Leaderboard

You Chinese are showing off again. Hurry up and upload the patch

I found the way I have define that struct in MASM64: MODULEINFO STRUCT lpBaseOfDll DQ ? ; Base address of module SizeOfImage DQ ? ; Size of the module in bytes EntryPoint DQ ? ; Entry point of the module MODULEINFO ENDS GetModuleInformation return proper value.

You missed alignment of struct members, I guess.

This is what I thought at first; anyway declarated like this doesn't works; SizeOfImage has to be also a qword.

20260222_142320.mp4

Just wanted to post my solution here for anyone who might stumble upon this thread. GitHubGitHub - hekliet/tsrh-kgm: Keygen for TSRh TeaM Trial Key...Keygen for TSRh TeaM Trial KeygenMe #1. Contribute to hekliet/tsrh-kgm development by creating an account on GitHub.The 'keygen' provided in this repo is a simple command line program that takes a line of input (the username) from stdin and prints a regcode. It should compile anywhere. MSVC users might have to substitute getline with gets or something, I don't know. A keygen that looks pretty and plays music can be found here: https://hekliet.nekoweb.org/tsrh-kgm/tsrh-kgm1-keygen.zip It's a Win32 executable that also works in Windows x64 and was coded on Linux using MinGW. No video, sorry.

Unpacked. WL_unpacked.7z

Hi Codexplorer, First of all, I wanted to say a huge thank you for your work on the Unlicense project and for sharing your compiled version/updates. It’s an incredible resource for the community. I've been testing the tool on some specific WinLicense 3.x protected targets (specifically 32-bit/x86 binaries). While the tool works great on many samples, I encountered a few hurdles with recent Python/LIEF environments and x86 targets that might be worth looking into for a future improvement: LIEF Compatibility: Recent versions of LIEF (0.17+) seem to have changed some attributes (like MACHINE_TYPES moving to Header.MACHINE_TYPES) and now return section names as bytes instead of strings, causing TypeErrors in dump_utils.py. Frida RPC Stability on x86: I've noticed frequent TypeError: not a function errors during the setupOepTracing or enumerateModuleRanges calls when targeting x86 apps on Windows 10/11. This often leads to AccessViolation because the IAT resolution gets interrupted or fails to map correctly. Forced IAT/OEP: On some complex targets, adding a more robust "forced mode" for OEP and IAT (bypassing the Frida instrumentation if the user already knows the addresses) helped me get further, but a native implementation in your branch would be amazing. If you have any plans to optimize the x86 engine or update the dependencies handling for the newer LIEF versions, that would be a game-changer for those of us working on older automotive or industrial software. Thanks again for the hard work and for keeping this project alive! @CodeExplorer Hi Codexplorer, First of all, I wanted to say a huge thank you for your work on the Unlicense project and for sharing your compiled version/updates. It’s an incredible resource for the community. I've been testing the tool on some specific WinLicense 3.x protected targets (specifically 32-bit/x86 binaries). While the tool works great on many samples, I encountered a few hurdles with recent Python/LIEF environments and x86 targets that might be worth looking into for a future improvement: LIEF Compatibility: Recent versions of LIEF (0.17+) seem to have changed some attributes (like MACHINE_TYPES moving to Header.MACHINE_TYPES) and now return section names as bytes instead of strings, causing TypeErrors in dump_utils.py. Frida RPC Stability on x86: I've noticed frequent TypeError: not a function errors during the setupOepTracing or enumerateModuleRanges calls when targeting x86 apps on Windows 10/11. This often leads to AccessViolation because the IAT resolution gets interrupted or fails to map correctly. Forced IAT/OEP: On some complex targets, adding a more robust "forced mode" for OEP and IAT (bypassing the Frida instrumentation if the user already knows the addresses) helped me get further, but a native implementation in your branch would be amazing. If you have any plans to optimize the x86 engine or update the dependencies handling for the newer LIEF versions, that would be a game-changer for those of us working on older automotive or industrial software. Thanks again for the hard work and for keeping this project alive! @CodeExplorer

Bypassed the license check but unpack is too complicated. The imports are very heavy wrapped. Can do it but few hours manual work will need.

This one is an interesting sample. Code is really small, so it was stolen completely, thus it's hard to tell app code from protector code. Functional code is quite simple, just MessageBoxA. And that's it, it does nothing more. After showing the message box it starts freeing memory that definitely isn't app code. But for the sake of completeness let's get to the bottom of this. We have 8 more code bytes. And we have 1 reloc pointing there, meaning ExitProcess should perfectly fit in. Unpacked file attached with code, import and relocs restored and sections cut. unpacked.exe

This one is quite easy or easy protection options were chosen. Import isn't redirected. EP code is restored, sections are cut, resources rebuilt. Had to cut it in 2 parts. unpacked.part1.rar And part 2. unpacked.part2.rar

@0X7C9 pls can u upload https://tut4u.com/hexorcist-reverse-engineering-course/ in your webdav server

Up!

off the Web Protection.

You can provide Another link & And solve this problem

Server is up , woth better uplink !Use webdav client. like WinSCP host : https://eddynet.cz:9865 u: learn p: 4EKS9umUYme3WAZrC

It is empty

Someone please share zero 2 automated reversing course. Thank you.

I added 64 bit support and generic extraction HydraDragonAntivirus/MegaDumper: Fixed 2025 version of Mega Dumper

some old tools to dump LTPs (199x, 200x) https://workupload.com/file/DarwJdWpGR8

- Patch CRC_CHECK: 0x0046FB8D - I think I need some time to modify the source code of shfolder.dll Video_2024-01-16_170946.mp4

How to Unpack ? Solution - 3.9.5.3.zip

Hi, Can someone provide MODULEINFO structure in MASM64? invoke GetModuleInformation, hProcess, qword ptr [rax], addr modInfo, sizeof MODULEINFO I realized that MODULEINFO structure is not defined anywhere!