Jump to content
Tuts 4 You

All Activity

This stream auto-updates     

  1. Past hour
  2. ...or just use MSDN key that's available on the net and avoid all that insanity. NYWVH-....
  3. Today
  4. Make sure the higher privileged application is the one changing the message filter of the lower privileged window. Ensure you have the correct window handle of the lower privileged window. Have a read through the remarks for ChangeWindowMessageFilterEx. Another thing to be mindful of is if you allow multiple instances of the same application. You may need to consider using mutex's or assigning unique identifiers to each application... Ted.
  5. or simply use tools like RunAsDate
  6. Yesterday
  7. JMC31337

    Visual Studios 2019 Pro - trial

    didn’t mean to stir up arguments 1) I'm not signing into anything 2) not re-downloading vis studio 3) not paying point was just to show how dumb MCSFT is that this ide should have expired and forced me to do any of the above prior 1-3’s, and all it takes is a simple clock setback to continue to use it despite its being expired without any license ps: sure, I could vm my os and do it that way
  8. Apuromafo

    Visual Studios 2019 Pro - trial

    https://visualstudio.microsoft.com/es/vs/support/community-edition-expired-buy-license/ really need login for unlock the ide, only that Community Edition is free. You just need to sign-in with your Microsoft account and everything will be fine again. im was using from 2017 to today..never i was need a licence .. only login BR, Apuromafo
  9. CodeExplorer

    Visual Studios 2019 Pro - trial

    Visual Studio Community also expires: I mean you still have to register online: https://www.quora.com/Visual-Studio-Community-Edition-2017-is-alerting-me-that-Your-30-day-free-trial-has-ended-activate-license-or-close-Why-would-this-be-happening
  10. Apuromafo

    Visual Studios 2019 Pro - trial

    there exist visual studio community, maybe can use until you can found other licence/
  11. JMC31337

    Visual Studios 2019 Pro - trial

    yup i deleted the bin/debug/ project exe and added a msg box to test that and changes are saved added screenshots to show ya what I’m saying - no I don’t not wanna pay for any license on this thing
  12. mamo434376

    +36 Protection / MM-VMP

    is it too difficult to unpack xd
  13. CodeExplorer

    DNGuard HVM - Enterprise

    I've seen that Drin user posted solutions but without any explanation/tutorial so it has removed from view!
  14. 身勝手のごくい

    Visual Studios 2019 Pro - trial

    Hai, Are u sure the changes u make are in the binary u debug? VS has this bad predefined option which doesnt build changes on 'start debugging'. There are 2 options the one is under solution properties irc and the other one in options projects & solutions build & run. VS licensing is like this from as far i remember 2013?+, depending on the version checks for further data and ur 'trick' there, wont work if ur date is over month. Ive digged this shit some time ago to make a loader since their community products require microsoft account logins. If u keep face this problem or any license related let me know. Regards
  15. Dunno if this is in the right topic forum or not but I found something ridiculous in vis studios Apparently MCSFT gives you a time limitation evaluation in its vis studios 2019 trial after my time expired I decided to set my system clock back 2 weeks Instead of the “your trial license has expired,” it fired up but at first any changes made in my cs files wouldn’t stick when debugging my prog i deleted the VS backup folder and deleted the VS splash open recent’s solution selected the open local folder and headed to my prog’s directory of cs files hit F5 debug and it let me continue running it with 14 more days trial license —lost my designer window though so no ez drag n drop toolbox stuff
  16. JMC31337

    BIOS Rootkit ?

    Old post but... id recommend getting ROOTKITS AND BOOTKITS Reversing Modern Malware and Next Generation Threats by Alex Matrosov, Eugene Rodionov, and Sergey Bratus
  17. Last week
  18. , totaling nearly 21 GB. https://www.zdnet.com/article/hacker-steals-data-of-millions-of-bulgarians-emails-it-to-local-media/
  19. Hi guys, I will check this WM_COPYDATA too fearless.Thanks for that info. Ok Ted,so on my tests all seems to work without getting any error but I already did wonder why its working so easy.Before I thought also I need to set some access rights for the other process or something.So could you explain this ChangeWindowMessageFilterEx function a little for me?I dont get it yet.Or just tell me how to check this. Lets say I execute my example code from above from App 2 to send text to App 1's edit control via SendMessage WM_SETTEXT.After this function I check eax for TRUE = success or FALSE = failed.In a case of failed I should now call GetLastError function and checking for ERROR_ACCESS_DENIED.Ok,lets say it is this case so what then?Calling now ChangeWindowMessageFilterEx.The HWND = main HWND of App 1 itself right?So I mean the first handle I got from FindWindow function.What to enter in message paramter = WM_SETTEXT?For 3 paramter = MSGFLT_ALLOW and 4 parameter = nothing.Do you mean this so? Example: invoke FindWindow,NULL,chr$("App1") .if eax != FALSE mov edi, eax xor esi, esi .while eax != FALSE invoke FindWindowEx,edi,esi,chr$("Edit"),NULL .if eax != FALSE mov esi, eax invoke GetDlgCtrlID,esi .if eax != FALSE .if eax == 1002 ; Edit control ID of App1 invoke SendMessage,esi,WM_SETTEXT,0,_buffer .if eax == FALSE invoke GetLastError .if eax == ERROR_ACCESS_DENIED invoke LoadLibrary,chr$("user32.dll") invoke GetProcAddress,eax,chr$("ChangeWindowMessageFilterEx") .if eax != FALSE push NULL push TRUE ; MSGFLT_ALLOW push WM_SETTEXT push edi call eax .if eax != FALSE invoke SendMessage,esi,WM_SETTEXT,0,_buffer .break .endif .endif .endif .endif .break .endif .endif .endif .endw .endif So I tried this code.In my case WM_SETTEXT does work before ...I bypassed this and did call this ChangeWindowMessageFilterEx function and here I get this error 5 of ERROR_ACCESS_DENIED back and eax FALSE.Have I dont it wrong etc?Or do you mean I need to use this function ChangeWindowMessageFilterEx in App1 and not in App2? I also tried to use ChangeWindowMessageFilterEx in App1 calling with MSGFLT_DISALLOW with WM_SETTEXT.Now in app2 I did call WM_SETTEXT with handle of Edit control of App1 and its still working = no access denied etc. Do you have a small example code using this function to set to allow / disallow correctly?Just wanna test whether it works in both directions to verify it. Thank you
  20. Just be mindful of UIPI and process elevation levels if you plan on using SendMessage. Otherwise you will need to look at changing window message filters (ChangeWindowMessageFilterEx) of lower privileged windows. You can check if your messages are being blocked by calling GetLastError and checking for access denied (5)... Ted.
  21. Another option is to use WM_COPYDATA https://docs.microsoft.com/en-us/windows/win32/dataxchg/wm-copydata The following example demonstrates how to send information between two applications using the WM_COPYDATA message: https://docs.microsoft.com/en-us/windows/win32/dataxchg/using-data-copy
  22. Hi Ted, after some trying and remembering I found out a way using FindWindow/Ex functions. invoke FindWindow,NULL,chr$("App1") .if eax != FALSE mov edi, eax xor esi, esi .while eax != FALSE invoke FindWindowEx,edi,esi,chr$("Edit"),NULL .if eax != FALSE mov esi, eax invoke GetDlgCtrlID,esi .if eax != FALSE .if eax == 1002 ; EDIT ID of App1 invoke SendMessage,esi,WM_SETTEXT,0,_buffer .break .endif .endif .endif .endw .endif Seems to work. Should be ok for my task. greetz
  23. Depends on how much data you intend on exchanging as there are a number of different options. This link explains some of them... https://docs.microsoft.com/en-au/windows/win32/ipc/interprocess-communications Ted.
  24. Hi guys, I have a new small question. I would like to start a new other process from my app using CreateProcess function.Now if the new other app runs I would like to send some datas into the other app like to an edit control. Example: App 1 and App 2.Both can run for itself without to need each other.Now I wanna start App 2 from App 1 = both apps running.Here I would like already to send some datas from App 1 into App 2 on startup like PID / Handle infos etc and if App 2 runs it should check whether infos was send on startup or not to know that App 1 is waiting for some infos from App 2.App 2 should now send infos to App 1 so in my case example it should just send text from clipboard into a specific Edit control of App 1 so that App 1 does get this info and shows them into the specific Edit control.You know what I mean right? How can I do this?Normal if I run another process from app 1 then I have the PROCESS_INFORMATION of the new created process.Somehow here I should send some infos to this process into any specific static location so that App 1 does check this locations on start to know aha I must send datas to app 1.Something like that you know.I think I just need the PID and HWND and ID of Edit control of app 1 in app 2 and sending then anyhow new text into app 1.Similar like SendMessage,WM_SETTEXT in own process.Has anyone done this before already and could tell how I could do this? greetz
  25. GoleSang

    Self Protection {Unpack me 2}

    pleas explain how u unpack it?
  26. TobitoFatito

    Few thoughts on .NET obfuscators

    I'd be sure that they made a devirt only if i saw the koivmhelper.dll without dnguard, for some reason i think that they check the parameters and the calls with the handle invoker Why would i think of that? well i've searched the 'devirted' file and i've only seen this change (on vcall opcodes) which basically changes the methodinfo.invoke to be invoked from the .dll? (which makes it easy to change the result and also check the parameters and the call) Another thing i found is that they load all the stuff from the resources instead of the metadata stream (the stuff that cant be preserved with dnspy saving) which makes me think the same thing. Final thing, i had the original vpnhunter exe with koivm and the types and methods were not differently named... which means that it hadn't been koivm'ed on top of the devirt
  27. MistHill

    [DevirtualizeMe] Themida

    No, thanks. Compared to Themida v2, the themida v3 does not have a great improvement over the VMs. There are two types of VMs in this UnPackMe, Dolphin and Tiger.
  28. I know I can do it with dnlib or one by one with DnSpy, but is there other app that ready to use for doing this? example, I want to replace ldc.i4 50 call int32 MyApp.MainForm::getInt(int32) with ldc.i4 5 nop
  29. mamo434376

    +36 Protection / MM-VMP

    Language : .NET Platform : Windows OS Version : All Packer / Protector : My Class Protector - Anti Memory Edit + OpCode Protection hariç diğer tüm korumalar birlikte çalışıyor. Description : oh maaan my class protector xd ---------------------------------------- Good Luck! İyi Şanslar! удачи Protector Screen Shot: UnpackME Screen Shot: unpackme.exe
  1. Load more activity
  • Create New...