Leaderboard

It's that time of the year again. It seems we're starting September 26 8PM EST again with a return to Web3 and YARA as well. Four weeks instead of six this year... I wonder what the reason for this is. 🤔 https://flare-on.com/

damn it! this is GENIOUS! (instead of WinAPI old dirty crap!!!) easy! just read the docs :) built a binary using that multi-precision lib: (left vs last build fom @Stuttered ) FileSizeCALC_0.0.11.zip

Those with keen eyes may have already noticed there has been a change to the board, it has now been updated to Invision Community 5. If you see an issue somewhere please let me know and I'll have a look at fixing it up... Ted.

Click on your username at the top of the board and select, "Mark all content as read". It is now as wide as the default theme allows. Is this better? Ted.

Seems like we have a winner! 👍

Update v0.0.10. Thx @jackyjask for pointing to the BigNumber library and assist. See attached. FileSizeCALC_v0.0.10.rar

0826.mp4https://www.youtube.com/watch?v=D1uc1u2d3Dw&t=161s

Some screenshots... Ted.

@Stuttered the formatting using Code Blocks seems to be working okay here... using System; using System.IO; using System.Windows.Forms; namespace FileSizeCalculator { public partial class Form1 : Form { private TextBox outputTextBox; public Form1(string filePath = null) { // Set form properties this.Text = "File Size Calculator"; this.Size = new System.Drawing.Size(400, 350); this.AllowDrop = true; this.DragEnter += Form1_DragEnter; this.DragDrop += Form1_DragDrop; // Create a label for instructions Label instructionLabel = new Label { Text = "Drag and drop a PE file here or onto the desktop icon.", AutoSize = true, Location = new System.Drawing.Point(10, 10) }; this.Controls.Add(instructionLabel); // Create a multiline TextBox for output outputTextBox = new TextBox { Multiline = true, ReadOnly = true, ScrollBars = ScrollBars.Vertical, Location = new System.Drawing.Point(10, 40), Size = new System.Drawing.Size(360, 250) }; this.Controls.Add(outputTextBox); // Process file if provided via command-line (desktop icon drop) if (!string.IsNullOrEmpty(filePath)) { ProcessFile(filePath); } } private void Form1_DragEnter(object sender, DragEventArgs e) { if (e.Data.GetDataPresent(DataFormats.FileDrop)) { e.Effect = DragDropEffects.Copy; } } private void Form1_DragDrop(object sender, DragEventArgs e) { string[] files = (string[])e.Data.GetData(DataFormats.FileDrop); if (files.Length > 0) { ProcessFile(files[0]); } } private void ProcessFile(string path) { outputTextBox.Text = string.Empty; if (!File.Exists(path)) { outputTextBox.Text = "File not found."; return; } // Check if it's a PE file (starts with 'MZ') bool isPE = false; try { using (FileStream fs = new FileStream(path, FileMode.Open, FileAccess.Read)) { byte[] header = new byte[2]; if (fs.Read(header, 0, 2) == 2 && header[0] == 77 && header[1] == 90) // 'M' and 'Z' { isPE = true; } } } catch (Exception ex) { outputTextBox.Text = $"Error reading file: {ex.Message}"; return; } if (!isPE) { outputTextBox.Text = "The dropped file is not a valid PE (Portable Executable) file."; return; } FileInfo fi = new FileInfo(path); long sizeInBytes = fi.Length; // Units and descriptions (binary prefixes: 1024-based) var units = new[] { new { Name = "Bytes (B)", Description = "1 Byte = 8 bits", Divisor = 1.0 }, new { Name = "Kilobytes (KB)", Description = "1 KB = 1024 Bytes", Divisor = Math.Pow(1024, 1) }, new { Name = "Megabytes (MB)", Description = "1 MB = 1024 KB = 1,048,576 Bytes", Divisor = Math.Pow(1024, 2) }, new { Name = "Gigabytes (GB)", Description = "1 GB = 1024 MB = 1,073,741,824 Bytes", Divisor = Math.Pow(1024, 3) }, new { Name = "Terabytes (TB)", Description = "1 TB = 1024 GB = 1,099,511,627,776 Bytes", Divisor = Math.Pow(1024, 4) }, new { Name = "Petabytes (PB)", Description = "1 PB = 1024 TB = 1,125,899,906,842,624 Bytes", Divisor = Math.Pow(1024, 5) } }; string output = $"File: {Path.GetFileName(path)}\r\n\r\nFile Size Breakdown:\r\n"; foreach (var unit in units) { double sizeInUnit = sizeInBytes / unit.Divisor; output += $"{unit.Name}: {sizeInUnit:F2} ({unit.Description})\r\n"; } outputTextBox.Text = output; } } static class Program { [STAThread] static void Main(string[] args) { Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); string filePath = args.Length > 0 ? args[0] : null; Application.Run(new Form1(filePath)); } } }Ted.

Hi again, fixed negative numbers bug (or I think that it is fixed 😅) fixed thousand delimiter bug (I hope its work in your system 🤞) added support directories 🤓 source included as before 👇 ShowFileSize__3.rar

Why? I don't depend on anyone.

Completely unpacked. unpacked.exe

just DO it :) © any action

The tool was designed for obfuscated code, not for handling standard code with external calls (iat, etc.). So, when splitting blocks, an address will likely be invalid. There's nothing stopping you from implementing and adding new features to the code. procedure TCFG_Analysis.SplitBlock( split_addr: UInt64); (* Split basic block @ split_addr and create a new basic_blocks[] entry. *) var bb_head,orig_head : UInt64; instr : TCfGIns; tmpIns : TIns; begin OutDbg( Format('>Function:SplitBlock - Entry splitting @ [%08x] ',[split_addr])); if Fbasic_blocks.ContainsKey(split_addr) then Exit; bb_head := split_addr; orig_head := DFSBBSearchHead(split_addr); if orig_head = 0 then begin OutDbg(Format('>Function:SplitBlock - Failed @ [%08x]: orig_head=None ',[split_addr])); // raise Exception.Create('SplitBlock: orig_head not found'); end; OutDbg(Format('>Function:SplitBlock - Got orig_head [%08x] ',[orig_head])); // Create new BBlock Fbasic_blocks.Add(bb_head,[]) ; if Length(Fbasic_blocks[orig_head]) > 0 then begin tmpIns:= Fbasic_blocks[orig_head]; instr := tmpIns[ High(Fbasic_blocks[orig_head]) ]; SetLength(tmpIns, Length(Fbasic_blocks[orig_head])-1); Fbasic_blocks[orig_head] := tmpIns; end else Exit; while True do begin tmpIns:= Fbasic_blocks[orig_head]; Insert(instr,tmpIns,0 ); Fbasic_blocks[orig_head] := tmpIns; if instr.OriginEA = bb_head then break ; tmpIns:= Fbasic_blocks[orig_head]; instr := tmpIns[ High(Fbasic_blocks[orig_head]) ]; SetLength(tmpIns, Length(Fbasic_blocks[orig_head])-1); Fbasic_blocks[orig_head] := tmpIns; end; OutDbg(Format('>>Function:SplitBlock - Split @ [%08x]; original @ [%08x]',[split_addr,orig_head])); end;

Only because this is how the online app does it, I guess? this — PostimagesApp still needs some clean up, and the stretchable is fine. The internal VER I don't care about atm. Nice! I'll take a look at the changes.

mitigated big numbers/overflows FileSizeCALC-0.0.8custom.zip

Hmmm... Not sure I can do that, but I'll take a look. Here is v0.0.7. FileSizeCALC_x86_v0.0.7.rar

Hi, Added some lazy codes Fixed some bugs (and added new ones 😅) . ShowFileSize__4.rar

Okay, here is a TEST version. I had to change the code to handle Big Number calculations, which sucked. See attached (if I can get this to work, I'll look at other requests by LFC-AT). FileSizeCALC_TST.rar

@Teddy Rogers hi! there are fresh issues/complains on forum upgrade over here -> https://forum.tuts4you.com/topic/45674-do-you-know-any-file-size-info-calculation-tools/#comment-226676

You are welcome. It was a good exercise! v0.0.3 is attached with SRC (minor bug fix). FileSizeCalc_v0.0.3.rar

@Stuttered Thank you for the new tool version. Now it looks better and I can use the comma to enter more precise values.Drag & Drop works too but only for single files. All in all you both made a nice tool so far I can use offline. 🙂 I'm really not into Math at all and never was! 🙃 greetz

@Stuttered bug report

Latest attempt to get as close to the web site as possible. See attached PE and SRC. pic — Postimagespic2 — PostimagesFileSizeCalc.rar

Hi guys, thanks for feedback so far. @h4sh3m Thanks for version 2 but its still buggy. If I enter 2 & GB I get this results... Bit: 17179869184 Byte: 2147483648 KB: 2.097.152,000000000000000 MB: 2.048,000000000000000 GB: 2,000000000000000 TB: 0,001953125000000 PB: 0,000001907348633 ...and if I copy & paste the GB results or just enter 2,0 I get this... Bit: 171798691840 Byte: 21474836480 KB: 20.971.520,000000000000000 MB: 20.480,000000000000000 GB: 20,000000000000000 TB: 0,019531250000000 PB: 0,000019073486328 ...whats not so correct. 🙂 @Stuttered Yes similar like or the website like I did post. In your image the results looking very unclean to have a good overview. Even I need to have some manually entering option. So normally there are apps for everything so why the heck I don't find any tool for this calc stuff? One more question, so I always find sometimes those online tools to convert stuff or whatever etc, some nice handy tools but just online only. Is it possible to save that webpage and make some kind of standalone quick loading app etc? PS: Why are the code in code tags (inline?) looks so strange now / too much space between the lines? I also don't see any preview button anymore on that new style! greetz

what's the problem using code sections? eg using System; using System.IO; using System.Windows.Forms; namespace FileSizeCalculator { public partial class Form1 : Form { private TextBox outputTextBox; .... But generally I agree - in the past there were more options to insert source code.... @Teddy Rogers it is a limitation of new upgraded forum board? hmmm why do you need to do that check? the orignal idea was to measure any file in size...

Is this of any use TreeSize?

1st bug report: (ver 2) one more (feature req or bug?) when drag-n-drop a Folder the app accepts it, but does nothing... possible to calc folder as well?

Hi, Added multi file support and replaced float input with integer :) source included as before. ShowFileSize__2.rar

Hey @h4sh3m, thank you for doing this. The tool looks nice and handy so far for a quick offline use. :) 🙂 Only issue I see it that comma or dot is not allowed to use to enter manually "Error occured in getting number !". Do you think you could add this little extra feature too in next version? I would like to copy any of those results I get and paste it into edit control and calc with just for checking etc. But for the moment the tool is nice so far. Just does bother me to get online every time I need to calc something. Thank you. PS: Drag & Drop works also nice. Could you make it doable for multiple files too to add the sizes into result box? Just if possible. greetz

Hi, Your referred online tool is not perfect (2^10 != 1000) :| Made a simple tool for you (source in delphi/pascal included). ShowFileSize.rar

toro sentinel logger work over sentinel driver (support LPT/USB) can show the screen shoot for us? also can try pva-based dumper with some mod try to use old sspro driver v5.39

Old version vmp unpack tools pls share version is v.1, v.2 any idea

does it have an option to become flexible? (eg depends on current browser width?) or thats too much as for 2025 the age of AI and robots :) if you click the bell (top right corner) magic gonna happen :)

https://blog.gapotchenko.com/eazfuscator.net/homomorphic-encryption-of-code "The data encryption guarantees that data remains unobservable unless an observer knows the key. The key is selected to be a large enough number (or blob of data) that is extremely hard (i.e. impossible) to brute force." if (Hash(input) == hash) { RunInstructions(key: input); //Decrypts and runs VM Instructions according to the given output (Just a representative example) } So, my tool has no support for homomorphic encryption, the only way is brute-force and god knows how long will it take.. it's rare in a software protected with eazfuscator though. @whoknows

Devirtualized except 0x06000128 cause of the homomorphic encryption. WindowsFormsApplication41-devirt.exe

Some other protection can be done with Slayer, I just did a bit update task for my devirt tool so everything is file there WindowsFormsApplication37_Slayed.NoNetReactorVM.exe.zip

###

Actually nice KeyGenMe but there are a bit of unknowns to be honest,i deobfuscated it and tried replicating your vm_mixer ( vm_math ) however you want to call it,only issue is i cant see what exact key lenght should be. Are there any hints for this KeyGenMe?

У меня есть скомпилированный проект на Python с Themida. Я хочу, чтобы кто-то помог мне сначала удалить или обойти защиту Themida, чтобы я мог выгрузить исполняемый файл или извлечь код. Кроме того, я хочу обойти проверку HWID (идентификатор оборудования), но я не думаю, что возможно обойти систему HWID без предварительного удаления или обхода Themida. I have a compiled project in Python with Themida. I want someone to help me first delete or bypass Themida protection so I can unload the executable file or remove the code. Also, I want to bypass the HWID (employment identifier), but I don’t think it’s possible to bypass the HWID system without prior removal or bypass Themida.

what have you done? what are current results what tools were used etc

Fixed unpacked.zip

what exactly?

If anyone is interested, I can share the EXE file for analysis or help with unpacking.

It is not hard to update dnlib, maybe 8/10 fixes on de4dot and it will work. Tomorrow I will share my updated de4dot-cex with you.

Rules: 1. Unpack first (extra, optional: devirtualize will get extra respects) 2. Do whatever you want after unpack, as long as ":3" MessageBox appear :3 3 (extra, optional). Extract the splash screen (no screenshot pls) Note: Flags is now different. Just want to see how long ppl will crack the latest 3.2.0.0 version of WinLicense... WL Protection: - Anti-Debugger - Advanced API-Warping - Compress And Encrypt (all 3 options) - Full Encrypt Strings - Detect File/Registry Monitor - Entry Point Virt - Anti File Patching - Perform Protection Check - VMware/Virtual PC Allowed - Four Two macros WLVM: - DOLPHIN32 (White) - FISH32 (Red, White) - TIGER32 (White) Splash screen by eintim23 (not in tuts4you), thank you. LargerThanColonThree.zip

@wilaper No, I can not do it. 'cause that I do not have it. but I have the winlicense v3.1.3.0 x86 x64. Regards. sean.

Unpacked and patched (accepting any input) ok.exe

UNPACKED WITH DE4DOT Unpacked.exe

hello, I'm trying on a dll, but de4dot can't unpack, can you advise me how to solve? thanks