Programming and Coding
Programming and coding tips, help and solutions...
1,877 topics in this forum
-
API Hooking (EAT)
by urbanyoung- 2 replies
- 4.2k views
Hey, I have a target executable which I need to hook some APIs for. I can't modify the IAT because the protector resolves the address and writes the call as: call 12345678, not call dword ptr ds:[xxx]. I can't place a hook within the actual API because it is checked to see if it has been modified. So, this lead me to the idea of modifying the export address table before its read, therefore the protector will resolve the call to my code and it won't be detected. I'm wondering how I'd go about implementing it, when would I need to edit the EAT? I need to do it before its read (obviously), but when is it read? Would I need to hook LoadLibrary somewhere? I'd like some tips i…
-
Basic encryption techniques
by Busted- 2 replies
- 6.4k views
Hi all, I am searching for some basic encryption techniques that I could implement into my Masm code, for example I want to encrypt a primary number that my serial is calculated off. Cheers Busted
-
Using Crypto++ with CodeGear C++ 2009
by KKR_WE_RULE- 13 replies
- 9.6k views
I am primarily a delphi coder but I know a bit of java thx to our school. Few days back, I started C++ with Codegear C++ Builder 2009.. I am not having any probs as its syntax is almost like java, but when I tried to use Crypto++ library with it, It wont compile. Can any 1 help me with this ?
-
- 4 replies
- 3.6k views
Hello all, So I've been bashing my head against a wall for a few hours on this issue and I'm not entirely sure what the problem is. When I step debug the application, it's breaking on this: CALL lstrcpyA The Error seems to be changing each time, first time it was array out of bounds, second time it was erroring with "Privileged instruction" I'm just not entirely sure what the issue is. Anyhow, here's the source. Can anyone possibly lend a helping hand here? Thanks ! #include <windows.h> #include <iostream> #include <string>using namespace std;void MyFunction(long int one); char alpha[] = "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ"; char one[] = "STD"; char …
-
mams32 Read out
by ragdog- 2 replies
- 12.3k views
Hi I have a question to read out a offset from a jmp in masm32 without readproccessmemory 00415ED3 .- E9 28B1FEFF JMP 00401000 My routine find this offset 00415ED3 and i need for my wsprintf this offset 00401000 Can i make this with ReadFile? Thanks,
-
- 4 replies
- 3.3k views
How to locate a resource (dialog, bitmap, etc) in which dll? e.g. Internet Explorer -> tools -> internet options where is the "internet options" dialog resource? I tried process explorer, it could get which exe this dialog belongs to, sometimes the application loads lots of dll files. Thank you in advance.
-
[SCR VB6]ComPath Finder
by Mi4night- 0 replies
- 2.5k views
Okay this is a little app i've done days ago. When a friend send me an app i woundered on what dir he had his source codes and after i knew vb.net stores debugging info inside the compiled application i started a little tool that reveals the Debug/Compile path of an selected application .NET apps works fine so do vb6 and some c++ after this store debug info inside the application it's nth big but if u don't have anything else to do looking at source is fine. CompPath.rar
-
Read Data Write Data (Delphi)[Help]
by eXec0d3- 4 replies
- 7.4k views
I need to Read data from .exe file for example this is OEP (virtual address) 00000023 I've converted it to physical and now I need to check if data on this address = $55 then WriteFile(H, buf, SizeOf(buf), written, nil); How to do that? Sorry for my bad English language
-
Main Application State
by StreamLine- 2 replies
- 5.6k views
Hey guys. I am currently coding a process manager in delphi, I am researching way in which i can get the state of an application. I have experimented with NTQuerySystemInformation and found i can list process with and get there thread states which i have currently done however. how can i determining which thread is the main(parent) thread for that process. example -------->Thread #2 | (thread 0) Notepad.exe ----> Thread #1 in this stupid example thread 0 is the main application, then i could return the state of this to display to my end user. is this possible? i saw a "hack" so to speak or an ugly way of getting a application state by calling ResumeThread() Fo…
-
what is work this line
by BEHESHT- 6 replies
- 4k views
hello every body i have problem in understand this code: how work this code in my target : movzx eax,byte ptr [edx+eax-1]plz illustrate this work very thanks
-
- 3 replies
- 7k views
C:\Masm32\Bin\RC.EXE /v "aPlib.rc" Microsoft ® Windows ® Resource Compiler, Version 5.00.1823.1 - Build 1823 Copyright © Microsoft Corp. 1985-1998. All rights reserved. Using codepage 1252 as default Creating aPlib.RES RC: RCPP -CP 1252 -f C:\masm32\Belajar.Assembly\_plugin_masm\aPlib\RCa01884 -g C:\masm32\Belajar.Assembly\_plugin_masm\aPlib\RDa01884 -DRC_INVOKED -D_WIN32 -pc\:/ -E -I. -I . aPlib.rc. Writing ICON:1, lang:0x409, size 4264 Writing GROUP_ICON:1, lang:0x409, size 20. Writing BITMAP:1, lang:0x409, size 42040 C:\Masm32\Bin\ML.EXE /c /coff /Cp /nologo /I"C:\Masm32\Include" "aPlib.asm" Assembling: aPlib.asm C:\Masm32\Bin\LINK.EXE /SUBSYSTEM:WINDOWS /RELEASE /DLL…
-
meaning of instruction call $+5 in IDA Disassembly
by abhijit mohanta- 1 follower
- 3 replies
- 20.9k views
I found in IDA Disassembly an instruction CALL $+5 Can anybody tell me the meaning of this.
-
- 1 reply
- 3.3k views
Hi, I'm analyzing a licensing process of a program and I came across those functions (bellow) I found that it is using SHA-1, zlib decompression, upx for internal module, and not sure about RSA zlib and upx functions I've already recognize them, but SHA-1 and RSA (?) are still under question. Here are a part of function before the data is actually decrypted. The Functie_RoR_cu_shl8 looks like SHA-1, and the cycle is feeding the digest (?). I need to know if I understood this function correctly and if somebody recognize the Spider_Unknown_Function? If you can help me understand better this peace of code. Thanks. All those inline algorithms looks like Crypto++ library or Bo…
-
pinned
by Fenix- 2 replies
- 12.1k views
hi all i am really a newbey in this section But can someone give me a program who can Unpack a .exe Programs Thanks you: Niki Izvorski
-
Change class name onmouseover
by kuma.lk- 0 replies
- 3.2k views
I'm trying to find a way to use Javascript to find elements with a specific class, dynamically change the class onmouseover, and return the element to its original class onmouseout. Obviously there are a ton of scripts out there that have this kind of functionality, but I need something that I can put into an external javascript, without having to add anything to the markup. I've tried to hack something out, but unfortunately don't know enough about javascript to make it work. Any ideas? Thanks, _______________________________________________________________________________
-
PEDiminisher unpacker
by bigboss-62- 0 replies
- 7.5k views
Hello friends, i'm proud to bring you my unpacker for PEDiminisher v0.1 from Teraphy. Why do i say "Complete decryptor" ? - PeDiminisher Unpacker (Direct approch) from DESPERATE is failing with original PED, my unpacker is working. - Generic unpackers and PeDiminisher Unpacker (Debug approach) from DESPERATE are working with PED, but you can't remove "extra" sections from PED if "Encrypt resources" and "Exclude Icons" were checked. In default, PED creates a ".teraphy" unpacking section in packed file. In case "Encrypt resources" and "Exclude Icons" were checked, PED creates an extra section named ".icon", where it duplicates icon contents from resource to this new ".icon…
-
Stone PE-Encryptor decryptor
by bigboss-62- 1 reply
- 6.2k views
Another day, another decrypter... i'm proud to bring you my decryptor for Stone PE-Encryptor. It has supports for Stone PE-Encryptor v1.0 and v1.13. If someone have a copy of another version, don't hesitate to send me it... I will include support... As usual, decryptor source in masm and cryptors sources in tasm are included for interested ones... Any comments, opinions on source code, bug reports or others are welcome... See you soon ... Laurent aka BIGBOSS from COPs StonesPEEncryptor_v1.00.zip StonesPEEncryptor_v1.13.zip CPS!UnStnPEE_v1.0.zip
-
Help with a nfo autoscroll
by Neuro- 3 replies
- 4k views
Hi guys , i came across this forum and i'm really glad about it! Hello to everybody , great community here. If i posted in the wrong section ,i'm really sorry for that.. I have a question. I would like to know where i can get a "nfo Auto-scroll" or how to make one... i attached the file for example. To terminate it press "Esc" Thanks in advance for your reply. Neuro. nfo Auto-scroll.rar
-
PCShrink unpacker
by bigboss-62- 2 replies
- 6.2k views
Hello guys, As promised, i'm proud to bring you my unpacker for PCShrink. It has supports for PCShrink (v0.29, v0.45, v0.71) and VGShrink (v0.14). If someone have a copy of another version of PCShrink, don't hesitate to send me it... I will include support in my unpacker... As usual, unpacker source in masm and packers sources in tasm are included for interested ones... (Note: PC Shrink v0.71 source code is a custom one from myself) Any comments, opinions on source code, bug reports or others are welcome... See you soon ... Laurent aka BIGBOSS from COPs VGShrink_v0.14.zip PCShrink_v0.29.zip PCShrink_v0.45.zip PCShrink_v0.71.zip CPS!UnPCShrink_v1.0.zip
-
VGShrink unpacker
by bigboss-62- 4 replies
- 25.9k views
Hello dudes, After some decrypters, i'm proud to bring you my first unpacker for VGShrink v0.14. VGShrink is a shrinker from Virogen, and it will become PCShrink later. This unpacker currently supports VGShrink v0.14. If someone have a copy of another version of VGShrink, don't hesitate to send me it... I will include support in my unpacker... As usual, unpacker source in masm and packer source in tasm are included for interested ones... If you found some bugs, don't blame me... It's my first unpacker... Any comments, opinions on source code, bug reports or others are welcome... See you soon ... Laurent aka BIGBOSS from COPs CPS!UnVGShrink_v0.14.zip VGShrink_v0.14.zip
-
[Request] Edit Bytes
by GameOver- 11 replies
- 4.1k views
Hi, I'm GameOver and I have just registered to this website (So go easy on me, please ) I am currently developing a patching application for some software.. I know the bytes that I need to change in order to turn the program from a trial into the full version. Basically I need some VB code (or help me write some VB code) that changes the hex from 00 01 02 03 04 FF to 04 04 04 04 04 03 Any help? Visual Basic Version = 10.0.26001.1 .Net Version = 4.3 Beta
-
DeviceIoControl IOCTL codes.
by Gushe- 1 reply
- 13.4k views
Delphi didn't seem to have these predefined, so I had to calculate it myself. Since it can be pretty tough finding the right values (even with Google) I thought I'd just calculate them all and share the list with you. They are for use with the DeviceIoControl() API. I have found the code used to calculate the values on internet and only had to find the right parameter values, thus not too much credit should go to me. This function being: function CTL_CODE(DeviceType, FunctionNo, Method, Access: Integer): Integer; begin Result := (DeviceType shl 16) or (Access shl 14) or (FunctionNo shl 2) or (Method); end; As for Method and Access, these are the values used for them: …
-
Microsoft Fox Pro 9
by deepzero- 3 replies
- 3.7k views
Hi, i need to understand this line of foxpro 9.0 code: serial = VAL(SYS(2007, ALLT(STR(THISFORM.TEXT1.VALUE)))) * 2 1) it takes the string from text1 :STR(THISFORM.TEXT1.VALUE) 2) it removes all spaces using ALLT 3) it generates the crc of the string withput spaces 4) and multiplys it by 2 msdn about the sys(2007, xxx) function: http://msdn.microsoft.com/en-us/library/csfkkhcy%28VS.80%29.aspx and the val() function: http://msdn.microsoft.com/en-us/library/csfkkhcy%28VS.80%29.aspx an example: text1.value = "1 234" -> remove spaces: "1234" -> calc crc32b (??) 596A3B55 -> take first numbers: 596 -> mul by two: 1192 But what crc is used? And wha…
-
- 1 reply
- 2.9k views
I could help pass the Visual Basic code to assembler or schedule a field of stars similar in assembler http://www.mediafire.com/file/mvu3hmwwmxq/screensaver-estrellas.zipthanks screensaver-estrellas.zip Proyecto1.rar
-
Ollydbg Attach
by Scale- 4 replies
- 12.6k views
If i attach to a process and make it crash then close it in olly, restart the program and attach again all threads will be suspended and won't resume. The only way to get a succesfull attach is to restart olly everytime, Is this just me? Thanks!