Programming and Coding
Programming and coding tips, help and solutions...
1,890 topics in this forum
-
Capstone.net with a file
by swell- 6 replies
- 5.4k views
I try to use capstone.net: https://github.com/9ee1/Capstone.NET The sample works fine with a byte array, but when I try it with a PE file it doesn't work. I've replaced the byte array from sample with File.ReadAllBytes(filePath); but it doesn't work. I suspect that I have to only give the code section to capstone and not the entire file. If this is the case, what is the best method to do it? Thanks in advance!
-
Drizz Cryptohash RCRC32
by ragdog- 2 replies
- 7.5k views
Hello all I try to use from Cryptohash library the RCRC32 procedur gives any exmaple or info how to use it? Regards,
-
- 6 replies
- 8.9k views
how to get URLs in memo, delimited text or split? e.g: in memo.text : begin memo1.lines.text := ' rtadgjkjuouioop hxxp://exmpl.com yyhfhjjj ijoo hxxp://wxw.exmpl.org iolvb wxw.exmpl.comiiij fiuddhity ftp://exmpl.com uiufsftgco45788 hxxps://exmpl.com ggcghj hxxps://wxw.exmpl.net giiu'; end; result in memo 2 I mean like this code: function spliter(const s : string; ts, rs : tstrings) : string; var i : integer; begin for i := 0 to rs.count - 1 do begin if (pos('wxw', ts.strings) > 0) or (pos('fxp://', ts.strings) > 0) or (pos('hxxp://', ts.strin…
-
- 3 replies
- 5.8k views
Hi guys, Anyone looking for a parsable copy of Intel instructions set.I just made them available at: https://github.com/MahdiSafsafi/Parsable-Instructions Mahdi.
-
CreateDIBSectiob() from bitmap resouce
by xSRTsect- 2 replies
- 5.5k views
Hello, I have the following code //bitmap HMODULE hModule = GetModuleHandle(NULL); HRSRC hRes = FindResource(hModule, pBitmapName, RT_BITMAP); if (hRes == NULL) return; HGLOBAL hGlb = LoadResource(hModule, hRes); if (hGlb == NULL) return; BITMAPINFO * pDIB = (BITMAPINFO *)LockResource(hGlb); if (pDIB == NULL) return; textbmi = *pDIB; textDC = CreateCompatibleDC(mDC->GetSafeHdc()); textbmp = CreateDIBSection(textDC, &textbmi, DIB_RGB_COLORS, (LPVOID *)&lpTextBuffer, 0, 0); SelectObject(textDC, textbmp); Everything looks to execute properly without API null returns - however, lpTextBuffer points to an array of zeros, no my image is…
-
Common questions in C++
by Alzri2- 18 replies
- 9k views
Hello, Anyone who has a (normal) question in C++, put it here.
-
- 8 replies
- 17.2k views
I try to compile the code from Delphi XE for android but it takes a long time and heavy because my PC specs are not too good, so I had to cancel, so I download Genymotion to try android application on my PC because it is very light. how to connect Delphi XE 8 to Genymotion as android emulator? and what emulator for iOS / iPhone / iPad / OSX are small and lightweight to test iOS applications? I downloaded iPadian but I do not know if this could be used to try the iOS app?! ... and I do not have an iOS device (iPhone / iPad or Mac etc). thx b4
-
AsmPointers (source code C#)
by CodeExplorer- 1 reply
- 12.3k views
AsmPointers (source code C#): AsmPointers will enumerate all assemblies and modules and will eventually call mbase.MethodHandle.GetFunctionPointer() for each method of a module.For testing purpose change in Program.cs: /// <summary> /// Program entry point. /// </summary> [sTAThread] public static void Main(string[] args) { string target = @"D:\\ModuleToAssembly.exe"; Assembly asm = Assembly.LoadFile(target); SendToJit.SendModuleToJit(asm.ManifestModule);the line string target = @"D:\\ModuleToAssembly.exe"; shoul be changed to load your simple assembly, for testing purpose only. And the program will on…
-
[c++]Problem with convert EAX
by baruch- 7 replies
- 13k views
Hi all! I try to do the keygen: "2. Keygenning tut KeyGenMe_#1_cLoNeTrOnE TeAm FOFF" from the link : https://forum.tuts4you.com/topic/36362-all-my-keygenning-tuts/?hl=%2Bkeygening+%2Btut There was a moment which register EAX equal to : 00000275 (in my case).[its just take the string "baruch" and conclude every char] And then was check : if(EAX == 00000275). Now in my C++ program ,i have integer called "sum" which equal to 275. The question is how i convert that number? I mean ,i need 00000275 not 275,so how i convert from "integer look" to "register look"? of course i can do very long way : 1.check the length of sum==3 2.do loop from 0 to 5 and fil…
-
My debugger loads dll too late
by Pancake- 13 replies
- 6.6k views
Hello So today i decided to create own debugger for own use, everything works just fine btu as we all know the anti-debug tricks have to by bypassed. So i created my Fix.dll which fixes the peb and hooks far jump (currently only for wow64). It works like a charm and spoofs the Zw* functions output, but the problem is that the dll is loaded too late.. After receiving the first debug meesage which is obviously CREATE_PROCESS_DEBUG_EVENT i get the EIP, LoadLibraryA address and then inject payload which loads my Fix.dll (i coped the shellcode from StrongOD). So it calls LoadLibraryA for my dll and returns to the original EIP, continuing execution properly without any…
-
PortEx: Library for Static Analysis of PE Files
by Struppigel- 0 replies
- 6.7k views
What is PortEx?PortEx is a library aimed at Java developers and reverse engineers. It enables you analyse Portable Executable files (e.g. EXE, DLL files) and has a special focus on malware analysis. In addition to just viewing a lot of file format information it provides tools that help you with reverse engineering or malware analysis. PortEx is written in Scala and Java.PortEx is free, open source and still in heavy development. Although I made Unit Tests for the most parts of the code there might still be bugs.Features Reading header information from: MSDOS Header, COFF File Header, Optional Header, Section Table Reading standard section formats: Import Section, Resou…
-
Skinning GUI in PureBasic keygen Example
by Bilbardfayim- 2 replies
- 8.7k views
Skinning GUI in PureBasic keygen Example https://forum.tuts4you.com/gallery/image/443-srn/ KEYGEN_EXAMPLE.rar
-
OllyDbg 1.10 plugin API (CHM format)
by RaMMicHaeL- 0 replies
- 8.4k views
File Name: OllyDbg 1.10 plugin API (CHM format) File Submitter: RaMMicHaeL File Submitted: 08 Aug 2015 File Category: Source Code The OllyDbg 1.10 plugin API manual in CHM format. Click here to download this file
-
another keygen template
by Jowy- 3 replies
- 8.1k views
here is another a keygen template by me thanks to xsp1d3r for the gfx hope u like it
-
help me des SSL library,THK Y.
by diskgetor- 3 replies
- 10k views
look here des soure: https://tls.mbed.org/des-source-code now i write code for DES ECB ENCODE: des_const des: setkey : des_crype_ecb(&des,input,output); now,encode was ok,but how i write the DES ECB decode codes?
-
[dnlib] .Net Renamer problem
by Sniper.ps- 5 replies
- 12.2k views
Hello Guys I am gonna to make a simple renamer for .Net Apps .. the problem is : after rename the (modules, types,methods .. etc) the file is not working this is the code which i am using private void button1_Click(object sender, EventArgs e) { Rename(AssemblyDef.Load("C:\\MyApp.exe")); } public void Rename(AssemblyDef AsmDef) { int xMod = 0; int xType = 0; int xMethod = 0; int xParameter = 0; int xField = 0; int xProperty = 0; foreach (ModuleDef ModDef in AsmDef.Modules) { ModDef.Na…
-
- 12 replies
- 7.4k views
Hello eveyone , i was coding an obfuscator , everything is working good , but when i start to deobfuscate , it says value does not fall within the expected range , can someone help me please , here is the code Private Sub DesignButton8_Click(sender As Object, e As EventArgs) Handles DesignButton8.Click Try Dim S As New SaveFileDialog S.Filter = "|*.exe" If S.ShowDialog = vbOK Then If Protectpart2() = True Then ASM.Write(S.FileName) MsgBox("Sucessfully Obfuscated at: " & vbCrLf & S.FileName, MsgBoxStyle.Information) Else Exit…
-
Syscall notification
by Pancake- 1 reply
- 5.3k views
Hello. Im developing a bot to game, and tryin to be as stealthy as possible i planned to do some stuff in kernel. On x32 it was pretty easy to hook ssdt, and it was basically it, but on x64 things are different. I know the patchguard limitations, and i cant find way to intercept the syscalls. I want to hide and preserve debug registers because im using HWBPs to intercept game loops (i know i can do it usermode, but i want the stronger way), inject the implant botting code and control it from driver (already managed to do it). The only "legal" way to get notified was ObRegisterCallbacks but it works only for process creation and some other operations with handle, i digged …
-
- 1 reply
- 4.6k views
my unfinished project 2011, maybe you like it http://www.4shared.com/zip/G2piRjSfce/ZS_Ascii_Maker_Source_Code_.html
-
- 5 replies
- 5.4k views
Hello. Im tryin to filter out clicks which are comin for external applications and not user himself. I tried GetAsyncKeyState, GetKeyState or GetKeyboardState, watched the LPARAM and WPARAM in SetWindowsHook and it seems that automated keystrokes are the same as the usermade... I wonder how some games detect the fake input, any ideas?Greetz
-
Nice About Effect
by FudoWarez- 22 replies
- 17.2k views
enjoy!!! about.zip
-
- 9 replies
- 5.6k views
Hello. I got a function which returns hash from const char*, and obviously the same input gives same 32 byte hash. My problem is that after compilation program recounts the hash everytime, is it possible to tell compiler to count it during compilation time and just save the hash value? Im creating wrappers for common functions like getmodulehandle, getprocaddress etc with PE parsing, and the problem is that such piece of code for example myGetModuleHandle(hash("kernel32.dll")) generates assembly which counts the const char* hash everytime, and i would like the compiler to make it myGetModuleHandle(0xdeadbeef) where its the counted hash. How can i achive that?
-
Searching flash/actionscript loaded object
by bytesnake- 0 replies
- 6k views
hi guys First of all, I hope I started this new thead on thew right spot... I'm looking for windbg/OllyDbg/idapro script which can be use to print or get memory location of flash/actionscript loaded object such as Vector, Array, String object, etc...Also other then script, I am looking the tutorial to print or get memory location of flash/actionscript. Or any tutorial to get flash/actionscript object memory layout I need this info so I can dump or see flash/actionscript object memory layoutI read and tryed various tutorial including the one on CoreLan Website Still I just cannot find it. I watched Heap Inspector videoo too, But Im stuckedI m stucked, I REALLY need…
-
size of the code after compilation
by JustAGuy- 18 replies
- 5.9k views
Hi, is it possible somehow to get size or end address of a procedure, preferably without modifying procedure itself? e.g: Procedure Asem; begin asm mov eax, 5; add eax,8 shl eax,1 end; end; I want from my application determine size(number of bytes) of its own procedure, let's say, when I press a button. It's quite easy by using pointers to get start address of first line mov eax, 5, but how to get address of the last line(eventually RET)? For the sake of simplicity let's say the procedure is pretty simple with only one exit point and no external jumps outside of itself.
-
[dnlib] Injecting class with method.
by IllusiveMan- 1 reply
- 11.6k views
Hello guys. I have some problems with injecting new class with one method inside it. Basicly this class is placed in my project and i need to insert it in assembly using dnlib, then call the method from it from constructor. My code sample: AssemblyDef assembly = AssemblyDef.Load(FilePath); ModuleDef module = assembly.Modules[0]; Importer importer = new Importer(module); // Create new importer. IMethod meth = importer.Import(typeof(MyClass).GetMethod("Initialize")); // Trying to import initialization method and then place it into a new class. TypeDef type = new TypeDefUser("NewClass"); // Creating new type. type.Attributes = TypeAttributes.Class; // Setting class …
