Programming and Coding
Programming and coding tips, help and solutions...
1,876 topics in this forum
-
Disabling (Self Defense ) / Nod32 / With an script
by __Genius__- 3 replies
- 5.7k views
if you are one of Nod32 Antivirus system's users, you may be aware of the self defense system, you can simply disable it by disabling the check box in the settings of Nod32. I want to know is there any available method for disabling / enalbling this feature programmatically, for example with a snippet C/C++ code ? if you aware of this then let me know please . cheers, / Genius
-
More than 8 bytes
by xsp!d3r- 2 replies
- 3.1k views
hi guys does anyone know how to encrypt more than 8 bytes by using drizz's cryptohash library in asm?
-
Irregular shaped applications
by HellSpider- 6 replies
- 5.5k views
Hi. I've started to learn coding with MASM and I'm coding a program with an irregular shape atm. The problem is that my region and the bitmap that should get placed on the region are not one the same place. The bitmap is like one centimeter below the region. So what I'm asking is for a solution to fix this. Here is a picture of the mismatch of the region and the bitmap: Now my code looks like this: ... invoke LoadIcon, hInstance, 2001 invoke SendMessage, edi, WM_SETICON,TRUE,eax invoke SetWindowText, edi, offset lpAppName invoke SetWindowPos,edi,HWND_TOPMOST,0,0,0,0,SWP_NOACTIVATE + SWP_NOMOVE + SWP_NOSIZE invoke LoadBitmap, hInstance, 2003 invoke CreatePatternBru…
-
Protected char
by wyrda- 4 replies
- 5.2k views
I work in c++ at a project and I can say that if someone change a char array with a debugger my app is hacked. How should I protect that array? I was thinking to have more arrays and if I join them(when I need) to result my array.
-
Import redirection - a basic idea
by The_SSJ - retired- 10 replies
- 4.1k views
Hi guys, This morning (in my time zone ) I wrote a little txt-file explaining the basic approach to redirect imports of an app. This would be especially useful when u write your own protector or something else... It is not finished yet - There are many things I plan to do... You will find it attached in this post. Greets The_SSJ /Edit: By the way - examples are coded in pseudo-asm... Import redirection by The_SSJ.txt
-
[Delphi] Add Imports problem
by steve10120- 11 replies
- 6.6k views
Hi. Got a problem with some code I've written to add imports to a file. Its working fine on something like a Delphi Hello World, but on notepad.exe its crashing for some reason, can't work out why. { Add Imports Example Author: steve10120 Description: Add imports to a PE file. Website: http://hackhound.org History: First try Added multiple import support. }unit uAddImport;interfaceuses Windows;type TFuncArray = array of string; TImports = packed record szLibName: string; Funcs: TFuncArray; end;procedure AddImport(szFilePath:string; Imports:TImports);type PImageImportDescriptor = ^TImageImportDescriptor; TImageImportDescriptor = …
-
Coding our own little packer
by azfk- 1 reply
- 2.8k views
I'm just curious about this because if we were to code our own packers, it would be a great learning experience in programming, improving our thinking skills (doing anything really), and understand how to unpack better, I've made my own little project, I'm just going to generate a few keys and encrypt blocks of data accordingly, but I'm still stuck on how the unpacking stub works, do I code it manually beforehand and just write the code over what I'm protecting? If so that seems godawful for more complex packers like execryptor and themida so I think thats impractical, or is it an engine? If so... I would need to code my own engine? any comments? thoughts, ideas, will be…
-
Ollydbg text assembler (concept)
by Guest Dreamer9210- 6 replies
- 3.2k views
Hello! I'm using OllyDbg quite often, and sometimes I use it to add/edit functionality to existing binary applications. It's very convenient to see the changes in real time, being able to insert breakpoints while writing/editing the code. But the main problem, in my opinion, is that it's difficult to maintain already written code - if I have to insert or remove commands, I have to manually fix calls/jumps. That's why I wanted to write a plugin to fix the situation, but I am not experienced in writing OllyDbg plugins, and I don't have much time for it, so I want to share the concept with you: Click here It's similar to the known Code Ripper plugin, with an extra feat…
-
ASM help
by Mr. X- 5 replies
- 3.9k views
Hi, I am just a newbie and trying to learn ASM language and i have just started with MSG box. I have just used the source code of MSG box for learning purpose to create a msg box. But on execution, i am continuously getting this error. If anyone can provide me any help over this then it would be great. This is the pic of error which i am getting on execution. Cheers, Mr. X
-
Ollydbg Plugin Plus Masm Source
by What- 15 replies
- 15.7k views
Here is the source for a plugin, I have decided to write a new one from scratch with completely custom code.. Its has fixes for stuff like IsDebuggerPresent, HeapFlags, and shows hooks for stuff like ZwQueryProcessInformation. Show how to apply fixes to ollydbg itself, remove ep breakpoint and break on tls. Hope this helps someone. Originally I used a thread on restart of plugin but it was kinda annoying, so I hooked ollydbg later on where all the fixes would work right, took forever to find a good spot.
-
antiodbg src -> Delphi
by D1N- 9 replies
- 5.8k views
Sometime last year I remember someone asking for an example of anti-odbg in Delphi. Though this is just a simple example code can be modified and updated. Original thread was on unpack.cn sometime ago and this evening while I was checking the board I came across this thread and figured it would be a good opportunity to post it on tuts4you. If you use the code or find it helpful be sure to email this guy and thank him. Dont be a JP function IsDebuggerPresent():BOOL; stdcall;external 'kernel32.dll' name 'IsDebuggerPresent'; <-- !patch Kernel32.IsDebuggerPresent SimpleAntiDBG2.zip
-
- 1 reply
- 5k views
Since I don't make nearly enough contributions around here, time to throw down a few of my projects I've posted on other communities __ Anti-debug library, "Siberian Tiger", build 0.900: http://www.sendspace.com/file/lknuyt. ASM files, as well as intrinsics, are used to be compatible with both x86 and x64 platforms. Strings are encrypted as a small layer of protection from reverse engineering. As the library approaches it's final revision, I'll be obfuscating the application a bit more to ensure all checks are able to run, and work a bit more on integrability. __ - Checks all modules entrypoint for being outside module space and the code segment; if size image or …
-
Hook/Call the same function?
by high6- 2 replies
- 2.8k views
So I have a C++ dll injected into a process and I want to hook/call the same function. Problem is that if I have the hook call the function then it can turn into some nasty recursion. What is the best way to Hook/Call the same function? Some thoughts -Could call the hook's trampoline instead which will cause it to skip over the hook. (Will only work if hooking the start of a function) -Could set a flag that will skip the hook. Not sure how I would do that without it being a giant mess though.
-
Reg. Dll and Exe
by b0mbh2k- 1 reply
- 15.4k views
Guyzz, how to view or judge the sample, whether its dll or exe or any other file into hex editor?
-
PE-Nightmare v1.3 decryptor
by bigboss-62- 6 replies
- 5.3k views
Hello guys... Just after updating Yoda's Decrypter to v1.1, i'm proud to bring you my PE-Nightmare v1.3 decryptor. This crypter is very easy to study, but it has a bad file alignement, causing not working on NT Technology. If you've crypted a proggy that can't be run on NT, just decrypt it with this decrypter and it should work. I have also included source code in masm for those who are interested... See you soon in my next decrypter... Laurent aka BIGBOSS from COPs Any remarks are welcome... CPS!UnPENightmare.zip PENightmare_v13.zip
-
ReadProcessMemory reports an Error
by yanes- 3 replies
- 2.8k views
hi all when using the "ReadProcessMemory" to make a dump an image from memory ,this API reports the Error 'Error_No_Access' , Note that it succeeds with a litte part of victim's memory but it fails to read the entire image (Number of bytes = SizeOfImage) ,Note that the VirtualProtectEx API reports also the same Error code How can I do it ? _
-
Visual C++ question
by thief386- 2 replies
- 3k views
Hello tuts4you guys I'm newbie in c++ and i have some questions 1 how add a good text scroll to form (like dUP patcher's text scroll) ? 2 please post a random number generate function here 3 how use skin in visual c++ ? 4 how add music (xm) to form (i know, but there is some problems that i have read all other topics about it but i can't solve it still) thanks
-
Fastest way to clear all REGs
by SunBeam- 21 replies
- 5.4k views
Hi guys. It's me again, with another kinky weird request from y'allz. Do you happen to know the fastest way to clear all registers? (e-a-c-d-b-x, e-s-d-i) I wrote something like this, keeping in mind I want code to be small: _WIPE proc push 6h pop ecx @loop: push 0 loop @loop pop eax pop ecx pop edx pop ebx pop esi pop edi ret _WIPE endp Pretty much looks like a Delphi function in prolog, lol. Post your thoughts, please!
-
Morse Code
by zugo- 5 replies
- 3.4k views
Hi guys, MorseCode is an application that converts the input text to Morse code and also plays the sound of it - comes with full source code. Regards. MorseCode.rar
-
- 3 replies
- 2.7k views
Hi all , i'm coding a MASM32 program under Winasm IDE how to add the List control SysListView32 on my Dialogbox Of course ,How to add and edit item in the list I think this ctrl is in the Ole32.dll (Not a custom one) waiting for your help THANX ...
-
delphi keygenning help
by Accede- 13 replies
- 4.6k views
Can any god keygener me help on this mistake her is the code: procedure TForm1.btn1Click(Sender: TObject); const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; var N,A,B,C,D,E,F,i:Integer; serial1,S,U,V,W,X:string; Activation:array of Char; begin serial1 :=''; begin if cbb1.Text = 'OJOsoft DVD Ripper'then//cbb is combobox if cbb1.Text = 'OJOsoft Total Video Converter' then if cbb1.Text = 'OJOsoft iPod Video Converter' then if cbb1.Text = 'OJOsoft DVD Audio Ripper' then if cbb1.Text = 'OJOsoft WMA to MP3 Converter' then if cbb1.Text = 'OJOsoft DVD to AVI Converter' then if cbb1.Text = 'OJOsoft WAV to MP3 Converter' then if cbb1.Text = 'OJOsoft DVD to PSP Converter' then…
-
Problem with PE section Injection
by DarkInjection- 4 replies
- 4.3k views
hello this is my first post here i m writing a program to add a new section into the PE at the moment.... but somegthing goes wrong im trying to locate what its worng but nothing yet u can find the source here: infection.h typedef struct _StaffToUse { DWORD EIP; DWORD IMAGE_BASE; DWORD VEP; DWORD NumbOfSections; DWORD WinExec_; DWORD LoadLib_; DWORD ExitProc_; DWORD *VirtualS[32]; DWORD *SizeOfRaw[32]; DWORD *PointerToRaw[32]; DWORD *VirtualAddr[32]; BYTE *SectionNames[32];} StaffToUse;typedef struct _DWDataStorage{ BYTE *dwData;}DWDataStorage;//cracps HANDLE hFile,oFile = NULL; DWORD dwBytesRead; DWORD Sections; DWORD fSize = 0; PCHAR pMem; IMAGE_NT_HEA…
-
Nice op-code reference program
by DoNotUseFoulLanguage- 12 replies
- 4.1k views
Hope you like this, i found it pretty useful Made by Yury Lukach opcodes.zip
-
debugging the errors
by ajaytvish- 1 reply
- 2.7k views
//can somebody help me with the solution of this error : //I am trying to compile the below assembly code on borland v5.02 & tasm assembler v5.0 ;PROGRAM filename setpath.asm .386p ;enable Intel 386 (with privileged) instructions .model flat,stdcall ;flat memory model, for Win32 applications .radix 10 ;numbers default to base-10 jumps ;jumps get calculated and adjusted include Win32.inc ;basic Win32 application constants and structures ;Advapi32.dll extrn RegOpenKeyExA:proc ;external API declaration extrn RegSetValueExA:proc extrn RegCloseKey:proc ;Kernel32.dll extrn GetCurrentDirectoryA:proc extrn E…
-
Call c++ member function through asm
by urbanyoung- 2 replies
- 3.3k views
Hey, I'm trying to call a c++ class member function through asm. I believe the this param (class id) is passed using ECX in the function call, getting this is no problem. However, when I call the function (with the class id in ECX) the function doesn't crash like before, but it returns incorrect data. I was wondering if anything else needs to be passed to the function or if ECX is infact the class id used to associate data with the caller. Any tips would be appreciated.