Programming and Coding
Programming and coding tips, help and solutions...
1,876 topics in this forum
-
- 2 replies
- 4.3k views
hey there all. whenever i try to add a v2m file on masm32 (with a V2m player from magic_h2001, include file + library), i get an error saying: LINK : fatal error LNK1104: cannot open file "OLDNAMES.lib" how do i fix this problem?
-
String Decryption Help
by andmuchmore- 0 replies
- 4.3k views
Hey guys, I am just learning the Mono.Cecil and trying to write a simple string decrypter / junk code remover and I have a couple of questions. The methods that are added from the obfuscator are duplicated. Loop through the modules and remove the junk I only remove the junk from one instance. My first question how would I go about updating the token of the other methods to be the method with the junk code removed or what is the best practise for fixing this? The other question is what is the best way to loop through and remove IL code from a binary. I am currently using NOP to remove the junk code (Line 98-106) but when I use mDef.Body.Instructi…
-
Ntdll/RtlGetNativeSystemInformation
by JMC31337- 0 replies
- 4.4k views
messing around with some code done by H0mbre at https://h0mbre.github.io/HEVD_Stackoverflow_SMEP_Bypass_64bit/ thought i'd put this on the tuts4you walls to obtain ntoskrnl location using undocumented RtlGetNativeSystemInformation #include <windows.h> #include <iostream> using namespace std; FARPROC proc; HMODULE hdll; LONG* ntos; WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) { hdll = LoadLibrary("ntdll"); proc = GetProcAddress(hdll,"RtlGetNativeSystemInformation"); VirtualAlloc(NULL,0x1000,0x3000,0x40); asm ( "mov rcx,0x0b\r\n" "mov rdx,rax\r\n" "mov r8,0x1000\r\n" "mov r9,rbp\r\n" ); proc(); asm (…
-
Possible deobfuscation approaches?
by VirtualPuppet- 2 replies
- 5k views
So I've become very interested in the entire deobfuscation-topic, and I was wondering what is actually the most efficient way to implement e.g. constant-folding for disassembled obfuscated binary data, or maybe some kind of instruction-reduction algorithm. By efficient, I obviously mean which would have the greatest impact and work best in reversing e.g. instruction expansion. My current thoughts are whether it would be most efficient to write an IR-structure for a standard x86 instruction, which exposes data from the instruction operands, etc. and run for example a loop through a container of instructions to try and collapse some of them in a smart manner, or check …
-
LdrLoadDll/LdrGetProcedureAddress
by JMC31337- 0 replies
- 6.7k views
//./g++ -fdata-sections -s -g -std=c++14 -masm=intel -m32 -o ldrdll.exe ldrdll.cpp //./g++ -fdata-sections -s -g -std=c++14 -masm=intel -m64 -o ldrdll.exe ldrdll.cpp #include <windows.h> #include <iostream> typedef struct _UNICODE_STRING { USHORT Length; USHORT MaximumLength; PVOID Buffer; } UNICODE_STRING, *PUNICODE_STRING; typedef struct _ANSI_STRING { USHORT Length; USHORT MaximumLength; PCHAR Buffer; } ANSI_STRING, *PANSI_STRING; typedef void (__stdcall *LdrLoadDll) ( IN PWCHAR PathToFile OPTIONAL, IN ULONG Flags OPTIONAL, IN PUNICODE_STRING ModuleFileName, OUT HMODULE *ModuleHandle ); typedef void (__stdcall *LdrGetProcedureAddress) ( IN HMODULE Mod…
-
PE Parser [assembly]
by ding- 11 replies
- 6k views
Hello , I started working on my own PE parsing tool in assembly language (MASM) and am using RadASM as my main IDE. assume edi:ptr IMAGE_DOS_HEADER lea eax,[edi].e_magic invoke SendMessage,hEdit,WM_SETTEXT,0,eax This line of code suppose to output the following : " MZ ", it does for some executables exept Delphi executables it shows "MZP" instead. The question here is that what (e_cblp) byte is doing here ? as far as i know e_magic field is just a word sized. e_magic = $5A4D am really confused right now !
-
- 2 replies
- 4.6k views
Hi everyone , Hope you're doing good I was looking for some assembly tutorials and I've found nothing useful , the majority of these tutorials talks about computer architechture such as registers and memory .... I want Pure assembly tutorials like using RadASM components , writing tools etc ... Unfortunately all good resources have gone like this website for example : https://web.archive.org/web/20050506040848/http://bib.universitas-virtualis.org/go.php?node=22 I have read Iczelion tutorials , and looking for more am hungry to assembly language Am asking everyone who has something in his drive to share it with me please . best…
-
- 5 replies
- 4.3k views
Hello, I have BeaEngine unit source in delphi , which i've found quiet useful since I love low level stuff and I hope I will be able to code my own debugger oneday . It's hard to understand the code , @kao if you can please explain to me how it works since you've updated this unit , my other question is : does all debuggers and disassemblers use the same methodology ? I started reading Intel manual but my native language is not english therefore it's hard to understand each line . are there any alternatives ? all I did was making a simple diagram to avoid complexity because records are nested . after steping , The EIP doesn't p…
-
- 8 replies
- 5k views
Hello everyone , hope you all are doing well . I was reading a book called ' The art of unpacking ' , on the page 13 the author was talking about both software and hardware breakpoint detection and patching techniques . This is a preview of what was written : The code is clear except (protected code start) and (protected code end) . I guess the first one is referring to the address of entry point of the target application ? if so , How can I determine the end of the code ? I wanted to include this method in my application which is written in delphi ( for testing purpose ) but I couldn't do it , Any piece of code will be more than wel…
-
Need help fixing a line.
by Invoked- 2 replies
- 3.7k views
Hello everyone. Im fairly new to c# and currently learning it ,but I came up on an error. I had someone suggest me to use an array ,but I still get errors. Any tips? Code: foreach (Process process in Process.GetProcessesByName("dnspy-x86")) { Environment.Exit(0); } I want it to accept more then 1 process. thanks !
-
Creating Patch in VB.Net
by zackmark29- 16 replies
- 5.6k views
Hi everyone. I was having trouble of creating and learning of patching with VB.NET Can anybody tell me what's wrong with that code? I tried many times but the bytes still not replacing Please help Imports System.Runtime.CompilerServices Imports System.IO Public Class Form1 Private Shared ReadOnly FindHex As Byte() = {&HE0, &H42, &HFC, &HB1, &H3, &H40, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H75, &H8F, &H75, &H74} Private Shared ReadOnly ReplaceHex As Byte() = {&H0, &H0, &a…
-
[Help] Patching Tool In VB.Net
by Guest forum- 7 replies
- 4.8k views
Hi all. i am new to the patching. i want to make a patch in vb.net , which will replace multiple bytes of a program. like when i load the original & patched file in DUP , its comparision : there are many patterns how to make its patch in vb.net
-
VB.net input 6 million lines
by zackmark29- 2 replies
- 3.8k views
Hello I'm newbie here. I'm learning to make a patch using vb.net and I'm almost there but my problem is I cannot put million words into my code my visual studio is just freezing when I'm pasting the million bytes I just wanna ask how can I insert 6 million length of text
-
- 0 replies
- 4.3k views
Hi, I'm new here. Thanks for the code in https://www.rohitab.com/discuss/topic/41529-stealthier-process-hollowing-code/ But, it only works with x86, then I was trying to make it work with both x86 and x64. But I received the following error when attached windbg to running x64 bit hollowing (in hollowed process). What would be wrong ? (768.edc): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. ntdll!LdrpAllocateTlsEntry+0xda: 00000000`7759466a 8911 mov dword ptr [rcx],edx ds:00000000`00904b5c=???????? Here is my code for Proce…
-
UPX unpacker Delphi Src
by pwnium- 2 replies
- 4.9k views
Hello eveyone , Am looking for a source code for UPX unpacker written in Delphi, I couldn't find anything on the internet . Any article , link , code snippet will be more than helpful . thanks in advance .
-
writing a plugin for OllyDbg in Delphi
by pwnium- 2 replies
- 4k views
Hello everyone , I hope you're doing good , I've been searching for a while about how to write a plugin for OllyDbg , with the help of the (plugin api unit) I was able to make a simple plugin that retreives the value of the flag (BeingDebugged) which is used by the function (IsDebuggerPresent) . now the problem is that i still can't change that byte . The function WriteProcessMemory isn't working , can you give me some help please , here's the full code : thanks in advance library AADebug; uses SysUtils, plugin, windows, Classes; {$R *.res} type PEB = record Reserved1: array [0 .. 1] of Byte; BeingDebugged: Byte; Reserved2: B…
-
AMED: Advanced Machine Decoder.
by SMP3- 1 reply
- 4k views
Hello guys, I'm proud to announce the beta release of AMED (an Advanced Machine Decoder). It's extremely fast, lightweight and supports the following architectures : - x86(with all its extensions including xeon instruction set). - aarch32(arm, thumb, neon, ARMv8+). - aarch64(with all its extensions including SVE). I also released the new version (v3) of opcodesDB. https://github.com/MahdiSafsafi/AMED https://github.com/MahdiSafsafi/opcodesDB What do you think guys ?
-
Oracle Announces Java 14
by whoknows- 2 replies
- 3.8k views
Oracle is providing Java 14 as the Oracle OpenJDK release under an open-source GNU General Public License v2. It's also released under a commercial license using Oracle JDK. Most of the nearly 2,000 fixes in JDK 14 have been made by Oracle employees while 528 came from individual developers and other organizations. Some of the main contributors included Red Hat, SAP, Google, Arm, Intel, and NTT Data. @CodeExplorer happy? #haha https://www.techinvestornews.com/Oracle/Latest-Oracle-News/oracle-announces-java-14 bonus - github.com/sagarkarira/coronavirus-tracker-cli
-
[?]code snippet meaning
by abbas- 2 replies
- 4k views
hi all can some one please tell me what does this code do? private boolean d(String paramString) { boolean bool = false; byte[] arrayOfByte = paramString.getBytes(); if (arrayOfByte.length == 26) { byte b1 = 0; byte b2 = 0; while (b1 < 24) { b2 = (byte)(b2 ^ arrayOfByte[b1]); b1++; } if ((b2 & 0xF) == -65 + arrayOfByte[25] && (0xF & b2 >> 4) == -65 + arrayOfByte[24]) bool = true; } return bool; }
-
Combo box
by krotty- 1 reply
- 3.7k views
I'm making a project Please help me How can add adb devices connected port On combobox thanks
-
How to drag links from browser to app? 1 2
by LCF-AT- 25 replies
- 9.2k views
Hi guys, I have a new question I am trying to find a solution.I would like to drag a link from browser directly into my app to get the full link address without using any copy / paste functions manually via mouse.Now I see its not working and I can only just drag files from Windows / Explorer etc into my app window.So how can I enable the drag operations also from any browser to outside like into my app window etc? greetz
-
Delphi combobox help
by krotty- 3 replies
- 3.7k views
Hi everyone I'm making a project on Delphi How can show name like I'm select man See all man name And I'm select women the. Show women name Thanks
-
- 5 replies
- 6k views
I am trying to build dnspy with dnlib as a dependency project in VS2019. So I can debug dnspy and follow whats happening in the dnlib source. Things I have tried: 1. git clone just dnspy and build using "dotnet build" works. But how can I add dnlib project to dnspy solution in vs2019 and make it build. 2. I also tried the NuGet from vs2019 and install dnlib, but it gets only the dnlib.dll not the entire project. 3. downloaded the dnlib project and added manually to the dnspy sln. it wasnt building at all. 4. dnlib byitself builds fine. 5. dnspy builds fine in git bash shell. Once this is done. the dnspy sln builds fine in vs2019 but only with…
-
- 5 replies
- 5.1k views
My Question How to VMProtect Application Crc calcuated I Want embed hash into my application but , if embed any crc hash to application final checksum changed how VMProtect like software ex Themida calculating own hash I'm Deobfuscated VMProtect and i get this ;VMProtect CRC START: mov edx,dword ptr ss:[ebp] add ebp,0x4 LOOP: xor eax,eax mov ecx,eax shl eax,0x7 shr ecx,0x19 or eax,ecx xor al,byte ptr ds:[edx] inc edx dec dword ptr ss:[ebp] jnz LOOP mov dword ptr ss:[ebp],eax END But how crc values calculated and embeding into application i don't understand how it's work and i need i want to make my own protector…
-
Delphi patch template 10 by [SST] source code
by Bilbardfayim- 9 replies
- 7.4k views
File Name: Delphi patch template 10 by [sST] source code File Submitter: Bilbardfayim File Submitted: 12 Apr 2015 File Category: Source Code Delphi patch template 10 by [sST] source code Click here to download this file
