Programming and Coding

Hello! I'm using OllyDbg quite often, and sometimes I use it to add/edit functionality to existing binary applications. It's very convenient to see the changes in real time, being able to insert breakpoints while writing/editing the code. But the main problem, in my opinion, is that it's difficult to maintain already written code - if I have to insert or remove commands, I have to manually fix calls/jumps. That's why I wanted to write a plugin to fix the situation, but I am not experienced in writing OllyDbg plugins, and I don't have much time for it, so I want to share the concept with you: Click here It's similar to the known Code Ripper plugin, with an extra feat…

Hi, I am just a newbie and trying to learn ASM language and i have just started with MSG box. I have just used the source code of MSG box for learning purpose to create a msg box. But on execution, i am continuously getting this error. If anyone can provide me any help over this then it would be great. This is the pic of error which i am getting on execution. Cheers, Mr. X

Here is the source for a plugin, I have decided to write a new one from scratch with completely custom code.. Its has fixes for stuff like IsDebuggerPresent, HeapFlags, and shows hooks for stuff like ZwQueryProcessInformation. Show how to apply fixes to ollydbg itself, remove ep breakpoint and break on tls. Hope this helps someone. Originally I used a thread on restart of plugin but it was kinda annoying, so I hooked ollydbg later on where all the fixes would work right, took forever to find a good spot.

Sometime last year I remember someone asking for an example of anti-odbg in Delphi. Though this is just a simple example code can be modified and updated. Original thread was on unpack.cn sometime ago and this evening while I was checking the board I came across this thread and figured it would be a good opportunity to post it on tuts4you. If you use the code or find it helpful be sure to email this guy and thank him. Dont be a JP function IsDebuggerPresent():BOOL; stdcall;external 'kernel32.dll' name 'IsDebuggerPresent'; <-- !patch Kernel32.IsDebuggerPresent SimpleAntiDBG2.zip

Since I don't make nearly enough contributions around here, time to throw down a few of my projects I've posted on other communities __ Anti-debug library, "Siberian Tiger", build 0.900: http://www.sendspace.com/file/lknuyt. ASM files, as well as intrinsics, are used to be compatible with both x86 and x64 platforms. Strings are encrypted as a small layer of protection from reverse engineering. As the library approaches it's final revision, I'll be obfuscating the application a bit more to ensure all checks are able to run, and work a bit more on integrability. __ - Checks all modules entrypoint for being outside module space and the code segment; if size image or …

So I have a C++ dll injected into a process and I want to hook/call the same function. Problem is that if I have the hook call the function then it can turn into some nasty recursion. What is the best way to Hook/Call the same function? Some thoughts -Could call the hook's trampoline instead which will cause it to skip over the hook. (Will only work if hooking the start of a function) -Could set a flag that will skip the hook. Not sure how I would do that without it being a giant mess though.

Guyzz, how to view or judge the sample, whether its dll or exe or any other file into hex editor?

Hello guys... Just after updating Yoda's Decrypter to v1.1, i'm proud to bring you my PE-Nightmare v1.3 decryptor. This crypter is very easy to study, but it has a bad file alignement, causing not working on NT Technology. If you've crypted a proggy that can't be run on NT, just decrypt it with this decrypter and it should work. I have also included source code in masm for those who are interested... See you soon in my next decrypter... Laurent aka BIGBOSS from COPs Any remarks are welcome... CPS!UnPENightmare.zip PENightmare_v13.zip

hi all when using the "ReadProcessMemory" to make a dump an image from memory ,this API reports the Error 'Error_No_Access' , Note that it succeeds with a litte part of victim's memory but it fails to read the entire image (Number of bytes = SizeOfImage) ,Note that the VirtualProtectEx API reports also the same Error code How can I do it ? _

Hello tuts4you guys I'm newbie in c++ and i have some questions 1 how add a good text scroll to form (like dUP patcher's text scroll) ? 2 please post a random number generate function here 3 how use skin in visual c++ ? 4 how add music (xm) to form (i know, but there is some problems that i have read all other topics about it but i can't solve it still) thanks

Hi guys. It's me again, with another kinky weird request from y'allz. Do you happen to know the fastest way to clear all registers? (e-a-c-d-b-x, e-s-d-i) I wrote something like this, keeping in mind I want code to be small: _WIPE proc push 6h pop ecx @loop: push 0 loop @loop pop eax pop ecx pop edx pop ebx pop esi pop edi ret _WIPE endp Pretty much looks like a Delphi function in prolog, lol. Post your thoughts, please!

Hi guys, MorseCode is an application that converts the input text to Morse code and also plays the sound of it - comes with full source code. Regards. MorseCode.rar

Hi all , i'm coding a MASM32 program under Winasm IDE how to add the List control SysListView32 on my Dialogbox Of course ,How to add and edit item in the list I think this ctrl is in the Ole32.dll (Not a custom one) waiting for your help THANX ...

Can any god keygener me help on this mistake her is the code: procedure TForm1.btn1Click(Sender: TObject); const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; var N,A,B,C,D,E,F,i:Integer; serial1,S,U,V,W,X:string; Activation:array of Char; begin serial1 :=''; begin if cbb1.Text = 'OJOsoft DVD Ripper'then//cbb is combobox if cbb1.Text = 'OJOsoft Total Video Converter' then if cbb1.Text = 'OJOsoft iPod Video Converter' then if cbb1.Text = 'OJOsoft DVD Audio Ripper' then if cbb1.Text = 'OJOsoft WMA to MP3 Converter' then if cbb1.Text = 'OJOsoft DVD to AVI Converter' then if cbb1.Text = 'OJOsoft WAV to MP3 Converter' then if cbb1.Text = 'OJOsoft DVD to PSP Converter' then…

hello this is my first post here i m writing a program to add a new section into the PE at the moment.... but somegthing goes wrong im trying to locate what its worng but nothing yet u can find the source here: infection.h typedef struct _StaffToUse { DWORD EIP; DWORD IMAGE_BASE; DWORD VEP; DWORD NumbOfSections; DWORD WinExec_; DWORD LoadLib_; DWORD ExitProc_; DWORD *VirtualS[32]; DWORD *SizeOfRaw[32]; DWORD *PointerToRaw[32]; DWORD *VirtualAddr[32]; BYTE *SectionNames[32];} StaffToUse;typedef struct _DWDataStorage{ BYTE *dwData;}DWDataStorage;//cracps HANDLE hFile,oFile = NULL; DWORD dwBytesRead; DWORD Sections; DWORD fSize = 0; PCHAR pMem; IMAGE_NT_HEA…

Hope you like this, i found it pretty useful Made by Yury Lukach opcodes.zip

//can somebody help me with the solution of this error : //I am trying to compile the below assembly code on borland v5.02 & tasm assembler v5.0 ;PROGRAM filename setpath.asm .386p ;enable Intel 386 (with privileged) instructions .model flat,stdcall ;flat memory model, for Win32 applications .radix 10 ;numbers default to base-10 jumps ;jumps get calculated and adjusted include Win32.inc ;basic Win32 application constants and structures ;Advapi32.dll extrn RegOpenKeyExA:proc ;external API declaration extrn RegSetValueExA:proc extrn RegCloseKey:proc ;Kernel32.dll extrn GetCurrentDirectoryA:proc extrn E…

Hey, I'm trying to call a c++ class member function through asm. I believe the this param (class id) is passed using ECX in the function call, getting this is no problem. However, when I call the function (with the class id in ECX) the function doesn't crash like before, but it returns incorrect data. I was wondering if anything else needs to be passed to the function or if ECX is infact the class id used to associate data with the caller. Any tips would be appreciated.

in visual c++ 2005 x64 it doesn't support the inline assembly __asm so to write assembly i must write it in a .asm file then call it from my code i need a tutorials for writing x64 assembly and how to call it as a function from c++ or at least i nead an x64 IDE assembler thnx in advance

Hey folks i need some help with a asm line...how i could do that in delphi ? SAR EAX,1 ROL EAX,3 XCHG EAX,ESI < i need that in delphi but how :S?

Hi, I am just asking how to read text that is multilined, in a text box, into a formatted memory buffer. This is needed because the required function that needs the text, expects it to be formatted. And so, the app fails because the text is not formatted properly (with newlines etc). The language the project is written in is C++, with zero MFC or .NET. Any assistance at all would be appreciated. EDIT: Worked it out. For some odd reason, the edit control's contents (which are on tabs) are not read...

i wanna make a link in my application go to a site anyone can helpe like to do

*plz kill this people.*

Hi, I've got another problem. I'm trying to read the read and parse data in the resource section, after reading some articles I've got a pretty good idea about what needs to be done. But, I'm stuck on one little thing, which none of the articles seem to cover. The problem is with the IMAGE_RESOURCE_DIRECTORY_ENTRY values, the Name value seems correct(checked with Index refs), but the OffsetToData value is wrong, or at least the value in the field is way way above even the filesize. Is there something I need to do to the OffsetToData to get the right offset of the IMAGE_RESOURCE_DATA_ENTRY? var dwOffset: DWORD; bFile: TByteArray; IDH: TImageDosHeader; INH: TImageN…

hey people,i want to get data from edit and show to the user,