Leaderboard

You still alive? What this blue 🤔 anyway is good to see you after 2 years

@ro0t I traced your obsfuscations, IAT, and sections, no brute force. I found static strings such as Nickname, serial key, etc., in the rdata section. The main function was to set up the stack frame and then jump to the .ll section with MBA chains. I spent a while trying to make sense of it, but got nowhere with it. So, I wrote a small emulator to fake out the Windows structure (honestly, I am not on Windows these days), .a2l runtime needs (TED/PEB/LDR it walks to resolve the VirtualAlloc, which is kind of neat) and hooked IAT functions. Figured out the program does malloc for parsing the input serial bytes, then malloc for a 16-byte buffer where it stores the result of some custom 128-bit hash over the nickname, and the comparison between the two is done inline, so you can't just set a breakpoint to check. And then I read the computed hash from the heap, and that's your serial. I think it's really solid work. The MBA transforms did their job; I genuinely could not recover the logic. The .a2l runtime with its own stack and PEB walking dispatcher is a nice touch too. The thing that let me bypass all of it was that the I/O boundary is still clean and IAT calls to printf, fgets, and malloc are right there unprotected, so hooking them gives you the inputs and outputs without having to understand anything in between.

My malware collection: Here is a collection of malwares. Not a complete collection LOL :-) The collection include HTML infector, MP3 infector, a Ramsoware (and some analyzes of it), Zip password is INFECTED or infected alternative download link: https://workupload.com/file/hBttkmGhc9S InfectedCollection.rar

r00t0 KeygenMe v4 Difficulty: 5 Language: C GCC Platform: x64 OS Version: Windows 10+ Packer / Protector : Selfmade Description : Implement keygenme that generate a serial derived from a nickname. Also demonstrate a generator that, given a nickname, produces the correct serial. I used my own tool that I've been developing for two years. It started as an optimizer, but I’m now experimenting with the reverse idea — using it to help with obfuscation and code retranslation. File Information Submitter r00t0 Submitted 11/02/2025 Category KeygenMe View File

Okay, that’s the correct key. Did you use any tool or just brute-force it?

Nice one, have to give you credit for your obsfuscator: Key

Eazfuscator.NET v2025.01 File protected by eazfuscator v2025.01 having Code Virtualization enabled. Find registration combination and reply it with the success message! File Information Submitter whoknows Submitted 07/22/2025 Category UnPackMe (.NET) View File

What Apis can be used for deleting a file or a folder? Can someone list most of them or all of them?

Some have already been included from @fearless API/Library Function/Method Language/Framework Notes Windows API (Native) DeleteFileA() / DeleteFileW() C/C++ Low-level, Unicode support with W variant. Only deletes files, not directories. Windows API (Native) RemoveDirectoryA() / RemoveDirectoryW() C/C++ Deletes empty directories only. Must be empty first. Windows API (Native) SHFileOperationA() / SHFileOperationW() C/C++ High-level Shell API. Can delete files/folders recursively with flags like FO_DELETE. Supports recycle bin. Windows API (Native) IFileOperation COM Interface C/C++ Modern replacement for SHFileOperation(). Better for recursive deletion and recycle bin support. MSVC Standard Library std::filesystem::remove() C++17+ Deletes a single file or empty directory. MSVC Standard Library std::filesystem::remove_all() C++17+ Recursively deletes files and directories. Qt Framework QFile::remove() C++ (Qt) Deletes a single file. Cross-platform. Qt Framework QDir::removeRecursively() C++ (Qt) Recursively removes a directory and all contents. Cross-platform. Qt Framework QDir::rmdir() C++ (Qt) Removes an empty directory only. .NET Framework File.Delete() C# / VB.NET Deletes a single file. .NET Framework Directory.Delete() C# / VB.NET Deletes a directory; optional recursive parameter for contents. Python (stdlib) os.remove() Python Deletes a single file. Python (stdlib) os.rmdir() Python Removes an empty directory. Python (stdlib) shutil.rmtree() Python Recursively removes a directory tree.

DeleteFile DeleteFileA: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-deletefilea DeleteFileW: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-deletefilew RemoveDirectory RemoveDirectoryA: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-removedirectorya RemoveDirectoryW: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-removedirectoryw SHFileOperation SHFileOperationA: https://learn.microsoft.com/en-us/windows/win32/api/shellapi/nf-shellapi-shfileoperationa SHFileOperationW: https://learn.microsoft.com/en-us/windows/win32/api/shellapi/nf-shellapi-shfileoperationw SHFILEOPSTRUCT (for SHFileOperation) SHFILEOPSTRUCTA: https://learn.microsoft.com/en-us/windows/win32/api/shellapi/ns-shellapi-shfileopstructa SHFILEOPSTRUCTW: https://learn.microsoft.com/en-us/windows/win32/api/shellapi/ns-shellapi-shfileopstructw

Overview:TitanHide is a driver intended to hide debuggers from certain processes.The driver hooks various Nt* kernel functions (using inline hooks at themoment) and modifies the return values of the original functions.To hide a process, you must pass a simple structure with a ProcessID andthe hiding option(s) to enable to the driver. The internal API isdesigned to add hooks with little effort, which means adding featuresis really easy.Features:- ProcessDebugFlags (NtQueryInformationProcess)- ProcessDebugPort (NtQueryInformationProcess)- ProcessDebugObjectHandle (NtQueryInformationProcess)- DebugObject (NtQueryObject)- SystemKernelDebuggerInformation (NtQuerySystemInformation)- NtClose (STATUS_INVALID_HANDLE exception)- ThreadHideFromDebugger (NtSetInformationThread)Test environments:- Windows 7 x64 (SP1)- Windows XP x86 (SP3)- Windows XP x64 (SP1)Installation:1) Copy TitanHide.sys to %systemroot%\system32\drivers2) Start 'loader.exe' (available on the download page)3) Delete the old service (when present)4) Install a new service5) Start driver6) Use 'TitanHideGUI.exe' to set hide optionsNOTE: When on x64, you have to disable PatchGuard and driver signature enforcement yourself. Google is your friend Repository:https://bitbucket.org/mrexodia/titanhide/ Downloads: https://bitbucket.org/mrexodia/titanhide/downloads Feel free to report bugs and/or request features. Greetings, Mr. eXoDia TitanHide_0001.rar loader.rar

Don't ask to unpack commercial software, you already ask to unpack commercial software many times, and ask to update ILProtector & SMD_Agile & SMD_Virbox to help you earn money. You earn money from clients by those unpacked files and tools but the developer @CodeExplorer earn nothing.