Programming and Coding
Programming and coding tips, help and solutions...
1,886 topics in this forum
-
ollydbg 2.0 plugin
by walter1945- 2 replies
- 7.1k views
Hi all, i'm writing a small plugin for olly but i can't figure out how tell olly (from plugin) to resume process,do you know what's the right way to do that from plugin? thanks.
-
[Help] Inject x64 DLL into x64 PE File
by Gladiator- 15 replies
- 9.6k views
HelloI have problem with injection 64 bit dll into 64 bit exe file , in case i don't know what i should to do ? any one can help me with information , sources or some thing that solve my problemThanks
-
Generating a MethodDef signature
by ubbelol- 0 replies
- 10k views
Nevermind.
-
- 3 replies
- 4.1k views
Hello, I have coded a software, and its working fine on latin and english operative systems, but it does not work godd on Chinese Windoxs XPI have a module, for strings, conversion etc etc....Code is: st1 = HexToAsc("100404084A011004C8DC")Winsock2.SendData st1in latin server / client app, I receive very same string I sent.... I use winsock.GetData but on chinese windows xp it does not I receive this: 100404084A0110040000 (C8DC is now 0000)what could the problem be?? unicode related?? thanks
-
Firework LIB+DLL
by SmilingWolf- 1 reply
- 8.8k views
This is an implementation of the Fireworks effect by ronybc as a library with a little enhancement: you can now run multiple fireworks instances! Preview (3 instances): Documentation, sources, examples, compiled LIB and DLL are included. Hope you will like this Now go and set your CPU on fire! Firework.7z
-
.NET Reversing
by Elena Schneider- 11 replies
- 9.8k views
Hello!I)) I am reversing .NET web application which sends sockets to server through HTTP and RTSP protocol. I just want to change IP address where I send requests.My problem is...I can't find this right place in code. Look at that please. public WebWrapper() { this.UseProxy = false; this.UA = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.107 Safari/535.1"; this.Proxy = new WebProxy(); this.LastPage = "http://google.com/"; this.cookies = new CookieContainer(); } public string httpGet(string Address, [Optional, DefaultParameterValue(true)] bool Redirect) string str; try { IEnumerator enumerat…
-
how to create a loader with visual basic 6?
by nicogalan- 0 replies
- 4.4k views
Hello, do you know how to create a loader in visual basic 6? where could I find source code for it? thanks regards
-
patch auto saved in memory map?
by PieterJones- 2 replies
- 4.3k views
hello tuts4you i suppose after mapping a file in memory, and after making a change/patch in this mapped memory, i need to save the bytes wich are changed using FlushViewOfFile , right? so the weird thing is, it saves the patch already without using the FlushViewOfFile api yet! so actually i don't have to use FlushViewOfFile because the bytes are automatic saved after unmapping it seems. can someone tell me why? hOpenFile = CreateFile(szFilePath, GENERIC_WRITE | GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL | FILE_FLAG_RANDOM_ACCESS, NULL) hOpenFileMapping = CreateFileMapping(hOpenFile, NULL, PAGE_READWRITE, 0, dwSizeOfFile, NULL) pFile = M…
-
BASS static lib v.2.4
by ::: - phpbb3 - :::- 14 replies
- 10k views
BASS static lib v.2.4 MASM32 player example BASS.static.lib.v.2.4.MASM32.player.zip
-
strongod driver
by PieterJones- 16 replies
- 8.8k views
Hi folks i want to change the drivername of the to strongOD plugin at runtime. i know i can change this in the olly.ini file, but i need to change it at runtime after the driver is created. So in example i want to change the default drivername ("fengue0") to "testing" at runtime programmatically. is there a way to do this?
-
How to use this procedue "FindOEPGenerically"
by darkbreak- 1 reply
- 4.3k views
Hi all, How to use this procedue "FindOEPGenerically" in TitanEngine please help Thank you
-
Rijndeal 128, 192 , 256 example
by ragdog- 5 replies
- 13.8k views
Hello I want a example about Rijndeal 128, 192 , 256 in Asm,Cpp Now have i searched many hours but without good results. I found this drizz cryptohash.lib but with differents results as this page http://www.tools4noobs.com/online_tools/encrypt/ Key=Tuts4You Text=Tuts4You Result in hex 256= 18fa02ae57bfc4d9e1414c37d2d5e49898b1c6ce59a2a10fced00a36c6492f64 192= 521b4e49d550cfa20856c254cac7a199a670af2f7aeb8829 128= 37f9ce5d255f5b4fb7c66cefe4331e97 Can your send code examples in Asm or Cpp?!? Regards, raggy
-
- 0 replies
- 4.3k views
c c++or MFC work for input's string mov of 2 VAR, then use them xor 12345678 ,anather xor 87654321,use them again of DES ,last .......... edit1,input application's hardwareID,same as: 1234-5678-abcd-efgj-ij then,edit2 get the string:345678ab cdefghij,how i shouid write the code?
-
- 3 replies
- 7.3k views
Hey everyone, its been a long time since i was last here so sorry if it is in the wrong section. I am pretty new to Lua and its not my language of choice but its the only language this program allows so i am stuck. I am trying to open a website using shellexecute in Lua but no matter what i do, i don't seem to get any results when the script runs. I have been googling for hours now and there were a few good reads but apparently i am the only one who is using shellexecute to open website or maybe no one else has this problem, there were a few examples using native os function (os.execute) but they didn't seem to work either for me, it just opened a cmd window w…
-
Start executable from memory
by wyrda- 13 replies
- 7.4k views
Hi, I'm new to this stuff so I think you can help me. Can I load into the memory an executable and start it from there? Something like this: fread("myexecutable.exe"), shellexecute_from_memory("myexecutable.exe"). Have a nice day, wyrda
-
Remove ASLR programmatically
by Readme- 3 replies
- 9.4k views
does someone of tuts4you know how to disable/remove the "dll can load" (IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE) in programming code? we know this IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE is equal to 0x40, so is it a correct way to substract 0x40 from the DllCharacteristics? so in example NTheader->OptionalHeader.DllCharacteristics = NTheader->OptionalHeader.DllCharacteristics - 0x40;
-
thread starting
by Readme- 8 replies
- 5.5k views
i created a thread using CreateThread succesfully. the problem is that the thread is not directly after creating is executed. the thread will be executed after calling Sleep(). the thread is not created in suspended mode, but with the creation flag 0 (0 = The thread runs immediately after creation.). but still the thread is not executed direclty. any suggestions? invoke CreateThread, 0, 0, addr ThreadProc, NULL, 0, addr dwThreadID invoke Sleep, 200 ; when reaching this code the thread created above should be executed first
-
NonIntrusive Debugger Library
by Nieylana- 17 replies
- 7.3k views
Hey all, It has been a long time since I posted to this forum,but I wanted to post here to this .NET library known to people who may find use of it. The name of the project is NIDebugger (for non-intrusive debugging). There are currently 2 variants, NIDebugger (x86) and NIDebugger64 (x64). The main page for the x86 project is here: http://tslater2006.github.io/NIDebugger/ Currently the x64 is experimental and can be found via the github repository: http://github.com/tslater2006/NIDebugger64 Because of the experimental state of the x64 library, I will only discuss the x86 one... One of the most simple examples of using it is shown below, ple…
-
How to change image base of exe file?
by Mr.reCoder- 6 replies
- 9.7k views
Hi all, we can change the image base of executable file while linking with /BASE option. i.e. Link /BASE:0x600000 but is there any way to change the image base after linking? we may use PE editor to change the ImageBase value! but the problem raises when building import table! 00601060 FF25 08104000 JMP DWORD PTR DS:[401008] 00601066 FF25 00104000 JMP DWORD PTR DS:[401000] jump addresses must change to their appropriate values! any idea? Regards.
-
Control flow obfuscation
by Lostin- 5 replies
- 7.8k views
Hello I was wondering how this is coded? how i can make a lot of Unconditional branches forward/backward? how this is implemented? i mean how i can control the execution flow with jumps like themida VM, or VMP. I can make this only forward but backward/forward will interference with each other. Also one more question. Do these jmps random? or it has fixed addresses? Any ideas will be appreciated.
-
Dev-C++ 4.9.9.2
by JMC31337- 8 replies
- 10.9k views
quick ? Why the hell does my dev-c++ crash with exception c0000005 for any memcpy memset memove Rootkit?? ridiculous!
-
[WINAPI] Enumerate all services
by mrexodia- 14 replies
- 6.6k views
Hi everyone, Some time ago I put this small utility together for a friend that needed it. Turns out to be a useful piece of code. Code was found on the internet, only slightly modified and cleaned up a little. Credits to the original author of the code (sorry, couldn't find the website I found it on). This is the code: #include <stdio.h>#include <windows.h>void ErrorDescription(DWORD p_dwError){ HLOCAL hLocal=0; FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM|FORMAT_MESSAGE_ALLOCATE_BUFFER, 0, p_dwError, MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US), (LPTSTR)&hLocal, 0, …
-
KRNL SCAN
by JMC31337- 5 replies
- 5.9k views
using this http://downloads.securityfocus.com/vulnerabilities/exploits/48179-poc.c and this http://blog.csdn.net/whispermemory/article/details/6754144 We could create a lil KRNL Scanner w/ Dev-C++ .. Getting the Module.ImageName is tricky, and if anyone has any suggestions? Another thing, dunno if its because of the token adjustment but, this scanner finds a few more sys drivers in the krnl in comparison to a module scanner that uses strictly: ZwQuerySystemInformation( SystemModuleInformation #include <windows.h> #include <stdio.h>#include <iostream>using namespace std; #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0) typedef enum _SYSDBG_COM…
-
- 8 replies
- 5.8k views
Hello, I have tested a piece of malware today and after that i was surprised that each exe i load with ollydbg it hooks it's entrypoint with PUSH <address> ret the address contains also mov [entrypoint],originalbytes etc. So how is this done? is there any explanation about this?. Even if i set ollydbg to stop at system EP the hook is still there at entrypoint. Is this a usermode or kernelmode hook?
-
Help in Calculating CRC-16 For String in Delphi
by XorRanger- 2 replies
- 8.7k views
Hello, Could SomeOne Help Me Out ? Am Looking For A Unit to Calculate CRC - 16 For a String in Delphi. I Have Tried Quite a Number Of Implementations Yet They Give Me Wrong Results. I Tried Using Delphi Encryption Compendium v5.2 Yet it Kept Giving Me The Same OutPut For Different Input Strings. Please I Need This Urgently Cos am Almost Loosing My Mind Here. *** My IDE is Dephi 7.
