Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Leaderboard

Popular Content

Showing content with the highest reputation since 08/31/2025 in all areas

  1. Washi
    6 points
    It's that time of the year again. It seems we're starting September 26 8PM EST again with a return to Web3 and YARA as well. Four weeks instead of six this year... I wonder what the reason for this is. 🤔 https://flare-on.com/
  2. m!x0r
    New Version 0.9 Published Release Date: 06/09/2025 [+] New Checkbox in Options Form - Creat a Loader For Windows XP. Loader Details: [+] Loader Now Full Support Windows XP x32 and x64.
  3. jackyjask
    2 points
    just DO it :) © any action
  4. root
    The tool was designed for obfuscated code, not for handling standard code with external calls (iat, etc.). So, when splitting blocks, an address will likely be invalid. There's nothing stopping you from implementing and adding new features to the code. procedure TCFG_Analysis.SplitBlock( split_addr: UInt64); (* Split basic block @ split_addr and create a new basic_blocks[] entry. *) var bb_head,orig_head : UInt64; instr : TCfGIns; tmpIns : TIns; begin OutDbg( Format('>Function:SplitBlock - Entry splitting @ [%08x] ',[split_addr])); if Fbasic_blocks.ContainsKey(split_addr) then Exit; bb_head := split_addr; orig_head := DFSBBSearchHead(split_addr); if orig_head = 0 then begin OutDbg(Format('>Function:SplitBlock - Failed @ [%08x]: orig_head=None ',[split_addr])); // raise Exception.Create('SplitBlock: orig_head not found'); end; OutDbg(Format('>Function:SplitBlock - Got orig_head [%08x] ',[orig_head])); // Create new BBlock Fbasic_blocks.Add(bb_head,[]) ; if Length(Fbasic_blocks[orig_head]) > 0 then begin tmpIns:= Fbasic_blocks[orig_head]; instr := tmpIns[ High(Fbasic_blocks[orig_head]) ]; SetLength(tmpIns, Length(Fbasic_blocks[orig_head])-1); Fbasic_blocks[orig_head] := tmpIns; end else Exit; while True do begin tmpIns:= Fbasic_blocks[orig_head]; Insert(instr,tmpIns,0 ); Fbasic_blocks[orig_head] := tmpIns; if instr.OriginEA = bb_head then break ; tmpIns:= Fbasic_blocks[orig_head]; instr := tmpIns[ High(Fbasic_blocks[orig_head]) ]; SetLength(tmpIns, Length(Fbasic_blocks[orig_head])-1); Fbasic_blocks[orig_head] := tmpIns; end; OutDbg(Format('>>Function:SplitBlock - Split @ [%08x]; original @ [%08x]',[split_addr,orig_head])); end;
  5. Teddy Rogers
    • 659 downloads
    Anthracene 01 - UPX 2.01w What is a packer and what does it do How can we identify a packer? How we can unpack a simple packer like UPX Why the dumped file will crash when we run it What we can do to fix this problem by using ImpRec Anthracene 02 - AsPack 2.12 How to unpack packers by using the ESP trick, theory Anthracene 03 - ASProtect 1.20 Another example on how to unpack using the ESP trick How and why to set Olly's exception passing options in order to unpack Unpacking a program using the 'exception counting trick' Tracing through the SEH of a protector in order to find the OEP How to use some of the more advanced ImpRec features in order to rebuild imports that aren't fixed straight away. Anthracene 04 - PolyEnE 0.01 No ESP trick, no exception counting - straight forward logical thinking!
  6. m!x0r
    We will try to fix this issue next release.
  7. m!x0r
    The GUI run on xp, Generate a loader I think work without problem, but generated loader does not support XP ! Only win 7 x32 x64, 8 x32 x64, 10 x32 x64, 11 x32 x64
  8. Asif
    Source code https://github.com/HFAsif/DiskInfoArtificial
  9. Zurito
    The loader.exe run in windows XP sp3? thx
  10. daliaimperialis
  11. .hloire
  12. .hloire
    just DO it :) © any action @Nooboy my methode = noob methode😅 unpackin-fujifuscater_VGNDlJbp.mp4
  13. .hloire
    just dump it & fix dump.
  14. jackyjask
    @root you have lots of sample *.asm files inside the "\D_CodeGen\Test file" are those the sample obfuscated pieces that noe has to compile/build into PE binary so that the tool/lib could gracefully "eat" it or there is another way to feed .asm files directly into the lib?
  15. Nooboy
    There is no gchandle.free in the Confuser.Core 1.6.0+447341964f module. How to deal with it?
  16. jackyjask
    I fully agree but the question was about this - why? >EListError: Item not found
  17. root
    there is nothing to deobfuscate in that code, the list remains empty text:0000000000400250 .text:0000000000400250 ; =============== S U B R O U T I N E ======================================= .text:0000000000400250 .text:0000000000400250 ; Attributes: bp-based frame .text:0000000000400250 .text:0000000000400250 public start .text:0000000000400250 start proc near ; DATA XREF: HEADER:00000000004000B0↑o .text:0000000000400250 .text:0000000000400250 var_20 = qword ptr -20h .text:0000000000400250 .text:0000000000400250 enter 40h, 0 .text:0000000000400254 and [rsp+40h+var_20], 0 .text:000000000040025A mov ecx, offset __ImageBase ; hInstance .text:000000000040025F mov edx, 64h ; 'd' ; lpTemplateName .text:0000000000400264 xor r8d, r8d ; hWndParent .text:0000000000400267 lea r9, DialogFunc ; lpDialogFunc .text:000000000040026E call cs:DialogBoxParamA .text:0000000000400274 xor ecx, ecx .text:0000000000400276 call cs:RtlExitUserProcess .text:0000000000400276 start endp ; sp-analysis failed .text:0000000000400276 .text:000000000040027C .text:000000000040027C ; =============== S U B R O U T I N E ======================================= .text:000000000040027C .text:000000000040027C ; Attributes: bp-based frame .text:000000000040027C .text:000000000040027C ; INT_PTR __stdcall DialogFunc(HWND, UINT, WPARAM, LPARAM) .text:000000000040027C DialogFunc proc near ; DATA XREF: start+17↑o .text:000000000040027C .text:000000000040027C format = dword ptr -80h .text:000000000040027C h = qword ptr -5Ch .text:000000000040027C ho = qword ptr -54h .text:000000000040027C Paint = tagPAINTSTRUCT ptr -48h .text:000000000040027C hWnd = qword ptr 10h .text:000000000040027C .text:000000000040027C enter 0A0h, 0 .text:0000000000400280 mov [rbp+hWnd], rcx .text:0000000000400284 cmp edx, 110h .text:000000000040028A jz short loc_4002E5 .text:000000000040028C cmp edx, 111h .text:0000000000400292 jz loc_400654 .text:0000000000400298 cmp edx, 10h .text:000000000040029B jz loc_40065A .text:00000000004002A1 cmp edx, 113h .text:00000000004002A7 jz loc_4003C2 .text:00000000004002AD cmp edx, 0Fh .text:00000000004002B0 jz loc_4004BC .text:00000000004002B6 cmp edx, 201h .text:00000000004002BC jnz loc_40067C .text:00000000004002C2 call cs:ReleaseCapture .text:00000000004002C8 mov rcx, [rbp+hWnd] ; hWnd .text:00000000004002CC mov edx, 112h ; Msg .text:00000000004002D1 mov r8d, 0F012h ; wParam .text:00000000004002D7 xor r9d, r9d ; lParam .text:00000000004002DA call cs:SendMessageA .text:00000000004002E0 jmp loc_40067C .text:00000000004002E5 ; --------------------------------------------------------------------------- .text:00000000004002E5 .text:00000000004002E5 loc_4002E5: ; CODE XREF: DialogFunc+E↑j .text:00000000004002E5 call cs:GetTickCount .text:00000000004002EB mov cs:dword_400800, eax .text:00000000004002F1 push offset pszFaceName ; pszFaceName .text:00000000004002F6 push 1 ; iPitchAndFamily .text:00000000004002F8 push 2 ; iQuality .text:00000000004002FA push 0 ; iClipPrecision .text:00000000004002FC push 6 ; iOutPrecision .text:00000000004002FE push 0 ; iCharSet .text:0000000000400300 push 0 ; bStrikeOut .text:0000000000400302 push 0 ; bUnderline .text:0000000000400304 push 0 ; bItalic .text:0000000000400306 push 2BCh ; cWeight .text:000000000040030B sub esp, 20h .text:000000000040030E mov ecx, 50h ; 'P' ; cHeight .text:0000000000400313 mov edx, 19h ; cWidth .text:0000000000400318 xor r8d, r8d ; cEscapement .text:000000000040031B xor r9d, r9d ; cOrientation .text:000000000040031E call cs:CreateFontA .text:0000000000400324 mov cs:h, rax .text:000000000040032B mov ecx, 40h ; '@' ; uFlags .text:0000000000400330 mov edx, 400h ; dwBytes .text:0000000000400335 call cs:GlobalAlloc .text:000000000040033B mov cs:qword_4007F8, rax .text:0000000000400342 mov edi, eax .text:0000000000400344 mov ecx, 40h ; '@'
  18. jackyjask
    1st issue on sample masm binary - (400250 = EP VA) c:\CodeDeob-main\Win32\Debug\123>Deob1.exe fire.exe $400250 CodeDeob cli demo util v0.1 (c) 2025 by jj EListError: Item not found fire.zip
  19. MR.Med.Ali
    btw any documentation for the lib ?
  20. jackyjask
    The project DiskInfoArtificial was designed with .NET Framework 4.0 in mind, as the author notes in the README.
  21. jackyjask
    is it OK to test on a simple (eg masm binaries) or it needs only sophisticated mutatied/vm-ed opcodes
  22. root
    It's a project I worked on years ago, I don't remember everything exactly but it seems to be correct. I need to understand what errors it gives and on which target it was tested.
  23. jackyjask
    @root thanks! this is my sample POC based on your lib: begin try Writeln('CodeDeob cli demo util v0.1 (c) 2025 by jj'); if (ParamCount > 1) then begin deo := TDeobFuscate.Create(CP_MODE_32, ParamStr(1)); insList := TLinkedList<TCpuIstruz>.Create; deo.DeobfuscateAT(StrToInt(ParamStr(2)), insList); end else Writeln('Usage: tool pe-file VA'); except on E: Exception do Writeln(E.ClassName, ': ', E.Message); end; end. but it fails due to diff reasons... is it correct usage?
  24. root
    It's a project for enthusiasts who love to learn and understand; it's not a ready-to-use tool. To use it, you need to study the code, otherwise it won't do anything. typically: procedure TfrmMain.testPeepHole2(fFile : string); var ins1 : TArray<TIstruzione> ; Deobf : TDeobFuscate; i, nNumStartL : Integer; LWatch : TStopwatch; modo : Byte; linea : string; procedure printInstrs(const instrs : TArray<TIstruzione>); var instr : TIstruzione; begin for instr in instrs do mmo1.Lines.Add(instr.ToString); mmo1.Lines.Add(''); end; begin LWatch := TStopwatch.StartNew; if fFile = '' then fFile := 'Code.txt'; ins1 := FileToSimbolicI(fFile,modo); nNumStartL := High(ins1); Deobf := TDeobFuscate.Create(modo); try mmo1.Lines.Add(sLineBreak +'Input Code:'); mmo1.Lines.BeginUpdate; try printInstrs(ins1); Deobf.UsaDeadC_Sp := chkDeadSper_0.Checked; Deobf.DeobfuscateList(ins1); mmo1.Lines.Add('---- Deobfuscate Code : -------'); printInstrs(ins1); finally mmo1.Lines.EndUpdate; end; frmMain.mmo1.Lines.Add(sLineBreak + Format('-->Funzione testPeephole<-- Totale Linee: %d/%d operazione eseguita in: %d ms', [High(ins1),nNumStartL,LWatch.ElapsedMilliseconds]) ); mmoCodeOri.Lines.LoadFromFile(fFile); for i := 0 to mmoCodeOri.Lines.Count - 1 do begin linea := mmoCodeOri.Lines[i]; if Pos('Codice Orig.:',Linea) <> 0 then begin mmoCodeOri.Clear; mmoCodeOri.Lines.Add(linea) ; pnl1.Visible := True; Break; end; pnl1.Visible := False; end; finally Deobf.Free; end; end;
  25. boot
    This file has not been set up to detect virtual machines, so you can try unpacking it in a virtual machine instead of on a real machine... :)
  26. m!x0r
    Use DLL tracer then try 5 last dll name in wait lib feature or increase loader timer delay between 2000000-5000000
  27. lovejoy226
    For this package, I did it. Winlicense 3.1.3 Test x64.zip However, @boot I couldn't do it for this package. give me your hand please. Many thanks in advance. Regards. sean.
  28. X0rby
    Dunno, check your system - works well here in a freshly installed Windows 10.
  29. Teddy Rogers
    1 point
    • 595 downloads
    • Version 2.5.4
    xAnalyzer is a plugin for the x86/x64 x64dbg debugger by @mrexodia. This plugin is based on APIInfo Plugin by @mrfearless, although some improvements and additions have been made. xAnalyzer is capable of doing various types of analysis over the static code of the debugged application to give more extra information to the user. This plugin is going to make an extensive API functions call detections to add functions definitions, arguments and data types as well as any other complementary information, something close at what you get with OllyDbg analysis engine, in order to make it even more comprehensible to the user just before starting the debugging task. Features Some of the main features and improvements include: Extended function calls analysis (over 13,000 API’s definitions from almost 200 DLL’s) Defined and generic functions, arguments, data types and additional debugging info recognition. Automatic loops detection. User maintained definition files Before xAnalyzer After xAnalyzer Analyze Selection By making a selection of several instructions in the disassembly windows of x64dbg and selecting this menu, a fast analysis will be made over the selected lines. You can also use the command xanal selection for launching this option or even set your own hotkeys for it in the x64dbg gui. Analyze Function If you are in the middle of some function you could use this menu entry to analyze that entire function and only that function. Taking your single selected instruction as a reference xAnalyzer will process from there all the lines inside a block of code. You could also use the command xanal function for launching this type of analysis or even set your own hotkeys for it in the x64dbg gui. Analyze Module This command it's going to launch a full analysis over the entire module. This feature takes the Extended Analysis option into consideration for the depth of analysis to be used. You could use the command xanal module to execute it as well or even set your own hotkeys for it in the x64dbg gui. Remove Analysis Menus In these cases, all of these menus are going to make the opposite of what the previous commands did. In case you want to get rid of the analysis extra information in some parts of the code or in the entire executable if wished. You could also use the commands: xanalremove selection/function/module
  30. Kurapica
    Best days of programming before all this Java and Android chaos
  31. Mr.reCoder
    Hi all, we can change the image base of executable file while linking with /BASE option. i.e. Link /BASE:0x600000 but is there any way to change the image base after linking? we may use PE editor to change the ImageBase value! but the problem raises when building import table! 00601060 FF25 08104000 JMP DWORD PTR DS:[401008] 00601066 FF25 00104000 JMP DWORD PTR DS:[401000] jump addresses must change to their appropriate values! any idea? Regards.

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.