Programming and Coding
Programming and coding tips, help and solutions...
1,886 topics in this forum
-
- 1 reply
- 3.1k views
// © 2005 Richard Grimes // snSig library used to get information about a strong name signature of // a .NET assembly using System; using System.IO;// Used to obtain the file offset and the size of the strong name signature // and the strong name data directory public class StrongNameSignature { // Locations and sizes of various things in the PE file const int pePos = 0x003c; const int numSectOffset = 0x02; const int peIdentSize = 0x04; const int coffHeaderSize = 0x14; const int dataDirectoryOffset = 0x60; const int dataDirectoryLength = 0x08; const int clrHeaderIndex = 0x0e; const int strongNameSigOffset = 0x20; const int sectionHeaderSize =…
-
- 0 replies
- 2.7k views
Compressed Integer In .NET/CLI Metadata In short, the compression algorithm is used to place a 32-bit integer (takes 4 bytes) into as little as possible number of storage (1, 2, or 4 bytes). This compression algorithm is widely used in .NET/CLI PE files, such as metadata signatures ,#blob stream and #US stream. In such cases, integers are used to save the number of records, or size of data blocks. Since such numbers and sizes are all very small, use 32-bit integers will cause many bytes set to 0, which makes no sense. In such cases, compressed integer can effectively reduce the disk space a PE file takes, and saves network bandwidth. Some scenarios of using compressed in…
-
AT4RE Protector v1.0 deprotector
by bigboss-62- 4 replies
- 7.6k views
Hello again guys... i'm proud to bring you my AT4RE Protector v1.0 decryptor. As usual, source code in masm and crypter are included... See you soon... Laurent aka BIGBOSS from COPs. AT4RE_Protector_v1.0.zip CPS_UnAT4REProtector_v1.0.zip
-
- 5 replies
- 10.9k views
Hi All, Something which i would like to share with the community which i've spend a week or so developing. This is similar to Game |_|nwrapper that Dr.Carbon has done at http://www.tuts4you.com/forum/index.php?showtopic=15010 but only in C++. Hope you guys learn something off the source code Products Supported - Reflexive Arcade - Alawar Games - Playrix - GameHouse - PopCap Greyhound_Unpacker.rar
-
How To Search Bytes In Process ? 1 2
by Matrix- 35 replies
- 21.5k views
Hi Friends I Want Search More Bytes In Any Process With Visual Basic How I Do It ? Please Help ME THanks Sorry For My Bad English
-
- 0 replies
- 5.9k views
The Visual Studio 2010 Uninstall Utility While we hope you’ll love Visual Studio 2010 for all the application development it enables with powerful features and a robust extension model that enables great extensions like the Productivity Power Tools, if you ever need to uninstall Visual Studio it can be difficult. If you’ve ever tried to remove Visual Studio you already know this. But have a tool that can help for English installations: The Visual Studio 2010 Uninstall Utility. An excerpt from that page reads, Default (VS2010_Uninstall-RTM.ENU.exe) Uninstalls all top level products of 2010 release and its supporting components. This mode does not remove Visual Studio…
-
VB.NET Bassmod Source Code
by ghsafsdfsdhfghfgjhgkj- 0 replies
- 5.2k views
Open with Visual Studio 2008 or Visual Basic 2008.
-
yC decryptor v1.1b *NEW*
by bigboss-62- 17 replies
- 13.3k views
Hello guys... i'm proud to bring you my Yoda's Crypter decryptor. You can say that there are already decryptors for it, like deYoda and unYc, but they have some bugs... 1 - There isn't an individual decryptor for yC 1.1... 2 - I have tried to decrypt with deyoda some crypted Delphi apps crypted with yC, and it can't decrypt it ... So, I've done my own decryptor, supporting for the moment yC v1.1 and yC v1.2. My decrypter have been tested with masm32 apps, vc apps and delphi apps, and it seems to always work... Source code in masm will be included if someone is interested... See you soon in my next decrypter... Laurent aka BIGBOSS from COPs Update 2010-02-13:…
-
- 5 replies
- 4.2k views
Hey guys, I am new here and just started into learning Assembler. First of all I have to say this Forum really rocks! I already found tons of information I´m interested in and I´m really impressed by the skills of some members here.. Well I started working myself through Iczelion´s famous Win32 Asm Tuts at the beginning of this week after i got some basic information from the Book: The Art of Assembly Language I ordered a time ago. The question belongs to Tut3 I just finished working on. There is the WinMain proc, where 4 arguments are passed in the function parameter list. My question belongs to the first parameter, the instance handler from type HINSTANCE. In the .DATA?…
-
[Help] Security/Certificate Table
by steve10120- 1 reply
- 2.8k views
Hi. Was wondering if any one has some example code of reading the security/certificate table(in the data directories). Can't seem to find any documentation or example code any where. This is the kind of info I mean, though maybe not as detailed. />http://i55.tinypic.com/fohe90.png The only structure I can find is typedef struct _WIN_CERTIFICATE { DWORD dwLength; WORD wRevision; WORD wCertificateType; BYTE bCertificate[ANYSIZE_ARRAY]; } WIN_CERTIFICATE, *LPWIN_CERTIFICATE; Some example code listing basic details would be alot easier for me to learn from. Any help would be appreciated.
-
- 0 replies
- 2.8k views
For some time, I was thinking about developing a web search plug-in for Visual Studio, so that I can search the web (mainly sites like StackOverflow, CodeProject, MSDN etc) in a non intrusive way, with out leaving the IDE. Here we go, meet Vingy 1.0 – A simple, but effective add in for Visual Studio 2010 so that you can search the web in a non intrusive way, and can filter results based on sources. Getting used to Vingy You can bring up Vingy either by clicking View->Other Windows –> Vingy Search Window from the Visual Studio IDE, or just by high lighting some text in the document and then clicking Tools –> Search Selected Text (Ctrl + 1). Searching with …
-
C# .NET 1.1 SendMail
by JMC31337- 1 reply
- 13.6k views
Heres how ya send HTML with attachment in .NET 1.1 Believe .NET 1.1 comes pre-installed on all 32 bit machines What this does is creates a rar archive with 123.txt in it, then emails it out Depending upon what your ISP is, you will need to change the SmtpServer variable Multiple recipients need to have a ; in between em .NET Framework 1.1 is no longer supported through Express C# 2002-2003 You'll need to install the .NET Framework 1.1 Redistributable and .NET 1.1 SDK This has to be compiled from commandline with csc /out:c:\smtp.exe Program.cs or if you want no console window csc /target:winexe /out:c:\smtp.exe Program.cs Directory should be %windir%\Microsoft.NET\Framewo…
-
- 0 replies
- 2.7k views
Tricking ildasm Into Dumping a Metadata Delta File u can trick ildasm into dumping the metadata delta file. Just add .obj to the filename and constrain the output: > ildasm TESTME.exe.1.dmeta.obj /text /metadata=raw /metadata=heaps
-
- 0 replies
- 5.3k views
.NET Exceptions (all of them) The surce code for generating the list of .NET exceptions that I posted earlier. Here it is finally. This just outputs an XML structure to the console. You can redirect the output to a file then use an XSLT transform on it (or do whatever else you want with it). using System;using System.Collections.Generic;using System.Text;using System.Reflection;using System.Collections;using System.Text.RegularExpressions;using System.Design;using System.Xml;using System.IO;namespace ExceptionList{ class Program { static void Main(string[] args) { ReflectionSearch(".*exception$"); Console.ReadKey(); } …
-
Writing "portable" code
by deepzero- 6 replies
- 5.5k views
Hey, I was analyzing an interesting piece of malware, where code, data & IAT where all mixed together in one section. IE, text string and dwords with imported addresses where pasted just in the middle of the code: Note how the "call 40100d" calls past the OpenProcess-DWORD, effectively pushing the address to that DOWRD to the stack. So after the "Pop eax", eax contains a pointer to the address of OpenProcess...and can be called via "call dword [eax]". Which is exactly what happens. This is part of the runtime importing, again the calls call past a text string, pushing a pointer to the string to the stack. Later this is used to build the import table. The b…
-
- 1 reply
- 8.6k views
Introduction This book demonstrates the process of creating a language compiler for the CLR. It contains a mixture of generic compiler construction topics and topics specific to compiling for the CLR. How it came to be For many years, I wanted to write a compiler. I read, or tried to read, a lot of books on the subject. Two things about these books consistently turned me off: one, they were, one and all, written using language familiar to mathematics and computer science students, but Greek (many a time, literally) to the rest of us. Two, almost all of them were full of information about sundry alternate means to read source code and understand it, but contained precious …
-
RelocationDirectory/ImportDirectory/ExportDirectory struct
by CodeExplorer- 1 reply
- 5.1k views
Currently I build and Metadata reader/writer, first I need these strcuts defined in C# RelocationDirectory struct ImportDirectory struct ExportDirectory struct Anybody knows from where I could get them?
-
DebugView filter editor v1.0
by sirp- 1 reply
- 2.9k views
DebugView filter editor v1.0 DebugView is a wonderful tool for viewing real time logging information generated by your applications. You can set filters which will colorize the output according to various rules. But the dialog for setting those filters is awful, especially now when it supports 20 filters. So I developed this little application in Python using the wxPython GUI toolkit to make it easier for me to change the filters. SITE DebugView_Filter_Editor_ 1.0.rar
-
- 5 replies
- 3.6k views
It was an amazing adventure reversing QUAD RegistryCleaner 1.5.144, I would say the reversing level of it is Medium.... but you can easly reverse if you watch Lena's tuts 1~16. I am posting this for educational purpose only, and to expose new stuff [maybe] to other members... hope you'll like it, take it and modify it, do w.e you want to. you can even use the SnD function from it in your own patchers to easly make patchers, no need for stuff like dUP2, i'm just showing how easy it is to create a patcher yourself, source code is in Delphi 2010. unit main;interfaceuses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls, png…
-
C++: pointer to byte array
by deepzero- 8 replies
- 14.3k views
Hi, For some reason i cant get a pointer to the first element of a byte array, which is driving me mad. COnsider this: BYTE searchpattern[] = {0x6d, 0x70, 0x6f, 0x72, 0x74}; cout << "deref: " << &searchpattern[0]; Isnt this supposed to dereference the first element of the array? Instead it prints the whole array. or />http://msdn.microsoft.com/en-us/library/hbswzcs5%28VS.80%29.aspx BYTE* pbArr = &searchpattern[0]; cout << "asdf: " << pbArr; same thing... or BYTE* pbArr = &searchpattern[0]; cout << &pbArr; This prints a pointer to 1 dword before the actual array... any help would be appreciated, chances are …
-
- 0 replies
- 5.7k views
DynamicProxy ... ... methodIlGenerator.Emit(OpCodes.Ldc_I4_2); methodIlGenerator.Emit(OpCodes.Ldarg_1); methodIlGenerator.Emit(OpCodes.Ceq); methodIlGenerator.Emit(OpCodes.Ldc_I4_0); methodIlGenerator.Emit(OpCodes.Ceq); methodIlGenerator.Emit(OpCodes.Stloc_3); methodIlGenerator.Emit(OpCodes.Ldloc_3); ... ... ...if that is too much trouble fumbling with the low-level opcode can also spread an alternative to the comfortable castleproject DynamicProxy and use the local IL-generation mechanisms (easy type / easy method etc.) so that's really "Easy" Castle DynamicProxy is a library for generating lightweight .NET proxies on the fly at runtime. Proxy objects allo…
-
[DELPHI]Return offset by AOB
by 0xFF- 1 reply
- 5.1k views
This is a little silly code that will return the offset by searching it via a static array of size 7 byte(s). Made it for the patcher of QUAD RegistryCleaner 1.5.144, more to come, this code is first RLS, and could be optimized and tweaked using threads and better searching patterns, future updates to come. Usage: ShowMessageFmt( '%x', [RetOffset(lol)]); lol: array [0..6] of byte = ($FF, $FF, $FF, $FF, $FF, $FF, $FF); <-- change FF's to your needs. you can modify it and make it search bigger buffers, but be ware of getting "Eof", calculate file size and div by the amount of searches you're going to perfom. type TStaticArray = ARray [0..6] Of Byte;function RetOffset(co…
-
(c++) int 2 hex (simple way?)
by deepzero- 8 replies
- 7.6k views
Hi, i have a decimal number in an int variable, which i want to convert to hex and save in a DWORD, ie: int a = 4660; -> == DWORD b = 1234; I was not able to find a simple way to do this conversion. It works via strtol or sprintf, but there has to be an easier way? After all, the int variable is stored in hex in memory... deep
-
- 1 follower
- 5 replies
- 10k views
The Undocumented Microsoft Functions About ATOM_BASIC_INFORMATION ATOM_INFORMATION_CLASS ATOM_TABLE_INFORMATION DbgPrint DBG_STATE EVENT_BASIC_INFORMATION EVENT_INFORMATION_CLASS EVENT_TYPE FILE_BASIC_INFORMATION FILE_BOTH_DIR_INFORMATION FILE_DIRECTORY_INFORMATION FILE_FS_ATTRIBUTE_INFORMATION FILE_FS_CONTROL_INFORMATION FILE_FS_DEVICE_INFORMATION FILE_FS_LABEL_INFORMATION FILE_FS_SIZE_INFORMATION FILE_FS_VOLUME_INFORMATION FILE_FULL_DIR_INFORMATION FILE_FULL_EA_INFORMATION FILE_GET_EA_INFORMATION FILE_INFORMATION_CLASS FILE_INTERNAL_INFORMATION FILE_LINK_INFORMATION FILE_NAMES_INFORMATION FILE_NAME_INFORMATION FILE_NETWORK_OPEN_INFORMATION FILE_NOTIFY_INFORMATION FILE_R…
-
- 0 replies
- 4.5k views
ILViewer v2.0 This is an Add-in to Visual Studio Description his helps us to view the MSIL (Microsoft Intermediate Language) generated for C# or VB.Net code we write. Expected Users Those who are interested in studying - How compiler is handling your code? How new language features are implemented? Example What is the MSIL equivalent for ‘property’ in C# or VB.Net? When you write a property in C#, compiler is generating some methods corresponding to it. Eventhough .property is there, the get_property and set_property methods are the working methods blog project ILViewer(2).rar ILVIewer-74794.zip
