Leaderboard
-
jackyjask
Full Member+77Points1,645Posts -
CodeExplorer
Team Member33Points4,330Posts -
Stuttered
Full Member32Points93Posts -
.hloire
Full Member23Points58Posts
Popular Content
Showing content with the highest reputation since 08/19/2025 in all areas
-
Flare-On 12
6 pointsIt's that time of the year again. It seems we're starting September 26 8PM EST again with a return to Web3 and YARA as well. Four weeks instead of six this year... I wonder what the reason for this is. 🤔 https://flare-on.com/6 points
-
kill a process and prevent it from being created again
Hi @LCF-AT , DriverMonitor is an old tool that has been released for over 20 years. I am accustomed to using this app to load some Windows drivers. For learning and testing purposes, I used some leaked certificates to sign this driver. Now I will upload the signed driver here. I have set up a callback function (ProcessNotifyExRoutine_call_back) in the driver to filter specific process names in order to prevent their loading. Therefore, before uninstalling the driver, the target process cannot be started. This simple APP can kill some driver-protected antivirus software or system-level processes. For example, antivirus software such as Kaspersky and Symantec. If you terminate the system processes (e.g. winlogon.exe and dwm.exe), it will result in a BSOD. bin_v0.002.zip(Requires: 64-bit OS & >= Windows 7) DriverMonitor_EN.rar Video_2025-09-14_161309.mp4 (4.69 MB)4 points
-
Do you know any file size info & calculation tools?
damn it! this is GENIOUS! (instead of WinAPI old dirty crap!!!) easy! just read the docs :) built a binary using that multi-precision lib: (left vs last build fom @Stuttered ) FileSizeCALC_0.0.11.zip4 points
-
Nuitka 2.1.5 (Python 3.11)
3 pointsYou can look for HydraDragonAntivirus/AutoNuitkaDecompiler: Get malware payload without dynamic analysis with this auto decompiler or my main project. I did with that. If you want dynamic analysis then Is Nuitka No Longer Secure? A Reverse Engineering Tool for Nuitka/Cython-Packed Applications — pymodhook | by qfcy | Medium (There more advanced special python code for pymodhook but it's closed source for vxnet and not made by me so I can't make it public) If you want both dynamic and static: Siradankullanici/nuitka-helper: Symbol Recovery Tool for Nuitka Binaries I did extract with stage1.py or nuitka-extractor extremecoders-re/nuitka-extractor: Tool to extract nuitka compiled executables (or just do dynamic analysis for extract and sometimes it can't extract or Nuitka compiles executable as dll so you need dll loader It seems like it becoming obsolete · Issue #15 · extremecoders-re/nuitka-extractor) my main project not stable but if he is become stable then he can detect is he nuitka and do auto extract with auto decompile and you get source code. Nuitka is actually hiding data in resources section in specia bytecode format. Actual source code starts from (u)python.exe or /python.exe (generally in broken executables) then you need look for <modulecode part for import recovery and Nuitka compiles with everything for obfuscation. So too many comment lines from file exists. You can detect junks by that line contains no u word. Which means this line is junk because u means go to next line in Nuitka bytecode. Nuitka is not obfuscated if he doesn't compile with everything otherwise it's obfuscated. You can improve my script by looking Nuitka bytecode source code. You can post to ay AI to recover code but Gemini is currently best for very long codes. Compared to other obfuscators you need pyarmor with Nuitka to make him more secure (or guardshield with pip install guardshield), otherwise it's easy task if there no too many imports. Rarely user disables compile everything even if the docs then your task much easier but in default Nuitka compiles everything. Nuitka clearly worser than Rust for some reason. 1) Antiviruses flags as malware because malware analysts can't understand Nuitka (even if they are too experinced they really don't know how to solve Nuitka) so you get false positives. 2) It's not good obfuscator and it's not creating millions of line hello world code via normal cython. I don't recommend python to use for avoid reverse engineering but you can still use it. If you want I can give all details which I know with tutorial or I can release my main project for auto Nuitka decomplication. My last words are don't use pyoxidizer, pyinstaller, cx_freeze if you want obfuscate your code because Nuitka is still best open source option for python. Nuitka can't remove python.h so the code must be pseudo python (Cython like style)3 points
-
AT4RE Power Loader
3 points
-
AT4RE Power Loader
3 pointsNew Version 0.9 Published Release Date: 06/09/2025 [+] New Checkbox in Options Form - Creat a Loader For Windows XP. Loader Details: [+] Loader Now Full Support Windows XP x32 and x64.3 points
-
Do you know any file size info & calculation tools?
3 points
-
Do you know any file size info & calculation tools?
Update v0.0.10. Thx @jackyjask for pointing to the BigNumber library and assist. See attached. FileSizeCALC_v0.0.10.rar3 points
-
AT4RE Power Loader
3 points
-
Nuitka 2.1.5 (Python 3.11)
3 pointsNuitka can be easily unpacked and reversed. It doesn't obfuscate your code well. I'm suprised nobody solved this very easily. Also your executable is broken. Here is the full source code: def check_password(): """Check password function""" user_password = input("Enter the password: ") specific_password = "secret110" if user_password specific_password: print("Good boy!") else: print("Bad boy!") if name "__main__": check_password()3 points
-
ConfuserEx 1.6.0
3 points
-
Code Blocks Formatting
3 points
-
Do you know any file size info & calculation tools?
@Stuttered the formatting using Code Blocks seems to be working okay here... using System; using System.IO; using System.Windows.Forms; namespace FileSizeCalculator { public partial class Form1 : Form { private TextBox outputTextBox; public Form1(string filePath = null) { // Set form properties this.Text = "File Size Calculator"; this.Size = new System.Drawing.Size(400, 350); this.AllowDrop = true; this.DragEnter += Form1_DragEnter; this.DragDrop += Form1_DragDrop; // Create a label for instructions Label instructionLabel = new Label { Text = "Drag and drop a PE file here or onto the desktop icon.", AutoSize = true, Location = new System.Drawing.Point(10, 10) }; this.Controls.Add(instructionLabel); // Create a multiline TextBox for output outputTextBox = new TextBox { Multiline = true, ReadOnly = true, ScrollBars = ScrollBars.Vertical, Location = new System.Drawing.Point(10, 40), Size = new System.Drawing.Size(360, 250) }; this.Controls.Add(outputTextBox); // Process file if provided via command-line (desktop icon drop) if (!string.IsNullOrEmpty(filePath)) { ProcessFile(filePath); } } private void Form1_DragEnter(object sender, DragEventArgs e) { if (e.Data.GetDataPresent(DataFormats.FileDrop)) { e.Effect = DragDropEffects.Copy; } } private void Form1_DragDrop(object sender, DragEventArgs e) { string[] files = (string[])e.Data.GetData(DataFormats.FileDrop); if (files.Length > 0) { ProcessFile(files[0]); } } private void ProcessFile(string path) { outputTextBox.Text = string.Empty; if (!File.Exists(path)) { outputTextBox.Text = "File not found."; return; } // Check if it's a PE file (starts with 'MZ') bool isPE = false; try { using (FileStream fs = new FileStream(path, FileMode.Open, FileAccess.Read)) { byte[] header = new byte[2]; if (fs.Read(header, 0, 2) == 2 && header[0] == 77 && header[1] == 90) // 'M' and 'Z' { isPE = true; } } } catch (Exception ex) { outputTextBox.Text = $"Error reading file: {ex.Message}"; return; } if (!isPE) { outputTextBox.Text = "The dropped file is not a valid PE (Portable Executable) file."; return; } FileInfo fi = new FileInfo(path); long sizeInBytes = fi.Length; // Units and descriptions (binary prefixes: 1024-based) var units = new[] { new { Name = "Bytes (B)", Description = "1 Byte = 8 bits", Divisor = 1.0 }, new { Name = "Kilobytes (KB)", Description = "1 KB = 1024 Bytes", Divisor = Math.Pow(1024, 1) }, new { Name = "Megabytes (MB)", Description = "1 MB = 1024 KB = 1,048,576 Bytes", Divisor = Math.Pow(1024, 2) }, new { Name = "Gigabytes (GB)", Description = "1 GB = 1024 MB = 1,073,741,824 Bytes", Divisor = Math.Pow(1024, 3) }, new { Name = "Terabytes (TB)", Description = "1 TB = 1024 GB = 1,099,511,627,776 Bytes", Divisor = Math.Pow(1024, 4) }, new { Name = "Petabytes (PB)", Description = "1 PB = 1024 TB = 1,125,899,906,842,624 Bytes", Divisor = Math.Pow(1024, 5) } }; string output = $"File: {Path.GetFileName(path)}\r\n\r\nFile Size Breakdown:\r\n"; foreach (var unit in units) { double sizeInUnit = sizeInBytes / unit.Divisor; output += $"{unit.Name}: {sizeInUnit:F2} ({unit.Description})\r\n"; } outputTextBox.Text = output; } } static class Program { [STAThread] static void Main(string[] args) { Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); string filePath = args.Length > 0 ? args[0] : null; Application.Run(new Form1(filePath)); } } }Ted.3 points
-
Do you know any file size info & calculation tools?
Hi again, fixed negative numbers bug (or I think that it is fixed 😅) fixed thousand delimiter bug (I hope its work in your system 🤞) added support directories 🤓 source included as before 👇 ShowFileSize__3.rar3 points
-
kill a process and prevent it from being created again
Below are some core code snippets. // process monitoring callback function // disable the creation of specified processes VOID ProcessNotifyExRoutine_call_back( PEPROCESS pEProcess, HANDLE hProcessId, PPS_CREATE_NOTIFY_INFO CreateInfo) { if (NULL == CreateInfo) { return; } PCHAR pszImageFileName = PsGetProcessImageFileName(pEProcess); if (0 == _stricmp(pszImageFileName, "avpui.exe")) // target process name { CreateInfo->CreationStatus = STATUS_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY; } }NTSTATUS ZwKillProcess(HANDLE pid)//Kill the process { HANDLE hProcess = NULL; CLIENT_ID ClientId; OBJECT_ATTRIBUTES oa; NTSTATUS status; ClientId.UniqueProcess = pid; ClientId.UniqueThread = 0; oa.Length = sizeof(oa); oa.RootDirectory = 0; oa.ObjectName = 0; oa.Attributes = 0; oa.SecurityDescriptor = 0; oa.SecurityQualityOfService = 0; status = ZwOpenProcess(&hProcess, 1, &oa, &ClientId); if (NT_SUCCESS(status)) { ZwTerminateProcess(hProcess, 0); ZwClose(hProcess); return status; }; return FALSE; }bin.zip e.g. video_2025-09-13_120702.mp42 points
-
Code Blocks Formatting
2 points@Teddy Rogers hi! there are fresh issues/complains on forum upgrade over here -> https://forum.tuts4you.com/topic/45674-do-you-know-any-file-size-info-calculation-tools/#comment-2266762 points
-
Unpacking with Anthracene
2 points
- 668 downloads
Anthracene 01 - UPX 2.01w What is a packer and what does it do How can we identify a packer? How we can unpack a simple packer like UPX Why the dumped file will crash when we run it What we can do to fix this problem by using ImpRec Anthracene 02 - AsPack 2.12 How to unpack packers by using the ESP trick, theory Anthracene 03 - ASProtect 1.20 Another example on how to unpack using the ESP trick How and why to set Olly's exception passing options in order to unpack Unpacking a program using the 'exception counting trick' Tracing through the SEH of a protector in order to find the OEP How to use some of the more advanced ImpRec features in order to rebuild imports that aren't fixed straight away. Anthracene 04 - PolyEnE 0.01 No ESP trick, no exception counting - straight forward logical thinking!2 points -
ConfuserEx 1.6.0
2 points
-
[Release source code(Make Public) fo Code Deobfuscator x86_32/64]
The tool was designed for obfuscated code, not for handling standard code with external calls (iat, etc.). So, when splitting blocks, an address will likely be invalid. There's nothing stopping you from implementing and adding new features to the code. procedure TCFG_Analysis.SplitBlock( split_addr: UInt64); (* Split basic block @ split_addr and create a new basic_blocks[] entry. *) var bb_head,orig_head : UInt64; instr : TCfGIns; tmpIns : TIns; begin OutDbg( Format('>Function:SplitBlock - Entry splitting @ [%08x] ',[split_addr])); if Fbasic_blocks.ContainsKey(split_addr) then Exit; bb_head := split_addr; orig_head := DFSBBSearchHead(split_addr); if orig_head = 0 then begin OutDbg(Format('>Function:SplitBlock - Failed @ [%08x]: orig_head=None ',[split_addr])); // raise Exception.Create('SplitBlock: orig_head not found'); end; OutDbg(Format('>Function:SplitBlock - Got orig_head [%08x] ',[orig_head])); // Create new BBlock Fbasic_blocks.Add(bb_head,[]) ; if Length(Fbasic_blocks[orig_head]) > 0 then begin tmpIns:= Fbasic_blocks[orig_head]; instr := tmpIns[ High(Fbasic_blocks[orig_head]) ]; SetLength(tmpIns, Length(Fbasic_blocks[orig_head])-1); Fbasic_blocks[orig_head] := tmpIns; end else Exit; while True do begin tmpIns:= Fbasic_blocks[orig_head]; Insert(instr,tmpIns,0 ); Fbasic_blocks[orig_head] := tmpIns; if instr.OriginEA = bb_head then break ; tmpIns:= Fbasic_blocks[orig_head]; instr := tmpIns[ High(Fbasic_blocks[orig_head]) ]; SetLength(tmpIns, Length(Fbasic_blocks[orig_head])-1); Fbasic_blocks[orig_head] := tmpIns; end; OutDbg(Format('>>Function:SplitBlock - Split @ [%08x]; original @ [%08x]',[split_addr,orig_head])); end;2 points
-
Do you know any file size info & calculation tools?
Only because this is how the online app does it, I guess? this — PostimagesApp still needs some clean up, and the stretchable is fine. The internal VER I don't care about atm. Nice! I'll take a look at the changes.2 points
-
Do you know any file size info & calculation tools?
2 points
-
Do you know any file size info & calculation tools?
Hmmm... Not sure I can do that, but I'll take a look. Here is v0.0.7. FileSizeCALC_x86_v0.0.7.rar2 points
-
Do you know any file size info & calculation tools?
Hi, Added some lazy codes Fixed some bugs (and added new ones 😅) . ShowFileSize__4.rar2 points
-
Do you know any file size info & calculation tools?
Okay, here is a TEST version. I had to change the code to handle Big Number calculations, which sucked. See attached (if I can get this to work, I'll look at other requests by LFC-AT). FileSizeCALC_TST.rar2 points
-
Do you know any file size info & calculation tools?
You are welcome. It was a good exercise! v0.0.3 is attached with SRC (minor bug fix). FileSizeCalc_v0.0.3.rar2 points
-
Do you know any file size info & calculation tools?
@Stuttered Thank you for the new tool version. Now it looks better and I can use the comma to enter more precise values.Drag & Drop works too but only for single files. All in all you both made a nice tool so far I can use offline. 🙂 I'm really not into Math at all and never was! 🙃 greetz2 points
-
Do you know any file size info & calculation tools?
2 points
-
Do you know any file size info & calculation tools?
Latest attempt to get as close to the web site as possible. See attached PE and SRC. pic — Postimagespic2 — PostimagesFileSizeCalc.rar2 points
-
Do you know any file size info & calculation tools?
Hi guys, thanks for feedback so far. @h4sh3m Thanks for version 2 but its still buggy. If I enter 2 & GB I get this results... Bit: 17179869184 Byte: 2147483648 KB: 2.097.152,000000000000000 MB: 2.048,000000000000000 GB: 2,000000000000000 TB: 0,001953125000000 PB: 0,000001907348633 ...and if I copy & paste the GB results or just enter 2,0 I get this... Bit: 171798691840 Byte: 21474836480 KB: 20.971.520,000000000000000 MB: 20.480,000000000000000 GB: 20,000000000000000 TB: 0,019531250000000 PB: 0,000019073486328 ...whats not so correct. 🙂 @Stuttered Yes similar like or the website like I did post. In your image the results looking very unclean to have a good overview. Even I need to have some manually entering option. So normally there are apps for everything so why the heck I don't find any tool for this calc stuff? One more question, so I always find sometimes those online tools to convert stuff or whatever etc, some nice handy tools but just online only. Is it possible to save that webpage and make some kind of standalone quick loading app etc? PS: Why are the code in code tags (inline?) looks so strange now / too much space between the lines? I also don't see any preview button anymore on that new style! greetz2 points
-
Do you know any file size info & calculation tools?
what's the problem using code sections? eg using System; using System.IO; using System.Windows.Forms; namespace FileSizeCalculator { public partial class Form1 : Form { private TextBox outputTextBox; .... But generally I agree - in the past there were more options to insert source code.... @Teddy Rogers it is a limitation of new upgraded forum board? hmmm why do you need to do that check? the orignal idea was to measure any file in size...2 points
-
Do you know any file size info & calculation tools?
2 points
-
Do you know any file size info & calculation tools?
1st bug report: (ver 2) one more (feature req or bug?) when drag-n-drop a Folder the app accepts it, but does nothing... possible to calc folder as well?2 points
-
Do you know any file size info & calculation tools?
Hi, Added multi file support and replaced float input with integer :) source included as before. ShowFileSize__2.rar2 points
-
Do you know any file size info & calculation tools?
Hey @h4sh3m, thank you for doing this. The tool looks nice and handy so far for a quick offline use. :) 🙂 Only issue I see it that comma or dot is not allowed to use to enter manually "Error occured in getting number !". Do you think you could add this little extra feature too in next version? I would like to copy any of those results I get and paste it into edit control and calc with just for checking etc. But for the moment the tool is nice so far. Just does bother me to get online every time I need to calc something. Thank you. PS: Drag & Drop works also nice. Could you make it doable for multiple files too to add the sizes into result box? Just if possible. greetz2 points
-
Do you know any file size info & calculation tools?
Hi, Your referred online tool is not perfect (2^10 != 1000) :| Made a simple tool for you (source in delphi/pascal included). ShowFileSize.rar2 points
-
Help: Sentinel SuperPro LPT Backup/Emulation for Industrial Software (PPI)
toro sentinel logger work over sentinel driver (support LPT/USB) can show the screen shoot for us? also can try pva-based dumper with some mod try to use old sspro driver v5.392 points
-
Leaked VMProtect sources
2 pointsOld version vmp unpack tools pls share version is v.1, v.2 any idea2 points
-
TitanEngine retarged solution problem
I have vs 2022 i didnt found Visual Studio 2010 built tools and i cannot retarged the solution : dont mind me i was drunk1 point
-
Leaked VMProtect sources
1 point
-
Help: Sentinel SuperPro LPT Backup/Emulation for Industrial Software (PPI)
ok, but password? regards1 point
-
Baymax Patch toOls
1 point1 point
-
Syncrosoft HID Dongle
1 pointit is Matrix2 HID dongle VID 0x0E50 PID 0x002 if you need make emulator - you need extract tea-key from dongle rom syncrosoft use many query/response ciphers over dongle1 point
-
Syncrosoft HID Dongle
1 pointtool to find info on the dongle... http://nodongle.biz/files/keyid.zip1 point
-
Syncrosoft HID Dongle
1 point
-
Syncrosoft HID Dongle
1 point
-
AT4RE Power Loader
1 pointFalse report our tools are 100% clean and because the PECompact Packer you got this fake result, unpack the tools manually and will become clean.1 point
-
Board Update: Invision Community 5
Click on your username at the top of the board and select, "Mark all content as read". It is now as wide as the default theme allows. Is this better? Ted.1 point
-
Revteam Reverse Engineering Collection
1 point
-
AT4RE Power Loader
1 point
-
DNGuard HVM v3.953
1 pointDNGuard HVM v3.953 Try to unpack or alternatively provide the secret key, URL, Name and Address Protections used: DNGuard Enterprice HVM 3.953 Good luck. File Information Submitter Mohd Submitted 09/08/2020 Category UnPackMe (.NET) View File1 point