All Activity

Hey Ted, you are right! In the other dialog window its using a other font as in main dialog window.... FONT 8,"Tahoma" <-- IDD_MAIN DIALOGEX FONT 8,"MS Sans Serif" <-- IDD_DLGEDIT DIALOGEX .... ...somehow funny. Just because of the used font. Thank you for that info Ted. So I don't wanna bother you go on because of that WideChar / Multi function stuff but do you have some another advice how to deal with it? I know you told already lots of thing about it and it looks like my method using the function as I told you works so far but still not sure about it because you said something else you know. I would like to handle those different string stuff / codepage things. greetz

New Uploads Process Injection Mini Course eCRE - Reverse Engineer Professional 2022 The Beginner Malware Analysis Course by 0verfl0w Dark Vortex - Malware on Steriods Maldev Modules

Thank you mate

Yes There are no public devirtualization methods for Themida/Code Virtualizer

What is the character code/ hex value of the incorrect character? Assuming all the functions used are Unicode and the edit control styles are all good I would check the font is capable of displaying character "ƒ", try another font.... Ted.

Very good one (any.run alternative i guess): https://tria.ge/reports/public Search: https://tria.ge/s

Hello mate, The code virtualizer is it stable ? And if there is a public devirtualizer script in Ida or ollY Thank you I Can Do it with a demo version?

you can create a crack-me here for challenge and see 😁.

Themida / Code Virtualizer

Hello friends, I'm a developper and i've some softwares to protect againt code Analysis and reversing engineering, i know basics of reversing engineering and i know also all codes can be reversed and cracked! i need help to choose a good code virtualizer and packer to protect my softwares 32 bit (Language Is Delphi 7) and to virtualize some critical functions like verification serial... What about Vmprotect 3.8.8 Virtual Machine is there is a way to devirtualize the code? And what is the best Exe protector Thank you teams

Hey Ted, thanks again Ted. Lots of input what does confusing me more & more now. Alright, so I thought ANSI = ASCII just other term. So at the moment I'm just using codepage flag CP_UTF8 for both API's MultiByteToWideChar (reading my content file I did save before) & WideCharToMultiByte (convet my app internal UNICODE text / chars to export it in my content file). The text I have to deal with is already just in UNICODE only and all chars getting displayed alright so far like edit controls / listview etc. UNICODE text / char || WideCharToMultiByte,CP_UTF8 || WriteFile = Content Export text is CP_UTF8 CP_UTF8 text / char || ReadFile || MultiByteToWideChar,CP_UTF8 = Content Export is UNICODE So this is how I use the function now and it seems to work so I don't see or get any issues yet. Beside, that problem (I still don't know how to handle it correctly for 100% - above) I found another displaying problem. Look at this image below... ...so here you can see my listview above with text / symbols I did add and all are displaying correctly so far also in the EDIT control below = selected command with ƒƒƒƒƒƒ is displaying in the EDIT control below and all using same buffer. Now I want to edit the entry 5 in my listview and double click it to call the new EditBox DialogBox where you can see 2 EDIT controls displaying the same content of selected LV entry 5 but in this case (new dialogbox Edit controls) its not displaying the ƒƒƒƒƒƒ chars correctly! But why? What is the problem here? In the EDIT control under the LV it does display the ƒƒƒƒƒƒ and in the other one not but both using same style / ex values and using same buffer. Do you know what the problem in this case is? greetz

When you are referring to ANSI do you actually mean the displayable/ printable 7-bit ASCII Latin-1 character set within Windows-1252 code-page or the ANSI supplementary set above it? ANSI in Windows-1252 and ISO-8859-1 code-pages is the 8-bit character set that supplements the 7-bit ASCII character set. If you don't know what I mean it may be worth doing a Google and reading up on these code-pages; Windows-1252, UTF-8 and UTF-16. Windows-1252 code-page is segregated like this... ; 0-31 - ASCII Control Characters ; - Control characters (not intended for display or printing). ; 32-126 - ASCII Characters ; - Display and printable characters. ; 127 - ASCII Control Character ; - Control character (not intended for display or printing). ; 128-159 - ANSI Characters ; - Windows-1252 and ISO-8859-1 control characters. ; 160-225 - ANSI Characters ; - Windows-1252 and ISO-8859-1 characters. We can create a Windows-1252 code-page quite easily with a bit of code... cbMultiByte = 256 *lpMultiByteStr_1252 = AllocateMemory(cbMultiByte) If *lpMultiByteStr_1252 For Char = 0 To 255 PokeB(*lpMultiByteStr_1252+Char, Char) Next Char Debug PeekS(*lpMultiByteStr_1252+32, cbMultiByte-32, #PB_Ascii) ShowMemoryViewer(*lpMultiByteStr_1252, cbMultiByte) FreeMemory(*lpMultiByteStr_1252) EndIf We can visually see the results in "Memory Viewer", found in the screenshot below, with the (ASCII and ANSI) character set displayed in the "Debug Output" window (starting at offset 32) the displayable/ printable ASCII characters. If we use MultiByteToWideChar and tell it the text being converted is UTF8 (CP_UTF8) this is how all the ASCII and ANSI characters of a Windows-1252 code-page will be mapped to UTF-16... EnableExplicit Define *lpMultiByteStr Define *lpWideCharStr Define cbMultiByte.i Define cchWideChar.i Define Char.l cbMultiByte = 256 *lpMultiByteStr = AllocateMemory(cbMultiByte) If *lpMultiByteStr ; Create the character set 0 through to 255 (0xFF). For Char = 0 To 255 PokeB(*lpMultiByteStr+Char, Char) Next Char cchWideChar = MultiByteToWideChar_(#CP_UTF8, #MB_PRECOMPOSED, *lpMultiByteStr, cbMultiByte, #Null, #Null) If cchWideChar cchWideChar = cchWideChar * 2 *lpWideCharStr = AllocateMemory(cchWideChar) If *lpWideCharStr Debug MultiByteToWideChar_(#CP_UTF8, #MB_PRECOMPOSED, *lpMultiByteStr, cbMultiByte, *lpWideCharStr, cchWideChar) Debug PeekS(*lpWideCharStr+64, cbMultiByte-32, #PB_Unicode) ShowMemoryViewer(*lpWideCharStr, cchWideChar) EndIf FreeMemory(*lpWideCharStr) EndIf FreeMemory(*lpMultiByteStr) EndIf In the screenshot above you can see the ANSI character/ controls are all 0xFFFD. The reason for this is because those character codes (the number it represents) do not exist within the UTF8 code-page and can't be mapped to UTF-16. 0xFFFD is a UTF-16 replacement for unknown characters/ controls and is visually represented with the question mark within the diamond. How do we map the ANSI code-page to UTF8? First use MultiByteToWideChar to convert to UTF-16 using CP_ACP (or Windows-1252 code-page if not the system default) which then maps the ANSI characters (0xFFFD's) to known locations within the UTF-16 code-page. Once that is complete use WideCharToMultiByte to then on-convert from UTF-16 to UTF-8... EnableExplicit Define *lpMultiByteStr_1252 Define *lpMultiByteStr_UTF8 Define *lpWideCharStr_UTF16 Define cbMultiByte.i Define cbMultiByte_UTF8.i Define cchWideChar.i Define Char.l ; Create the Windows-1252 character set 0 through to 255 (0xFF). ; 0-31 - ASCII Control Characters ; - Control characters (not intended for display or printing). ; 32-126 - ASCII Characters ; - Printable characters. ; 127 - ASCII Control Character ; - Control character (not intended for display or printing). ; 128-159 - ANSI Characters ; - Windows-1252 and ISO-8859-1 control characters. ; 160-225 - ANSI Characters ; - Windows-1252 and ISO-8859-1 characters. cbMultiByte = 256 *lpMultiByteStr_1252 = AllocateMemory(cbMultiByte) If *lpMultiByteStr_1252 For Char = 0 To 255 PokeB(*lpMultiByteStr_1252+Char, Char) Next Char ; Get the required buffer size, in characters, for *lpWideCharStr_UTF16. cchWideChar = MultiByteToWideChar_(#CP_ACP, #MB_PRECOMPOSED, *lpMultiByteStr_1252, cbMultiByte, #Null, #Null) If cchWideChar ; Convert SBCS -> DBCS by multiplying by two (2) and allocate the memory. cchWideChar = cchWideChar * 2 *lpWideCharStr_UTF16 = AllocateMemory(cchWideChar) If *lpWideCharStr_UTF16 ; Convert the string and update cchWideChar with the number of characters written to *lpWideCharStr_UTF16. cchWideChar = MultiByteToWideChar_(#CP_ACP, #MB_PRECOMPOSED, *lpMultiByteStr_1252, cbMultiByte, *lpWideCharStr_UTF16, cchWideChar) If cchWideChar ; Get the required buffer size, in bytes, for *lpMultiByteStr_UTF8. cbMultiByte_UTF8 = WideCharToMultiByte_(#CP_UTF8, #Null, *lpWideCharStr_UTF16, cchWideChar, #Null, #Null, #Null, #Null) If cbMultiByte_UTF8 ; Allocate the memory. *lpMultiByteStr_UTF8 = AllocateMemory(cbMultiByte_UTF8) If *lpMultiByteStr_UTF8 If WideCharToMultiByte_(#CP_UTF8, #Null, *lpWideCharStr_UTF16, cchWideChar, *lpMultiByteStr_UTF8, cbMultiByte_UTF8, #Null, #Null) Debug "Win-1252: " + PeekS(*lpMultiByteStr_1252+32, 224, #PB_Ascii) Debug "UTF-16 : " + PeekS(*lpWideCharStr_UTF16+64, cbMultiByte-32, #PB_Unicode) Debug "UTF-8 : " + PeekS(*lpMultiByteStr_UTF8+32, cbMultiByte_UTF8-32, #PB_UTF8 | #PB_ByteLength) ;ShowMemoryViewer(*lpMultiByteStr_1252, 256) ;ShowMemoryViewer(*lpWideCharStr_UTF16, cbMultiByte) ShowMemoryViewer(*lpMultiByteStr_UTF8, cbMultiByte_UTF8) EndIf FreeMemory(*lpMultiByteStr_UTF8) EndIf EndIf EndIf EndIf FreeMemory(*lpWideCharStr_UTF16) EndIf FreeMemory(*lpMultiByteStr_1252) EndIf To sum up all the above... if you are sure your text contains ANSI characters give MultiByteToWideChar the correct code-page to use. If you intend converting ASCII/ ANSI strings you may be better using the ENG functions as they have a simpler parameter requirement; EngWideCharToMultiByte, EngMultiByteToWideChar, EngMultiByteToUnicodeN, see attached example... Ted. EngMultiByteToUnicodeN.zip

View File The Enigma Protector (x32 & x64 DEMO) This is an encryption example using The Enigma Protector 7.50 encryption. Enigma 7.5_x64_DEMO.rar TEP_7.5x32_DEMO.rar Submitter lengyue Submitted 04/29/2024 Category UnPackMe  

Really? Did you change it from what you posted? So maybe this is what you thought you did, not what you actually did? invoke MultiByteToWideChar,CP_UTF8,0,ansi$("TEST"),esi,0,0 mov ebx, eax add eax, eax <--- double size to alloc mov edi, alloc(eax)

Hi, so what about that MultiByteToWideChar function now? Wrong?! Yes, the ansi$("TEST") is ANSI string I want to convert to WideChar using CP_UTF8 CodePage because I did save everything in CP_UTF8 CodePage before and I also want to handle Symbol Chars if any in there like this 💋 to use it in my UNICODE app. In this case I'm using MultiByteToWideChar with CP_UTF8 too. Why do you say it's wrong Ted? It's working for me. Maybe its not important whether using CP_UTF8 / CP_ACP when reading from a ANSI text & CP_UTF8 text which are pretty same. So I did convert my UNICODE text / symbols from my Listview to CP_UTF8 with WideCharToMultiByte function as we talked before all the time about it. Now my content was converted & saved into content file which is using the UTF-8 CodePage (I need to have). Now when I run the app new it must read that content file back into listview and here I'm using the CP_UTF8 again with MultiByteToWideChar function to convert entire content file into WideChar format I need to use in my UNICODE style app. What is wrong here? When I use CP_ACP instead of CP_UTF8 then it will not display the symbols anymore like this 💋.... 0069B090 F0 9F 92 8B 💋 <--- 💋 ReadFile to // when using MultiByteToWideChar with CP_ACP I get that below... 0069B168 F0 00 78 01 19 20 39 20 ð.x 9 <--- Not displaying 💋 in LV 0069B090 F0 9F 92 8B 💋 <--- 💋 ReadFile to // when using MultiByteToWideChar with CP_UTF8 I get that below... 005CB258 3D D8 8B DC =Ø‹Ü <--- Does Display 💋 in LV ...you see? Guys, so when it is so simple as you say / think then just post any short example to see it. @adoxa I did double the space after MultiByteToWideChar function. Its telling my I need X size (wCHAR) and I do double it via add eax,eax and in EBX I have still the wCHAR size (not doubled) I'm using on second call to MultiByteToWideChar function. Did you not seen this or what do you mean? Common guys, don't make it harder to understand & handle as it should be. Thanks. greetz

Your MultiByteToWideChar is still wrong: you do need to double the returned length for the allocation (wide characters to bytes), but you still need to pass in the returned length (the buffer is in wide characters, not bytes).

LOWORD & HIWORD are unsigned, so when the mouse moves outside the window you're getting big values, causing it to go offscreen; use GET_X_LPARAM & GET_Y_LPARAM instead, then it will work fine.

The issue was picked up multiple times. Plus you have the API docs to refer to, with code examples. Looping back a bit, are you sure your text is "ANSI"? You won't be able to convert "ANSI" characters/ control codes passing CP_UTF8 with MultiByteToWideChar. They don't exist in the character set, and you will likely get $FFFD after the ASCII (127) characters. You will need to use CP_ACP... Ted.

Hey again, oh boy! That's so "I paint the town red" confusing! Lets summary. 💋 1.) I use lstrlenW = 2 in EAX to get the ccWideChar lenght 2.) Using ccWideChar (2) with WideCharToMultiByte which returns the ccMultiByte lenght (4) I would need as buffer lenght 3.) Alloc that ccMultiByte lenght of 4 or more 4.) Calling WideCharToMultiByte with 2 & 4 The code would be like this.... invoke lstrlen,addr _some_ // 💋 mov esi, eax invoke WideCharToMultiByte,CP_UTF8,0,addr _some_,esi,0,0,0,0 mov ebx, eax mov edi, alloc(eax) invoke WideCharToMultiByte,CP_UTF8,0,addr _some_,esi,edi,ebx,0,0 ...below like this... 0019FF4C 00401163 /CALL to lstrlenW from bones.0040115E 0019FF50 0045F3AE \String = "??" 💋 = EAX = 2 length I need to use for WideCharCount 0019FF30 0040117F /CALL to WideCharToMultiByte from bones.0040117A 0019FF34 0000FDE9 |CodePage = FDE9 0019FF38 00000000 |Options = 0 0019FF3C 0045F3AE |WideCharStr = "??" 0019FF40 00000002 |WideCharCount = 2 <-- 2 from lstrlen before 0019FF44 00000000 |MultiByteStr = NULL 0019FF48 00000000 |MultiByteCount = 0 0019FF4C 00000000 |pDefaultChar = NULL 0019FF50 00000000 \pDefaultCharUsed = NULL = EAX = 4 length I need to use for MultiByteCount next time 0019FF30 004011A3 /CALL to WideCharToMultiByte from bones.0040119E 0019FF34 0000FDE9 |CodePage = FDE9 0019FF38 00000000 |Options = 0 0019FF3C 0045F3AE |WideCharStr = "??" 0019FF40 00000002 |WideCharCount = 2 <-- 2 from lstrlen 0019FF44 005046A8 |MultiByteStr = 005046A8 <-- alloc buffer of 4 bytes 0019FF48 00000004 |MultiByteCount = 4 <-- buffer length 0019FF4C 00000000 |pDefaultChar = NULL 0019FF50 00000000 \pDefaultCharUsed = NULL = EAX = 4 bytes was written into new buffer of MultiByteStr 005046A8 ...so is this correct now so far? I think so. Why did you guys not telling me like this before? What a HARD BIRTH! But in case of using MultiByteToWideChar function I have to double the alloc size like this... invoke lstrlenA,ansi$("TEST") mov esi, eax invoke MultiByteToWideChar,CP_UTF8,0,ansi$("TEST"),esi,0,0 add eax, eax <--- double size to alloc mov ebx, eax mov edi, alloc(ebx) invoke MultiByteToWideChar,CP_UTF8,0,ansi$("TEST"),esi,edi,ebx ....maybe the best is really just using -1h in all cases of using those 2 functions and let the function handle / calc the length and I just need to sub the 0 termination byte. greetz

you could save short video and embed right in the post here

When you drag it fastly from the title, it gets lost.

What exactly gets lost ? Can you attach images before and after moving the window ? https://stackoverflow.com/questions/7773771/how-do-i-implement-dragging-a-window-using-its-client-area

hi @Sean Park - Lovejoy i have updated all the variables you mentioned with byte ptr and dword ptr in that procedure you've mentioned and set the rc variable to global and it doesn't crash anymore but at least the VU meter shows up. and now I have added uFMOD_GetStats to make the VU meter synchronize with the XM music . Thanks for your help

#include <Windows.h> #include <iostream> #include <windowsx.h> #define IDB_EXIT 102 PAINTSTRUCT ps; HDC hdc; RECT starfield_rc; BOOL g_bDragging = FALSE; POINT g_ptDragStart; int WIDTH = 350; int HEIGHT = 400; const int numStars = 50; const int starSpeed = 1; struct Star { int x, y; int speed; }; const int NUM_STARS = 100; Star stars[NUM_STARS]; HDC hdcMem; HBITMAP hbmMem; HBITMAP hbmOld; void starfield(HDC hdc, int x, int y, RECT *rc) { int width = 335; rc->left = x; rc->top = y; rc->right = width; rc->bottom = 249; HDC hdcMem = CreateCompatibleDC(hdc); HBITMAP hbmMem = CreateCompatibleBitmap(hdc, width, 215); HBITMAP hbmOld = (HBITMAP)SelectObject(hdcMem, hbmMem); HBRUSH brush = CreateSolidBrush(RGB(0, 0, 0)); FillRect(hdcMem, rc, brush); DeleteObject(brush); for (int i = 0; i < NUM_STARS; i++) { SetPixel(hdcMem, stars[i].x, stars[i].y, RGB(255, 255, 255)); stars[i].x = (stars[i].x + stars[i].speed) % width; } BitBlt(hdc, x, y, width, 215, hdcMem, 0, 0, SRCCOPY); SelectObject(hdcMem, hbmOld); DeleteObject(hbmMem); DeleteDC(hdcMem); } // main function LRESULT CALLBACK WndProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lparam); int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR szCmdLine, int nCmdShow) { for (int i = 0; i < NUM_STARS; i++) { stars[i].x = rand() % 340; stars[i].y = rand() % 249; stars[i].speed = rand() % 3 + 1; } TCHAR appname[] = TEXT("Template"); WNDCLASS wndclass; MSG msg; HWND hwnd; wndclass.cbClsExtra = 0; wndclass.cbWndExtra = 0; wndclass.hbrBackground = (HBRUSH)GetStockObject(BLACK_BRUSH); wndclass.hCursor = LoadCursor(NULL, IDC_ARROW); wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION); wndclass.hInstance = hInstance; wndclass.lpfnWndProc = WndProc; wndclass.lpszClassName = appname; wndclass.lpszMenuName = NULL; wndclass.style = CS_HREDRAW | CS_VREDRAW; // check this window class is registered or not if (!RegisterClass(&wndclass)) { MessageBox(NULL, TEXT("Window class is not registered"), TEXT("Error...."), MB_ICONERROR); return 0; } hwnd = CreateWindowEx(0, appname, // window name appname, // window text WS_VISIBLE | WS_POPUP, // set POPUP window style for no border & controls 100, // window position x 100, // window position y WIDTH, // width HEIGHT, // height NULL, NULL, hInstance, NULL); // show & update created window SetTimer(hwnd, 1, 10, NULL); // Set a timer to trigger every 100ms ShowWindow(hwnd, nCmdShow); // get message from queue while (GetMessage(&msg, NULL, 0, 0)) { TranslateMessage(&msg); DispatchMessage(&msg); } return msg.wParam; } bool isSizingOrMoving = false; // WndProc function LRESULT CALLBACK WndProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam) { HINSTANCE hIns; HWND exit_button, gen_button, title, license; LRESULT move = NULL; static int xClick; static int yClick; switch (message) { case WM_CREATE: { exit_button = CreateWindow(TEXT("BUTTON"), NULL, WS_CHILD | WS_VISIBLE | BS_BITMAP, 250, 360, 70, 30, hwnd, (HMENU)100, hIns, 0); HBITMAP exitImg = (HBITMAP)LoadImageA(GetModuleHandleA(nullptr), (LPCSTR)MAKEINTRESOURCE(IDB_EXIT), IMAGE_BITMAP, 0, 0, NULL); title = CreateWindow(TEXT("STATIC"), TEXT("Hello"), WS_CHILD | WS_VISIBLE, 150, 5, 120, 20, hwnd, 0, hIns, 0); SendMessageW(exit_button, BM_SETIMAGE, IMAGE_BITMAP, (LPARAM)exitImg); } break; case WM_PAINT: { PAINTSTRUCT ps; hdc = BeginPaint(hwnd, &ps); starfield(hdc, 6, 31, &starfield_rc); EndPaint(hwnd, &ps); break; } case WM_TIMER: InvalidateRect(hwnd, &starfield_rc, FALSE); break; case WM_COMMAND: switch (wParam) { case 100: PostQuitMessage(EXIT_SUCCESS); return 0; } break; case WM_CTLCOLORSTATIC: { hdc = (HDC)wParam; return (LRESULT)CreateSolidBrush(RGB(0, 0, 0)); // black and white break; } case WM_CTLCOLOREDIT: { hdc = (HDC)wParam; return (LRESULT)CreateSolidBrush(RGB(0, 0, 0)); // black and white break; } case WM_LBUTTONDOWN: { // Start dragging g_bDragging = TRUE; g_ptDragStart.x = LOWORD(lParam); g_ptDragStart.y = HIWORD(lParam); SetCapture(hwnd); } return 0; case WM_MOUSEMOVE: { if (g_bDragging) { // Calculate the offset int dx = LOWORD(lParam) - g_ptDragStart.x; int dy = HIWORD(lParam) - g_ptDragStart.y; // Get the current window position RECT rc; GetWindowRect(hwnd, &rc); // Move the window by the offset SetWindowPos(hwnd, NULL, rc.left + dx, rc.top + dy, 0, 0, SWP_NOSIZE | SWP_NOZORDER); } } return 0; case WM_LBUTTONUP: { // Stop dragging g_bDragging = FALSE; ReleaseCapture(); } return 0; case WM_DESTROY: PostQuitMessage(0); return 0; } return DefWindowProc(hwnd, message, wParam, lParam); } This is my starfield animation. Although you can drag the window. But if you drag it from extreme left or the top area, it gets lost. Can anyone help on how to fix this?