Jump to content
Tuts 4 You

Leaderboard

  1. kao

    kao

    Full Member+


    • Points

      31

    • Content Count

      2,467


  2. LCF-AT

    LCF-AT

    Full Member+


    • Points

      14

    • Content Count

      5,158


  3. hors

    hors

    Full Member


    • Points

      14

    • Content Count

      48


  4. whoknows

    whoknows

    Full Member


    • Points

      14

    • Content Count

      970


Popular Content

Showing content with the highest reputation since 05/15/2021 in all areas

  1. A Complete Article - https://back.engineering/17/05/2021/ Download Link - https://githacks.org/vmp2 Author - https://githacks.org/_xeroxz
    6 points
  2. fixed in v1.7 https://githacks.org/vmp2/vmemu/-/releases/v1.7 (make sure your commandline arguments are also correct)... Also be aware that vmemu currently does NOT support dumped modules as it uses LoadLibraryExA - DONT_RESOLVE_DLL_REFERENCES to load the module... Support for dumped modules will come very shortly, as well as an auto unpacking/drag & drop project.
    6 points
  3. Installing SEH handler or calling IsBadReadPtr are trying to deal with the symptoms (crash), not the cause of ther problem (bad pointer to buffer, bad data in buffer or whatever). Don't just hide the problem - find the real cause of the problem instead.
    3 points
  4. You just didn't read MSDN properly. See https://docs.microsoft.com/en-us/windows/win32/api/winuser/ns-winuser-drawitemstruct (emphasis mine): Value 0x301 decodes as ODS_NOFOCUSRECT | ODS_NOACCEL | ODS_SELECTED. The correct way for checking such flags is by using "and" or "test" operation, just like Tonyweb's code does. Your code comparing byte value will fail, for example, on flags ODS_DEFAULT | ODS_SELECTED or anything like that..
    3 points
  5. 23,933 downloads

    A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes in cond jumps, animate over/in, breakpoints 06. "The plain stupid patching method", searching for textstrings 07. Intermediate level patching, Kanal in PEiD 08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor 09. Explaining the Visual Basic concept, introduction to SmartCheck and configurati
    2 points
  6. That's exactly according to specification. See https://datatracker.ietf.org/doc/html/rfc7231#section-5.3.4: "Accept-Encoding: identity" should have worked, even though the proper way to refuse gzip is to send Accept-Encoding with gzip and qvalue=0. Something like this: Accept-Encoding: identity, gzip;q=0 You have lots of things backwards in your code. * "deflate" compresses data. To decompress data you need to call "inflate" . * you will probably need to call "inflateInit2" instead of normal inflateInit(). See https://stackoverflow.com/a/1838702 * it's
    2 points
  7. my patch engine work fine, idk what's your missing. also added an example with comdlg32 if you want to search for file instead of dropping the patch into install dir. Xylitol patch engine (basic).zip
    2 points
  8. Listen for the "TaskbarCreated" window message then add it back to the taskbar. Taskbar Creation Notification. You can find an example here... Ted.
    2 points
  9. Controls & Dialogs - are you looking for something like this? https://docs.microsoft.com/en-us/windows/win32/controls/individual-control-info https://docs.microsoft.com/en-us/windows/win32/dlgbox/dialog-box-types As for the listbox, I did my best to explain it to you. If you still don't understand it, I've obviously failed - but there's nothing else I can do about that.
    2 points
  10. Hi, so you do see that this topic is more than 10 years old already right. The NetFrameWork infos should be wrong because the file is not NFW.Problem should be the Windows OS you are running and the arch.. (x64) where you can get diffrent results by using the script because the unpacking conditions are not same as you would try to unpack the target on XP x86 system.What you can try it running the script under VM & XP SP2 OS.Otherwise you need to debug the script itself and analyze the Error messages and trying to fix / bypass it manually. greetz
    2 points
  11. Version 7.6.210507

    372 downloads

    This (completely!) free version of IDA offers a privilege opportunity to see IDA in action. This light but powerful tool can quickly analyze the binary code samples and users can save and look closer at the analysis results. What’s included in the pack? Analyze both 32-bit and 64-bit applications Cloud-based x64 decompiler Local x86/x64 debugger included Support x86/x64 processors Save your analysis results Perpetual license The freeware version of IDA v7.6 comes with the following limitations: no commercial use is allowed lacks al
    2 points
  12. Hi @LCF-AT, still trying to help waiting for "real" guys This may be related to how you handle the MEASUREITEM event message. Try to take inspiration from this code, taken from CodeProject: all credits to the author, of course! // Source: https://www.codeproject.com/Articles/135855/Owner-Drawn-CListBox void CMultiLineListBox::AppendString(LPCSTR lpszText, COLORREF fgColor, COLORREF bgColor) { LISTBOX_COLOR* pInfo = new LISTBOX_COLOR; pInfo->strText.Format(_T("%s"), lpszText); pInfo->fgColor = fgColor; pInfo->bgColor = bgColor; SetItemDataPtr(AddString(pInf
    2 points
  13. https://stackoverflow.com/questions/8725541/em-setsel-swaps-parameters
    1 point
  14. Reverse Engineering Bumble’s API (2020) blog.securityevaluators.com/reverse-engineering-bumbles-api-a2a0d39b3a87 Finding a CPU Design Bug in the Xbox 360 (2018) randomascii.wordpress.com/2018/01/07/finding-a-cpu-design-bug-in-the-xbox-360/ Kopia – Fast and Secure Open-Source Backup kopia.io/ El Salvador Plans To Use Electricity Generated From Volcanoes To Mine Bitcoin www.npr.org/2021/06/11/1005231250/el-salvador-plans-to-use-electricity-generated-from-volcanoes-to-mine-bitcoin NymphCast – open-source Chromecast Alternative github.com/MayaPosch/NymphCast/ The
    1 point
  15. Not a perfect solution but there is IsBadReadPtr API. Check it. As MSDN says it is deprecated but still worth to check.
    1 point
  16. A pointer having a value does not necessarily mean that it is valid, and there is no easy way I'm aware of to determine the validity of a pointer. So, comparing the pointer to FASLE (or NULL) does not help unless you always set the pointer to NULL after freeing it, which many people say is a good practice. You have to check what other parts of the code are using the pointer and where it is being freed.
    1 point
  17. Hi, if your file is a NET target then script does fail to unpack your target because its a NET one.If you can bypass the RegNag successfully and your target does run (press run in Olly after you get "Found no valid API call or Jump commands") like it should then you can start to do some NET dump & fixing by using NET tools.Just try this.Dont remember anymore about that NET stuff. PS: Script does check the first section RVA address for 1000.In case of NET the first section start at 2000.But as I said, script isnt a NET Enigma unpacker. greetz
    1 point
  18. gzip = Deflate compression method ref - dev.to/biellls/compression-clearing-the-confusion-on-zip-gzip-zlib-and-deflate-15g1 -- Accept-Encoding developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding Content-Encoding developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding
    1 point
  19. Version 2.0

    1,186 downloads

    My very old generic crack generator. Supports skins, music and text scroller by your choice. - What does "generic" means? - It does not only patch concrete offsets but it's trying to find the same segments into the target app so it might be newer version of the app but the same parts of the code might exist so it cracks them. It's very old, I'm uploading it just to share it but if you feel it useful feel free to use it.
    1 point
  20. Hi guys, I have a problem with my VMBox and Win10 x64 20H2 and the Firewall I'am using on it.The problem is that I get each time a Defender Message if I just BLOCK all access to internet via FireWall!I get that error.... ....just after I did block the internet by GlassWire FW.After that Defender does set itself to X red icon and in the list of Defender itself I can just choose Re-Start as action!There is no other choice to choose just re-start.Why that?Nothing to allow or whatever just re-start.The question is why it happens?Who let the dog out? greetz
    1 point
  21. If the purpose is to have the VM with absolutely no internet, why not disable the network interfaces?
    1 point
  22. @PoorPlayer No, in this tutorial I am sure direct imports dont exist. Even UIF after reparing api redirection doesnt show any direct imports but anyway thanks for trying to help me. ps: Did you solve your problem which you mention in this topic?
    1 point
  23. Not my upload, be careful: https://userscloud.com/v1t0c23houdk Source: https://yoza2002.blogspot.com/2017/04/asprotect-ske-v251-build-0922-beta-full.html
    1 point
  24. Favorite Blogs by Individuals news.ycombinator.com/item?id=27302195 Why I still like C and strongly dislike C++ codecs.multimedia.cx/2021/05/why-i-still-like-c-and-strongly-dislike-cpp/ Awesome Privacy github.com/pluja/awesome-privacy Amazon buys MGM www.reuters.com/technology/amazon-snaps-up-james-bond-owner-mgm-845-bln-streaming-war-heats-up-2021-05-26/
    1 point
  25. If you only want to process if action is select and state is selected then something like: mov eax, [edi].itemState and eax, ODS_SELECTED mov ebx, [edi].ItemAction and ebx, ODA_SELECT .IF eax == ODS_SELECTED && ebx == ODA_SELECT
    1 point
  26. @ToMKoL: I'm able to spot one mistake in your code: Asc(Mid(enc, (i Mod 7), i)) should most likely read Asc(Mid(enc, (i Mod 8), 1)) Maybe there are more issues, but I'm not really a VB wizard...
    1 point
  27. Try this one. Tested and it should work as delphi version. delphivb.zip
    1 point
  28. IRCv3 ircv3.net/ Miraheze - Host your own wiki for free miraheze.org/ Google Cloud Status Dashboard status.cloud.google.com/incidents/bhMb6ab2NNyBPFCaUhgV Postman Now Supports WebSocket APIs blog.postman.com/postman-supports-websocket-apis/ My 6-node 1U Raspberry Pi rack mount Cluster www.jeffgeerling.com/blog/2021/my-6-node-1u-raspberry-pi-rack-mount-cluster Microsoft will pull the plug on Internet Explorer life support in June 2022 techcrunch.com/2021/05/20/so-long-internet-explorer-and-your-decades-of-security-bugs Criticism of C++ en.wikipedia.or
    1 point
  29. new crack template i've made today. this template was used for YahooMessenger Translator Pro 5.1.1, which i've firstly reversed it with ollydbg and patched it with Xylitol's patch engine in masm32. no patch engine included. v2m by Dafunk. CrackTemp9Updated.zip
    1 point
  30. So you want to download some releases from snd? alright let's see at snd.webscene.ir, the distribution section menu contain a link pointing at hxtps://keygens.pro/ Super, looks like there a lot of cracks over here! and the site is virus free, right? So let's pick something, i don't know, maybe 7-Data.Card.Recovery.1.1.keygen-SND hxtps://keygens.pro/crack/729775/ lol @ description on the page, didn't know reagan was from snd and born in russia Anyway we got redirected on a download page after clicking 'Download only Keygen' button, we have to fill a captcha and agree
    1 point
  31. Hello, waiting for experts I'll try to reply As far as I know you can't do that without owner-drawing. Owner drawing is basically the same you already used here: You need to handle both WM_MEASUREITEM and WM_DRAWITEM that will be called when you set the ownerdraw flag. You would need to select the needed font into your hDC (read SelectObject) and do the text measuring with, for example, GetTextExtentPoint32 and/or GetTextMetrics function. https://docs.microsoft.com/en-us/windows/win32/api/wingdi/nf-wingdi-gettextextentpoint32a Probably, going through your previo
    1 point
  32. Site Isolation in Firefox blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/ Share of people who received at least one dose CVD ourworldindata.org/grapher/share-people-vaccinated-covid?tab=map Last year, more people in San Francisco died of overdoses than of covid-19 www.economist.com/united-states/2021/05/15/last-year-more-people-in-san-francisco-died-of-overdoses-than-of-covid-19 Hackers behind Colonial Pipeline attack received $90m www.cnbc.com/2021/05/18/colonial-pipeline-hackers-darkside-received-90-million-in-bitcoin.html Europe Failed
    1 point
  33. I just add extern PyAPI_FUNC(void) PyMarshal_WriteObjectToFile(PyObject *, FILE *, int); at ceval.c 's header. It can compile. It's amazing!
    1 point
  34. He never said that, and that's actually incorrect. Thread itself is not "thread safe" or unsafe - code accessing a shared resource is. If code in main thread is accessing some resource that other threads are accessing too, it should call Enter/LeaveCriticalSection.
    1 point
  35. It is redundant. I will have the same effect of just having the first Enter and last Leave
    1 point
  36. GenRandomNumbers Proc uses ebx pIn:DWORD,pLen:DWORD mov edi,pIn mov ebx,pLen .repeat invoke Randomize mov ecx,32 ; Change this number to a new Alphabet size if your gonna modify it xor edx,edx idiv ecx movzx eax,byte ptr [edx+B32Chars] stosb dec ebx .until zero? Ret GenRandomNumbers endp Randomize Proc uses ecx invoke GetTickCount add Rndm,eax add Rndm,eax add Rndm,'abcd' Rol Rndm,4 mov eax,Rndm ; imul eax,'seed' Ret Randomize endp not really random but do the job numbers-letters.zip
    1 point
  37. Locking everything, even when it is quick, would hurt performance. You only need to lock when modifying or accessing some resource that is shared between threads. If a routine does not access/modify any shared resource, you don't need to lock at all Yes, provided you don't enter twice in a row and each enter is followed by a leave.
    1 point
  38. it seems they using a stolen version of DNGuard Enterprise and made a cloud version of it! so it's a DNG 3.9.6.2 Enterprise and almost none of options are true here is the password: approach: unpacked file attached. B.R Unpackme_cleaned.exe
    1 point
  39. 2) not sure if is what u want (as working on firefox) stackoverflow.com/a/30281987
    1 point
  40. Since the challenge description allows it, I'm going for the quick serial fish for now Approach:
    1 point
  41. here is unpacked after unpack MSG in Chinese language i am not understand
    1 point
  42. 622 downloads

    A video tutorial showing a method of unpacking Enigma Protector 4.10.
    1 point
  43. Version 1.10

    250 downloads

    This update, my vicOlly can run very well on Windows 7, x86 & x64. All for fun.
    1 point
  44. It was a trivial task to unpack it because it was protected with trial version. Updated DnguardHVM unpacker to suport 3.80 trial version (attached). DNGuard_HVM_Unpackerfr4.zip ggggg_unpackedz.exe
    1 point
  45. http://www7.zippyshare.com/v/uN2Kwuo0/file.html'>>http://www7.zippyshare.com/v/uN2Kwuo0/file.html -kao exclude (he solved v3) -keygen only -author set, limit of runs (by native protection) kg4.rar
    1 point
  46. Version v 1.0

    1,122 downloads

    hey guys i create a program for serial sniff by vb6 esc features : check crc(automatic) unicode string small size background music bypass packers and ..... sorry for my english (im persian) enjoy it
    1 point
  47. @ Lostin So there are diffrent ways to find the OEP of Enigma targets.So if you don't know how to find then start thinking a little.What does it need to break at OEP or near OEP. One manually OEP find method -------------------------------- - Load app in Olly - Run app - Check target whether its a Delphi 10 app if yes then OEP is stored after codesection. - Look into codesection where was the last [or close last] code byte written set HWBP write on it. - Restart and run till you break - Now trace over the routines set mem BP access code or below code [delphi 10] - Run.If you again br
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...