All Activity
- Past hour
-
Maybe it helps you locate key branches. The plugin is not finished yet,I think you can understand the principles and attack methods of vmp by looking at the source code
-
okrocks007 joined the community
- Today
-
resur joined the community
-
bilalshah joined the community
-
wmattytamqnob joined the community
-
Why ImpRec/Scylla sometimes cant redirect calls/jmp into new created IAT
jackyjask replied to Priboi's topic in Scylla Imports Reconstruction
please attach your sample crackme.exe as well 2) have you tried special secret edition of the tool? (c) by some forum member from here- 1 reply
-
- 1
-
rebola joined the community
-
muzammil started following boot
-
It is a quick and easy function to use and add in to your code. PinMe! was able to capture windows set with display affinity by making use of a couple of functions with undocumented flags. Unfortunately an update to Windows 10 and 11 sometime late last year put an end to this. It still works fine on older Windows builds... Ted.
-
How to format specific text to correctly displaying text?
Teddy Rogers replied to LCF-AT's topic in Programming and Coding
Check the third parameter, it is an in/ out... https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-istextunicode Ted. -
komdil joined the community
-
askasmani joined the community
- Yesterday
-
Sean Park - Lovejoy started following Luca91
-
Sean Park - Lovejoy started following Il Assembly References , Why ImpRec/Scylla sometimes cant redirect calls/jmp into new created IAT and Anti-Reverse Engineering (Assembly Obfuscation)
-
barkgod joined the community
-
Ungrave joined the community
-
Why ImpRec/Scylla sometimes cant redirect calls/jmp into new created IAT
Priboi posted a topic in Scylla Imports Reconstruction
I have made little research why ImpRec/Scylla sometimes cant redirect calls/jmp into new created IAT. Different reason for imprec and scylla.- 1 reply
-
- 2
-
koalarotm joined the community
-
Luna6076427 started following Programming and Coding
- Last week
-
X0rby changed their profile photo
-
How to unpack this target? Regards. sean.
-
The Customizer - Skin+Psd (official TeamREPT Skin)
cdwayne foremost commented on Tracer's file in diablo2oo2 Universal Patcher (dUP)
-
How to format specific text to correctly displaying text?
adoxa replied to LCF-AT's topic in Programming and Coding
Read the last sentence of my previous message again... -
How to format specific text to correctly displaying text?
LCF-AT replied to LCF-AT's topic in Programming and Coding
Hi guys, I was downloading some text file from internet and when I print it into static control etc then I got that not correctly wrong mixed symbols or letters etc I would like to prevent but how is the questions. By the way, I tried using that IsTextUnicode function but I can only use the RtlIsTextUnicode function and this does crash always inside... invoke RtlIsTextUnicode,addr STRINGBUFFER ,sizeof STRINGBUFFER, IS_TEXT_UNICODE_ASCII16 ....so I don't know about all those specific Text Symbol styles things whatever they called etc but it really sux and I just want to have & use some simple format / fix functions I can run over my textbuffer to make them OK. @adoxa Yes it seems I have to remove those HTML entities from text buffer to format them correctly but how? Is there no ready function already I could use? Otherwise I have to make it myself. How much HTML Entities are there I have to check for? Or what are the most common used? I made this quick function... Remove_HTML_Entities proc uses edi esi ebx _buffer:DWORD invoke szRep,_buffer,_buffer,chr$("<"), chr$("<") invoke szRep,_buffer,_buffer,chr$(">"), chr$(">") invoke szRep,_buffer,_buffer,chr$("&"), chr$('&') invoke szRep,_buffer,_buffer,chr$("""), chr$('"') invoke szRep,_buffer,_buffer,chr$("'"), chr$("'") invoke szRep,_buffer,_buffer,chr$("¢"), chr$("¢") invoke szRep,_buffer,_buffer,chr$("£"),chr$("£") invoke szRep,_buffer,_buffer,chr$("¥"), chr$("¥") invoke szRep,_buffer,_buffer,chr$("€"), chr$("€") invoke szRep,_buffer,_buffer,chr$("©"), chr$("©") invoke szRep,_buffer,_buffer,chr$("®"), chr$("®") Ret Remove_HTML_Entities endp ...to remove some of those Entities. Seems to work OK so far but NOW I found another problem. When the entitie & was found and replaced with & and I do send that string buffer into my static control then the "&" is not displaying!=? Why? When I do messagebox that string buffer then the "&" gets displayed. So why is the & not showing when using it in a string? Also this fails... invoke SendMessage,STATIC_HANDLE,WM_SETTEXT,0,chr$("You & Me") = "You Me" and not "You & Me" Why? Is there any style I have to enable to make it work to display also the "&"? greetz -
Hello everyone ! Having been in infosec for a few years now, particularly on the Red Team side, I'm keen to discover new things. I have some basic knowledge of reverse engineering, but nothing too crazy. As I'm about to start a new contract on the Blue Team side, I'd like to practice a bit before starting. So I'd like to know your opinion on an easy malware family to reverse for a beginner. Thank you.
-
unlisted changed their profile photo
-
An open source tool for analyzing vmp
Sean Park - Lovejoy replied to fjqisba's topic in Programming and Coding
@jackyjask maybe, we do not need it any more. @fjqisba how does this IDA plugin help to analyze the vmprotect virtual machine? I do not know how to use this. I will be really appreciated if you could explain about it. Many thanks in advance. Regards. sean. -
An open source tool for analyzing vmp
jackyjask replied to fjqisba's topic in Programming and Coding
@fjqisba is GhidraVmp.dll obsoleted and now one has to use Revampire.dll instead? -
How to format specific text to correctly displaying text?
adoxa replied to LCF-AT's topic in Programming and Coding
If you want to change "standard" (&<>) HTML entities it would be simplest to search and replace manually; not sure what the best approach would be if you want to convert unknown HTML to text. Dialog text uses & to underline the next character, so they should be replaced with && for a literal &. -
How to format specific text to correctly displaying text?
Teddy Rogers replied to LCF-AT's topic in Programming and Coding
I don't know where you are sourcing your text from, possibly you can check the BOM - if it exists. If the text is a reliable source you could try utilising the IsTextUnicode function... Ted. -
How to format specific text to correctly displaying text?
LCF-AT posted a topic in Programming and Coding
Hi guys, so I got a little problem again with those UNICODE / SYMBOL chars in text / buffer I want to format to readable text and print that on a static control. So first I got some text issues showing me some strange symbol chars instead of text like this below... "Youâ€" is "You’ve" ...and I was then using the MultiByteToWideChar function with CodePage CP_UTF8 to change my ANSI text buffer to UNICODE. After that the text was displaying correctly using SetDlgItemTextW function. FIne so far I thought. Then I found another problem with a other symbol like this... Q&A is Q&A ...and I tried to use the same function as above but in this case I got this results back... Qamp;A !? My question now is...when I have any unknown text in buffer as ASCII / ANSI style then I want to format / convert this text buffer into 100 % readable / Symbol buffer I want to use with SetDlgItemTextW (Unicode) function to display the text 100 % correctly as original etc. What is the right method for this? greetz -
v4tb changed their profile photo
-
How to find the constant value when debugging an enigma protected application? no answer ???
-
create backup(from olly) functionality in x64dbg
Sean Park - Lovejoy replied to Priboi's topic in x64dbg
@Priboi Many thanks for the video presentation. Now I get it. Your plugin would be helpful. Regards. sean. -
I said program not plugin. Debugged program makes changes in code/data for example while unpacking and you are able to see where these changes are when using my plugin.
-
create backup(from olly) functionality in x64dbg
Sean Park - Lovejoy replied to Priboi's topic in x64dbg
@Priboi when does the code/data change by your plugin? I did not use the feature of the ollydbg, also I did not know it is. Now I check it out in ollydbg. It is a good feature. In ollydbg, If I create backup, then I change some codes. by using view backup, I can view the backed up data. after it, again If I click view actual data, I can view the current modified code/data. But with your plugin, what should I do to check what is the backed up code/data and what is the current modified or actual code/data? Many thanks in advance. Regards. sean. -
[C++ & MASM Source] - MyAppSecured v1.00 Beta (exe protector)
Priboi replied to TomaHawk's topic in Programming Resources
Can someone share MyAppSecured v1.00 Beta source? I dont have account here: https://forum.exetools.com/showthread.php?t=19316 EDIT: nevermind founded here:- 1 reply
-
- 1
-
You dont have to do changes on yourself its not the purpose of this plugin because you know what you have changed. The code/data should be changed by program itself.
-
+ password-protect-video.com
-
An open source tool for analyzing vmp
Sean Park - Lovejoy replied to fjqisba's topic in Programming and Coding
-
Well, the project is still a demo. I updated the plugin and provided a program for my own testing,you can try that. https://github.com/fjqisba/VmpHelper/releases
-
An open source tool for analyzing vmp
Sean Park - Lovejoy replied to fjqisba's topic in Programming and Coding
I virtualized below part and tested it. 004010C2 6A 01 push 01 004010C4 53 push ebx 004010C5 FF15 1C614000 call dword ptr [0040611C] → USER32.dll!EndDialog 004010CB EB 09 jmp 004010D6 ↓ It is cahnged to thses codes. 00A810C2 | E9 27BA1800 | JMP win32gui.vmp.C0CAEE | 00A810C7 <win32gui | 57 | PUSH EDI | edi:EntryPoint 00A810C8 | C3 | RET | 00A810C9 <win32gui | 56 | PUSH ESI | esi:EntryPoint 00A810CA | C3 | RET | 00A810CB <win32gui | EB 09 | JMP win32gui.vmp.A810D6 | And I used your plugin by clicking the menu "VMP -> Show Graph" at the address of 00A810C2. then It hung. the IDA version is 8.3.23.0608.. Regards. sean.