Programming and Coding
Programming and coding tips, help and solutions...
1,877 topics in this forum
-
[dnlib] .Net Renamer problem
by Sniper.ps- 5 replies
- 11.9k views
Hello Guys I am gonna to make a simple renamer for .Net Apps .. the problem is : after rename the (modules, types,methods .. etc) the file is not working this is the code which i am using private void button1_Click(object sender, EventArgs e) { Rename(AssemblyDef.Load("C:\\MyApp.exe")); } public void Rename(AssemblyDef AsmDef) { int xMod = 0; int xType = 0; int xMethod = 0; int xParameter = 0; int xField = 0; int xProperty = 0; foreach (ModuleDef ModDef in AsmDef.Modules) { ModDef.Na…
-
- 12 replies
- 7.2k views
Hello eveyone , i was coding an obfuscator , everything is working good , but when i start to deobfuscate , it says value does not fall within the expected range , can someone help me please , here is the code Private Sub DesignButton8_Click(sender As Object, e As EventArgs) Handles DesignButton8.Click Try Dim S As New SaveFileDialog S.Filter = "|*.exe" If S.ShowDialog = vbOK Then If Protectpart2() = True Then ASM.Write(S.FileName) MsgBox("Sucessfully Obfuscated at: " & vbCrLf & S.FileName, MsgBoxStyle.Information) Else Exit…
-
Syscall notification
by Pancake- 1 reply
- 5k views
Hello. Im developing a bot to game, and tryin to be as stealthy as possible i planned to do some stuff in kernel. On x32 it was pretty easy to hook ssdt, and it was basically it, but on x64 things are different. I know the patchguard limitations, and i cant find way to intercept the syscalls. I want to hide and preserve debug registers because im using HWBPs to intercept game loops (i know i can do it usermode, but i want the stronger way), inject the implant botting code and control it from driver (already managed to do it). The only "legal" way to get notified was ObRegisterCallbacks but it works only for process creation and some other operations with handle, i digged …
-
- 1 reply
- 4.4k views
my unfinished project 2011, maybe you like it http://www.4shared.com/zip/G2piRjSfce/ZS_Ascii_Maker_Source_Code_.html
-
- 5 replies
- 5.2k views
Hello. Im tryin to filter out clicks which are comin for external applications and not user himself. I tried GetAsyncKeyState, GetKeyState or GetKeyboardState, watched the LPARAM and WPARAM in SetWindowsHook and it seems that automated keystrokes are the same as the usermade... I wonder how some games detect the fake input, any ideas?Greetz
-
Nice About Effect
by FudoWarez- 22 replies
- 16.6k views
enjoy!!! about.zip
-
- 9 replies
- 5.2k views
Hello. I got a function which returns hash from const char*, and obviously the same input gives same 32 byte hash. My problem is that after compilation program recounts the hash everytime, is it possible to tell compiler to count it during compilation time and just save the hash value? Im creating wrappers for common functions like getmodulehandle, getprocaddress etc with PE parsing, and the problem is that such piece of code for example myGetModuleHandle(hash("kernel32.dll")) generates assembly which counts the const char* hash everytime, and i would like the compiler to make it myGetModuleHandle(0xdeadbeef) where its the counted hash. How can i achive that?
-
Searching flash/actionscript loaded object
by bytesnake- 0 replies
- 5.8k views
hi guys First of all, I hope I started this new thead on thew right spot... I'm looking for windbg/OllyDbg/idapro script which can be use to print or get memory location of flash/actionscript loaded object such as Vector, Array, String object, etc...Also other then script, I am looking the tutorial to print or get memory location of flash/actionscript. Or any tutorial to get flash/actionscript object memory layout I need this info so I can dump or see flash/actionscript object memory layoutI read and tryed various tutorial including the one on CoreLan Website Still I just cannot find it. I watched Heap Inspector videoo too, But Im stuckedI m stucked, I REALLY need…
-
size of the code after compilation
by JustAGuy- 18 replies
- 5.4k views
Hi, is it possible somehow to get size or end address of a procedure, preferably without modifying procedure itself? e.g: Procedure Asem; begin asm mov eax, 5; add eax,8 shl eax,1 end; end; I want from my application determine size(number of bytes) of its own procedure, let's say, when I press a button. It's quite easy by using pointers to get start address of first line mov eax, 5, but how to get address of the last line(eventually RET)? For the sake of simplicity let's say the procedure is pretty simple with only one exit point and no external jumps outside of itself.
-
[dnlib] Injecting class with method.
by IllusiveMan- 1 reply
- 11.1k views
Hello guys. I have some problems with injecting new class with one method inside it. Basicly this class is placed in my project and i need to insert it in assembly using dnlib, then call the method from it from constructor. My code sample: AssemblyDef assembly = AssemblyDef.Load(FilePath); ModuleDef module = assembly.Modules[0]; Importer importer = new Importer(module); // Create new importer. IMethod meth = importer.Import(typeof(MyClass).GetMethod("Initialize")); // Trying to import initialization method and then place it into a new class. TypeDef type = new TypeDefUser("NewClass"); // Creating new type. type.Attributes = TypeAttributes.Class; // Setting class …
-
File Encoder using key in byte array [C#]
by Meteor2142- 4 replies
- 4.9k views
Hello guys! I'm now on finding out how cryptor works (more on my previous topic) So there is some stub, with randomly generated method names, and randomly generated byte array that crypts the file: Sample of decryptin code: string text = (string)ResourceManager...byte[] array = new byte[text.Length];// and decrypt method string text = (string)resourceManager.GetObject(...... //using the string from crypted resources (i dont how its even store in resouces like that) byte[] array = new byte[text.Length]; for (int i = 0; i < text.Length; i++) { array[i] = (byte)text[i]; // decryption }//the most simple maybe... how to make encoder from this? …
-
- 9 replies
- 4.9k views
Hi, here's another player lib, and I guess it comes with one of the best compromises between audio quality and size. The sound is awesome, but don't get fooled by the size of the included sound module examples (.ptp files), because they already come in a ready-to-get-compressed format. Check out the homepage for further info: http://code.google.com/p/protrekkr/ All credits to hitchhikr ofc.. a real magician. (Find some of his demos, if you don't know this guy yet.) And again thanks to eNeRGy/dAWN for the hints and the static lib! So here's the static lib and some example code in asm: PtkReplay.7z cheers
-
[VB.NET] Help me Mysql Connect
by CodeEnding- 3 replies
- 5.5k views
I can Use Cheat Engine Scan String password found . How can I protect Thank you
-
PureBasic patch template with crc check by [SST]
by Bilbardfayim- 1 reply
- 4.5k views
File Name: PureBasic patch template with crc check by [sST] File Submitter: Bilbardfayim File Submitted: 11 Apr 2015 File Category: Source Code PureBasic patch template 2 with crc check by SST Click here to download this file
-
- 10 replies
- 9.7k views
Hello, I am trying to debug/reverse engineer a program made in delphi, using x32dbg. This program use madExcept (which replace the default Delphi exception manager). If i put a breakpoint somewhere in the debugger, when it ran over the breakpoint, it does not break in the code, instead madExcept kicks in and the application show an error message : This is nice because the "bug report" can show me a stack trace and also a disassembly with full methods names It does not however , stop and break in the x32_dbg debugger (which i really want to), and thus does not allow me to run the program step by step. In the disasm window (…
-
Alternatives to JitHooking
by noob.exe- 4 replies
- 6.6k views
Yo, I am planning to code some method encryption, and I wanted to ask if there are alternatives to JitHooking. The problem is not hoe to encrypt/decrypt the methodbodys, - that's simple, the question is how I can detect the calls so I know when to decrypt. JitHooking is pretty unstable and might not work properly in future versions of the .Net FW. I am open for ideas and suggestions.
-
How deobfuscate crypto Obfuscator 2015?
by ismkdc- 1 reply
- 7.1k views
What can do any more? string decryp is given error unpackme.rar
-
change PE header in suspended process
by JustAGuy- 8 replies
- 6.6k views
It's possible to create suspended process, change for example entrypoint and when resumed it would start from changed EP? I have a non-working executable(wrong EP) idea is to modify PE header but only when it's loaded in memory. I used WriteProcessMemory api to write correct EP to header but when resumed, process crashes. WriteProcessMemory returns success, so problem must be somewhere else. Is it too late to modify header when the process is suspended? thanx in andvance
-
Help in converting C to Delphi pls
by kolynet- 6 replies
- 5k views
Hi all,I have a small poker odds calculator a free software and would like to implement it into my delphi application. (HandOdds class) where we input players hole cards, dead cards, etc. It will calculate the odds. Somehow i would like to call a class (in its DLL). OR just translate it to delphi style.Could someone help? I appreciate it !Here is the link to the source and binary of the calculator:https://mega.nz/#!wlAkUZbL!zj1A_GZE3kr1ib7mL4BdskeHAgh6u0j1bvtKiv2wPYY
-
[C#] Phoneix Protector de4dot code
by TheProxy- 3 replies
- 8.1k views
Hi im new to de4dot midding so when i finaly made this to work i wanted to share with ewryone Open De4Dot source (be shure that you can compile it Video //Credit to @li0nsar3c00l) Then go to de4dot.code/deobfuscators and create New Folder (Phoneix_Protector) and create 2 classes Deobfuscator.cs and StringDecrypter.csand paste this codeDeobfuscator.cs using System.Collections.Generic;using dnlib.DotNet;using de4dot.blocks;namespace de4dot.code.deobfuscators.Phoneix_Protector{ public class DeobfuscatorInfo:DeobfuscatorInfoBase { public const string THE_NAME = "Phoneix Protector"; public const string THE_TYPE = "pp"; const string DEFAULT_REGE…
-
Nice About Effect 2
by FudoWarez- 1 follower
- 12 replies
- 9.1k views
skull.zip
-
The Advanced Batch AI
by jahwi- 3 replies
- 5.3k views
hello guys! I've have been looking for a batch ai/chatbot for the last year. so I thought to myself: why not just make one? so I went ahead and did. please leave reviews,ratings comments etc. get it here:https://sourceforge.net/projects/meri/
-
- 1 follower
- 2 replies
- 4.4k views
I want to write a plugin that can set command line. The executable have some dynamic arguments ,so i decided to write a plugin. I browsed some apis from ollydbg plugin help, couldnot find .Or i missed something . Any hint , so appreciated . Thanks.
-
- 1 reply
- 3.9k views
I'm using plain C to call these functions of GDI+ ,and response WM_PAINT with this function ,the last call of GdipDrawImage returns 0, it means success ,but on my picture control I can not find my picture on it.source.txt
-
CaptureStackbackTrace
by Pancake- 1 reply
- 4.9k views
Hello. I was wondering how can i create a call stack to view the return addresses. So i found that fancy function, it worked prefrectly in one .exe, showing call stack up to ntdll but it does not show full backtrace when called from a hook. Sometimes it prints 1, 2, 3 addresses but i know how that program is working and the call stack is much bigger. The "Call Stack" function from olly shows exactly same not full result but i can view stack and see which address is a return address, but i cant dereference values from the stack to see if its a return address because i would crash on access vioaltion very quickly. How can i make it work properly?
