Jump to content
Tuts 4 You

All Activity

This stream auto-updates     

  1. Past hour
  2. From my quick test these are the window messages that you won't be able to block, or change the window filtering of, by using ChangeWindowMessageFilterEx. I only did a quick test on Windows 10, I would expect the result to be similar from Windows Vista onward... Ted.
  3. Today
  4. Posting this at the request of TechLord since I felt it is unfair to not approve his posts when he said nothing wrong. Also I think it doesn't make sense trying to restrict a member or place him under moderation-required when you leave the registration wide open for anyone to create any number of accounts. 🤣 And Mr Teddy Rogers, with all due respect, could you please turn off that Canvas Fingerprinting that is turned on at tuts4you in an attempt to identify the account holder? It is so very old and there are many plugins to bypass it . Finally, I hope that you will address the problem rather than try to ban or limit my account (once again, a BIG lol) . This was the EXACT mistake that the EXETOOLS guys did, IMO. Instead of addressing the problem, they ban or promote/demote members left and right. Won't solve the problem.A GOOD admin will try to TALK with the members and SOLVE the problem. Regards
  5. A small correction here @Kurapica :) The "website" (TIRA Forum) is not mine anymore. Even though I had created that forum a year ago, I needed to sell it off late last year, due to ill-health. Many of the well known members from various RCE forums including tuts4you are already members there. Some visit there regularly and some don't. But as they all know, I am just an ordinary member there, not even a VIP lol :D One good thing is that the admin there has a zero tolerance policy towards conflict creation and discussion of matters pertaining to scene dramas there at TIRA, and any such discussions in the public threads there would lead to an immediate ban. I am generally retired from the RCE world and I rarely visit other forums. I spend whatever time I have with my family. A lot things happened in the past and I have since, moved on. I just hope that I do not get blamed whenever something bad happens at any RCE forums, especially not without any evidence whatsoever!
  6. TobitoFatito

    My first crackme(KoiVM)

    file doesn't run at all
  7. Yesterday
  8. samoray

    [unpackme] Armadillo 4.66

    it should be tuts4you or something like that
  9. Hey Ted, thanks for the another infos so far.So if you say that those messages cant be blocked / disabled does it also mean they cant be enabled / allowed?Its only for Win 10 or lower OS too?Just asking so I didnt used or did know about that UIPI thing before....also I hadnt used to send any datas from one app to another before like I did in the example above.But good to know that now. greetz
  10. Jasi2169

    Visual Studios 2019 Pro - trial

    Sent u keys for enterprise n pro
  11. Thanks for the nice words, I really hope peace returns soon This is a lose lose situation for all, no one is winning anything here Good Luck with your new website
  12. kumartest18

    [unpackme] Armadillo 4.66

    password to unrar the file?
  13. I ran a very quick test and it looks like the following window messages below 0x0400 (on Windows 10) cannot be blocked... 003 / 0x0003 / WM_MOVE 005 / 0x0005 / WM_SIZE 013 / 0x000D / WM_GETTEXT 014 / 0x000E / WM_GETTEXTLENGTH 051 / 0x0033 / WM_GETHOTKEY 127 / 0x007F / WM_GETICON 773 / 0x0305 / WM_RENDERFORMAT 776 / 0x0308 / WM_DRAWCLIPBOARD 781 / 0x030D / WM_CHANGECBCHAIN 787 / 0x0313 / WM_POPUPSYSTEMMENU (Undocumented) 794 / 0x031A / WM_THEMECHANGED 795 / 0x031B / WM_UAHINIT (Undocumented) 799 / 0x031F / WM_DWMNCRENDERINGCHANGED (Undocumented) Ted.
  14. My interpretation of this is that some window messages below 0x0400 will be allowed irrespective of ChangeWindowMessageFilterEx filtering. I do not know which window messages are affected. Just keep this in mind if something seems to not be working. Use a virtual machine to test your programs and default OS builds. It is going to save you a lot of time trying to guess if things are not working correctly because of the way you have customised your OS... Ted.
  15. TobitoFatito

    KoiVM Modded 2019

    Patched it (didn't devirt) But i can't attach file since i cant obfuscate the dll that i used without your file breaking ;-; Might upload the cracked file in a day or 2 when i find a way to obfuscate my .dll without the file breaking Edit: the executable is named crackme because when i dumped the packer i renamed it to crackme without noticing Edit2: Download Link: https://anonfiles.com/V504690ana/CrackMeCracked_Protected_rar Doesn't let me attach file its too big
  16. I am sorry to hear about the attacks on your forum site @Kurapica but in my opinion, they could be from random bots, as we also had been experiencing similar attacks on our TIRA forum over the past few months. Since you specifically mentioned that the attacks on your site started “since these incidents” I want to confirm that you had always treated us with respect and therefore neither me nor my “supporters” have anything at all to do with the attacks on your site. I also want to add that me and my friends hold the BlackStorm team (and the forum) in high regard and we will not think of anything in the way of harming the site. To avoid starting another flame-war, I will not comment anything else regarding the other forums. As many know, I am mostly busy for the past few months on the TIRA forum and I do not have time for all this nonsense anymore. Going by the past history of my posts on this forum, I have a feeling that this post will be removed soon, and so, I was in two minds whether to post it here at all. But I decided to post this anyway since I did not want @Kurapica or anyone else here to misunderstand me or my supporters.
  17. I can't say I'm running a major RCE website or that we are in a race with any other team, we started black storm as a place for friends and RCE fans since these incidents started, I block IPs on a daily basis trying to brute-force the admin page and just this morning, the attacks have returned again
  18. mamo434376

    +36 Protection / MM-VMP

  19. Last week
  20. NichaenMod

    +36 Protection / MM-VMP

    have you discord ?
  21. Hi Ted, I only have XP in VM and there is no UAC present.Just testet your file in XP too but its crashing because of missong ChangeWindowMessageFilterEx functions which only is present from Win 7.The regkey to UIPI is empty (Win7) only a clipboard / ExceptionFormats folder entry is into and nothing else. Ok,so if you say my code looks ok so far then its ok for me too.If the functions is present then I call it if I want to enable some handles / WM_ messages etc. One thing about the info to WM_USER and lower values.So do you mean I cant use higher values?Ok,on the other hand WM_USER is already the highest one of all WM_x messages. WM_USER equ 400h <-- highest WM_COMMAND equ 111h WM_SETTEXT equ 0Ch WM_NULL equ 0h <-- lowest etc.. greetz
  22. Run a fresh installation of an OS in a virtual machine. It is a simple and good way to test your programs across various OS's and configurations. New installs have UAC set at the second highest value. Check "default" UIPI value in your registry, I suspect there may be a value in "data". Delete this so that a value is not set. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI The code looks okay, just be sure you have the correct handle and the parameter being passed is correct. You can use GetLastError to check this. The remarks for ChangeWindowMessageFilterEx mention values lower than WM_USER can be, "passed through the filter, regardless of the filter setting"... Ted.
  23. Drin

    DNGuard HVM - Enterprise

    Manually founded offsets (CRC/Trial/Anti-jit/Anti-resolver) in HVMRuntm.dll and patched them, also hooked GetModuleFileNameA(0, ..) to return name of unpacking target and used DNGuard_HVM_Unpackerfr4
  24. My intentions are good and I think that knowledge like this should be made available to all. I came across this mirror site as this was mentioned on several online forums yesterday. So I posted it here. Then there should be no problems for anyone 😉
  25. Same group of children that got banned recently and refuse to grow up. The forums have quited down a lot since all the last drama and most releases are done elsewhere now anyway because of it. Everything they are dumping and mirroring is all public anyway.
  26. we all know who is behind this and I think it's a bad move, this will simply start a new flaming war again !
  27. SITE AT: https://exetools.org This seems to be a mirror of the popular EXETOOLS forum website containing all the posts from the original forum, current as of today. Apparently the file attachments from the original site would be uploaded within the next 3-4 days. The mirror is also being updated every 2-3 days. There is no need for registration or login and all the reverse engineering knowledge from the past 20 years (1999 till date), is available to anyone to freely browse on the world wide web. Once the attachments are also uploaded to this mirror site, then anyone would be able to access this treasure-house of knowledge without any need to beg on twitter or solve "puzzles" to get hold of registration codes. This is of course very good news for most of us who are not able to download the attachments on the original EXETOOLS forum site. As of now the site is not searchable but the creator of the mirror site says that google custom search would be added to the mirror site so that we would be able to access the content with lightning fast searches. In certain browsers, the threads do not seem to render correctly at this time but they are easily remedied, as per the author, by switching to the HYBRID MODE under Display Modes as seen in the screenshot: According to the author of the mirror, the TO-DOs are: - Add Google Custom Search to the site - Upload the attachments also - Create a parallel forum also in conjunction with the mirrored threads so that anyone can take part in the discussions This is definitely a work in progress but I think that the author did an excellent job so far already. Knowledge such as this is invaluable and should be free for all to access! The person who put up this mirror did an excellent job.
  28. Hi Ted, thanks for the new files so I did checked them out.So it keep working to send datas from sender to receiver anyway if I allow or disallow it so the counter button gets increased the whole time.I always get this info back if I press reset / allow / disallow buttons... ...seems they have really no effect for me. About UAC.I have this disabled.Do you have yours enabled?I think I need to reboot if I change this settings for UAC.Do you mean if I enable it then it should trigger something?Maybe if its really the UAC setting reason that its not working for so do you know which minimum setting I need to set in UAC window?There are 4 settings I can set.... ....the last one I have = disabled. Of course I dont know the UAC settings of any user who using my apps,so in this case I should better use this function code to allow getting some input from a extern source right? One more thing about allowing.So in my case I wanna allow first a specific EDIT control to receive some text datas with WM_SETTEXT message = like above already.Also I wanna allow the receiver to get WM_COMMAND in my main proc input from extern sources.Have I to enable this too? Example: Below my code in my sender app.Sending text to EDIT control of receiver app and after this also sending WM_COMMAND + ID for a button / wparam to the main routine. Send2StreamTool proc uses edi esi _buffer:DWORD local runs:DWORD invoke FindWindow,NULL,chr$("Stream Tool 1.0 (Drag & Drop broken video files!)") .if eax != FALSE mov edi, eax xor esi, esi .while eax != FALSE invoke FindWindowEx,edi,esi,chr$("Edit"),NULL .if eax != FALSE mov esi, eax invoke GetDlgCtrlID,esi .if eax != FALSE .if eax == 1002 ; URL EDIT Handle of stream tool 1.0 invoke SendMessage,esi,WM_SETTEXT,0,_buffer .if eax == FALSE invoke SetDlgItemText,hWnd_Main,IDC_INFO,chr$("SendMessage to other process failed!") .else invoke GetDlgItem,hWnd_Main,IDC_CHECKBOXSENDPLAY mov ecx, eax invoke IsWindowEnabled,ecx .if eax != FALSE invoke IsDlgButtonChecked,hWnd_Main,IDC_CHECKBOXSENDPLAY .if eax == BST_CHECKED invoke SendMessage,edi,WM_COMMAND,1009,NULL ; IDC_PLAY == 1009 of stream tool .endif .endif .endif .break .endif .endif .endif .endw .endif Ret Send2StreamTool endp ....now in my receiver app I execute this code once only at WM_INIT.... invoke GetDlgItem,hWnd,IDC_URL ; <--- Edit control to receive text invoke SetMessageFilter,eax,WM_SETTEXT,MSGFLT_ALLOW ; <--- allow edit control invoke SetMessageFilter,hWnd,WM_COMMAND,MSGFLT_ALLOW ; <--- allow with main routine handle SetMessageFilter proc uses edi esi _handle:DWORD,_message:DWORD,_mode:DWORD invoke GetModuleHandle,chr$("user32.dll") .if eax == FALSE invoke LoadLibrary,chr$("user32.dll") .if eax == FALSE ret .endif .endif mov edi, eax ; base of user32 invoke GetProcAddress,edi,chr$("ChangeWindowMessageFilterEx") .if eax == FALSE ret .endif mov esi, eax ; function to esi push NULL push _mode push _message push _handle call esi ret SetMessageFilter endp ...like this.Just wanna allow the edit control XY and WM_COMMAND for main routine.Should this be ok so far or do you see any problem issues here?Just wanna be sure also if I cant test it on my PC now because of disabled UAC settings.As I said,I just wanna allow the edit control / WM_SETTEXT & WM_COMMAND for main hwnd at the moment to receive some datas. greetz
  1. Load more activity
  • Create New...