Programming and Coding
Programming and coding tips, help and solutions...
1,882 topics in this forum
-
Detour 2.1 Hook problem
by Surrogate- 2 replies
- 5k views
Hi i seem to be having a problem with my LoadBitmapW hook, im using Detour 2.1 Im trying to hook SPIDER.EXE Windows XP version of the game, SPIDER.EXE resource has Numeric and String resources bitmaps for ids example 108,106, "FELT", "CARDBACK", "CARD1" etc etc FELT, CARDBACK will pass just fine in the LPCWSTR lpBitmapName, but when spider.exe resource has 2 images as Numbers resource bitmap id 108, 106.. the debugger tells me bad ptr 0x00006c (lpBitmapName) etc.. which is the 108 resource id for the bitmap HBITMAP __stdcall Mine_LoadBitmapW(HINSTANCE hInstance, LPCWSTR lpBitmapName) { HBITMAP hBitmap = NULL; TCHAR tszModuleName[MAX_PATH] = {0}; GetModuleBaseName(GetC…
-
- 6 replies
- 6k views
Is there a plugin that allows to translate basic asm code from olly to c++/c# commands? I'm talking really the most basic commands like: SHL EAX,0A --> EAX = EAX << 0x0A OR EAX, ESI --> EAX = EAX | ESI AND EAX, ESI -> EAX = EAX & ESI XOR EAX,EBX --> EAX = EAX ^ EBX MOV EAX, EDX -> EAX = EDX etc... Please don't tell me to use inline asm because I'm programming in C#, which apparently does not support inline asm. And at the same time please dont tell me to use C++ as i already coded a lot of code for this keygen I'm working on and I'm not going to translate the code to c++.
-
Navigate Olly from external tool
by F.L.A.M- 2 replies
- 2.7k views
Hello, guys! I'm writting some app for unpacking and i would like to navigate in Olly to certain address from it. Is it somehow possible? Maybe throigh some WM_ messages? Thanks!
-
Move window
by wyrda- 6 replies
- 3.2k views
When I paint a window with a picture and set its Style to None I can't move it.I use mouse events to move it but it is using a lot of resources(proc) because my window actually move with the cursor. How can I move my window just like a normal one?(with that rectangle surrounding it)
-
Questing about a dll
by crypto- 4 replies
- 6.5k views
This is a code snippet from a tutorial I was reading. It reads the IAT of a exe. // Globals: typedef void (WINAPI *ProcessEvent_typedef)(class UFunction*,void*,void*); ProcessEvent_typedef orgProcessEvent; // IAT MAJIC void ReDirectFunction (char* strDllName, char* strFunctionName, DWORD newFuncAddy) { DWORD dwBackup; DWORD dwIndex; DWORD dwOffset; HMODULE hEng; PIMAGE_DATA_DIRECTORY pDataDirectory; PIMAGE_DOS_HEADER pDosHeader; PDWORD pdwIAT; PDWORD pdwINT; PIMAGE_IMPORT_DESCRIPTOR pImportDescr…
-
Custom Button Video Tutorial: C# By papanyquiL
by papanyquiL- 2 replies
- 2.5k views
This is an example of how to create your own custom button control with a specified visual style. It is intended for beginners and can be used at any discretion. Download Here MD5: 663925296845ACF99AE1107FC18CA7B4 This link won't stay up for very long... For this and more tutorials go to theBlackStorm portal.
-
Disabling (Self Defense ) / Nod32 / With an script
by __Genius__- 3 replies
- 5.7k views
if you are one of Nod32 Antivirus system's users, you may be aware of the self defense system, you can simply disable it by disabling the check box in the settings of Nod32. I want to know is there any available method for disabling / enalbling this feature programmatically, for example with a snippet C/C++ code ? if you aware of this then let me know please . cheers, / Genius
-
More than 8 bytes
by xsp!d3r- 2 replies
- 3.1k views
hi guys does anyone know how to encrypt more than 8 bytes by using drizz's cryptohash library in asm?
-
Irregular shaped applications
by HellSpider- 6 replies
- 5.5k views
Hi. I've started to learn coding with MASM and I'm coding a program with an irregular shape atm. The problem is that my region and the bitmap that should get placed on the region are not one the same place. The bitmap is like one centimeter below the region. So what I'm asking is for a solution to fix this. Here is a picture of the mismatch of the region and the bitmap: Now my code looks like this: ... invoke LoadIcon, hInstance, 2001 invoke SendMessage, edi, WM_SETICON,TRUE,eax invoke SetWindowText, edi, offset lpAppName invoke SetWindowPos,edi,HWND_TOPMOST,0,0,0,0,SWP_NOACTIVATE + SWP_NOMOVE + SWP_NOSIZE invoke LoadBitmap, hInstance, 2003 invoke CreatePatternBru…
-
Protected char
by wyrda- 4 replies
- 5.3k views
I work in c++ at a project and I can say that if someone change a char array with a debugger my app is hacked. How should I protect that array? I was thinking to have more arrays and if I join them(when I need) to result my array.
-
Import redirection - a basic idea
by The_SSJ - retired- 10 replies
- 4.1k views
Hi guys, This morning (in my time zone ) I wrote a little txt-file explaining the basic approach to redirect imports of an app. This would be especially useful when u write your own protector or something else... It is not finished yet - There are many things I plan to do... You will find it attached in this post. Greets The_SSJ /Edit: By the way - examples are coded in pseudo-asm... Import redirection by The_SSJ.txt
-
[Delphi] Add Imports problem
by steve10120- 11 replies
- 6.6k views
Hi. Got a problem with some code I've written to add imports to a file. Its working fine on something like a Delphi Hello World, but on notepad.exe its crashing for some reason, can't work out why. { Add Imports Example Author: steve10120 Description: Add imports to a PE file. Website: http://hackhound.org History: First try Added multiple import support. }unit uAddImport;interfaceuses Windows;type TFuncArray = array of string; TImports = packed record szLibName: string; Funcs: TFuncArray; end;procedure AddImport(szFilePath:string; Imports:TImports);type PImageImportDescriptor = ^TImageImportDescriptor; TImageImportDescriptor = …
-
Coding our own little packer
by azfk- 1 reply
- 2.8k views
I'm just curious about this because if we were to code our own packers, it would be a great learning experience in programming, improving our thinking skills (doing anything really), and understand how to unpack better, I've made my own little project, I'm just going to generate a few keys and encrypt blocks of data accordingly, but I'm still stuck on how the unpacking stub works, do I code it manually beforehand and just write the code over what I'm protecting? If so that seems godawful for more complex packers like execryptor and themida so I think thats impractical, or is it an engine? If so... I would need to code my own engine? any comments? thoughts, ideas, will be…
-
Ollydbg text assembler (concept)
by Guest Dreamer9210- 6 replies
- 3.3k views
Hello! I'm using OllyDbg quite often, and sometimes I use it to add/edit functionality to existing binary applications. It's very convenient to see the changes in real time, being able to insert breakpoints while writing/editing the code. But the main problem, in my opinion, is that it's difficult to maintain already written code - if I have to insert or remove commands, I have to manually fix calls/jumps. That's why I wanted to write a plugin to fix the situation, but I am not experienced in writing OllyDbg plugins, and I don't have much time for it, so I want to share the concept with you: Click here It's similar to the known Code Ripper plugin, with an extra feat…
-
ASM help
by Mr. X- 5 replies
- 4k views
Hi, I am just a newbie and trying to learn ASM language and i have just started with MSG box. I have just used the source code of MSG box for learning purpose to create a msg box. But on execution, i am continuously getting this error. If anyone can provide me any help over this then it would be great. This is the pic of error which i am getting on execution. Cheers, Mr. X
-
Ollydbg Plugin Plus Masm Source
by What- 15 replies
- 15.7k views
Here is the source for a plugin, I have decided to write a new one from scratch with completely custom code.. Its has fixes for stuff like IsDebuggerPresent, HeapFlags, and shows hooks for stuff like ZwQueryProcessInformation. Show how to apply fixes to ollydbg itself, remove ep breakpoint and break on tls. Hope this helps someone. Originally I used a thread on restart of plugin but it was kinda annoying, so I hooked ollydbg later on where all the fixes would work right, took forever to find a good spot.
-
antiodbg src -> Delphi
by D1N- 9 replies
- 5.8k views
Sometime last year I remember someone asking for an example of anti-odbg in Delphi. Though this is just a simple example code can be modified and updated. Original thread was on unpack.cn sometime ago and this evening while I was checking the board I came across this thread and figured it would be a good opportunity to post it on tuts4you. If you use the code or find it helpful be sure to email this guy and thank him. Dont be a JP function IsDebuggerPresent():BOOL; stdcall;external 'kernel32.dll' name 'IsDebuggerPresent'; <-- !patch Kernel32.IsDebuggerPresent SimpleAntiDBG2.zip
-
- 1 reply
- 5k views
Since I don't make nearly enough contributions around here, time to throw down a few of my projects I've posted on other communities __ Anti-debug library, "Siberian Tiger", build 0.900: http://www.sendspace.com/file/lknuyt. ASM files, as well as intrinsics, are used to be compatible with both x86 and x64 platforms. Strings are encrypted as a small layer of protection from reverse engineering. As the library approaches it's final revision, I'll be obfuscating the application a bit more to ensure all checks are able to run, and work a bit more on integrability. __ - Checks all modules entrypoint for being outside module space and the code segment; if size image or …
-
Hook/Call the same function?
by high6- 2 replies
- 2.8k views
So I have a C++ dll injected into a process and I want to hook/call the same function. Problem is that if I have the hook call the function then it can turn into some nasty recursion. What is the best way to Hook/Call the same function? Some thoughts -Could call the hook's trampoline instead which will cause it to skip over the hook. (Will only work if hooking the start of a function) -Could set a flag that will skip the hook. Not sure how I would do that without it being a giant mess though.
-
Reg. Dll and Exe
by b0mbh2k- 1 reply
- 15.4k views
Guyzz, how to view or judge the sample, whether its dll or exe or any other file into hex editor?
-
PE-Nightmare v1.3 decryptor
by bigboss-62- 6 replies
- 5.4k views
Hello guys... Just after updating Yoda's Decrypter to v1.1, i'm proud to bring you my PE-Nightmare v1.3 decryptor. This crypter is very easy to study, but it has a bad file alignement, causing not working on NT Technology. If you've crypted a proggy that can't be run on NT, just decrypt it with this decrypter and it should work. I have also included source code in masm for those who are interested... See you soon in my next decrypter... Laurent aka BIGBOSS from COPs Any remarks are welcome... CPS!UnPENightmare.zip PENightmare_v13.zip
-
ReadProcessMemory reports an Error
by yanes- 3 replies
- 2.8k views
hi all when using the "ReadProcessMemory" to make a dump an image from memory ,this API reports the Error 'Error_No_Access' , Note that it succeeds with a litte part of victim's memory but it fails to read the entire image (Number of bytes = SizeOfImage) ,Note that the VirtualProtectEx API reports also the same Error code How can I do it ? _
-
Visual C++ question
by thief386- 2 replies
- 3k views
Hello tuts4you guys I'm newbie in c++ and i have some questions 1 how add a good text scroll to form (like dUP patcher's text scroll) ? 2 please post a random number generate function here 3 how use skin in visual c++ ? 4 how add music (xm) to form (i know, but there is some problems that i have read all other topics about it but i can't solve it still) thanks
-
Fastest way to clear all REGs
by SunBeam- 21 replies
- 5.4k views
Hi guys. It's me again, with another kinky weird request from y'allz. Do you happen to know the fastest way to clear all registers? (e-a-c-d-b-x, e-s-d-i) I wrote something like this, keeping in mind I want code to be small: _WIPE proc push 6h pop ecx @loop: push 0 loop @loop pop eax pop ecx pop edx pop ebx pop esi pop edi ret _WIPE endp Pretty much looks like a Delphi function in prolog, lol. Post your thoughts, please!
-
Morse Code
by zugo- 5 replies
- 3.5k views
Hi guys, MorseCode is an application that converts the input text to Morse code and also plays the sound of it - comes with full source code. Regards. MorseCode.rar
