Programming and Coding
Programming and coding tips, help and solutions...
1,885 topics in this forum
-
Question about Olly and interrupts
by 0xByte- 2 replies
- 2.8k views
Hello everyone. Is it normal that olly can't handle interrupts like int 12h? If I try to inline-assemble interrupts i always get an "access violation when reading [FFFFFFFF]" followed by a "debugged program was unable to process exception". Could someone please explain the backgrounds of that error and whether it is possible to make Olly handle these interrupts? (sorry i'm new to asm and olly ._.) Thank you and best regards
-
Memory Protection
by listito- 8 replies
- 13k views
Hello, I'd like to protect my software against OpenProcess() or ReadProcess(), any known callbacks or interesting way to detect it? any help is appreciated
-
MSVC2008 - Removing MSVC Framework code..
by SunBeam- 11 replies
- 12.1k views
Hello, folks. I managed (ONCE UPON A TIME) to make it so that everytime I compile an application in MSVC2008, the output file would be free of that __security_init_cookie + __tmainCRTStartup code the compiler/linker adds in. Now I can't seem to freakin' get the results properly with project's settings. Any ideas? Here's how code looks like when compiled: And I want it only to start from this: As in, program's OEP to be this: Tried options: Code Generation -> Buffer Security Check -> No Code Generation -> Enable Function Level Linking -> No Code Generation -> Enable Floating Point Exceptions -> No Code Generation -> Enable C++ Exception…
-
Obfuscator
by jksoom- 3 replies
- 9k views
I need help. I need some obfuscator algorithm finder. I have a lot of obfuscated codes, and decoded codes. Is there any program which can lear how to do this? For example I enter him 10 obfuscated codes, and right decoded codes which he should get, and then he finds valid connection between them. For example: obfuscated: 522E 6A53 A29E 3577 3533 4A91 decoded: 50E5 562E 3870 334A 91 I also have one working converter made by some guy, but I don't know how to read the algo from it. If someone can help, please call me on private message and i will send you the exe.
-
x86 Code Obfuscation Techniques
by ghandi- 2 replies
- 10.3k views
Hi everybody, I was playing around with a few binary files on my computer today which employ code obfuscation at some point in their execution. The techniques used differ and yet the end result is very similar, code which causes OllyDbg or IDA to disassemble it incorrectly. The 2 ways i thought of using to see the true code is to either log the execution and then remove redundant operations from the log, leaving only the true instruction or to deobfuscate the code prior to execution. This second option is faster for sure, but it is fraught with danger also because it increases the margin for error. If the deobfuscation should incorrectly remove or change a valid opcode th…
-
- 1 reply
- 5.3k views
Hi, i am trying to use bassmod.dll to play tracker music in C++. This is a start (with a little help from msdn ): typedef BOOL (WINAPI *wapi)(DWORD, DWORD, DWORD); int main() { HMODULE basshndl = LoadLibraryA("C:\\x.dll"); cout << "Handel: " << basshndl<< "\n"; bassinit = GetProcAddress(basshndl, "BASSMOD_Init"); cout << "bassmod_init: " << binit << "\n"; bassinit(-1,44100,0);} the initialization went fine -> works. However, every api has a different returnvalue/arguments, so i`d need a different typedef for every api...which is unpractical. i found this on the web: ..... GCNA fGetComputerName; BOOL nokernel32 = FALSE; D…
-
Bass.dll
by ragdog- 7 replies
- 5k views
Hi I have download the new bass.dll version 2.4.5 Now compile i my old app hmm this works not invoke BASS_StreamCreateFile,NULL,addr MusicFile,0,0,BASS_SAMPLE_LOOP error A2114: INVOKE argument type mismatch : argument : 4 error A2114: INVOKE argument type mismatch : argument : 3 I look in the c/c++ package and find this BASS_StreamCreateFile(FALSE,file,0,0,BASS_SAMPLE_LOOP And this works why? Now have i look in the help file an see: HSTREAM BASS_StreamCreateFile( BOOL mem, void *file, QWORD offset, QWORD length, DWORD flags ); What make i by QWORD? greets,
-
PeX unpacker
by bigboss-62- 0 replies
- 5.3k views
Hello friends, a few days after my NFO deprotector, i'm proud to bring you my unpacker for PEX v0.99 from Bart^CrackPl. Unpacker source in masm and packer source are included for interested ones... (Note: I have also included unpackers from Chaf.) Any comments, opinions on source code, bug reports or others are welcome... See you soon ... Laurent aka BIGBOSS from COPs... PEX_v0.99.zip CPS!UnPEX_v0.99.zip DeX_v0.99.zip DeX_v0.99.1.zip
-
NFO decryptor (possible bug correct version).
by bigboss-62- 0 replies
- 2.9k views
Hello friends, i'm proud to bring you my decryptor for NFO v1.0 from bart^CrackPl 2ooo. Why do i say "possible bug correct" ? - There is a little bug in NFO resource encryption/decryption method used by Bart. - NFO program skips encryption/decryption if first byte of resource contents is value 028h. But this is a bad method, because the first unencrypted byte of resource contents can have a value different than 028h, but once encrypted, this value may become the value 028h.- So, resource part having the first encrypted byte with value 028h will not be decrypted. - This case have been tested with original crypter and with unNFO (decrypter from Dulek). - My own unpacker che…
-
[C++] CreateRemoteThread & WriteProcessMemory
by deepzero- 3 replies
- 6.8k views
Hi, I wanted to inject some code into another process & execute it as a separate thread. This is my code so far: DWORD PID = 0; //PID goes here! HANDLE hProcess = 0; hProcess = ::OpenProcess( PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, PID); cout << hProcess;void *p = 0; const DWORD MAXINJECTSIZE = 4096; p = VirtualAllocEx( hProcess, 0, MAXINJECTSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE );DWORD bem = 90909090; if ( ! WriteProcessMemory(hProcess, p, &bem, MAXINJECTSIZE, 0 ) ) { cout << "WPM() failed, gle = " << GetLastError(); return 0; }::CreateRe…
-
Adding X2m Files Into A Delphi Project?
by .::God::.- 2 replies
- 4.3k views
Can anyone help me with this by giving me example source? Thanks.
-
- 0 replies
- 2.6k views
http://delphi.icm.ed...wl/midxd60f.htm In this link more then 400 delphi library components. Some of these components might be useful for some people.
-
Printing int in assembly
by dreambig2212- 3 replies
- 9.5k views
Hi, I am new to assembly and want to know how to print integers in assembly on stdout. As printing string is straight forward. But i am not able to find how to put integers on stdout. I am using as and ld in linux to compile my program and run. I am not using HLA or MASM etc. Thanks.
-
Copying instructions?
by high6- 13 replies
- 3.9k views
I want to make my own detours class. What reference should I use for the instructions and their sizes? Also is there anything more to it then just calculating their sizes and figuring out how much you need to copy?
-
Module32First and Module32Next not working under Windows 7
by Guest tehgame- 5 replies
- 12.5k views
Hello! I tried to list modules of foreign processes with and without admin rights under Windows 7 Pro 64bit by using APIs Module32First, Module32Next and CreateToolhelp32Snapshot. It only works on my own process and like 10% of other the ones like Firefox. For the rest the Module32* APIs return FALSE. Is this associated with the Windows 7 "protected processes" security model where even administrator can't use a debugger on every process? While it makes injection to even notepad.exe impossible, is there a way around this besides not using Windows 7? I could not find a new tutorial on DLL-Injection in Windows 7.
-
ECX in C++ app is std::string?
by high6- 6 replies
- 4.6k views
Sorry for the bad title . Anyways... How would this look in C++? PUSH 2 ; Constant PUSH ESI ; CWorld LEA ECX, [ESP+0xE4] ; std::string CALL 1521ED60 ; AddString What I don't get is why ECX is being set to std::string. It is used inside the function. I don't think it is a fast call. But I have no idea what it is. It is like the first push and ecx are backwards 0,o...
-
How to get the ACL number of a registry key
by alaphate- 0 replies
- 2.7k views
I'm using regini to set a registry key's permission. one parameter is called ACL(Access Control List) number. Microsoft says people can use regdmp to retrieve the ACL number of a registry key. I tried, however, no ACL number was displayed. I found regdmp cannot show permissions of registry keys. Refer to: />http://support.microsoft.com/kb/264584 Any buddy knows any tools to retrieve the ACL number of a registry key? Thanks.
-
Listing and preventing file access under XP/Vista/W7
by bendeguzz- 2 replies
- 4.7k views
Hi! I would like to write an application which shows all file accesses in system. With the help of madshi component I was easily able to list the file accesses, but unfortunately I can't find anything on the internet (maybe I'm using the wrong keywords :S) to prevent access from certain files. What should I look after to do that? Thanks Oh I almost forgot it I'm using delphi, but almost anything helps... except asm
-
Disassembling MFC with OllyDbg
by sm0rh- 0 replies
- 4.6k views
I'm writing a basic CrackMe with Visual C++ 2008, MFC. And I want to create a solution too, but when I load my application to OllyDbg, there is no any symbols loaded. MFC version is 9. I decided to try another MFC version, when I load a MFC 7 application OllyDbg load symbols. If you'll say load pdb or something, please show me another way. Thanks in advance.
-
how write assembly code by ollydbg
by alim2201- 4 replies
- 4.9k views
how write assembly code by ollydbg compile and debug it thanks
-
Self Extracting File
by starzboy- 6 replies
- 6.2k views
Hi, guys i am working on a self extracting project and i need some ideas. What i want to do: I have 2 files, File1 and file2. File1 will open file2 and add some data into file2. And when file2 is run, it will simply dump the data. What i need to know is that the size od data to be added is not specific, so what will be a better option: a. Add the data as overlay b. Add the data as a resource Please help. *If you have an example in asm, your most welcome. Thankyou starzboy
-
Google Code Jam
by Hyperlisk- 0 replies
- 19.3k views
Just thought I'd give a heads-up to people that don't know. Today is Google's programming competition, Google Code Jam. If you're in to programming, join in! It shall be fun~!
-
NCRYPTX
by JMC31337- 2 replies
- 5.1k views
...
-
Keygen Graphics
by Guest Tundra- 21 replies
- 20.2k views
I've found a nice-looking keygen background bmp, with name/serial fields included on it. The problem is, when I add a text field in with WinASM's resource editor, the text field is white and covers up the background bmp. I've gotten rid of the borders, but I want the text field to be transparent. How would I do this? Also, is it possible to change the font/size of a text field? Thanks for the help.
-
inject code
by xsp!d3r- 5 replies
- 7k views
hi all does anyone know how to inject a code into pe using asm?! and thank's
