Jump to content
Tuts 4 You

Leaderboard

  1. kao

    kao

    Full Member+


    • Points

      30

    • Content Count

      2,466


  2. LCF-AT

    LCF-AT

    Full Member+


    • Points

      14

    • Content Count

      5,155


  3. hors

    hors

    Full Member


    • Points

      14

    • Content Count

      48


  4. whoknows

    whoknows

    Full Member


    • Points

      13

    • Content Count

      970


Popular Content

Showing content with the highest reputation since 05/15/2021 in Posts

  1. fixed in v1.7 https://githacks.org/vmp2/vmemu/-/releases/v1.7 (make sure your commandline arguments are also correct)... Also be aware that vmemu currently does NOT support dumped modules as it uses LoadLibraryExA - DONT_RESOLVE_DLL_REFERENCES to load the module... Support for dumped modules will come very shortly, as well as an auto unpacking/drag & drop project.
    5 points
  2. A Complete Article - https://back.engineering/17/05/2021/ Download Link - https://githacks.org/vmp2 Author - https://githacks.org/_xeroxz
    4 points
  3. Installing SEH handler or calling IsBadReadPtr are trying to deal with the symptoms (crash), not the cause of ther problem (bad pointer to buffer, bad data in buffer or whatever). Don't just hide the problem - find the real cause of the problem instead.
    3 points
  4. You just didn't read MSDN properly. See https://docs.microsoft.com/en-us/windows/win32/api/winuser/ns-winuser-drawitemstruct (emphasis mine): Value 0x301 decodes as ODS_NOFOCUSRECT | ODS_NOACCEL | ODS_SELECTED. The correct way for checking such flags is by using "and" or "test" operation, just like Tonyweb's code does. Your code comparing byte value will fail, for example, on flags ODS_DEFAULT | ODS_SELECTED or anything like that..
    3 points
  5. That's exactly according to specification. See https://datatracker.ietf.org/doc/html/rfc7231#section-5.3.4: "Accept-Encoding: identity" should have worked, even though the proper way to refuse gzip is to send Accept-Encoding with gzip and qvalue=0. Something like this: Accept-Encoding: identity, gzip;q=0 You have lots of things backwards in your code. * "deflate" compresses data. To decompress data you need to call "inflate" . * you will probably need to call "inflateInit2" instead of normal inflateInit(). See https://stackoverflow.com/a/1838702 * it's
    2 points
  6. my patch engine work fine, idk what's your missing. also added an example with comdlg32 if you want to search for file instead of dropping the patch into install dir. Xylitol patch engine (basic).zip
    2 points
  7. Listen for the "TaskbarCreated" window message then add it back to the taskbar. Taskbar Creation Notification. You can find an example here... Ted.
    2 points
  8. Controls & Dialogs - are you looking for something like this? https://docs.microsoft.com/en-us/windows/win32/controls/individual-control-info https://docs.microsoft.com/en-us/windows/win32/dlgbox/dialog-box-types As for the listbox, I did my best to explain it to you. If you still don't understand it, I've obviously failed - but there's nothing else I can do about that.
    2 points
  9. Hi, so you do see that this topic is more than 10 years old already right. The NetFrameWork infos should be wrong because the file is not NFW.Problem should be the Windows OS you are running and the arch.. (x64) where you can get diffrent results by using the script because the unpacking conditions are not same as you would try to unpack the target on XP x86 system.What you can try it running the script under VM & XP SP2 OS.Otherwise you need to debug the script itself and analyze the Error messages and trying to fix / bypass it manually. greetz
    2 points
  10. Hi @LCF-AT, still trying to help waiting for "real" guys This may be related to how you handle the MEASUREITEM event message. Try to take inspiration from this code, taken from CodeProject: all credits to the author, of course! // Source: https://www.codeproject.com/Articles/135855/Owner-Drawn-CListBox void CMultiLineListBox::AppendString(LPCSTR lpszText, COLORREF fgColor, COLORREF bgColor) { LISTBOX_COLOR* pInfo = new LISTBOX_COLOR; pInfo->strText.Format(_T("%s"), lpszText); pInfo->fgColor = fgColor; pInfo->bgColor = bgColor; SetItemDataPtr(AddString(pInf
    2 points
  11. I see 3 options: 1) Use Windows features to create dump file automatically (https://www.meziantou.net/tip-automatically-create-a-crash-dump-file-on-error.htm and https://docs.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dumps) 2) Generate minidump yourself: https://stackoverflow.com/a/1547251. But that's kinda hard if you can't catch the exception for some reason. 3) Use a 3rd party library to catch exception and create minidump for you. For example: http://crashrpt.sourceforge.net/docs/html/index.html
    1 point
  12. Could use EN_SETFOCUS and EN_UPDATE and/or EN_CHANGE. For setfocus once a user clicks in the edit box the EN_SETFOCUS should trigger via the WM_COMMAND and you can then call the EM_SETSEL to select the whole edit contents.
    1 point
  13. you are entering a world of pain, sub-classing to catch the right message and etc ...
    1 point
  14. https://stackoverflow.com/questions/8725541/em-setsel-swaps-parameters
    1 point
  15. Reverse Engineering Bumble’s API (2020) blog.securityevaluators.com/reverse-engineering-bumbles-api-a2a0d39b3a87 Finding a CPU Design Bug in the Xbox 360 (2018) randomascii.wordpress.com/2018/01/07/finding-a-cpu-design-bug-in-the-xbox-360/ Kopia – Fast and Secure Open-Source Backup kopia.io/ El Salvador Plans To Use Electricity Generated From Volcanoes To Mine Bitcoin www.npr.org/2021/06/11/1005231250/el-salvador-plans-to-use-electricity-generated-from-volcanoes-to-mine-bitcoin NymphCast – open-source Chromecast Alternative github.com/MayaPosch/NymphCast/ The
    1 point
  16. Danish Secret Service Helped NSA Spy On European Politicians thehackernews.com/2021/06/report-danish-secret-service-helped-nsa.html JBS Paid $11M threatpost.com/jbs-paid-11m/166767/ More options for communications at 6G frequency than previously thought #haha www.eurekalert.org/pub_releases/2021-06/uosc-lto060921.php SonicWall VPN Vulnerability www.crowdstrike.com/blog/how-ecrime-groups-leverage-sonicwall-vulnerability-cve-2019-7481/ www.bleepingcomputer.com/news/security/new-ransomware-group-uses-sonicwall-zero-day-to-breach-networks/ (29APR) Hackers Stole $650,0
    1 point
  17. A pointer having a value does not necessarily mean that it is valid, and there is no easy way I'm aware of to determine the validity of a pointer. So, comparing the pointer to FASLE (or NULL) does not help unless you always set the pointer to NULL after freeing it, which many people say is a good practice. You have to check what other parts of the code are using the pointer and where it is being freed.
    1 point
  18. Hi, if your file is a NET target then script does fail to unpack your target because its a NET one.If you can bypass the RegNag successfully and your target does run (press run in Olly after you get "Found no valid API call or Jump commands") like it should then you can start to do some NET dump & fixing by using NET tools.Just try this.Dont remember anymore about that NET stuff. PS: Script does check the first section RVA address for 1000.In case of NET the first section start at 2000.But as I said, script isnt a NET Enigma unpacker. greetz
    1 point
  19. that was because i had to get the right offset addresses when you click copy all modifications to executable . indeed it works fine . however, x64dbg doesn’t know how to calculate the offsets just like olly.
    1 point
  20. If the purpose is to have the VM with absolutely no internet, why not disable the network interfaces?
    1 point
  21. got the new patcher source code from there : http://xtxteam.free.fr/tutos/archives/Xylitol/avsve12.1.html
    1 point
  22. Google to use patient data to develop healthcare algorithms for hospital chain www.theverge.com/2021/5/26/22454817/google-hca-patient-data-healthcare-algorithms Browse Every Awesome List on GitHub app.polymersearch.com/discover/github-awesome NocoDB - Open Source Airtable Alternative (love it, heroku - docker deploy on a click) www.nocodb.com/ why iPhone sucks - Extracting Data from an Old iOS App Broken by iOS 14.5 tidbits.com/2021/05/20/extracting-data-from-an-old-ios-app-broken-by-ios-14-5/ Replacements for existing software written in Rust github.com/TaKO8Ki/a
    1 point
  23. Not my upload, be careful: https://userscloud.com/v1t0c23houdk Source: https://yoza2002.blogspot.com/2017/04/asprotect-ske-v251-build-0922-beta-full.html
    1 point
  24. idk but about spytools on .NET, but i noticed ProtectionID have a WinSpy feature too.
    1 point
  25. @tarequl.hassanPlease check snippet provided by kao. Hope that this time it will work for You.
    1 point
  26. If you only want to process if action is select and state is selected then something like: mov eax, [edi].itemState and eax, ODS_SELECTED mov ebx, [edi].ItemAction and ebx, ODA_SELECT .IF eax == ODS_SELECTED && ebx == ODA_SELECT
    1 point
  27. Hi, hhmm.But on itemAction you can read same too (This member can be one or more of the values).Otherwise if I use DRAWITEMSTRUCT for buttons I can check all seperated.That again really confusing.So if the command by Tony is right.... if ((lpDrawItemStruct->itemAction | ODA_SELECT) && (lpDrawItemStruct->itemState & ODS_SELECTED)) ....how should it look for me then in MASM using high syntax commands... .if [edi].itemAction == ODA_SELECT && [edi].itemState == ODS_SELECTED = ?? greetz
    1 point
  28. @ToMKoL: I'm able to spot one mistake in your code: Asc(Mid(enc, (i Mod 7), i)) should most likely read Asc(Mid(enc, (i Mod 8), 1)) Maybe there are more issues, but I'm not really a VB wizard...
    1 point
  29. Hi guys, sure I could use a LV where I have more infos about and examples but I wanna also know how to deal with LBs too.At the moment I try to create a example project just using a LB from resources and doing some WM_DRAWITTEM handling.Now I have some diffrent questions. Which messages I have to catch / handle for a ListBox at WM_DRAWITTEM?In my case I just get the itemActions only and NO itemStates!Why?See my new code below.... CONTROL "",IDC_LISTBOX,"ListBox",0x50010150,17,9,354,74,0x00000200 .elseif eax == WM_DRAWITEM mov edi, lParam assume edi: ptr DRAWITEMSTRUCT .if
    1 point
  30. Try this one. Tested and it should work as delphi version. delphivb.zip
    1 point
  31. IRCv3 ircv3.net/ Miraheze - Host your own wiki for free miraheze.org/ Google Cloud Status Dashboard status.cloud.google.com/incidents/bhMb6ab2NNyBPFCaUhgV Postman Now Supports WebSocket APIs blog.postman.com/postman-supports-websocket-apis/ My 6-node 1U Raspberry Pi rack mount Cluster www.jeffgeerling.com/blog/2021/my-6-node-1u-raspberry-pi-rack-mount-cluster Microsoft will pull the plug on Internet Explorer life support in June 2022 techcrunch.com/2021/05/20/so-long-internet-explorer-and-your-decades-of-security-bugs Criticism of C++ en.wikipedia.or
    1 point
  32. So you want to download some releases from snd? alright let's see at snd.webscene.ir, the distribution section menu contain a link pointing at hxtps://keygens.pro/ Super, looks like there a lot of cracks over here! and the site is virus free, right? So let's pick something, i don't know, maybe 7-Data.Card.Recovery.1.1.keygen-SND hxtps://keygens.pro/crack/729775/ lol @ description on the page, didn't know reagan was from snd and born in russia Anyway we got redirected on a download page after clicking 'Download only Keygen' button, we have to fill a captcha and agree
    1 point
  33. Hello, waiting for experts I'll try to reply As far as I know you can't do that without owner-drawing. Owner drawing is basically the same you already used here: You need to handle both WM_MEASUREITEM and WM_DRAWITEM that will be called when you set the ownerdraw flag. You would need to select the needed font into your hDC (read SelectObject) and do the text measuring with, for example, GetTextExtentPoint32 and/or GetTextMetrics function. https://docs.microsoft.com/en-us/windows/win32/api/wingdi/nf-wingdi-gettextextentpoint32a Probably, going through your previo
    1 point
  34. I just add extern PyAPI_FUNC(void) PyMarshal_WriteObjectToFile(PyObject *, FILE *, int); at ceval.c 's header. It can compile. It's amazing!
    1 point
  35. The Achilles Heel of the Coronavirus ethz.ch/en/news-and-events/eth-news/news/2021/05/the-achilles-heel-of-the-coronavirus.html Apple Music announces Spatial Audio with Dolby Atmos (will bring Lossless Audio) www.apple.com/newsroom/2021/05/apple-music-announces-spatial-audio-and-lossless-audio/ Evercade Atari evercade.co.uk/cartridges/ www.nintendolife.com/news/2021/05/soapbox_be_happy_this_is_the_true_golden_age_of_gaming index-of.es http://index-of.es/ List of Covid-19 vaccine authorizations en.wikipedia.org/wiki/List_of_COVID-19_vaccine_authorizations
    1 point
  36. He never said that, and that's actually incorrect. Thread itself is not "thread safe" or unsafe - code accessing a shared resource is. If code in main thread is accessing some resource that other threads are accessing too, it should call Enter/LeaveCriticalSection.
    1 point
  37. It is redundant. I will have the same effect of just having the first Enter and last Leave
    1 point
  38. .data Seed dd 012345678h RandomRange proc uses esi edi ebx _RangeLow:dword, _RangeHigh:dword mov esi,_RangeHigh mov ebx,_RangeLow .if esi < ebx mov eax,ebx sub eax,esi call RandomInt add eax,esi .else mov eax,esi sub eax,ebx call RandomInt add eax,ebx .endif ret RandomRange endp RandomInt Proc uses ebx push ebx xor ebx,ebx imul edx,dword ptr[ebx+Seed],08088405h inc edx mov dword ptr[ebx+Seed],edx mul edx mov eax,edx pop ebx ret RandomInt endp Random
    1 point
  39. GenRandomNumbers Proc uses ebx pIn:DWORD,pLen:DWORD mov edi,pIn mov ebx,pLen .repeat invoke Randomize mov ecx,32 ; Change this number to a new Alphabet size if your gonna modify it xor edx,edx idiv ecx movzx eax,byte ptr [edx+B32Chars] stosb dec ebx .until zero? Ret GenRandomNumbers endp Randomize Proc uses ecx invoke GetTickCount add Rndm,eax add Rndm,eax add Rndm,'abcd' Rol Rndm,4 mov eax,Rndm ; imul eax,'seed' Ret Randomize endp not really random but do the job numbers-letters.zip
    1 point
  40. Locking everything, even when it is quick, would hurt performance. You only need to lock when modifying or accessing some resource that is shared between threads. If a routine does not access/modify any shared resource, you don't need to lock at all Yes, provided you don't enter twice in a row and each enter is followed by a leave.
    1 point
  41. here is unpacked after unpack MSG in Chinese language i am not understand
    1 point
  42. 1) There was nothing new, unlike the old versions, I did not replace the HWID, I just found the button in the NAG and patched the execution result, because the file did not have a constant, it worked. 2) One of the functions was under the virtual machine, not counting the EP. CISC vm is a simple virtual machine and the code was small. mfcapplication1_unpacked.rar
    1 point
  43. My English is very poor,So, I recorded a tutorial...HAHAHAHA 思路 脚本 var IAT_Statr var IAT_End var Temp_IAT Var bakup_EIP mov bakup_EIP,eip mov IAT_Statr,403000 //IAT表开始位置 mov IAT_End,403208 //IAT结束地址 bp 00414CA9 //85 C0 74 28 64 67 8F 06 00 00 83 C4 04 5F 5E 5B 8B E5 5D C2 14 00 GetAPIAddr: mov Temp_IAT,[IAT_Statr] cmp Temp_IAT,0 je INC_IATADDR cmp Temp_IAT,6FFFFFFF ja INC_IATADDR mov eip,Temp_IAT run mov [IAT_Statr],eax INC_IATADDR: add IAT_Statr,4 cmp IAT_Statr,IAT_End ja RETIATFIX jmp GetAPIAddr RETIATFIX: mov eip,bakup_EIP pause ret 教程(tutorial) ht
    1 point
  44. It was a trivial task to unpack it because it was protected with trial version. Updated DnguardHVM unpacker to suport 3.80 trial version (attached). DNGuard_HVM_Unpackerfr4.zip ggggg_unpackedz.exe
    1 point
  45. @ramjane I'm sharing my private script to reach OEP on all 5.xx (and maybe 4.xx). First it tries to find static OEP address in Enigma VM section. If failed, it tries to dynamically reach OEP. lc log "Enigma 5.xx OEP Finder by PC-RET v 1.1 started" bc dbh bphwc gmi eip, MODULEBASE MOV IMAGEBASE, $RESULT //gmi eip, CODEBASE //MOV CODEBASE, $RESULT //gmi eip, CODESIZE //MOV CODESIZE, $RESULT pusha mov eax, IMAGEBASE mov edi, eax add eax, 3C mov eax, edi+[eax] mov SECTIONS, [eax+06], 02 mov esi, eax+0F8 mov edi, 28 mov ebp, SECTIONS mov ecx, edi mul edi, 1 // second section add edi, esi
    1 point
  46. http://www7.zippyshare.com/v/uN2Kwuo0/file.html'>>http://www7.zippyshare.com/v/uN2Kwuo0/file.html -kao exclude (he solved v3) -keygen only -author set, limit of runs (by native protection) kg4.rar
    1 point
  47. @ Lostin So there are diffrent ways to find the OEP of Enigma targets.So if you don't know how to find then start thinking a little.What does it need to break at OEP or near OEP. One manually OEP find method -------------------------------- - Load app in Olly - Run app - Check target whether its a Delphi 10 app if yes then OEP is stored after codesection. - Look into codesection where was the last [or close last] code byte written set HWBP write on it. - Restart and run till you break - Now trace over the routines set mem BP access code or below code [delphi 10] - Run.If you again br
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...