Programming and Coding

I'm reading the code of dnlib and I was wondering the exact purpose of CreateFileMapping & MapViewOfFile primitives? What are the advantages of using these? Thanks guys!

Taskmgr cracking users TAB to hide a specific user Hello , i hope everyOne is feeling good in this beautiful forum with some Knowledge. There's 1 month i'm trying to Hide a specific user from taskmgr ... and Someone who i told the IDEA made this code , and he didn't want to share it with me ... and i find this very Idiot i'm sorry for the word...... So any one can help us making that and then Sharing the code please ? i know that taskmgr is using wtsapi32.dll , and a function called InformationsessionW is loaded by the taskmgr to show the USERS... So how to hide a specific user like this man did ... WE WANT THE FULL CODE PLEASE …

Hi, I want to make dll in VC++ , which when loaded into a process modifies certain address in the process memory. int nLength = GetModuleFileNameA(NULL, pszBuffer, MAX_PATH); HMODULE hEXEParent = GetModuleHandleA(pszBuffer); . . memcpy (&hEXEParent + 0x148521 , lplocate, 4); lplocate is LPVOID adress of newly allocated memory space which I want to write. The problem is that memcpy actually never gets linked into dll although there is no error during compilation. I bet there is something wrong with memcpy parameters in my case.

I try to search on internet ... how to make loader in vb6 ,, but i every get in delphi .. then how to make it in vb6 , in example .. in address : 572CC3 i want to write prosess on memory with new byte 70 dan 3D , any idea

Hi, Is there a way to open a chm file in the index tab and write something there ? Well, OllyDBG 2.01 does that ... I tried to debug it but couldn't figure out how it does that bp on 0049A8F1 and use "Help on API function" from the R click menu to break on it. This is the code I tried in ASM: .data libN db "HHCTRL.OCX", 0 funcN db "HtmlHelpA", 0 ;unicode HtmlHelpW path db "D:\WinApi.chm", 0 val db 20h, 0 DeskHWND dd ? .code start: invoke GetDesktopWindow mov DeskHWND, eax invoke LoadLibrary, addr libN invoke GetProcAddress, eax, addr funcN push offset val push 0Dh push offset path push DeskHWND ; could be NULL call eax invoke ExitPro…

I try to use capstone.net: https://github.com/9ee1/Capstone.NET The sample works fine with a byte array, but when I try it with a PE file it doesn't work. I've replaced the byte array from sample with File.ReadAllBytes(filePath); but it doesn't work. I suspect that I have to only give the code section to capstone and not the entire file. If this is the case, what is the best method to do it? Thanks in advance!

Hello all I try to use from Cryptohash library the RCRC32 procedur gives any exmaple or info how to use it? Regards,

how to get URLs in memo, delimited text or split? e.g: in memo.text : begin memo1.lines.text := ' rtadgjkjuouioop hxxp://exmpl.com yyhfhjjj ijoo hxxp://wxw.exmpl.org iolvb wxw.exmpl.comiiij fiuddhity ftp://exmpl.com uiufsftgco45788 hxxps://exmpl.com ggcghj hxxps://wxw.exmpl.net giiu'; end; result in memo 2 I mean like this code: function spliter(const s : string; ts, rs : tstrings) : string; var i : integer; begin for i := 0 to rs.count - 1 do begin if (pos('wxw', ts.strings) > 0) or (pos('fxp://', ts.strings) > 0) or (pos('hxxp://', ts.strin…

Hi guys, Anyone looking for a parsable copy of Intel instructions set.I just made them available at: https://github.com/MahdiSafsafi/Parsable-Instructions Mahdi.

Hello, I have the following code //bitmap HMODULE hModule = GetModuleHandle(NULL); HRSRC hRes = FindResource(hModule, pBitmapName, RT_BITMAP); if (hRes == NULL) return; HGLOBAL hGlb = LoadResource(hModule, hRes); if (hGlb == NULL) return; BITMAPINFO * pDIB = (BITMAPINFO *)LockResource(hGlb); if (pDIB == NULL) return; textbmi = *pDIB; textDC = CreateCompatibleDC(mDC->GetSafeHdc()); textbmp = CreateDIBSection(textDC, &textbmi, DIB_RGB_COLORS, (LPVOID *)&lpTextBuffer, 0, 0); SelectObject(textDC, textbmp); Everything looks to execute properly without API null returns - however, lpTextBuffer points to an array of zeros, no my image is…

Hello, Anyone who has a (normal) question in C++, put it here.

I try to compile the code from Delphi XE for android but it takes a long time and heavy because my PC specs are not too good, so I had to cancel, so I download Genymotion to try android application on my PC because it is very light. how to connect Delphi XE 8 to Genymotion as android emulator? and what emulator for iOS / iPhone / iPad / OSX are small and lightweight to test iOS applications? I downloaded iPadian but I do not know if this could be used to try the iOS app?! ... and I do not have an iOS device (iPhone / iPad or Mac etc). thx b4

AsmPointers (source code C#): AsmPointers will enumerate all assemblies and modules and will eventually call mbase.MethodHandle.GetFunctionPointer() for each method of a module.For testing purpose change in Program.cs: /// <summary> /// Program entry point. /// </summary> [sTAThread] public static void Main(string[] args) { string target = @"D:\\ModuleToAssembly.exe"; Assembly asm = Assembly.LoadFile(target); SendToJit.SendModuleToJit(asm.ManifestModule);the line string target = @"D:\\ModuleToAssembly.exe"; shoul be changed to load your simple assembly, for testing purpose only. And the program will on…

Hi all! I try to do the keygen: "2. Keygenning tut KeyGenMe_#1_cLoNeTrOnE TeAm FOFF" from the link : https://forum.tuts4you.com/topic/36362-all-my-keygenning-tuts/?hl=%2Bkeygening+%2Btut There was a moment which register EAX equal to : 00000275 (in my case).[its just take the string "baruch" and conclude every char] And then was check : if(EAX == 00000275). Now in my C++ program ,i have integer called "sum" which equal to 275. The question is how i convert that number? I mean ,i need 00000275 not 275,so how i convert from "integer look" to "register look"? of course i can do very long way : 1.check the length of sum==3 2.do loop from 0 to 5 and fil…

Hello So today i decided to create own debugger for own use, everything works just fine btu as we all know the anti-debug tricks have to by bypassed. So i created my Fix.dll which fixes the peb and hooks far jump (currently only for wow64). It works like a charm and spoofs the Zw* functions output, but the problem is that the dll is loaded too late.. After receiving the first debug meesage which is obviously CREATE_PROCESS_DEBUG_EVENT i get the EIP, LoadLibraryA address and then inject payload which loads my Fix.dll (i coped the shellcode from StrongOD). So it calls LoadLibraryA for my dll and returns to the original EIP, continuing execution properly without any…

What is PortEx?PortEx is a library aimed at Java developers and reverse engineers. It enables you analyse Portable Executable files (e.g. EXE, DLL files) and has a special focus on malware analysis. In addition to just viewing a lot of file format information it provides tools that help you with reverse engineering or malware analysis. PortEx is written in Scala and Java.PortEx is free, open source and still in heavy development. Although I made Unit Tests for the most parts of the code there might still be bugs.Features Reading header information from: MSDOS Header, COFF File Header, Optional Header, Section Table Reading standard section formats: Import Section, Resou…

Skinning GUI in PureBasic keygen Example https://forum.tuts4you.com/gallery/image/443-srn/ KEYGEN_EXAMPLE.rar

File Name: OllyDbg 1.10 plugin API (CHM format) File Submitter: RaMMicHaeL File Submitted: 08 Aug 2015 File Category: Source Code The OllyDbg 1.10 plugin API manual in CHM format. Click here to download this file

here is another a keygen template by me thanks to xsp1d3r for the gfx hope u like it

look here des soure: https://tls.mbed.org/des-source-code now i write code for DES ECB ENCODE: des_const des: setkey : des_crype_ecb(&des,input,output); now,encode was ok,but how i write the DES ECB decode codes?

Hello Guys I am gonna to make a simple renamer for .Net Apps .. the problem is : after rename the (modules, types,methods .. etc) the file is not working this is the code which i am using private void button1_Click(object sender, EventArgs e) { Rename(AssemblyDef.Load("C:\\MyApp.exe")); } public void Rename(AssemblyDef AsmDef) { int xMod = 0; int xType = 0; int xMethod = 0; int xParameter = 0; int xField = 0; int xProperty = 0; foreach (ModuleDef ModDef in AsmDef.Modules) { ModDef.Na…

Hello eveyone , i was coding an obfuscator , everything is working good , but when i start to deobfuscate , it says value does not fall within the expected range , can someone help me please , here is the code Private Sub DesignButton8_Click(sender As Object, e As EventArgs) Handles DesignButton8.Click Try Dim S As New SaveFileDialog S.Filter = "|*.exe" If S.ShowDialog = vbOK Then If Protectpart2() = True Then ASM.Write(S.FileName) MsgBox("Sucessfully Obfuscated at: " & vbCrLf & S.FileName, MsgBoxStyle.Information) Else Exit…

Hello. Im developing a bot to game, and tryin to be as stealthy as possible i planned to do some stuff in kernel. On x32 it was pretty easy to hook ssdt, and it was basically it, but on x64 things are different. I know the patchguard limitations, and i cant find way to intercept the syscalls. I want to hide and preserve debug registers because im using HWBPs to intercept game loops (i know i can do it usermode, but i want the stronger way), inject the implant botting code and control it from driver (already managed to do it). The only "legal" way to get notified was ObRegisterCallbacks but it works only for process creation and some other operations with handle, i digged …

my unfinished project 2011, maybe you like it http://www.4shared.com/zip/G2piRjSfce/ZS_Ascii_Maker_Source_Code_.html

Hello. Im tryin to filter out clicks which are comin for external applications and not user himself. I tried GetAsyncKeyState, GetKeyState or GetKeyboardState, watched the LPARAM and WPARAM in SetWindowsHook and it seems that automated keystrokes are the same as the usermade... I wonder how some games detect the fake input, any ideas?Greetz