Programming and Coding
Programming and coding tips, help and solutions...
1,886 topics in this forum
-
Writing a .NET Profiler (dev.to)
by sirp- 1 follower
- 0 replies
- 5.3k views
https://dev.to/gabbersepp/create-a-net-profiler-with-the-profiling-api-start-of-an-unexpected-journey-198n https://github.com/gabbersepp/dev.to-posts/tree/master/blog-posts/net-internals call-c-from-cpp debugging-profiler digging-into-callbacks how-does-profiler-work how-to-debug-with-windbg marshal-example net-bitness profiler-attach/code/DevToNetProfiler profiler-fn-enter-arguments profiler-fn-enter-leave-x64 profiler-fn-enter-leave stacktrace-linenumber/code/DevToNetProfiler write-net-profiler
-
- 1 follower
- 7 replies
- 5.8k views
im looking for an APIwindows that get a character of keyboard immediate? means the character get immedaitely after pressing its key on keyboard
-
[.Net] How to hook Microsoft.VisualBasic.CompilerServices.Conversions.ToString(long Value) ?
by Sh4DoVV- 1 follower
- 1 reply
- 5.5k views
Hi I have an executable .net application and how to hook Microsoft.VisualBasic.CompilerServices.Conversions.ToString(long Value) for logging Value ? thanks
-
- 1 follower
- 0 replies
- 5.8k views
Run Constructor even Activator.CreateInstance gives Exception Assembly asm = Assembly.LoadFrom(@"X:\xxxasd.exe"); Type kd = asm.GetType("keydata"); // Create an instance of the type object classInstance = Activator.CreateInstance(keydata, null); ----------> This always throws errorr ..tried different approaches i.e with other parameters and Bindingflags ... There is also System.Runtime.CompilerServices.RuntimeHelpers.RunClassConstructor(RuntimeTypeHandle type), which additionally guarantees that the static constructor is only called once, regardless how many times the method is called: Type myClass = typeof(MyClass); System.Runtime.CompilerS…
-
- 1 follower
- 0 replies
- 5.2k views
Create Instance without calling constructor FormatterServices.GetUninitializedObject() will create an instance without calling a constructor. I found this class by using Reflector and digging through some of the core .Net serialization classes. using System; using System.Reflection; using System.Runtime.Serialization; namespace NoConstructorThingy { class Program { static void Main() { // does not call ctor var myClass = (MyClass)FormatterServices.GetUninitializedObject(typeof(MyClass)); Console.WriteLine(myClass.One); // writes "0", constructor not called Console.WriteLine(myClass.T…
-
How to make Context Menu for my tools ??
by AbdElrahman- 1 follower
- 5 replies
- 5k views
HI i want to make Context Menu for my tools like New Context Menu in picture or 7-zip or Winrar i readed a topic for that and i know i must use c++ to make it but i can't do it any one has tutorial to do it or explain how THX
-
Offset Patcher problem c++
by robocopip- 7 replies
- 8.8k views
Hello guys. Your forum is great and very helpful! Thanks for your work! I am a beginner in reverse engineering with some basic knowledge of C++. I wanted to create a small offset patch in c++. I found a simple template on how to do that. I tried it first with a simple NOP patching and it worked. After I edited it to patch 8 offsets I ended up with a not working-Send report to Microsoft application. I uploaded the edited source code. I don't know much about it, and why that happened. . . Is this the proper way to do it? Is there another better template? I know that there exist some cool patch engines but I would like to experiment and building my own. Thanks in advance! …
-
Unlinker help
by JustAGuy- 1 reply
- 5.9k views
There is an interesting tool called Unlinker It includes an example lzo.obj file. However I have no idea how to and use .obj file in VS. I added obj into additional dependencies, which works fine and project compiles but how can I call its functions?
-
A self-contained C# game in 8 kB
by sirp- 0 replies
- 4.5k views
A self-contained C# game in 8 kB (nice article) This repo is a complement to my article on building an 8 kB self-contained game in C#. By self-contained I mean this 8 kB C# game binary doesn't need a .NET runtime to work. See the article on how that's done. The project files and scripts in this repo build the same game (Snake clone) in several different configurations, each with a different size of the output. https://github.com/MichalStrehovsky/SeeSharpSnake
-
- 8 replies
- 6.4k views
Hi, everybody. I'm using KOL - Key Objects Library. Need a dialog to select multiple folders. This option works for text files. procedure click button2(dummy: pointer;Slender: Control; var mouse:TMouseEventData); var s: String; begin Dialog: = NewOpenSaveDialog ( " , FileFullPath ('Project1.exe'), [ OSFileMustExist, OSHideReadonly, OSAllowMultiSelect, OSOverwritePrompt, OSPathMustExist ] ); dialog.Filter:= '*.txt/*.txt|all/*.*'; Dialogue.OpenDialog: = true; if Dialog.Execute then / / else exit; s:=Dialog.Filename; k:=-1; while s < > " do begin inc(k); a[k]:=Trim…
-
- 2 replies
- 5.2k views
Hello. I'm using KOL - Key Objects Library. How to implement in the program, there is a Toolbar with buttons and a form with a paintbox. Is it possible to do the following when pressing the button on the icon appeared the cursor as in DragAndDrop and after the picture was drawn on the paintbox. That is, it is not necessarily true DragandDrop. It is possible to confine only to changing the type of cursor. https://yadi.sk/i/6ovsPsZyIGxvGQ among those represented in KOL_ansi.inc there is none. const IDC_ARROW = MakeIntResource (32512); IDC_IBEAM = MakeIntResource (32513); IDC_WAIT = MakeIntResource (32514); IDC_CROSS = MakeIntResource (32515); …
-
- 2 replies
- 4.5k views
hey there all. whenever i try to add a v2m file on masm32 (with a V2m player from magic_h2001, include file + library), i get an error saying: LINK : fatal error LNK1104: cannot open file "OLDNAMES.lib" how do i fix this problem?
-
String Decryption Help
by andmuchmore- 0 replies
- 4.5k views
Hey guys, I am just learning the Mono.Cecil and trying to write a simple string decrypter / junk code remover and I have a couple of questions. The methods that are added from the obfuscator are duplicated. Loop through the modules and remove the junk I only remove the junk from one instance. My first question how would I go about updating the token of the other methods to be the method with the junk code removed or what is the best practise for fixing this? The other question is what is the best way to loop through and remove IL code from a binary. I am currently using NOP to remove the junk code (Line 98-106) but when I use mDef.Body.Instructi…
-
Ntdll/RtlGetNativeSystemInformation
by JMC31337- 0 replies
- 4.7k views
messing around with some code done by H0mbre at https://h0mbre.github.io/HEVD_Stackoverflow_SMEP_Bypass_64bit/ thought i'd put this on the tuts4you walls to obtain ntoskrnl location using undocumented RtlGetNativeSystemInformation #include <windows.h> #include <iostream> using namespace std; FARPROC proc; HMODULE hdll; LONG* ntos; WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) { hdll = LoadLibrary("ntdll"); proc = GetProcAddress(hdll,"RtlGetNativeSystemInformation"); VirtualAlloc(NULL,0x1000,0x3000,0x40); asm ( "mov rcx,0x0b\r\n" "mov rdx,rax\r\n" "mov r8,0x1000\r\n" "mov r9,rbp\r\n" ); proc(); asm (…
-
Possible deobfuscation approaches?
by VirtualPuppet- 2 replies
- 5.2k views
So I've become very interested in the entire deobfuscation-topic, and I was wondering what is actually the most efficient way to implement e.g. constant-folding for disassembled obfuscated binary data, or maybe some kind of instruction-reduction algorithm. By efficient, I obviously mean which would have the greatest impact and work best in reversing e.g. instruction expansion. My current thoughts are whether it would be most efficient to write an IR-structure for a standard x86 instruction, which exposes data from the instruction operands, etc. and run for example a loop through a container of instructions to try and collapse some of them in a smart manner, or check …
-
LdrLoadDll/LdrGetProcedureAddress
by JMC31337- 0 replies
- 7k views
//./g++ -fdata-sections -s -g -std=c++14 -masm=intel -m32 -o ldrdll.exe ldrdll.cpp //./g++ -fdata-sections -s -g -std=c++14 -masm=intel -m64 -o ldrdll.exe ldrdll.cpp #include <windows.h> #include <iostream> typedef struct _UNICODE_STRING { USHORT Length; USHORT MaximumLength; PVOID Buffer; } UNICODE_STRING, *PUNICODE_STRING; typedef struct _ANSI_STRING { USHORT Length; USHORT MaximumLength; PCHAR Buffer; } ANSI_STRING, *PANSI_STRING; typedef void (__stdcall *LdrLoadDll) ( IN PWCHAR PathToFile OPTIONAL, IN ULONG Flags OPTIONAL, IN PUNICODE_STRING ModuleFileName, OUT HMODULE *ModuleHandle ); typedef void (__stdcall *LdrGetProcedureAddress) ( IN HMODULE Mod…
-
PE Parser [assembly]
by ding- 11 replies
- 6.4k views
Hello , I started working on my own PE parsing tool in assembly language (MASM) and am using RadASM as my main IDE. assume edi:ptr IMAGE_DOS_HEADER lea eax,[edi].e_magic invoke SendMessage,hEdit,WM_SETTEXT,0,eax This line of code suppose to output the following : " MZ ", it does for some executables exept Delphi executables it shows "MZP" instead. The question here is that what (e_cblp) byte is doing here ? as far as i know e_magic field is just a word sized. e_magic = $5A4D am really confused right now !
-
- 2 replies
- 4.8k views
Hi everyone , Hope you're doing good I was looking for some assembly tutorials and I've found nothing useful , the majority of these tutorials talks about computer architechture such as registers and memory .... I want Pure assembly tutorials like using RadASM components , writing tools etc ... Unfortunately all good resources have gone like this website for example : https://web.archive.org/web/20050506040848/http://bib.universitas-virtualis.org/go.php?node=22 I have read Iczelion tutorials , and looking for more am hungry to assembly language Am asking everyone who has something in his drive to share it with me please . best…
-
- 5 replies
- 4.4k views
Hello, I have BeaEngine unit source in delphi , which i've found quiet useful since I love low level stuff and I hope I will be able to code my own debugger oneday . It's hard to understand the code , @kao if you can please explain to me how it works since you've updated this unit , my other question is : does all debuggers and disassemblers use the same methodology ? I started reading Intel manual but my native language is not english therefore it's hard to understand each line . are there any alternatives ? all I did was making a simple diagram to avoid complexity because records are nested . after steping , The EIP doesn't p…
-
- 8 replies
- 5.3k views
Hello everyone , hope you all are doing well . I was reading a book called ' The art of unpacking ' , on the page 13 the author was talking about both software and hardware breakpoint detection and patching techniques . This is a preview of what was written : The code is clear except (protected code start) and (protected code end) . I guess the first one is referring to the address of entry point of the target application ? if so , How can I determine the end of the code ? I wanted to include this method in my application which is written in delphi ( for testing purpose ) but I couldn't do it , Any piece of code will be more than wel…
-
Need help fixing a line.
by Invoked- 2 replies
- 3.9k views
Hello everyone. Im fairly new to c# and currently learning it ,but I came up on an error. I had someone suggest me to use an array ,but I still get errors. Any tips? Code: foreach (Process process in Process.GetProcessesByName("dnspy-x86")) { Environment.Exit(0); } I want it to accept more then 1 process. thanks !
-
Creating Patch in VB.Net
by zackmark29- 16 replies
- 5.9k views
Hi everyone. I was having trouble of creating and learning of patching with VB.NET Can anybody tell me what's wrong with that code? I tried many times but the bytes still not replacing Please help Imports System.Runtime.CompilerServices Imports System.IO Public Class Form1 Private Shared ReadOnly FindHex As Byte() = {&HE0, &H42, &HFC, &HB1, &H3, &H40, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H8F, &H75, &H74} Private Shared ReadOnly ReplaceHex As Byte() = {&H0, &H0, &a…
-
[Help] Patching Tool In VB.Net
by Guest forum- 7 replies
- 5.1k views
Hi all. i am new to the patching. i want to make a patch in vb.net , which will replace multiple bytes of a program. like when i load the original & patched file in DUP , its comparision : there are many patterns how to make its patch in vb.net
-
VB.net input 6 million lines
by zackmark29- 2 replies
- 4k views
Hello I'm newbie here. I'm learning to make a patch using vb.net and I'm almost there but my problem is I cannot put million words into my code my visual studio is just freezing when I'm pasting the million bytes I just wanna ask how can I insert 6 million length of text
-
- 0 replies
- 4.5k views
Hi, I'm new here. Thanks for the code in https://www.rohitab.com/discuss/topic/41529-stealthier-process-hollowing-code/ But, it only works with x86, then I was trying to make it work with both x86 and x64. But I received the following error when attached windbg to running x64 bit hollowing (in hollowed process). What would be wrong ? (768.edc): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. ntdll!LdrpAllocateTlsEntry+0xda: 00000000`7759466a 8911 mov dword ptr [rcx],edx ds:00000000`00904b5c=???????? Here is my code for Proce…
.thumb.png.cfc7dc425268a21515a347365339e83e.png)
