Jump to content
Tuts 4 You

Leaderboard


Popular Content

Showing content with the highest reputation since 04/27/2019 in Posts

  1. 6 points
    Everyone can see the code because Cawk's ConfuserEx unpacker works just fine.
  2. 5 points
    Download: https://github.com/horsicq/pex64dbg/releases Sources: https://github.com/horsicq/pex64dbg More Info: http://n10info.blogspot.com/2019/05/pe-viewer-plugin-for-x64dbg.html
  3. 4 points
    Hmmmm... Could it be because you didn't do time travel and never experienced 4th of May 2019 before? The expired certificate is inside your outdated copy of Firefox 56. And, as you said it yourself - you refuse to update it. So, how on earth do you expect Mozilla to fix something that's on your computer? Should they send Santa with magic powers to your home? Solution: download the XPI file from above. Extract files from it. Base64-decode new certificate from api.js. Add new certificate into your old Firefox (Tools-Options-Certificates). Done. Takes less time than writing those whiny posts. Full disclaimer: I couldn't test it 100% because I don't use Firefox on a daily basis and I couldn't find portable Firefox 56 with 3rd party addons.
  4. 3 points
    That is most likely not your crackme. But what the hell.. Load it in IDA, decompile serial check and it will look like this: if ( ++idx >= 29 ) { if ( count_of_sevens == 1 && String[6] == '7' ) { v5 = (unsigned __int8)entered_key[0]; if ( entered_key[0] ) { LOBYTE(v5) = entered_key[4]; if ( v5 ) { LOBYTE(v5) = entered_key[8]; if ( v5 ) { LOBYTE(v5) = entered_key[12]; if ( v5 ) { LOBYTE(v5) = entered_key[16]; if ( v5 ) { LOBYTE(v5) = entered_key[21]; if ( v5 ) { part1 = getintfromkey(0, 4, 0); part2 = getintfromkey(0, 4, v6); part3 = getintfromkey(0, 4, v7); part4 = getintfromkey(0, 4, v8); part5 = getintfromkey(0, 5, v9); part6 = getintfromkey(0, 8, v10); v11 = part1 * (unsigned __int8)entered_key[7]; v12 = part1 * (unsigned __int8)entered_key[6]; v13 = part1 * (unsigned __int8)entered_key[4]; if ( v11 == part5 && v12 == part3 && !(part1 * (unsigned __int8)entered_key[5]) && v13 == part4 && 1000 * v13 + 10 * v12 + v11 == part6 ) { ...show good boy message... There are some checks for specific character values: * char 6 must be "7", there may not be any other "7" in the key; * char 5 must be "0"; * chars 4,8,12,16,21 may not be "0"; Key is split into in several parts: part1 = first 4 chars part3 = chars 8..11 part4 = chars12..15 part5 = chars16..20 part6 = chars21..28 Then it does some simple multiplication and checks the result. At this point you have 2 options: - make a tool that will randomly choose part1 and chars 4 and 7, do the multiplication to calculate parts 3, 4, 5, 6 and see if it passes all checks. - remember math lessons from school and figure out the only possible combination that will pass all checks. First one is much faster, second one will be .. challenging. Either way, you should arrive at the only possible solution: Well, in fact, there is infinite number of valid keys. You can append random characters to the key above, they are not checked..
  5. 3 points
    Download: https://github.com/horsicq/nfdx64dbg/releases Sources: https://github.com/horsicq/nfdx64dbg More Info: https://n10info.blogspot.com/2017/05/nfd-plugin-for-x64dbg.html
  6. 3 points
    And here is the fully deobfuscated file with strings decrypted i havent ran through de4dot since this will simplify your button click method to one messagebox.show Unpacked.exe
  7. 3 points
    Here is the code without strings decrypted more to show that i havent just remade the method from scratch but have actually devirtualised the file obfuscator is not that good in all honesty once you get your head around everything in one method its just like any other vm private void button1_Click(object sender, EventArgs e) { int num = 0; if (num != 0) { object obj; char[] value = obj = new char[16]; obj[0] = (2049885642 ^ 2049885579); obj[1] = (721969625 ^ 721969580); obj[2] = (1722827470 ^ 1722827450); obj[3] = (675984423 ^ 675984463); obj[4] = (1647779473 ^ 1647779505); obj[5] = (1793770717 ^ 1793770638); obj[6] = (640259843 ^ 640259958); obj[7] = (959731082 ^ 959731177); obj[8] = (1744869780 ^ 1744869879); obj[9] = (237600744 ^ 237600653); obj[10] = (492056264 ^ 492056251); obj[11] = (327956409 ^ 327956426); obj[12] = (688741927 ^ 688741953); obj[13] = (658212064 ^ 658211989); obj[14] = (454212694 ^ 454212666); obj[15] = (28756323 ^ 28756290); MessageBox.Show(new string(value)); } else { object obj; char[] value2 = obj = new char[10]; obj[0] = (1435200779 ^ 1435200842); obj[1] = (853162666 ^ 853162719); obj[2] = (2119875586 ^ 2119875702); obj[3] = (712244489 ^ 712244577); obj[4] = (1541140050 ^ 1541140082); obj[5] = (2107783153 ^ 2107783095); obj[6] = (1703953462 ^ 1703953495); obj[7] = (1864360465 ^ 1864360568); obj[8] = (2035746888 ^ 2035746852); obj[9] = (620298057 ^ 620298088); MessageBox.Show(new string(value2)); } }
  8. 2 points
    Hello, so I keep getting asked what’s the best obfuscators around so I am posting this so I don’t keep repeating it. I have decided to give my opinion on all obfuscators if I am missing any let me know If you are a developer of any of these obfuscators don’t take what I say as an insult use it to improve DNGuard - an obfuscator I used to say was Chinese crap however I’ve recently spent some time analysing this and can say that the HVM technology is very strong and makes unpacking a lot harder. However when not using the HVM setting it makes unpacking extremely simple with jit dumping and can use codecrackers unpacker for this. Compatibility on this obfuscator is its biggest flaw (along with price) which can be a big NO for a lot of people as this protector can cause files to not run on certain .NET frameworks if they fixed this issue and improved compatibility across systems it would make this obfuscator much better. Price is extremely high but I suppose has worked in its favour with not many files around and extremely hard to get test files to test features. Eazfuscator - a .NET VM that has been around for a while now with the last unpacker for version 4.8 I think from saneki on GitHub. Since then Eazfuscator has improved a lot however the concept stays the same and sanekis unpacker is still a brilliant base to start from. Meaning that an unpacker for this isn’t extremely difficult. The compatibility and performance of this obfuscator is actually fairly good for a VM and tells the user not to overuse the VM and only apply on secret methods as to save performance. The problem with Eazfuscator is that any protection method apart from the VM isn’t good, de4dot handles the control flow perfectly and the strings can be easily decrypted by either updating de4dot code which isn’t too hard or simply invoke. So if you’re app is sensitive on performance then maybe avoid this one as for all VMs performance is hurt no matter how efficient it is. In conclusion I do think this obfuscator is one of the top of its game as even with the old unpackers it’s still a lot of work to update ILProtector - An obfuscator I really do like the concept of keeping performance and security balanced, however in recent times with the release of dynamic unpackers it has kind of died as it seems the developer is applying small patches instead of fixing this properly so each unpacker only requires a few changes. In terms of static unpacking they have this down well, it’s actually a very hard job to statically unpack this protector so if they were to patch the dynamic flaws it would quickly appear back at the top but it’s credibility has been stumped due to the release of unpackers that I think may still work on the latest version (something I haven’t checked). Compatibility and performance on this obfuscator are good but one flaw of this obfuscator is that if the dynamic method is decrypted the original ilcode is there, they apply no MSIL mangling which in my eyes they should do both. Agile.Net another .NET VM however I haven’t analysed this myself that much but a few things I have noticed is that updating de4dot to support the latest version is not all that challenging however it is time consuming, a few modifications to de4dot can make it supply all the data you need to update it for the VM. the method encryption can be removed by jit dumpers from codecracker, from what I’ve seen in de4dot the obfuscator isn’t to hard to completely unpack but we have to thank 0xd4d for all he has done on this obfuscator he has done all the hard work for us so it’s just a matter of taking his code and updating, yes this takes a very long time to do Netguard - Now this is one I’m very familiar with, as most people know netguard is a modified confuserex however a fairly heavy modification. Now the actual protection isn’t that strong however for its price it’s very good, the base of netguard is still the same concept as confuserex and many of its protections can be defeated in the exact same way, the only real changes are the native stub and mutations. However once you remove these protections like control flow and constants can be removed in the same theory as I use in my confuserex unpacker2. This obfuscator like I said is the best for its price however if you’re looking for something better there are other options if you’re willing to pay, now compatibility and performance on netguard are something that it’s known for and not in a good way, it has improved a lot recently however they still add lots of junk that adds no real benefit and just slows down code. Appfuscator - now I don’t know why people don’t use this obfuscator anymore. In my eyes it’s still extremely powerful, codecrackers tools are not stable and if you’re tool is larger than a crackme then it will fail, appfuscator uses opaque predicates and CFG to generate its control flow both of which have no public solvers for so is an extremely powerful obfuscator especially if you mix it with something custom. Performance wise this is actually negligible effect so still to this day one of the higher rated obfuscators. Babel.Net - this is similar to ilprotector in the way it makes dynamic methods however in a different approach. The good thing about this obfuscator is that it provides you with more options than just encrypt msil where you have cflow constants and other expected protections making it not as simply as dumping the dynamic method. The dynamic methods itself are not tricky to solve dynamically similar to ilprotector, invoke the correct method and you have the dynamic method ready to read with dnlib. Statically it gets slightly more complex however a few hours debugging with dnspy and some static analysis will reveal its secrets of how it decrypts the encrypted bodies. Performance and compatibility wise I don’t really know enough about it but I’ve not really seen many complaints about it ArmDot - a relatively new .NET VM which I’m fairly interested in. At its current stage it needs polishing, they currently put the whole vm into each method it’s encrypted making it extremely slow. I explained to the developer that it holds no real benefit as to devirtualize it follows the same concept as all vms which is find the instruction handlers and convert back as most are 1:1 with CIL it makes this step relatively easy once you have detected all handlers however if this obfuscator works on your file and performs well I do recommend it especially as its new and being actively worked on and the developer is always interested in seeing ways to improve which is a good thing. KoiVM - another magical creation from yck so do we expect anything other than greatness. Now this was something he sold to customers until he left the scene and trusted XenoCodeRCE with and gave it him to improve and use. Xeno decided that he would sell this to others and ended up causing it to be leaked on GitHub however let’s ignore that. KoiVM is absolutely insane and different to all other VMS we talked about so far. This doesn’t relate 1:1 with CIL and actually converts it to a form of ASM meaning if you manage to get all the code back you then need to translate ASM to CIL which again is no easy task. People think because it’s opensource it makes it not worth it. Remember confuser/ex was open source and undefeated for a long time. KoiVM is on another level compared to those. Compatibility and performance does take a hit and has limitations which you can read on koivm website now if you’re app works fine and you’re happy with performance then I would strongly suggest sticking with it. You can even make modifications to confuserex and use it with that as after all it’s a confuserex plugin. These are just my thoughts and personal opinions on these obfuscators. I do not mean any disrespect to the developers apart from what I think is good and bad. If you would like further explanation on anything let me know or any specific obfuscator that I haven’t covered as I most likely have some sort of opinion on it feel free to ask Regards Cawk
  9. 2 points
    We all know you have the skills to unpack vanilla version and most of the mods out there. You don't need to post 20 unpacked EXEs to show that - that's not the point of unpackmes. The point is to produce something that others can use as a starting point in their learning path. Also, saying "I used my private unpacker that I'm not gonna share" is equally not helpful for learning. So, perhaps you could start off by writing ONE paper about unpacking modified confuserex?
  10. 2 points
    @LCF-AT Open T:\Program Files\brave\73.2.17.13\brave_resources.pak to a hex editor (dont try w/ notepad++) ASCII search for : brave_new_tab.js replace it with arave_new_tab.js or whitespace whole @ : <script src="chrome://newtab/brave_new_tab.js"></script> tested & working greets @NeWOT
  11. 2 points
    Embarrassing. Don't trust anything that looks like a pregnancy test kit... Ted.
  12. 2 points
    Run the target first with NETBox so won't kill .NET PE. Dump with MegaDumper. In dumped exe change Image Base to 400000 Fix relocation with Universal Fixer Native DLL UnpackMePlease.dll missing: DllSaver break if module contains UnpackMePlease Unpacked exes: https://www112.zippyshare.com/v/26CxsdFV/file.html
  13. 2 points
    login pass: steps to unpack: 1. removed anti tamper and some junk calls 2. cleaned cflow (Thanks to Tesla for cflow cleaning) 2. removed proxy calls 3. removed proxy calls again 4. converted x86 methods to IL 5. decrypted all constants 6. cleaned cflow again (Thanks to Tesla for cflow cleaning) 7. cleaned some small stuff with de4dot. UnpackMe3-cleaned_noProxy_noProxy-NoX862-StringDec_cleaned-cleaned.exe
  14. 2 points
    well, your post is in the crackme section. it means unpacking doesn't really matter. but since you want the file unpacked. here you go. serial key: steps: 1. removed anti tamper 2. converted x86 methods to IL 3. decrypted strings 4. removed delegates 5. attempted to clean cflow (but its not very clean.) 6. cleaned with de4dot CrackMe_fixed-NoX862.exe_unpacked-StringDec_nodelegate-cleaned-cleaned.exe
  15. 2 points
    All samples has been pulled into hybrid-analysis.com sandboxes also looks like we disturbed someone: http://atm.cybercrime-tracker.net/index.php?x=threat&hash=b57bc410683aba4c211e407320e6b7746ce25e06d81ddf480711228efd921a6c
  16. 2 points
    https://www.youtube.com/watch?v=bcByQtkpmPg
  17. 2 points
    Best days of programming before all this Java and Android chaos
  18. 2 points
    Thanks a lot for testing. Please download the new version of the plugin: https://github.com/horsicq/stringsx64dbg/releases
  19. 2 points
    Here is the hotfix for anyone who wants to install without turning on Data Collection and Use... hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi
  20. 2 points
    You can still read menu item strings using the GetMenuString function. What I meant previously was that you have to change my example code to work differently with the DrawText function as the string of characters for, "Tuts 4 You", was not saved in the menu structure. The next example has, "Tuts 4 You", saved in the menu structure so you will be able to find this using GetMenuString. Each character is individually retrieved from the menu string and DrawText is used to display it. It also cycles through each RGB colour as before. When you click on a menu item GetMenuString is used to get the menu item text. It is then displayed in a message. I have attached both x32 and x64 this time. Apologies for the previous compile mistake! Ted. Appended Menu Items x64.exe Appended Menu Items x32.exe
  21. 2 points
    It builds a lot on your previous crackmes. So, most of the answers are already there. 1) Finding first 2 checks - they are in 2 separate dynamic methods. You can simply patch those; 2) Third check is in yet another dynamic method. You can patch it, and play the game till the end. However, the game never shows success screen. I think it's a bug in the crackme, as I could not find any code that would set the required field; 3) There are different ways to get IL code of the dynamic method, for example, this breakpoint might help: 4) To patch crackme, you need to understand how it stores information about dynamic methods. See previous crackmes and solutions for some details and hints. 5) Also you'll need to understand how jit hook decrypts IL code. There's nothing original in it: VirtualProtect -> decrypt code in-place -> jit it -> encrypt code back -> VirtualProtect. Very easy to break in several different ways. So, attached are 2 different versions of solution. First solution patches all 3 checks, you can play the game till the end but not get the success screen. Second solution gives you instant win and shows success screen. Bonus: the secret "cheat" code is checked on timer procedure. If you type it quickly enough, it will show the playing field: minesweeper-solution-kao.zip
  22. 1 point
    Wouldn't it be possible to add a button or a checkbox when posting a reply, saying something like "Are you posting an answer, or a general comment?" And then if the reply is an answer, you can moderate it to make sure it is complete. If it's just a general reply or asking for details, allow the system to post it, and review it later. I don't think people would abuse the system just to get their incomplete answers public for a few minutes/hours.
  23. 1 point
    I remember how I looked at a lot of UI controls when the source code to Windows 2000 was leaked. It would have been nice to always start your owner drawing with the default Windows handling and then customize it as needed given that they handle all sorts of things like accessibility, etc in there which are easy to forget about or overlook. In this case, probably they are just using the system default transparency color which you can look up, and doing some sort of transparency mask with it possibly with a special brush pattern. A simple system call and GDI call but the exact manner of doing it would possibly require RE. Or you can go your own route and forget how Windows does it which has been the normal way. Have you taken a look at the Windows 2000 source code??? Probably it has your answer.
  24. 1 point
    If I understood you correctly this is similar to how it was prior to the change. Many members complained replies to challenges were all becoming an uploaded unpacked file or completed crackme, with no information on how it was achieved stating "unpacked", "done!", etc. This system only fueled the glory seekers. A suggestion was to deter this from happening to encourage the sharing of information on how these are solved. Unfortunately there is no automated system that can determine a genuine reply to one that is a completed solution with no information. All these need to be manually reviewed and approved. Regarding those replies that are hidden, this is a compromise to the glory seekers. To be clear, any replies that are discussing the challenge and not containing the solution are all approved. It is not a perfect system for managing these forums, I am fully aware of this. It is a compromise between the wishes of other members, capabilities of the forums software and the moderating team. If it was not for the time waiting for review and approval and the lack of understanding why posted solutions have been hidden none of this would be up for discussion... Ted.
  25. 1 point
    @LCF-AT alternative, if u like to have the status labels etc. w/o bgimage @: you can search @ T:\Program Files\brave\73.2.17.13\brave_resources.pak for : background-image: url(${e=>e.background}); and whitespace it. -- this is the brave_new_tab.js (694kb) each time new open a new tab, loads this!! https://www17.zippyshare.com/v/Ufg3tbew/file.html
  26. 1 point
    I made a small tutorial (originally published on Training Circle forum) about keygenning a recent ATM malware sample who passed our gate. this is addressed to beginners. keygenning.dispcash.19.tutorial.zip
  27. 1 point
    do you even google? https://superuser.com/a/1266695
  28. 1 point
    Sometimes I think Opera is run by a bunch of idiots. I've been using Opera since it was built on Presto engine. They break old versions compatibility without a blink of an eye, I have lost my favourites countless times by upgrading previous version of Opera, it was gone like that - hundreds of bookmarks, since then I have stopped using it at all. Then I have switched to this Chrome based version (just because I was too used to right mouse gestures) and I hate it, they change colors like this pink shit, they change the way startup window is shown (speeddial), they have added some artificial animations after opening a new tabs, it's not possible to assign keyboard shortcuts to many actions (why?). I have contacted with them on their Twitter support many times with bug reports, filed their forms to report bugs - no response at all... You should see their support forums, many people are upset about their "breaking changes" and they don't do anything about it. I'm thinking about moving to Vivaldi, looks like much more customizable version.
  29. 1 point
    You got to start ManagedJitterFr4 (for Confuser) on NetBox 4.0; after that just Jit button when the first assembly is logged - first assembly is the main assembly.
  30. 1 point
    Just a quick thought/idea ... did you try to put/apply owner-draw flag also for menu item in resources? This way it should send/call the WM_MEASUREITEM for every items and your processing should be the same. [EDIT] Sorry, re-reading your message, you're already using ownerdrawn flag for your menu in resources ... so my previous answer is not useful. Anyway, itemData is a "place" to put custom information and, by default, as far as I remember, it should be empty/uninitialized and/or system-reserved ... unless you put something in it. That's why you actually *have to* modify the resources' menu to set it explicitly. I found this maybe useful quote: https://docs.microsoft.com/en-us/windows/desktop/menurc/using-menus You created popup menu straight by code, right (not using resources) ? You could use the SetMenuItemInfo (as suggested in the quoted link) to set only the itemdata ... without having to re-set the item text again. -- It's a lot I don't play with this stuff, so everyone is very welcome to correct me Best Regards, Tony
  31. 1 point
    Run original exe with NETBox 4.0 forget to specify version 4.0: https://forum.tuts4you.com/topic/39321-netbox/ Dump .NET exe main module with MegaDumper: https://forum.tuts4you.com/topic/24087-dotnet-dumper-10/page/3/?tab=comments#comment-177260 You should load original exe with dllsaver: https://forum.tuts4you.com/topic/39871-dllsaver/ As for ILProtector unpacking I've used a private tool I won't share!
  32. 1 point
    Step 1: Few notes: is used .NET module trick; you can dump the .NET module with memcpyLogger, You just have find to the first the block which starts with MZ. You get the module assembly entry point token with ConfuserExConstant.exe - as file input you enter original protected file, The Entry Point Token value is 600009C Tools used: https://www115.zippyshare.com/v/HETHPm4D/file.html Step 1: Dumping .NET module explained before; Step2: Confuser Exceptions Restore - anti-tamper: - this is for decrypting MSIL: https://forum.tuts4you.com/topic/41025-confuser-exceptions-restore-anti-tamper It works just fine you must unmark "Invoke EP" and "Patch Anti-tamper". So after we nop first method from <Module>.ctor - this was the anti-tamper; we also fix the entry point of koi module with 600009C Here is the partial unpacked exe: https://www8.zippyshare.com/v/M78VMowQ/file.html or string decryption I've used this: https://github.com/cawk/ConfuserEx-Static-String-Decryptor/releases Check/Mark "Invoke". For c-flow I've used ConfuserExSwitchKiller. ConfuserExCallFixer.exe for inline methods. Here is completly deobfuscated exe: https://www119.zippyshare.com/v/YFwpUuCv/file.html private void method_1(object sender, EventArgs e) { if (this.textBox_1.get_Text().Length >= 5) { string str = this.textBox_1.get_Text(); if (!Directory.Exists(@"Data\\License")) { MessageBox.Show("Password was not found!", str); } else { StreamReader reader = new StreamReader(@"Data\\License\license.dat"); reader.ReadLine(); string str3 = reader.ReadLine(); reader.Close(); if (Class7.smethod_1(str3) == this.textBox_1.get_Text()) { MessageBox.Show("Good Job !"); } else { MessageBox.Show("password is wrong!"); } } } else { MessageBox.Show("Password is invaled or too short!"); } } public static string smethod_1(string string_2) { byte[] inputBuffer = Convert.FromBase64String(string_2); AesCryptoServiceProvider provider = new AesCryptoServiceProvider { BlockSize = 0x80, KeySize = 0x100, Key = Encoding.ASCII.GetBytes(string_1), IV = Encoding.ASCII.GetBytes(string_0), Padding = PaddingMode.PKCS7, Mode = CipherMode.CBC }; ICryptoTransform transform = provider.CreateDecryptor(provider.Key, provider.IV); byte[] bytes = transform.TransformFinalBlock(inputBuffer, 0, inputBuffer.Length); transform.Dispose(); return Encoding.ASCII.GetString(bytes); }
  33. 1 point
    Unpacked! pass:
  34. 1 point
    REDasm 2.1 released https://github.com/REDasmOrg/REDasm/blob/master/CHANGELOG.md
  35. 1 point
    http://eprints.networks.imdea.org/1959/1/An_Analysis_of_Pre-installed_Android_Software_2019_EN.pdf
  36. 1 point
    I am still not entirely sure what it is you are trying to achieve, I think you may be over-complicating things. If you are setting a custom colour scheme for a window and menus it will be much easier to access those colour values somewhere since you already know them. If you are owner drawing menus on each WM_DRAWITEM there will be no colour values to find unless they have been created. If you know the window coordinates or have a handle to a device context of a bitmap you could use GetPixel function... Ted.
  37. 1 point
    Don't let me son find out about this... 😉 Ted.
  38. 1 point
    World of Goo is currently free at the moment... Ted.
  39. 1 point
    Bug? x32dbg wrong address.
  40. 1 point
    https://www.zdnet.com/article/hacker-holding-git-repositories-for-ransom/ https://security.stackexchange.com/questions/209448/gitlab-account-hacked-and-repo-wiped == Download all of your GitHub data - https://github.com/settings/admin
  41. 1 point
    Unpacked! 1. Used dnspy to remove antitamper and the calls 2. converted all integer values that has something to do with strings ex: "epic".Length (my tool) 3. Resolved all SizeOf values with my tool 4. Calculated all math calls like Math.Truncate or Math.log10 with my tool 5. used de4dot to calculated the remaining stuff to get the field values. 6. grabbed the field values and removed the fields(marked as empty Types) with my tool 7. removed the cos and junk call that will always return 0 with any uint value you use in the parameter also marked as(marked as empty Types) (my tool) 8. cleaned the rest of math calculations with de4dot 9. TheProxy used his cflow killer to kill all the cflow Credits: TheProxy - Helping to remove the Cflow Mighty - helped me to get the types from operand (for sizeOf resolver) Autori and Blank - for tips pass: 1830 Screenshot: File: CrackMe3-StrToIntResolved-SizeOfRemoved-SysMathCallFixed-cleaned-EmptyTypesRemoved-EmptyTypesRemoved-cleaned_unpacked-StringDec-Cleaned.exe
  42. 1 point
    Language : .NET Platform : Windows x86 OS Version : All Packer / Protector : ConfuserEx Modded Description : Can you see the code? UnPackMe.exe
  43. 1 point
    I would check your gradient structure and rectangle work area dimensions are correctly sized. Make sure you have no other drawing events going on in the device context - before or after drawing the rectangle. Can you try drawing your bitmaps when your program starts up as it seems a bit unnecessary redrawing them on each WM_DRAWITEM event? If you are going to add frames remember to do this after you have filled the rectangle with your gradient... Ted.
  44. 1 point
    You will need to give me a bit more info on the first problem. How are you filling the round rectangle area and when? Regarding the second problem. After filling the rectangle create a pen and define its width, PS_SOLID should work fine. Then select it for the device context and then redraw the round rectangle... Pen = CreatePen_(#PS_SOLID, 2, $0) SelectObject_(bmpHDC, Pen) RoundRect_(bmpHDC, r\left, r\top, r\right, r\bottom, 128, 128) Ted.
  45. 1 point
    https://www.bleepingcomputer.com/news/microsoft/windows-10-start-menu-gets-its-own-process-in-build-1903/ This should have happened a long time ago though it could be an indication Start is becoming bloated under Windows 10... Ted.
  46. 1 point
    LCF-AT is a woman that doesn't like the pink color... strange! Maybe is just that specific pink color.
  47. 1 point
    useless ... offline I think it is better https://chrome.google.com/webstore/detail/quick-bookmark-cleaner/ljfgijlbekebdhniagdekklbmmchhjja
  48. 1 point
    If you think a website is not worthy of a unique and strong password you may as well use a 10 minute throwaway email address to register - or a shared account. I think it good practice to be encouraging users in general and of websites to use and enforce unique and strong passwords. A website may be valuable to you and not to others. The option shouldn't be left open for a person whom values a site risk losing it from using a weak password because there are other users out there that don't care what they use... Ted.
  49. 1 point
    https://github.com/Pigrecos/Z34Delphi My new repository for using Z3 in delphi(porting z3 c api to delphi). I tried and there were no tools for symbolic execution in delphi
  50. 1 point
    thought I would post this since it's extremely useful for working on some embedded targets. the basic principle is you use a cheap logic analyzer to intercept read requests to the chip ( usually from the microprocessor of your target ) since some designs they store special information in small chips on PCB, like serial number, password, settings, etc. after the CPU reads all the addresses its interested in over the SPI or I2C bus your logic analyzer sees the waveforms and captures the data. then this utility will convert the logic analyzer file to a binary dump of the chip by reconstructing the flash memory contents so you can see what's inside and load into IDA. very useful source code and intro https://github.com/alainiamburg/sniffROM/wiki/Getting-Started https://github.com/alainiamburg/sniffROM
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up
×
×
  • Create New...