All Activity
- Past hour
-
Sean Park - Lovejoy started following Luca91
-
Sean Park - Lovejoy started following Priboi
-
barkgod joined the community
-
Sean Park - Lovejoy started following Il Assembly References , Why ImpRec/Scylla sometimes cant redirect calls/jmp into new created IAT and Anti-Reverse Engineering (Assembly Obfuscation)
- Today
-
Ungrave joined the community
-
Why ImpRec/Scylla sometimes cant redirect calls/jmp into new created IAT
Priboi posted a topic in Scylla Imports Reconstruction
I have made little research why ImpRec/Scylla sometimes cant redirect calls/jmp into new created IAT. Different reason for imprec and scylla. -
koalarotm joined the community
-
iney joined the community
-
aissa1730 joined the community
-
yarkeei joined the community
-
zakoh joined the community
-
hello.web joined the community
-
safareto joined the community
-
Luna6076427 started following Programming and Coding
- Yesterday
-
TheDarksider started following BlackHat
-
X0rby changed their profile photo
- Last week
-
How to unpack this target? Regards. sean.
-
The Customizer - Skin+Psd (official TeamREPT Skin)
cdwayne foremost commented on Tracer's file in diablo2oo2 Universal Patcher (dUP)
-
How to format specific text to correctly displaying text?
adoxa replied to LCF-AT's topic in Programming and Coding
Read the last sentence of my previous message again... -
How to format specific text to correctly displaying text?
LCF-AT replied to LCF-AT's topic in Programming and Coding
Hi guys, I was downloading some text file from internet and when I print it into static control etc then I got that not correctly wrong mixed symbols or letters etc I would like to prevent but how is the questions. By the way, I tried using that IsTextUnicode function but I can only use the RtlIsTextUnicode function and this does crash always inside... invoke RtlIsTextUnicode,addr STRINGBUFFER ,sizeof STRINGBUFFER, IS_TEXT_UNICODE_ASCII16 ....so I don't know about all those specific Text Symbol styles things whatever they called etc but it really sux and I just want to have & use some simple format / fix functions I can run over my textbuffer to make them OK. @adoxa Yes it seems I have to remove those HTML entities from text buffer to format them correctly but how? Is there no ready function already I could use? Otherwise I have to make it myself. How much HTML Entities are there I have to check for? Or what are the most common used? I made this quick function... Remove_HTML_Entities proc uses edi esi ebx _buffer:DWORD invoke szRep,_buffer,_buffer,chr$("<"), chr$("<") invoke szRep,_buffer,_buffer,chr$(">"), chr$(">") invoke szRep,_buffer,_buffer,chr$("&"), chr$('&') invoke szRep,_buffer,_buffer,chr$("""), chr$('"') invoke szRep,_buffer,_buffer,chr$("'"), chr$("'") invoke szRep,_buffer,_buffer,chr$("¢"), chr$("¢") invoke szRep,_buffer,_buffer,chr$("£"),chr$("£") invoke szRep,_buffer,_buffer,chr$("¥"), chr$("¥") invoke szRep,_buffer,_buffer,chr$("€"), chr$("€") invoke szRep,_buffer,_buffer,chr$("©"), chr$("©") invoke szRep,_buffer,_buffer,chr$("®"), chr$("®") Ret Remove_HTML_Entities endp ...to remove some of those Entities. Seems to work OK so far but NOW I found another problem. When the entitie & was found and replaced with & and I do send that string buffer into my static control then the "&" is not displaying!=? Why? When I do messagebox that string buffer then the "&" gets displayed. So why is the & not showing when using it in a string? Also this fails... invoke SendMessage,STATIC_HANDLE,WM_SETTEXT,0,chr$("You & Me") = "You Me" and not "You & Me" Why? Is there any style I have to enable to make it work to display also the "&"? greetz -
Hello everyone ! Having been in infosec for a few years now, particularly on the Red Team side, I'm keen to discover new things. I have some basic knowledge of reverse engineering, but nothing too crazy. As I'm about to start a new contract on the Blue Team side, I'd like to practice a bit before starting. So I'd like to know your opinion on an easy malware family to reverse for a beginner. Thank you.
-
unlisted changed their profile photo
-
An open source tool for analyzing vmp
Sean Park - Lovejoy replied to fjqisba's topic in Programming and Coding
@jackyjask maybe, we do not need it any more. @fjqisba how does this IDA plugin help to analyze the vmprotect virtual machine? I do not know how to use this. I will be really appreciated if you could explain about it. Many thanks in advance. Regards. sean. -
An open source tool for analyzing vmp
jackyjask replied to fjqisba's topic in Programming and Coding
@fjqisba is GhidraVmp.dll obsoleted and now one has to use Revampire.dll instead? -
How to format specific text to correctly displaying text?
adoxa replied to LCF-AT's topic in Programming and Coding
If you want to change "standard" (&<>) HTML entities it would be simplest to search and replace manually; not sure what the best approach would be if you want to convert unknown HTML to text. Dialog text uses & to underline the next character, so they should be replaced with && for a literal &. -
How to format specific text to correctly displaying text?
Teddy Rogers replied to LCF-AT's topic in Programming and Coding
I don't know where you are sourcing your text from, possibly you can check the BOM - if it exists. If the text is a reliable source you could try utilising the IsTextUnicode function... Ted. -
How to format specific text to correctly displaying text?
LCF-AT posted a topic in Programming and Coding
Hi guys, so I got a little problem again with those UNICODE / SYMBOL chars in text / buffer I want to format to readable text and print that on a static control. So first I got some text issues showing me some strange symbol chars instead of text like this below... "Youâ€" is "You’ve" ...and I was then using the MultiByteToWideChar function with CodePage CP_UTF8 to change my ANSI text buffer to UNICODE. After that the text was displaying correctly using SetDlgItemTextW function. FIne so far I thought. Then I found another problem with a other symbol like this... Q&A is Q&A ...and I tried to use the same function as above but in this case I got this results back... Qamp;A !? My question now is...when I have any unknown text in buffer as ASCII / ANSI style then I want to format / convert this text buffer into 100 % readable / Symbol buffer I want to use with SetDlgItemTextW (Unicode) function to display the text 100 % correctly as original etc. What is the right method for this? greetz -
v4tb changed their profile photo
-
How to find the constant value when debugging an enigma protected application? no answer ???
-
create backup(from olly) functionality in x64dbg
Sean Park - Lovejoy replied to Priboi's topic in x64dbg
@Priboi Many thanks for the video presentation. Now I get it. Your plugin would be helpful. Regards. sean. -
I said program not plugin. Debugged program makes changes in code/data for example while unpacking and you are able to see where these changes are when using my plugin.
-
create backup(from olly) functionality in x64dbg
Sean Park - Lovejoy replied to Priboi's topic in x64dbg
@Priboi when does the code/data change by your plugin? I did not use the feature of the ollydbg, also I did not know it is. Now I check it out in ollydbg. It is a good feature. In ollydbg, If I create backup, then I change some codes. by using view backup, I can view the backed up data. after it, again If I click view actual data, I can view the current modified code/data. But with your plugin, what should I do to check what is the backed up code/data and what is the current modified or actual code/data? Many thanks in advance. Regards. sean. -
[C++ & MASM Source] - MyAppSecured v1.00 Beta (exe protector)
Priboi replied to TomaHawk's topic in Programming Resources
Can someone share MyAppSecured v1.00 Beta source? I dont have account here: https://forum.exetools.com/showthread.php?t=19316 EDIT: nevermind founded here:- 1 reply
-
- 1
-
You dont have to do changes on yourself its not the purpose of this plugin because you know what you have changed. The code/data should be changed by program itself.
-
+ password-protect-video.com
-
An open source tool for analyzing vmp
Sean Park - Lovejoy replied to fjqisba's topic in Programming and Coding
-
Well, the project is still a demo. I updated the plugin and provided a program for my own testing,you can try that. https://github.com/fjqisba/VmpHelper/releases
-
An open source tool for analyzing vmp
Sean Park - Lovejoy replied to fjqisba's topic in Programming and Coding
I virtualized below part and tested it. 004010C2 6A 01 push 01 004010C4 53 push ebx 004010C5 FF15 1C614000 call dword ptr [0040611C] → USER32.dll!EndDialog 004010CB EB 09 jmp 004010D6 ↓ It is cahnged to thses codes. 00A810C2 | E9 27BA1800 | JMP win32gui.vmp.C0CAEE | 00A810C7 <win32gui | 57 | PUSH EDI | edi:EntryPoint 00A810C8 | C3 | RET | 00A810C9 <win32gui | 56 | PUSH ESI | esi:EntryPoint 00A810CA | C3 | RET | 00A810CB <win32gui | EB 09 | JMP win32gui.vmp.A810D6 | And I used your plugin by clicking the menu "VMP -> Show Graph" at the address of 00A810C2. then It hung. the IDA version is 8.3.23.0608.. Regards. sean. -
For current plugin, it seems too early to analyze vmp oep, because vmp does a lot of operations at the beginning. Maybe you should try writing a small function, use vmp encryption, and then use plugin to analyze the begin of vmp function.
-
An open source tool for analyzing vmp
Sean Park - Lovejoy replied to fjqisba's topic in Programming and Coding
Win32GUI.vmp.zip Regards. sean. -
An open source tool for analyzing vmp
jackyjask replied to fjqisba's topic in Programming and Coding
What are the preconditions to start de-virting 3.5.0 x86? I'm hitting only this: sample https://workupload.com/file/bDGty7XBnfW sometimes it is crashing, eg: BTW, what IDA versions do you support? -
Well, this is because it has not been fully developed yet. you can try sending samples to me so I can fix it.