Programming and Coding
Programming and coding tips, help and solutions...
1,890 topics in this forum
-
- 1 follower
- 4 replies
- 5.6k views
I'm trying to write my own PE reader and would like to get the size of an export function. But this information is not provided in the export directory of the PE header. How can I get the size? This must be possible somehow, for exampled dbghelp knows where the function starts and ends. I have the same problem when trying to parse a PDB file. I can get the actual offset of the public symbol but not its size. Any ideas?
-
libv2 1.5 for MASM
by r0ger- 2 followers
- 4 replies
- 9.3k views
Hi there. I am looking for another v2m player that uses this kind of version of libv2 , because the V2M player from MagicH uses only libv2 1.0 (which he made it work for vista and later) and i saw some assembly source code that uses libv2 1.5 on a THETA NFO viewer 2.2 , so i'm gonna post a part of the code where the libv2 is initiated and loaded in asm : include ./Music/libv2simple.inc includelib ./Music/libv2simple.lib externdef c theTune:byte externdef c theTune2:byte include winmm.inc includelib winmm.lib DlgProc : ; libv2 music start invoke V2MInit,offset theTune,FUNC(GetForegroundWindow) invoke V2MPlay; anyone has this library for asm p…
-
Some questions about writing packer with C++
by m0rfl1ng- 1 follower
- 1 reply
- 5.9k views
Hi guys , it is been a while that i am try to understand how PE files . I did some research and experiment that i will write about them here , but lots of thing does not make sense to me. So C++ codes are already too much complicate to start with , so i decided to compile a pure 64bit assembly code using visual studio 2019 , the code is as follow : .data MorphByte db 78 Morphling db 68 Death db 44 .code main proc xor rax, rax mov rbx, 456 mov rcx, 666 mov rax, 123 add rax, rbx xor rbx, rbx lea rax, [rcx] mov al, byte ptr [MorphByte] ret main endp end now , after compiling the above code we will get two files one .exe and one .obj , since my code is …
-
Needing a Very Small Help in C# PLEASE !!
by BlackHat- 1 follower
- 4 replies
- 6.7k views
I have One textBox and a Button1 Code of btnStart if (this.txtBox.Text.Length == 0) { Interaction.MsgBox("Please Insert Your Data", MsgBoxStyle.OkOnly, null); return; } this.thflag = false; this.th2flag = false; this.btnstart.Enabled = false; this.btnstop.Enabled = true; this.th = new Thread(new ThreadStart(this.BlackHat)); this.th.IsBackground = true; this.th.Start(); this.Timer1.Enabled = true; This is my code of this.BlackHat checked { using (WebClient webClient = new WebClient()) { foreach (string text in this.txtBox.Lines) { if (!string.IsNullOrEmpty(text)) { string address = "https://XXXXXXX/" + text + "X…
-
Mapping DLL that uses OpenSSL
by risky- 2 followers
- 3 replies
- 6.6k views
I'm currently building software using ASIO as a network library and its SSL counterpart. It has worked perfectly, but I've recently tried to initialize the context in a manually mapped DLL and SSL_CTX_new is failing when ASIO initializes it's OpenSSL components. The odd thing is that no error can be resolved from SSL_CTX_new's failure, it simply returns error code 0. So, I dug into the code and I believe I've dumbed down the failure to OPENSSL_init_crypto. The only problem I can think of is TLS (Thread Local Storage). I've handled TLS manually, and TLS seems to be fixed, but the problem persists. Note the code works perfectly when the DLL is loaded via LoadLibra…
-
Writing a .NET Profiler (dev.to)
by sirp- 1 follower
- 0 replies
- 5.5k views
https://dev.to/gabbersepp/create-a-net-profiler-with-the-profiling-api-start-of-an-unexpected-journey-198n https://github.com/gabbersepp/dev.to-posts/tree/master/blog-posts/net-internals call-c-from-cpp debugging-profiler digging-into-callbacks how-does-profiler-work how-to-debug-with-windbg marshal-example net-bitness profiler-attach/code/DevToNetProfiler profiler-fn-enter-arguments profiler-fn-enter-leave-x64 profiler-fn-enter-leave stacktrace-linenumber/code/DevToNetProfiler write-net-profiler
-
- 1 follower
- 7 replies
- 5.8k views
im looking for an APIwindows that get a character of keyboard immediate? means the character get immedaitely after pressing its key on keyboard
-
[.Net] How to hook Microsoft.VisualBasic.CompilerServices.Conversions.ToString(long Value) ?
by Sh4DoVV- 1 follower
- 1 reply
- 5.6k views
Hi I have an executable .net application and how to hook Microsoft.VisualBasic.CompilerServices.Conversions.ToString(long Value) for logging Value ? thanks
-
- 1 follower
- 0 replies
- 5.8k views
Run Constructor even Activator.CreateInstance gives Exception Assembly asm = Assembly.LoadFrom(@"X:\xxxasd.exe"); Type kd = asm.GetType("keydata"); // Create an instance of the type object classInstance = Activator.CreateInstance(keydata, null); ----------> This always throws errorr ..tried different approaches i.e with other parameters and Bindingflags ... There is also System.Runtime.CompilerServices.RuntimeHelpers.RunClassConstructor(RuntimeTypeHandle type), which additionally guarantees that the static constructor is only called once, regardless how many times the method is called: Type myClass = typeof(MyClass); System.Runtime.CompilerS…
-
- 1 follower
- 0 replies
- 5.2k views
Create Instance without calling constructor FormatterServices.GetUninitializedObject() will create an instance without calling a constructor. I found this class by using Reflector and digging through some of the core .Net serialization classes. using System; using System.Reflection; using System.Runtime.Serialization; namespace NoConstructorThingy { class Program { static void Main() { // does not call ctor var myClass = (MyClass)FormatterServices.GetUninitializedObject(typeof(MyClass)); Console.WriteLine(myClass.One); // writes "0", constructor not called Console.WriteLine(myClass.T…
-
How to make Context Menu for my tools ??
by AbdElrahman- 1 follower
- 5 replies
- 5.1k views
HI i want to make Context Menu for my tools like New Context Menu in picture or 7-zip or Winrar i readed a topic for that and i know i must use c++ to make it but i can't do it any one has tutorial to do it or explain how THX
-
Offset Patcher problem c++
by robocopip- 7 replies
- 8.9k views
Hello guys. Your forum is great and very helpful! Thanks for your work! I am a beginner in reverse engineering with some basic knowledge of C++. I wanted to create a small offset patch in c++. I found a simple template on how to do that. I tried it first with a simple NOP patching and it worked. After I edited it to patch 8 offsets I ended up with a not working-Send report to Microsoft application. I uploaded the edited source code. I don't know much about it, and why that happened. . . Is this the proper way to do it? Is there another better template? I know that there exist some cool patch engines but I would like to experiment and building my own. Thanks in advance! …
-
Unlinker help
by JustAGuy- 1 reply
- 6k views
There is an interesting tool called Unlinker It includes an example lzo.obj file. However I have no idea how to and use .obj file in VS. I added obj into additional dependencies, which works fine and project compiles but how can I call its functions?
-
A self-contained C# game in 8 kB
by sirp- 0 replies
- 4.6k views
A self-contained C# game in 8 kB (nice article) This repo is a complement to my article on building an 8 kB self-contained game in C#. By self-contained I mean this 8 kB C# game binary doesn't need a .NET runtime to work. See the article on how that's done. The project files and scripts in this repo build the same game (Snake clone) in several different configurations, each with a different size of the output. https://github.com/MichalStrehovsky/SeeSharpSnake
-
- 8 replies
- 6.5k views
Hi, everybody. I'm using KOL - Key Objects Library. Need a dialog to select multiple folders. This option works for text files. procedure click button2(dummy: pointer;Slender: Control; var mouse:TMouseEventData); var s: String; begin Dialog: = NewOpenSaveDialog ( " , FileFullPath ('Project1.exe'), [ OSFileMustExist, OSHideReadonly, OSAllowMultiSelect, OSOverwritePrompt, OSPathMustExist ] ); dialog.Filter:= '*.txt/*.txt|all/*.*'; Dialogue.OpenDialog: = true; if Dialog.Execute then / / else exit; s:=Dialog.Filename; k:=-1; while s < > " do begin inc(k); a[k]:=Trim…
-
- 2 replies
- 5.3k views
Hello. I'm using KOL - Key Objects Library. How to implement in the program, there is a Toolbar with buttons and a form with a paintbox. Is it possible to do the following when pressing the button on the icon appeared the cursor as in DragAndDrop and after the picture was drawn on the paintbox. That is, it is not necessarily true DragandDrop. It is possible to confine only to changing the type of cursor. https://yadi.sk/i/6ovsPsZyIGxvGQ among those represented in KOL_ansi.inc there is none. const IDC_ARROW = MakeIntResource (32512); IDC_IBEAM = MakeIntResource (32513); IDC_WAIT = MakeIntResource (32514); IDC_CROSS = MakeIntResource (32515); …
-
- 2 replies
- 4.6k views
hey there all. whenever i try to add a v2m file on masm32 (with a V2m player from magic_h2001, include file + library), i get an error saying: LINK : fatal error LNK1104: cannot open file "OLDNAMES.lib" how do i fix this problem?
-
String Decryption Help
by andmuchmore- 0 replies
- 4.6k views
Hey guys, I am just learning the Mono.Cecil and trying to write a simple string decrypter / junk code remover and I have a couple of questions. The methods that are added from the obfuscator are duplicated. Loop through the modules and remove the junk I only remove the junk from one instance. My first question how would I go about updating the token of the other methods to be the method with the junk code removed or what is the best practise for fixing this? The other question is what is the best way to loop through and remove IL code from a binary. I am currently using NOP to remove the junk code (Line 98-106) but when I use mDef.Body.Instructi…
-
Ntdll/RtlGetNativeSystemInformation
by JMC31337- 0 replies
- 4.8k views
messing around with some code done by H0mbre at https://h0mbre.github.io/HEVD_Stackoverflow_SMEP_Bypass_64bit/ thought i'd put this on the tuts4you walls to obtain ntoskrnl location using undocumented RtlGetNativeSystemInformation #include <windows.h> #include <iostream> using namespace std; FARPROC proc; HMODULE hdll; LONG* ntos; WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) { hdll = LoadLibrary("ntdll"); proc = GetProcAddress(hdll,"RtlGetNativeSystemInformation"); VirtualAlloc(NULL,0x1000,0x3000,0x40); asm ( "mov rcx,0x0b\r\n" "mov rdx,rax\r\n" "mov r8,0x1000\r\n" "mov r9,rbp\r\n" ); proc(); asm (…
-
Possible deobfuscation approaches?
by VirtualPuppet- 2 replies
- 5.3k views
So I've become very interested in the entire deobfuscation-topic, and I was wondering what is actually the most efficient way to implement e.g. constant-folding for disassembled obfuscated binary data, or maybe some kind of instruction-reduction algorithm. By efficient, I obviously mean which would have the greatest impact and work best in reversing e.g. instruction expansion. My current thoughts are whether it would be most efficient to write an IR-structure for a standard x86 instruction, which exposes data from the instruction operands, etc. and run for example a loop through a container of instructions to try and collapse some of them in a smart manner, or check …
-
LdrLoadDll/LdrGetProcedureAddress
by JMC31337- 0 replies
- 7.2k views
//./g++ -fdata-sections -s -g -std=c++14 -masm=intel -m32 -o ldrdll.exe ldrdll.cpp //./g++ -fdata-sections -s -g -std=c++14 -masm=intel -m64 -o ldrdll.exe ldrdll.cpp #include <windows.h> #include <iostream> typedef struct _UNICODE_STRING { USHORT Length; USHORT MaximumLength; PVOID Buffer; } UNICODE_STRING, *PUNICODE_STRING; typedef struct _ANSI_STRING { USHORT Length; USHORT MaximumLength; PCHAR Buffer; } ANSI_STRING, *PANSI_STRING; typedef void (__stdcall *LdrLoadDll) ( IN PWCHAR PathToFile OPTIONAL, IN ULONG Flags OPTIONAL, IN PUNICODE_STRING ModuleFileName, OUT HMODULE *ModuleHandle ); typedef void (__stdcall *LdrGetProcedureAddress) ( IN HMODULE Mod…
-
PE Parser [assembly]
by ding- 11 replies
- 6.6k views
Hello , I started working on my own PE parsing tool in assembly language (MASM) and am using RadASM as my main IDE. assume edi:ptr IMAGE_DOS_HEADER lea eax,[edi].e_magic invoke SendMessage,hEdit,WM_SETTEXT,0,eax This line of code suppose to output the following : " MZ ", it does for some executables exept Delphi executables it shows "MZP" instead. The question here is that what (e_cblp) byte is doing here ? as far as i know e_magic field is just a word sized. e_magic = $5A4D am really confused right now !
-
- 2 replies
- 4.9k views
Hi everyone , Hope you're doing good I was looking for some assembly tutorials and I've found nothing useful , the majority of these tutorials talks about computer architechture such as registers and memory .... I want Pure assembly tutorials like using RadASM components , writing tools etc ... Unfortunately all good resources have gone like this website for example : https://web.archive.org/web/20050506040848/http://bib.universitas-virtualis.org/go.php?node=22 I have read Iczelion tutorials , and looking for more am hungry to assembly language Am asking everyone who has something in his drive to share it with me please . best…
-
- 5 replies
- 4.6k views
Hello, I have BeaEngine unit source in delphi , which i've found quiet useful since I love low level stuff and I hope I will be able to code my own debugger oneday . It's hard to understand the code , @kao if you can please explain to me how it works since you've updated this unit , my other question is : does all debuggers and disassemblers use the same methodology ? I started reading Intel manual but my native language is not english therefore it's hard to understand each line . are there any alternatives ? all I did was making a simple diagram to avoid complexity because records are nested . after steping , The EIP doesn't p…
-
- 8 replies
- 5.5k views
Hello everyone , hope you all are doing well . I was reading a book called ' The art of unpacking ' , on the page 13 the author was talking about both software and hardware breakpoint detection and patching techniques . This is a preview of what was written : The code is clear except (protected code start) and (protected code end) . I guess the first one is referring to the address of entry point of the target application ? if so , How can I determine the end of the code ? I wanted to include this method in my application which is written in delphi ( for testing purpose ) but I couldn't do it , Any piece of code will be more than wel…
.thumb.png.cfc7dc425268a21515a347365339e83e.png)
