Leaderboard

Its been ages since I wrote that bitmap control. Couldnt even remember it, had to go look up the source. Compiled libwebp.lib with standard call. Created the include file, and some definition files for WinASM and RadASM. Example RadASM project included. Loads a webp image that is stored as a resource. The bitmap control thing made the image a bit funny with the StretchBlt so i took out all that stuff and just sent the hBitmap to a SS_BITMAP static control instead using STM_SETIMAGE message. Probably best to use a static SS_BITMAP control or see if there is some other bitmap control as that one is old and probably could do with rewrite or fixing. Edit: Actually I realized that I had created a static control and also used the bitmap create control and thus is was clipped behind the static control, so I thought it wasn't working properly, and was only showing a small part of it, when the static control was covering the other control. So should be fine to use that control library if you wanted. libWebPTest.zip

You Chinese are showing off again. Hurry up and upload the patch

The reason hBitmap is returning 0 is because GdipCreateBitmapFromScan0 doesn't return a Windows handle—it returns a GdiPlus Object Pointer. To make it work with a standard control, you need a "bridge" to convert that object into a real HBITMAP. Here is the corrected flow for your code: The "Stride" (edx) The imul edx, 4 is mandatory. It tells GDI+ that each row of pixels is Width * 4 bytes long (32-bit BGRA). If this value is 0 or incorrect, the function will fail with error 2 in EAX. The conversion Bridge, You need to call GdipCreateHBITMAPFromBitmap to get a handle that BitmapControlSetBitmap can actually understand. ; 1. Create the GDI+ Object from raw WebP pixels invoke GdipCreateBitmapFromScan0, imgW, imgH, edx, PixelFormat32bppARGB, pPixels, addr pGdiObj .if eax == 0 ; Check if GDI+ returned 'Ok' ; 2. Convert GDI+ Object -> Standard Windows HBITMAP invoke GdipCreateHBITMAPFromBitmap, pGdiObj, addr hBitmap, 0 ; 3. Use the hBitmap (now it won't be 0!) invoke BitmapControlSetBitmap, hBMC, hBitmap, TRUE ; 4. Clean up the GDI+ object (the hBitmap stays valid) invoke GdipDisposeImage, pGdiObj .else ; If EAX is 1: GDI+ is not initialized ; If EAX is 2: Invalid Parameter (check imgW/imgH/Stride) .endif ; 5. Don't forget to free the WebP DLL buffer push pPixels call [_WebPFree] Make sure your lib calls GdiplusStartup before this.Double check that PixelFormat32bppARGB is defined as 0026200Ah.Always check EAX right after the call to see the specific error code. Price h_h

Hi! Yes, you've got the right API. In MASM, you should use WebPDecodeBGRA instead of WebPDecodeRGBA because Windows GDI/GDI+ uses the BGRA (Blue-Green-Red-Alpha) byte order.Here is the minimal setup for your code: The Prototype (Include this in your .inc): externdef WebPDecodeBGRA : proto :ptr byte, :size_t, :ptr dword, :ptr dword externdef WebPFree : proto :ptr byte The Logic: You cannot call BitmapFromMemory after decoding, because BitmapFromMemory expects a compressed file format (JPG/PNG). Since WebPDecodeBGRA returns raw pixels, you need to create the Bitmap object directly from those pixels. Example Flow: .data imgW dd 0 imgH dd 0 pPixels dd 0 .code ; 1. Get raw pixels from WebP memory buffer invoke WebPDecodeBGRA, pMemoryBuffer, BufferSize, addr imgW, addr imgH mov pPixels, eax .if eax != 0 ; 2. Create the GDI+ Bitmap from raw pixels (32bpp BGRA) ; Since you use Fearless's lib, check if he has a "BitmapFromRaw" ; or use GdipCreateBitmapFromScan0 directly: mov edx, imgW imul edx, 4 ; Stride = Width * 4 invoke GdipCreateBitmapFromScan0, imgW, imgH, edx, PixelFormat32bppARGB, pPixels, addr hBitmap ; 3. Use your BitmapControl functions with the new hBitmap invoke BitmapControlSetBitmap, hControl, hBitmap ; 4. Cleanup the buffer allocated by the DLL invoke WebPFree, pPixels .endif Note on DLLs: You only need libsharpyuv.dll if you are encoding. For decoding only, libwebp.dll is usually enough if it was compiled with static dependencies.I'll try to pack the .inc and .lib for you in my next post if you still need the pre-made files! Price h_h

Hi LCF_AT The issue is that BitmapFromMemory relies on GDI+, which doesn't natively support WebP. To fix this in MASM:Use libwebp.dll: It's the simplest way. Call WebPDecodeBGRA to get raw pixels from your memory buffer.Convert to HBITMAP: Once you have the raw BGRA pixels, use CreateBitmap or CreateDIBSection to make it compatible with Fearless's lib.WIC: Alternatively, use Windows Imaging Component (COM), but it's a headache in ASM.Quick logic: WebP Data -> WebPDecodeBGRA -> Raw Pixels -> CreateDIBSection -> Success!If you need the .inc prototypes for libwebp, let me know. Price h_h

I found the way I have define that struct in MASM64: MODULEINFO STRUCT lpBaseOfDll DQ ? ; Base address of module SizeOfImage DQ ? ; Size of the module in bytes EntryPoint DQ ? ; Entry point of the module MODULEINFO ENDS GetModuleInformation return proper value.

Hi guy's, I did notice that I can't use the BitmapFromMemory function when having a webp image in memory. Does anyone know whether there is an update function which can also deal with that format? Otherwise, how can I convert the image webp data in memory into an bitmap or other format the BitmapFromMemory can work with? I'm using the BitmapControl lib from fearless. PS: MASM greetz

The library was compiled for x86. You probably are using older visual c libs. Make sure you have the latest all in one Visual C++ Redistributable: https://www.techpowerup.com/download/visual-c-redistributable-runtime-package-all-in-one/ and also the Windows Universal C Runtime (CRT) : https://www.microsoft.com/en-us/download/details.aspx?id=50410 I took the libs from Visual Studio 2022 or Visual Studio Build Tools 2019 Backup any existing libs before overwriting them in case you need the old ones for older code. I uploaded both versions - Im using the 2019 ones from what I remember, but just in case i uploaded the 2022 one. Make sure you are using a more modern linker, rc etc - not the older one that comes with masm32 sdk. MSVC_(2019)_14.29.30133_lib_onecore_x86.zip - https://e.pcloud.link/publink/show?code=XZ9JuGZbdHRaD1XA2jBbtxh5J6d1jN1aTYy MSVC_(2022)_14.44.35207_lib_onecore_x86.zip - https://e.pcloud.link/publink/show?code=XZKJuGZBCQjAH8UovSBI6JMQumC7Jb5umx7

Hi! That LNK1112 error is a classic: you are trying to link a 64-bit library into a 32-bit (x86) project. If the .lib file Fearless sent you was compiled for x64, it will never work in your x86 environment. You need the x86 version of the library. How to fix it: Check the Lib: Ask Fearless if he has the 32-bit (x86) version of his library and libwebp.lib. Linker Settings: Ensure your build script has /MACHINE:X86 and isn't pointing to any x64 or amd64 folders in your SDK/VC paths. The _chkstk error: This usually happens because the library was built with a C compiler (Visual Studio) and expects the C Runtime (LIBCMT). If you want to bypass it in pure ASM, you can add a dummy stub: public __chkstk __chkstk: ret It's a pain when simple image handling turns into a battle of architectures, especially with all the "modern" restrictions piling up. Another: I’m hitting a brick wall with the target from your topic and the dongle protection is driving me crazy.Would you be open to helping me one more time to achieve a 100% clean unpack or a way to emulate it? Your expertise would mean the world to me.😚😚🤭 Price h_h

Hey guys, thank you very much for the new input and also the lib inc files with a text example @fearless. So I tested it first manually as you said @Price and it did work correctly now to get the image data displayed on static control. Even I really forgot to add the startup GDI function. So the test did work now so far. Now I tried to test your lib file / functions fearless but I get some error about the module type.. /SUBSYSTEM:WINDOWS /DEBUG /DEBUGTYPE:CV /VERSION:4.0 /INCREMENTAL:NO /DYNAMICBASE:NO ... LIBCMT.lib(_chkstk_.obj) : fatal error LNK1112: module machine type 'x64' conflicts with target machine type 'X86'...so is that lib only for x64? So you know I'm still just using x86. Or is it anything else? How to fix that? PS: Just can admit the statement on the image. One guy ruins everything and fornications up in its own dimension. But even the leaders in the UK got totally inside already by building walls of restrictions following Idiots ideas. Such a damn stupid nonsense what's going on these days. greetz

ldc.i4.s Mode 0 or 16 ldloc.s pass ldc.i8 salt StartHomomorphic Can you explain the difference between mode 0 and mode 16?

Ok thanks, so I tried this but does not work yet. I don't get any hBitmap value back just 0 at this address. I have this code... Invoke BitmapControlCreate, IMAGESTATIC_HANDLE, 00, 00, 450, 253, IDC_IMAGESTATIC mov hBMC, eax invoke BitmapControlGetBitmap, hBMC push offset imgH push offset imgW push filesize_image push section_bak call [_WebPDecodeBGRA] mov pPixels, eax mov edx, imgW imul edx, 4 ; <--- for whats that good for? invoke GdipCreateBitmapFromScan0, imgW, imgH, edx, PixelFormat32bppARGB, pPixels, addr hBitmap mov eax, hBitmap ; <--- 0 Invoke BitmapControlSetBitmap, hBMC, eax, TRUE...pretty harsh code now but just for testing. Any clue? I'm pretty rusty and can't remember anymore so much even forget some basic API's already. There is no BitmapFromRaw function. greetz

hekliet keygemne #1 Not much to say there. Valid solution is a keygen that produces a valid key for any given name. Binaries for Linux and Windows are provided. Plain C, no symbols stripped, compiled with -O0, so should be fairly easy to follow. Difficulty is medium. Or perhaps easy for someone with some math knowledge. Here are some valid keys: Name: hekliet Key: 3fec806bc9ce82d4c00ee01af273a0b5 Name: Tuts 4 You Key: 40105e5bb69056bd3fdc1a4496fa9430 Name: Guybrush Threepwood Key: 400e09a63ee6d3a2bfd94d31f7369d10 File Information Submitter hekliet Submitted 03/17/2026 Category KeygenMe View File

Hydra Obfuscator (Modded) About File: .NET Framework 4.8, 32-bit preferred Used Obfuscator: Hydra modded Used Features: JIT Obfuscation, JIT fornicationer, String Encryption (XOR), Control Flow, Proxy Class, Renamer, L2F, INT Encode, Method to delegate, Anti Decompiler & Tamper & Dump & Proxy, Cctor hider. Difficulty: 6/10 Goal: Crack and deobfuscate it competely. (u can ignore renamer) File Information Submitter whystarlix Submitted 03/05/2026 Category UnPackMe (.NET) View File

You missed alignment of struct members, I guess.

This is what I thought at first; anyway declarated like this doesn't works; SizeOfImage has to be also a qword.

20260222_142320.mp4

@0X7C9 pls can u upload https://tut4u.com/hexorcist-reverse-engineering-course/ in your webdav server

Up!

off the Web Protection.

You can provide Another link & And solve this problem

Server is up , woth better uplink !Use webdav client. like WinSCP host : https://eddynet.cz:9865 u: learn p: 4EKS9umUYme3WAZrC

It is empty

Someone please share zero 2 automated reversing course. Thank you.

I added 64 bit support and generic extraction HydraDragonAntivirus/MegaDumper: Fixed 2025 version of Mega Dumper

some old tools to dump LTPs (199x, 200x) https://workupload.com/file/DarwJdWpGR8

...because cloning git repo, or just clicking on anonfiles.com_d1D7M7q9z4_vmpsrc.zip is so f*ing complicated. You don't need VMProtect sources. What you need is a basic understanding of this magical thing called "the internet".

I don't see any solution here fits the requirements ✍️

- Patch CRC_CHECK: 0x0046FB8D - I think I need some time to modify the source code of shfolder.dll Video_2024-01-16_170946.mp4

How to Unpack ? Solution - 3.9.5.3.zip

This is update to my last post, I've decided to continue working on my unpacker and was able to figure out how to decrypt operands, when it comes to callinternal it's operand, when decrypted, tells you which method to execute, the next problem I've gotten was homomorphic encryption, but it wasn't a hard nut to crack all you have to do is bruteforce the key and use it to decrypt method body. With all this I've finally made the devirtualiser and was able to unpack the assembly.Then I ran it through de4dot to clean it up a bit. And then I have manually taken care of debug code(I haven't removed it I've just put if(true)return; at the beginning of each debug method). Here is a video of me unpacking it : https://streamable.com/gynmi9 EazUnpack.mp4 The file password is superfrog. For some reason I couldn't upload the raw exe so I zipped it ggggg-unpacked-cleaned.zip

Hello everyone, Here is a small SDK example for TitanEngine Community Edition. It covers far from all features, but enough to get you started. This is the code: #include <windows.h>#include <stdio.h>#include <psapi.h>#include "TitanEngine\TitanEngine.h"PROCESS_INFORMATION* fdProcessInfo;LPVOID lpBaseOfImage;char szDumpName[MAX_PATH]="";static void log(const char* format, ...){ va_list args; va_start(args, format); char msg[1024]=""; vsprintf(msg, format, args); puts(msg);}static void cbOep(){ long long rip=GetContextData(UE_RIP); log("> OEP 0x%llX reached!", rip); log("> Dumping..."); DeleteFileA(szDumpName); //Dump the process (notice that szDumpName need to be a full path) if(!DumpProcess(fdProcessInfo->hProcess, lpBaseOfImage, szDumpName, rip)) { log("> DumpProcess failed..."); StopDebug(); return; } log("> Dumping done!"); log("> Fixing imports..."); ULONG_PTR iatStart=0; ULONG_PTR iatSize=0; //Search for IAT (Search start is 'OEP' in Scylla) ImporterAutoSearchIAT(fdProcessInfo->dwProcessId, szDumpName, rip, &iatStart, &iatSize); if(!iatStart || !iatSize) { log("> IAT not found..."); StopDebug(); return; } log("> IAT Start: 0x%llX, IAT Size: 0x%llX", iatStart, iatSize); char szSectionName[]=".unp64"; //Auto fix the file (append a section & fix IAT) if(!ImporterExportIATEx(szDumpName, szDumpName, szSectionName)) { log("> ImporterExportIATEx failed..."); StopDebug(); return; } log("> Imports fixed!"); //Stop debugging StopDebug();}static void cbNearOep(){ log("> Near OEP!"); //Step using the trap flag StepInto((void*)cbOep);}static void cbPeSpin(){ //Set a hardware breakpoint at RSP with size 8 on read/write SetHardwareBreakPoint(GetContextData(UE_RSP), UE_DR0, UE_HARDWARE_READWRITE, 8, (void*)cbNearOep);}static void cbEntry(){ //Get RIP register long long rip=GetContextData(UE_RIP); log("> Entry point 0x%llX reached!", rip); //Search for MPRESS pattern unsigned char pattern[4]= {0x5D, 0x5B, 0xC3,0xE9}; BYTE wildcard=0; long long found=Find((void*)rip, 0x1000, pattern, 4, &wildcard); if(!found) { //Search for PESpin pattern unsigned char pespin[4]= {0xFF, 0x64, 0x24, 0xF8}; long long found=Find((void*)rip, 0x1000, pespin, 4, &wildcard); if(!found) { log("> MPRESS/PESpin pattern NOT found..."); StopDebug(); return; } log("> PESpin pattern found on 0x%llX!", found); //Step over StepOver((void*)cbPeSpin); return; } //Set a simple INT3 breakpoint SetBPX(found+3, UE_BREAKPOINT, (void*)cbNearOep); log("> MPRESS pattern found on 0x%llX!", found);}static void cbCreateProcess(CREATE_PROCESS_DEBUG_INFO* CreateProcessInfo){ //Get the loaded base lpBaseOfImage=CreateProcessInfo->lpBaseOfImage; log("> Process created on 0x%llX!", lpBaseOfImage);}static bool DevicePathToPath(const char* devicepath, char* path, size_t path_size){ if(!devicepath || !path) return false; char curDrive[3]=" :"; char curDevice[MAX_PATH]=""; for(char drive='C'; drive<='Z'; drive++) { *curDrive=drive; if(!QueryDosDeviceA(curDrive, curDevice, MAX_PATH)) continue; size_t curDevice_len=strlen(curDevice); if(!_strnicmp(devicepath, curDevice, curDevice_len)) //we match the device { if(strlen(devicepath)-curDevice_len>=path_size) return false; sprintf(path, "%s%s", curDrive, devicepath+curDevice_len); return true; } } return false;}static bool GetFileNameFromHandle(HANDLE hFile, char* szFileName){ if(!GetFileSize(hFile, 0)) return false; HANDLE hFileMap=CreateFileMappingA(hFile, 0, PAGE_READONLY, 0, 1, 0); if(!hFileMap) return false; void* pFileMap=MapViewOfFile(hFileMap, FILE_MAP_READ, 0, 0, 1); if(!pFileMap) { CloseHandle(hFileMap); return false; } char szMappedName[MAX_PATH]=""; if(GetMappedFileNameA(GetCurrentProcess(), pFileMap, szMappedName, MAX_PATH)) { DevicePathToPath(szMappedName, szFileName, MAX_PATH); UnmapViewOfFile(pFileMap); CloseHandle(hFileMap); return true; } UnmapViewOfFile(pFileMap); CloseHandle(hFileMap); return false;}static void unpack(char* szFileName){ //Set an engine variable (hide console window of created process) SetEngineVariable(UE_ENGINE_NO_CONSOLE_WINDOW, true); //Get full file path HANDLE hFile=CreateFileA(szFileName, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0); if(hFile==INVALID_HANDLE_VALUE) { log("> File \"%s\" doesn't exist...", szFileName); return; } GetFileNameFromHandle(hFile, szDumpName); CloseHandle(hFile); log("> Unpack of file \"%s\" started...", szFileName); FILE_STATUS_INFO inFileStatus= {}; if(IsPE32FileValidEx(szFileName, UE_DEPTH_DEEP, &inFileStatus) && inFileStatus.FileIs64Bit && !inFileStatus.FileIsDLL) { log("> 64-bit PE file detected!"); //Make name of dumped file int len=strlen(szDumpName); while(szDumpName[len]!='.' && len) len--; if(!len) len=strlen(szDumpName); strcpy(szDumpName+len, "_unp64.exe"); //Start the process fdProcessInfo=(PROCESS_INFORMATION*)InitDebugEx(szFileName, 0, 0, (void*)cbEntry); if(fdProcessInfo) { log("> InitDebug OK!"); //Set a custom handler SetCustomHandler(UE_CH_CREATEPROCESS, (void*)cbCreateProcess); //Start debug loop DebugLoop(); } else log("> InitDebug failed..."); } else { log("> Invalid/x86/DLL file..."); } log("> Unpack ended");}int main(int argc, char* argv[]){ puts("unp64 v0.1\n\nSupported packers:\nMPRESS v2.19\nPESpin v1.22 (Packer only)\n"); if(argc<2) puts("usage: unp64 [file.exe]"); else unpack(argv[1]); Sleep(2500); return 0;}Example output:unp64 v0.1Supported packers:MPRESS v2.19PESpin v1.22 (Packer only)> Unpack of file "mpress.exe" started...> 64-bit PE file detected!> InitDebug OK!> Process created on 0x140000000!> Entry point 0x14000F0F3 reached!> MPRESS pattern found on 0x14000FBD7!> Near OEP!> OEP 0x140005DC8 reached!> Dumping...> Dumping done!> Fixing imports...> IAT Start: 0x14000F048, IAT Size: 0x38> Imports fixed!> Unpack endedProject files + Binaries attached.Greetings, Mr. eXoDia unp64.rar

I checked libwebp.lib and its definitely compiled for x86: Microsoft Windows [Version 10.0.19045.7058] (c) Microsoft Corporation. All rights reserved. M:\radasm\Masm\projects\Test Projects\_Graphics Projects\libWebPTest>dumpbin /headers libwebp.lib | findstr machine 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) 14C machine (x86) M:\radasm\Masm\projects\Test Projects\_Graphics Projects\libWebPTest> For the linker im using: Microsoft (R) Incremental Linker Version 12.00.31101.0 Copyright (C) Microsoft Corporation. All rights reserved.Not sure what else to suggest. Maybe take out the debug stuff from the link command to test and add a libpath LINK.EXE /SUBSYSTEM:WINDOWS /RELEASE /VERSION:4.0 /LIBPATH:"x:\masm32\lib"

Hi, Can someone provide MODULEINFO structure in MASM64? invoke GetModuleInformation, hProcess, qword ptr [rax], addr modInfo, sizeof MODULEINFO I realized that MODULEINFO structure is not defined anywhere!