I wanted add Call opcode without operand, Is it possible?

The code below can be compiled and linked to an .exe file. However, when I executed it, it "encountered a problem, and needs to be closed". MASM32 has no @data macro, how to get the msg's DS address? Thank you for help in advance.

Hi I was wondering if it is possible to emulate keyboard press and mouse click using kernel32.dll ? instead of using user32.dll import.