Leaderboard
Popular Content
Showing content with the highest reputation since 04/07/2025 in all areas
-
My server is working, i just migrated to docker. (Its WebDav , https) https://eddynet.cz:9865 File list is in attached files. content_250414.7z3 points
-
2 points
-
2 points
-
Key details to solving this challenge: The block size is 16 bytes. The first block is only Decrypted, not xor'ed. Each of the following blocks is Decrypted then xor'ed with the previous block Solving it would boil down to Encrypting a block then xor'ing it with the next block, which would roughly be as below unsigned char output_buffer[BINSIZE * 2] = {0}; unsigned char result_buffer[BINSIZE + 1] = {0}; DWORD data_size = BINSIZE; for(int i = 0; i < data_size; i = i + 16) { Encrypt(AESKey, result_buffer + i, output_buffer + i, 16); for(int j = i; j < i + 16; j++) { output_buffer[j + 16] = output_buffer[j + 16] ^ result_buffer[j]; } }2 points
-
2 points
-
Check the first post, I have attached there... Ted.2 points
-
Please check the first post, I have attached there... Ted.2 points
-
I did a tutorial for beginners explaining how to use the universal activator: YouTube2 points
-
View File Themida & VMProtect (Same Virtualized Code Sections) I want you guys who are capable of unvirtualizing and unpacking them to upload the final ones. These files are just the same part of the codes virtualized which are 2 lines of the original mfc source codes. So if you can unvirtualize them and unpack them, please upload the final ones. Any other protections are excluded absolutely. Give it a try and improve your skills. Best Regards. sean. Submitter lovejoy226 Submitted 04/08/2025 Category UnPackMe2 points
-
2 points
-
2 points
-
2 points
-
No need In the past,it was very slow upload in mediafire is only the one solution possible. One by one.2 points
-
Dear friends Berkeley Mono Font face is updated to version2. They included ligatures (nerd glyphs) directly in this build. The font face is 75$ for developer use only (no commercial use.) I have included this fontface so you can try them. Enjoy! Homepage hxxps://usgraphics[.]com/products/berkeley-mono Archive Pass: Download tx-02-berkeley-mono-pass=SCT.7z2 points
-
Hi @LCF-AT it appears you are stuck in js world 😀 ? So you still have problems with innerHTML, outerHTML,right ? Ok i will try to explane all ✍ ; The difference between innerHTML, outerHTML, and directly working with DOM elements (without these properties) can be confusing at first. Let me give you a clear explanation and show you some examples. 1. innerHTML What It Does: innerHTML allows you to get or set the HTML content inside an element. It includes all child elements, text, and HTML tags within the selected element. Use Case: When you need to modify or retrieve the content inside an element. Example: Using innerHTML // Example HTML: <div id="exampleDiv">Hello, <b>World</b>!</div> const div = document.getElementById("exampleDiv"); // Get the inner HTML content console.log(div.innerHTML); // Outputs: "Hello, <b>World</b>!" // Set new inner HTML content div.innerHTML = "New <i>Content</i>"; // Resulting HTML: <div id="exampleDiv">New <i>Content</i></div> Key Notes: Setting innerHTML replaces all the existing content inside the element. You can include raw HTML tags in the string (e.g., <i>), which will be parsed and rendered. 2. outerHTML What It Does: outerHTML allows you to get or replace the entire element itself, including its opening and closing tags, along with its content. Use Case: When you want to replace or retrieve the entire element, not just its inner content. Example: Using outerHTML // Example HTML: <div id="exampleDiv">Hello, <b>World</b>!</div> const div = document.getElementById("exampleDiv"); // Get the outer HTML (the entire element) console.log(div.outerHTML); // Outputs: "<div id="exampleDiv">Hello, <b>World</b>!</div>" // Replace the entire element with new content div.outerHTML = '<p id="newElement">This is a new paragraph!</p>'; // Resulting HTML: <p id="newElement">This is a new paragraph!</p> Key Notes: Unlike innerHTML, setting outerHTML replaces the selected element itself in the DOM. After replacing an element using outerHTML, any reference to that original element becomes invalid because it no longer exists in the DOM. Let me know if you'd like further clarification! 😊2 points
-
82,314 downloads
A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes in cond jumps, animate over/in, breakpoints 06. "The plain stupid patching method", searching for textstrings 07. Intermediate level patching, Kanal in PEiD 08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor 09. Explaining the Visual Basic concept, introduction to SmartCheck and configuration 10. Continued reversing techniques in VB, use of decompilers and a basic anti-anti-trick 11. Intermediate patching using Olly's "pane window" 12. Guiding a program by multiple patching. 13. The use of API's in software, avoiding doublechecking tricks 14. More difficult schemes and an introduction to inline patching 15. How to study behaviour in the code, continued inlining using a pointer 16. Reversing using resources 17. Insights and practice in basic (self)keygenning 18. Diversion code, encryption/decryption, selfmodifying code and polymorphism 19. Debugger detected and anti-anti-techniques 20. Packers and protectors : an introduction 21. Imports rebuilding 22. API Redirection 23. Stolen bytes 24. Patching at runtime using loaders from lena151 original 25. Continued patching at runtime & unpacking armadillo standard protection 26. Machine specific loaders, unpacking & debugging armadillo 27. tElock + advanced patching 28. Bypassing & killing server checks 29. Killing & inlining a more difficult server check 30. SFX, Run Trace & more advanced string searching 31. Delphi in Olly & DeDe 32. Author tricks, HIEW & approaches in inline patching 33. The FPU, integrity checks & loader versus patcher 34. Reversing techniques in packed software & a S&R loader for ASProtect 35. Inlining inside polymorphic code 36. Keygenning 37. In-depth unpacking & anti-anti-debugging a combination packer / protector 38. Unpacking continued & debugger detection by DLL's and TLS 39. Inlining a blowfish scheme in a packed & CRC protected dll + unpacking Asprotect SKE 2.2 40. Obfuscation and algorithm hiding2 points -
1 point
-
@boot You are an expert, please give me some advice. 20250416_190759.mp41 point
-
1 point
-
The goal is not to download this entire course and learn in such a short time, but to classify it in order to study what they do not know, then increase their knowledge by doing it step by step by researching what they want.1 point
-
Perhaps there are other methods, such as creating magnet links that can survive for a long time? I'm not sure. 🤔1 point
-
1 point
-
1 point
-
@0X7C9 is this your server(the above) pls add 'Hexorcist Reverse Engineering' course also1 point
-
1 point
-
Hi all i think it was this code source but not sure https://github.com/sl4v3k/VMProtect-second-leak If someone can confirm it will be appreciate1 point
-
@yano65bis Thank you for another detailed examples. Good one. How can I test it in Sublime like I can do in... https://developer.mozilla.org/de/play ...online playground? So I have another question about those all items I can use / find inside of HTML. Do you have some full list of all elements, tag names, attributes, properties and all that. Maybe you know some kind of visually card / leaflet I can look on it quickly to remember etc? I always forget what what is you know. Look... <img id="image" src="https://example.com/image.jpg" alt="Example Image"> <a id="link" href="https://example.com" target="_blank">Visit Example</a> <video id="videoPlayer" src="https://example.com/video.mp4" controls></video> img & a & video = elements right. All others = attributes? So that somehow what is hard to keep in mind correctly. Is there some kind of "donkey bridge" which could help to remember? What is the controls at video tag inside, how to call this? Otherwise I like that chain commands without to move anything into extra variable or something. Do you have any more complex chain examples what is possible? I know I'm using those chains in uBO AddOn sometimes to modify some website elements but also in this case its not always clear for me when using the > or * operator + functions etc but its interesting of course. Just need to find out the logically way behind of that to understand every step. greetz1 point
-
@LCF-AT : When You don’t Need innerHTML or outerHTML ? If you just want to fetch specific attributes (like id, src, or URLs), you don’t need innerHTML or outerHTML. Instead, use properties like .getAttribute() or direct access via .src, .href, etc. Example: xml <img id="image" src="https://example.com/image.jpg" alt="Example Image"> javascript const img = document.getElementById("image"); console.log(img.src); // Outputs: "https://example.com/image.jpg" console.log(img.getAttribute("alt")); // Outputs: "Example Image" Why You don’t Always Need innerHTML or outerHTML ? If your goal is simply to extract specific data (like URLs, IDs, or text), these properties are unnecessary. For example, if you want to fetch a URL from an <img> tag, accessing .src directly is more efficient than using innerHTML. Here’s an example of using direct access via .src, .href, and other similar properties to retrieve or modify data from HTML elements: Example: Accessing and Modifying Attributes : xml <!DOCTYPE html> <html lang="en"> <head> <title>Direct Access Example</title> </head> <body> <!-- Image with src attribute --> <img id="image" src="https://example.com/image.jpg" alt="Example Image"> <!-- Anchor with href attribute --> <a id="link" href="https://example.com" target="_blank">Visit Example</a> <!-- Video with src attribute --> <video id="videoPlayer" src="https://example.com/video.mp4" controls></video> <!-- Script to demonstrate direct access --> <script> // Access the image element const img = document.getElementById("image"); console.log("Image Source:", img.src); // Outputs: https://example.com/image.jpg console.log("Image Alt Text:", img.alt); // Outputs: Example Image // Modify the image source img.src = "https://example.com/new-image.jpg"; console.log("Updated Image Source:", img.src); // Outputs: https://example.com/new-image.jpg // Access the anchor element const link = document.getElementById("link"); console.log("Anchor HREF:", link.href); // Outputs: https://example.com // Modify the anchor href link.href = "https://new-example.com"; console.log("Updated Anchor HREF:", link.href); // Outputs: https://new-example.com // Access the video element const video = document.getElementById("videoPlayer"); console.log("Video Source:", video.src); // Outputs: https://example.com/video.mp4 // Modify the video source video.src = "https://example.com/new-video.mp4"; console.log("Updated Video Source:", video.src); // Outputs: https://example.com/new-video.mp4 </script> </body> </html> Accessing Attributes: .src: Retrieves the src attribute value of elements like <img> or <video>. .href: Retrieves the href attribute value of <a> (anchor) elements. .alt: Retrieves the alt attribute value of <img> elements. Modifying Attributes: You can directly assign new values to these properties (e.g., img.src = "new-url"). Output: The console.log() statements show the current values of attributes in the browser's developer console. Other example : Fetching URLs for Processing If you’re working with dynamic content (e.g., fetching URLs for images or videos), direct access is efficient: javascript const videoURL = document.getElementById("videoPlayer").src; console.log("Video URL:", videoURL); Dynamic Updates You can dynamically update attributes based on user interactions or API responses: javascript const img = document.getElementById("image"); img.src = "https://api.example.com/new-image.jpg"; thus : If you only need specific attributes like src, href, or alt, accessing them directly is faster and avoids unnecessary overhead. innerHTML retrieves all child elements and text inside an element, which is unnecessary if you only need a single attribute. greetz1 point
-
@yano65bis Thanks for your answer with examples but I have one big question. WHAT?! So for me it looks somehow same using inner or outerHTML. OK, if I understood you right then inner only grabs the inside after ID element and outer grabs just entire = all of it. Should I only use it if I wanna modify anything on that lines / Elements etc? Otherwise if I just try to grab info's like ID / Query etc to fetch dada from source / src like URLs and stuff then I don't need to use inner or outer right? PS: Still could not find any offline playground JS HTML CSS tool! Is there nothing? Just find online tools. Found another one here.. https://liveweave.com/ ....I wan to have offline / external / portable etc. greetz1 point
-
@yano65bis Thank you for detailed description so far but I have another small question. I didn't understood when using the inerHMTL / outerHTML / or nothing to my JS command property. Could you explain that a little with any examples? Using getElementById or getElementById.innerHTML etc. Still don't know. greetz EDIT: About Editors / test tools for JS / HTML / CSS like online. Sublime Text is too complicated to setup all the stuff manually. I need some ready testing tool like those online ones. Is there no local tool like that I can use offline?1 point
-
Hi For lightweight, portable editors for JavaScript development you can try 1 Sublime Text: A fast, lightweight editor with excellent support for JavaScript. It allows you to install plugins (like JsFormat and SublimeLinter) to enhance your coding experience2. Portable versions are available online.(just googling 😉) 2 Atom: Open-source and cross-platform, Atom is customizable and comes with smart code completion2. Lightweight compared to larger IDEs like Visual Studio Code. ------ For a complete reference of JavaScript's built-in functions, methods, and APIs, you can use the following resources: MDN Web Docs:: https://developer.mozilla.org/en-US/docs/Web/JavaScript https://developer.mozilla.org/en-US/docs/Web/API https://www.w3schools.com/js/ (for learning javascript online) ------- Placing Elements Relative to Existing HTML Elements: To place your dynamically created buttons relative to an existing HTML element (e.g., a video player), you can use DOM manipulation methods like appendChild, insertBefore, or CSS positioning. - Placing Below or Inside (Using appendChild) If you want to place the button inside the player element (e.g., below it): const player = document.getElementById("player"); // Assume "player" is the ID of the video player const button = document.createElement("button"); button.textContent = "My Button"; player.appendChild(button); // Places the button as the last child inside the player - Placing Above (Using insertBefore) If you want to place the button above the player element: const player = document.getElementById("player"); const button = document.createElement("button"); button.textContent = "My Button"; // Insert the button before the player element in its parent container player.parentNode.insertBefore(button, player); Using CSS for Precise Positioning You can use CSS styles for absolute or relative positioning: const player = document.getElementById("player"); const button = document.createElement("button"); button.textContent = "My Button"; button.style.position = "absolute"; // Position relative to its nearest positioned ancestor button.style.top = `${player.offsetTop - 50}px`; // Place above the player button.style.left = `${player.offsetLeft}px`; // Align horizontally with the player document.body.appendChild(button); ------ return button ? The return statement outputs the fully prepared button element from the function. Without return, the function would execute but not give you access to the created element outside of its scope. By returning button, you can store it in a variable (let BUTTON_1 = createButton(...)) and manipulate or append it later. Why Use const? Declaring button as const ensures that its reference cannot be reassigned (e.g., pointing it to a different object). However, you can still modify its properties (e.g., .type, .value, .style) because objects are "mutable". So the return statement allows a function to output a value (like a DOM element), enabling reuse and flexibility in your code. Greetz1 point
-
Hello @yano65bis, thank you very much for posting those example codes. They really looking and working nicely on the online tool. Slowly I suspect that you understand something about it! Somehow its getting a little harder but also cooler as well. So I have two more question about JS. Question 1: What offline editor I should use? What do you use (not asking for some Visual MS stuff with tons of MB's to install). Do you know any light low size portable tool etc? My question 2: Is there somewhere a compendium of ALL internal JS function's I can use already? You know, something like API reference / hlp where many API's are described and how to use it etc. Something like that. PS: Another question about where to place some own elements on HTML. Lets say I do create any button/s and I want to place them on specific OTHER HTML element which are already there. Just lets imagine there is a PLAYER element (like YT video player) and now I want to place a button above or below or left / right on that player element. So far I do remember I just grab again the ID of the player if present and then append my own button = should be places under the player. So what if I want to place it above so in case I can't use append function anymore right. On internet I found something about InsertBefore function. Otherwise I thought it would be doable to call appendChild function with an index value [0] etc to place the new child on top but I think its not working right. PS: Forgot something (another question) about that first code with the command line "return button; // Return the prepared button element". So far I see you did declare the button variable as const one (not changeable) and then you do return it with that variable but why? // Function to create a button (but don't append it yet) function createButton(buttonText, textToCopy) { const button = document.createElement("input"); button.type = "button"; button.value = buttonText; button.style.cursor = "pointer"; // Add click event listener button.onclick = () => { navigator.clipboard.writeText(textToCopy) .then(() => console.log(`Copied: ${textToCopy}`)) .catch(err => console.error("Failed to copy:", err)); }; return button; // Return the prepared button element } You put that first command "document.createElement("input");" into button variable, then you adjust that variable / type / value / style then you add the event onclick operation to it = Entire variable button was edited / prepared right, but then you use the "return button" command but why? I mean, the variable is already done or not? What does it return then and where? Again into button variable? Maybe you can explain this part a little to know why I have to use the variable at return command. Thanks. greetz1 point
-
1 point
-
hi The link doesn't allow downloading. Is there a way to download it?1 point
-
Does anyone have a link to the whole collection? The one OP posted doesn’t seem to work for me. Thank you.1 point
-
8,280 downloads
Today I release an unpacker script for Enigma Protector. Maybe you know that I created another unpacker script for Enigma in the past which no-longer works for protected Enigma files greater than 3.70+ and this is the reason why I wrote a new script, Enigma Alternativ Unpacker 1.0. So what is new in this script? This script will unpack your Enigma protected files and dump the used outer virtual machine. This means you do not need to use the DV / Enigma plugin which is used in my other script. Of course the virtual machine will be still virtualized but your unpacked files will work. It is not the best solution but for the moment it is a good "alternativ" and a working solution. Features of the script: ( 1.) Unpacking of ENIGMA 1.90 - 3.130+ ( 2.) RegSheme Bypass & HWID Changer ( 3.) Enigma CheckUp Killer ( 4.) VirtualMemory Dumper 1.90 - 3.x+ & SC Fixer M1 ( 5.) UIF Tool Necessary Sometimes! ( 6.) Enigma Intern Export & VM Scan + Log ( 7.) Improved Import Emulation Fixer ( 8.) Supports Exe & Dll Files [dll at EP!] This new script again covers almost all the protection features of Enigma Protector like my other script but it has been improved and I have added some extra things that you will see when you get to use it. I have created four video tutorials for you where you can see what you have to do in some of the different situations you may experience. Be sure that you "watch the videos" before you use the script to prevent some unnecessary questions where you can already find the answers if you watch them and then read my added text files. I also made an UnpackMe set with six different protected files (watch videos how to unpack all of them). If something does not work for you or if you get any trouble or have any questions then just post a reply on the topic (linked above) to get an answer.1 point -
1 point
-
VMProtect 3.x Anti-debug Method Improved Feature: Checksum ntoskrnl File Checksum Code Section Anti Debugger Anti HardwareBreakpoint https://github.com/strivexjun/XAntiDebug1 point
-
1 point
-
6,465 downloads
I want to release a new tutorial about the popular theme Themida - WinLicense. So I see there seems to be still some open questions mostly if my older unpack script does not work anymore and the unpacked files to, etc. So this time I decided to create a little video series on how to unpack and deal with a newer protected Themida target manually where my older public script does fail. A friend of mine did protect unpackme's for this and in the tutorial you will see all steps from A-Z to get this unpackme successfully manually unpacked but this is only one example how you can do it, of course. So the tutorial [videos + text tutorial] is very long and has a run-time of more than three hours and of course it will be necessary that you also read the text parts I made at the same time if possible but if you are already a advanced user then you will have it easier than a newbie. So I hope that you have enough patience to work through the whole tutorial. So the main attention I set on all things which happen after normal unpacking so the unpack process is the simplest part and all what comes after is the most interesting part and how to deal with all problems that happen. It's more or less like a live unpack session. I also wrote some small basic little helper scripts which you can also use for other targets to get valuable information if you need. Short summation: Unpacking Exception analysing VM analysing with UV plugin AntiDump's find & fixing & redirecting "after fix method" Testing on other OS My Special Thanks goes to Lostin who made this unpackme and others + OS's tests. (I want to send a thank you to Deathway again for creating this very handy and helpfully UV plugin). So this is all I have to say about the tutorial so far, just watch and read and then try it by yourself. Oh! and by the way I record ten videos and not only one. If something does not work or you have any problems with this tutorial, etc. then ask in the support topic only. Don't send me tons of PM's, OK! Thank you in advance. PS: Oh! and before someone has again something to complain because of my tutorial style [goes to quickly or is bad or whatever] then I just want to say, maybe you're right so normally I don't like to create and write tutorials. This is really not my thing so keep this in your mind.1 point -
1 point
-
1 point
-
239 downloads
For this example im going to take a UPX packed notepad and show you how to code a program to stop it at the point where the imports are being resolved, then im going to output the data to screen as they get resolved just as an example, at this point really if you were unpacking the exe you would grab the data and produce a fresh import table. after outputing the import data im going to then let the progam continue to OEP, halt it there and show a msgbox.1 point -
280 downloads
Well i wrote this essay because i was working on a process dumper, when I saw that many compressors/encrypters make the Import table unusable, and then, the dumped executables needed to have their import table rebuilt. I saw no essay about this on common win32asm sites, so here is a little help if you are interested in.1 point -
1 point
-
1 point
-
Unpacked! 1. Used dnspy to remove antitamper and the calls 2. converted all integer values that has something to do with strings ex: "epic".Length (my tool) 3. Resolved all SizeOf values with my tool 4. Calculated all math calls like Math.Truncate or Math.log10 with my tool 5. used de4dot to calculated the remaining stuff to get the field values. 6. grabbed the field values and removed the fields(marked as empty Types) with my tool 7. removed the cos and junk call that will always return 0 with any uint value you use in the parameter also marked as(marked as empty Types) (my tool) 8. cleaned the rest of math calculations with de4dot 9. TheProxy used his cflow killer to kill all the cflow Credits: TheProxy - Helping to remove the Cflow Mighty - helped me to get the types from operand (for sizeOf resolver) Autori and Blank - for tips pass: 1830 Screenshot: File: CrackMe3-StrToIntResolved-SizeOfRemoved-SysMathCallFixed-cleaned-EmptyTypesRemoved-EmptyTypesRemoved-cleaned_unpacked-StringDec-Cleaned.exe1 point
-
Hello everyone, Here is a small SDK example for TitanEngine Community Edition. It covers far from all features, but enough to get you started. This is the code: #include <windows.h>#include <stdio.h>#include <psapi.h>#include "TitanEngine\TitanEngine.h"PROCESS_INFORMATION* fdProcessInfo;LPVOID lpBaseOfImage;char szDumpName[MAX_PATH]="";static void log(const char* format, ...){ va_list args; va_start(args, format); char msg[1024]=""; vsprintf(msg, format, args); puts(msg);}static void cbOep(){ long long rip=GetContextData(UE_RIP); log("> OEP 0x%llX reached!", rip); log("> Dumping..."); DeleteFileA(szDumpName); //Dump the process (notice that szDumpName need to be a full path) if(!DumpProcess(fdProcessInfo->hProcess, lpBaseOfImage, szDumpName, rip)) { log("> DumpProcess failed..."); StopDebug(); return; } log("> Dumping done!"); log("> Fixing imports..."); ULONG_PTR iatStart=0; ULONG_PTR iatSize=0; //Search for IAT (Search start is 'OEP' in Scylla) ImporterAutoSearchIAT(fdProcessInfo->dwProcessId, szDumpName, rip, &iatStart, &iatSize); if(!iatStart || !iatSize) { log("> IAT not found..."); StopDebug(); return; } log("> IAT Start: 0x%llX, IAT Size: 0x%llX", iatStart, iatSize); char szSectionName[]=".unp64"; //Auto fix the file (append a section & fix IAT) if(!ImporterExportIATEx(szDumpName, szDumpName, szSectionName)) { log("> ImporterExportIATEx failed..."); StopDebug(); return; } log("> Imports fixed!"); //Stop debugging StopDebug();}static void cbNearOep(){ log("> Near OEP!"); //Step using the trap flag StepInto((void*)cbOep);}static void cbPeSpin(){ //Set a hardware breakpoint at RSP with size 8 on read/write SetHardwareBreakPoint(GetContextData(UE_RSP), UE_DR0, UE_HARDWARE_READWRITE, 8, (void*)cbNearOep);}static void cbEntry(){ //Get RIP register long long rip=GetContextData(UE_RIP); log("> Entry point 0x%llX reached!", rip); //Search for MPRESS pattern unsigned char pattern[4]= {0x5D, 0x5B, 0xC3,0xE9}; BYTE wildcard=0; long long found=Find((void*)rip, 0x1000, pattern, 4, &wildcard); if(!found) { //Search for PESpin pattern unsigned char pespin[4]= {0xFF, 0x64, 0x24, 0xF8}; long long found=Find((void*)rip, 0x1000, pespin, 4, &wildcard); if(!found) { log("> MPRESS/PESpin pattern NOT found..."); StopDebug(); return; } log("> PESpin pattern found on 0x%llX!", found); //Step over StepOver((void*)cbPeSpin); return; } //Set a simple INT3 breakpoint SetBPX(found+3, UE_BREAKPOINT, (void*)cbNearOep); log("> MPRESS pattern found on 0x%llX!", found);}static void cbCreateProcess(CREATE_PROCESS_DEBUG_INFO* CreateProcessInfo){ //Get the loaded base lpBaseOfImage=CreateProcessInfo->lpBaseOfImage; log("> Process created on 0x%llX!", lpBaseOfImage);}static bool DevicePathToPath(const char* devicepath, char* path, size_t path_size){ if(!devicepath || !path) return false; char curDrive[3]=" :"; char curDevice[MAX_PATH]=""; for(char drive='C'; drive<='Z'; drive++) { *curDrive=drive; if(!QueryDosDeviceA(curDrive, curDevice, MAX_PATH)) continue; size_t curDevice_len=strlen(curDevice); if(!_strnicmp(devicepath, curDevice, curDevice_len)) //we match the device { if(strlen(devicepath)-curDevice_len>=path_size) return false; sprintf(path, "%s%s", curDrive, devicepath+curDevice_len); return true; } } return false;}static bool GetFileNameFromHandle(HANDLE hFile, char* szFileName){ if(!GetFileSize(hFile, 0)) return false; HANDLE hFileMap=CreateFileMappingA(hFile, 0, PAGE_READONLY, 0, 1, 0); if(!hFileMap) return false; void* pFileMap=MapViewOfFile(hFileMap, FILE_MAP_READ, 0, 0, 1); if(!pFileMap) { CloseHandle(hFileMap); return false; } char szMappedName[MAX_PATH]=""; if(GetMappedFileNameA(GetCurrentProcess(), pFileMap, szMappedName, MAX_PATH)) { DevicePathToPath(szMappedName, szFileName, MAX_PATH); UnmapViewOfFile(pFileMap); CloseHandle(hFileMap); return true; } UnmapViewOfFile(pFileMap); CloseHandle(hFileMap); return false;}static void unpack(char* szFileName){ //Set an engine variable (hide console window of created process) SetEngineVariable(UE_ENGINE_NO_CONSOLE_WINDOW, true); //Get full file path HANDLE hFile=CreateFileA(szFileName, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0); if(hFile==INVALID_HANDLE_VALUE) { log("> File \"%s\" doesn't exist...", szFileName); return; } GetFileNameFromHandle(hFile, szDumpName); CloseHandle(hFile); log("> Unpack of file \"%s\" started...", szFileName); FILE_STATUS_INFO inFileStatus= {}; if(IsPE32FileValidEx(szFileName, UE_DEPTH_DEEP, &inFileStatus) && inFileStatus.FileIs64Bit && !inFileStatus.FileIsDLL) { log("> 64-bit PE file detected!"); //Make name of dumped file int len=strlen(szDumpName); while(szDumpName[len]!='.' && len) len--; if(!len) len=strlen(szDumpName); strcpy(szDumpName+len, "_unp64.exe"); //Start the process fdProcessInfo=(PROCESS_INFORMATION*)InitDebugEx(szFileName, 0, 0, (void*)cbEntry); if(fdProcessInfo) { log("> InitDebug OK!"); //Set a custom handler SetCustomHandler(UE_CH_CREATEPROCESS, (void*)cbCreateProcess); //Start debug loop DebugLoop(); } else log("> InitDebug failed..."); } else { log("> Invalid/x86/DLL file..."); } log("> Unpack ended");}int main(int argc, char* argv[]){ puts("unp64 v0.1\n\nSupported packers:\nMPRESS v2.19\nPESpin v1.22 (Packer only)\n"); if(argc<2) puts("usage: unp64 [file.exe]"); else unpack(argv[1]); Sleep(2500); return 0;}Example output:unp64 v0.1Supported packers:MPRESS v2.19PESpin v1.22 (Packer only)> Unpack of file "mpress.exe" started...> 64-bit PE file detected!> InitDebug OK!> Process created on 0x140000000!> Entry point 0x14000F0F3 reached!> MPRESS pattern found on 0x14000FBD7!> Near OEP!> OEP 0x140005DC8 reached!> Dumping...> Dumping done!> Fixing imports...> IAT Start: 0x14000F048, IAT Size: 0x38> Imports fixed!> Unpack endedProject files + Binaries attached.Greetings, Mr. eXoDia unp64.rar1 point
-
Anyone got a keygen library dictating RSA? i have seen MD5 libraries but not found an implementations of RSA thx1 point