h4sh3m Posted November 10, 2010 Posted November 10, 2010 hiHow i can get Register's data (like EDX) in Delphi.Please Help.with best Regardsh4sh3m
Nacho_dj Posted November 10, 2010 Posted November 10, 2010 By using embedded asm instructions...Best regardsNacho_dj
h4sh3m Posted November 10, 2010 Author Posted November 10, 2010 By using embedded asm instructions...Best regardsNacho_djplease put a sample.tnx
Nacho_dj Posted November 10, 2010 Posted November 10, 2010 Of course. Have a look at this site...Learning assembler with Delphihttp://delphi.about.com/library/bluc/text/uc052501a.htmBest regardsNacho_dj
h4sh3m Posted November 13, 2010 Author Posted November 13, 2010 (edited) Of course. Have a look at this site...Learning assembler with Delphihttp://delphi.about.com/library/bluc/text/uc052501a.htm'>>http://delphi.about.com/library/bluc/text/uc052501a.htmBest regardsNacho_djhiI have not free time to study assembler please if you have it's code share it.tnx Edited April 9, 2013 by h4sh3m
Nacho_dj Posted November 13, 2010 Posted November 13, 2010 It's working from here. If there is any problem about accessing it due to geographical limitations, you can use proxy.org to reach that URL.Best regardsNacho_dj
0xFF Posted November 13, 2010 Posted November 13, 2010 (edited) Try this:procedure TForm1.Button1Click(Sender: TObject);var value: DWORD; // 4 BYTE aka Double Worldbeginasm mov value, edx// copy the value @ edx to Tmpend // place here ; if you get error at this lineShowMessageFmt( '%x', [IntToHex(value)] ); // output result as Hex (Address or a temp value)end; Edited November 13, 2010 by rotem156
IMPosTOR Posted November 15, 2010 Posted November 15, 2010 (edited) function Sniff_by_IMPosTOR(PI: Process_Information; Ctx: _Context): string;var X : Cardinal; Buff : PChar;begin GetMem(Buff,50); SuspendThread(PI.hThread); GetThreadContext(PI.hThread,Ctx); ReadProcessMemory(PI.hProcess,Pointer(Ctx.Eax),Buff,50,X); //Ctx.Eax , Ctx.Edi , ... Result:=Trim(Buff); FreeMem(Buff);end;OK? Edited November 15, 2010 by IMPosTOR
evlncrn8 Posted November 15, 2010 Posted November 15, 2010 (edited) @ IMPosTOR - would be good code, but what if you were using it within your own program (ie: code would be executed in your own process)... if that is the case then rotem156's example is best for that, and your example is best for a loader approach....(original poster didn't state which case applied) Edited November 15, 2010 by evlncrn8
IMPosTOR Posted November 15, 2010 Posted November 15, 2010 your example is best for a loader approach....@evlncrn8 : Serial Snifferi know what h4sh3m want to know.rotem156's ex show somting diffrent. (like using asm in delphi)
h4sh3m Posted June 6, 2011 Author Posted June 6, 2011 @evlncrn8 : Serial Snifferi know what h4sh3m want to know.rotem156's ex show somting diffrent. (like using asm in delphi)thank you dear Mehdi, i'm found a delphi component for it.tnx dears
Departure Posted June 7, 2011 Posted June 7, 2011 (edited) ARTeam had a ezine with a delphi example serial sniffer... Actually IMPosTOR already posted part of it... Edited June 7, 2011 by Departure
h4sh3m Posted June 9, 2011 Author Posted June 9, 2011 function Sniff_by_IMPosTOR(PI: Process_Information; Ctx: _Context): string;var X : Cardinal; Buff : PChar;begin GetMem(Buff,50); SuspendThread(PI.hThread); GetThreadContext(PI.hThread,Ctx); ReadProcessMemory(PI.hProcess,Pointer(Ctx.Eax),Buff,50,X); //Ctx.Eax , Ctx.Edi , ... Result:=Trim(Buff); FreeMem(Buff);end;OK?if we want to sniff serial from certain addr we should set bp on it,i'm true?in this code how we can do it?for example my target store real serial in register eax in addr $00452112.tnx
Departure Posted June 10, 2011 Posted June 10, 2011 From ARTeam e-zine #2 by anorganixunit main;interfaceuses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls, Clipbrd;type TfrmMain = class(TForm) gbLog: TGroupBox; lblLog: TLabel; btnClose: TButton; btnSniff: TButton; lblAuthor: TLabel; procedure btnSniffClick(Sender: TObject); procedure btnCloseClick(Sender: TObject); procedure FormCreate(Sender: TObject); private WantToClose: boolean; public // public end;var frmMain: TfrmMain;const LOOP: array [0..1] of Byte = ($EB,$FE);implementation{$R *.dfm}function SniffSerial(PI: PROCESS_INFORMATION; Ctx: _Context): string;var X: Cardinal; Buff: PChar;begin GetMem(Buff,50); SuspendThread(PI.hThread); GetThreadContext(PI.hThread,Ctx); ReadProcessMemory(PI.hProcess,Pointer(Ctx.Eax),Buff,50,X); Result:=Trim(Buff); FreeMem(Buff);end;procedure TfrmMain.btnSniffClick(Sender: TObject);var PI: PROCESS_INFORMATION; SI: STARTUPINFO; Context: _CONTEXT; Buffer: PChar; ORIG: array [0..1] of Byte; S: string; W: DWORD;begin // disable button (avoid starting target multiple times) btnSniff.Enabled:=False; GetMem(Buffer,255); FillChar(PI,SizeOf(TProcessInformation),#0); FillChar(SI,SizeOf(TStartupInfo),#0); SI.cb:=SizeOf(SI); if not CreateProcess('CrackMe.exe',nil,nil,nil,False, CREATE_SUSPENDED,nil,nil,SI,PI) then begin // enable button btnSniff.Enabled:=True; // set log and exit lblLog.Caption:='Failed to load process!'; Exit; end; // read original bytes ReadProcessMemory(PI.hProcess,Pointer($004503EF),@ORIG,2,W); // set inifnite loop WriteProcessMemory(PI.hProcess,Pointer($004503EF),@LOOP,2,W); // resume the program ResumeThread(PI.hThread); Context.ContextFlags:=$00010000+15+$10; // set new log lblLog.Caption:='Process patched!'+#13+ 'Now enter a name and press the "Check" button...'; while GetThreadContext(PI.hThread,Context) do begin // did we arrived at the infinite-loop? if Context.Eip=$004503EF then begin // sniff the serial and put it into "S" S:=SniffSerial(PI,Context); // restore original bytes and resume the target WriteProcessMemory(PI.hProcess,Pointer($004503EF),@ORIG,2,W); ResumeThread(PI.hThread); // copy the serial into the clipboard Clipboard.AsText:=S; lblLog.Caption:='Your serial has been copied to clipboard!'; end; // wait a little Sleep(10); Application.ProcessMessages; // close the CrackMe before closing the Snifer if WantToClose then begin TerminateThread(PI.hThread,0); Close; end; end; // free memory FreeMem(Buffer); // enable button btnSniff.Enabled:=True;end;procedure TfrmMain.btnCloseClick(Sender: TObject);begin WantToClose:=true; Close;end;procedure TfrmMain.FormCreate(Sender: TObject);begin WantToClose:=false;end;end.
h4sh3m Posted June 10, 2011 Author Posted June 10, 2011 tnx dear Departureyour code work correctly.thank you
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now