Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Delphi] How get Register's Data

h4sh3m
h4sh3m
in Programming and Coding

Featured Replies

Posted

hi

How i can get Register's data (like EDX) in Delphi.

Please Help.

with best Regards

h4sh3m

By using embedded asm instructions...

Best regards

Nacho_dj

  • Author

By using embedded asm instructions...

Best regards

Nacho_dj

please put a sample.

tnx

Of course. Have a look at this site...

Learning assembler with Delphi

http://delphi.about.com/library/bluc/text/uc052501a.htm

Best regards

Nacho_dj

  • Author

Of course. Have a look at this site...Learning assembler with Delphi

http://delphi.about.com/library/bluc/text/uc052501a.htm'>>http://delphi.about.com/library/bluc/text/uc052501a.htm
Best regardsNacho_dj
hi
I have not free time to study assembler please if you have it's code share it.tnx

Edited by h4sh3m

It's working from here. If there is any problem about accessing it due to geographical limitations, you can use proxy.org to reach that URL.

Best regards

Nacho_dj

Try this:

procedure TForm1.Button1Click(Sender: TObject);
var
 value: DWORD; // 4 BYTE aka Double World
begin
asm
 mov value, edx// copy the value @ edx to Tmp
end // place here ; if you get error at this line
ShowMessageFmt( '%x', [IntToHex(value)] ); // output result as Hex (Address or a temp value)
end;

Edited by rotem156 


function Sniff_by_IMPosTOR(PI: Process_Information; Ctx: _Context): string;
var X    : Cardinal;
    Buff : PChar;
begin
 GetMem(Buff,50);
 SuspendThread(PI.hThread);
 GetThreadContext(PI.hThread,Ctx);
 ReadProcessMemory(PI.hProcess,Pointer(Ctx.Eax),Buff,50,X);
 //Ctx.Eax , Ctx.Edi , ...
 Result:=Trim(Buff);
 FreeMem(Buff);
end;

OK?

Edited by IMPosTOR

@ IMPosTOR - would be good code, but what if you were using it within your own program (ie: code would be executed in your own process)...

if that is the case then rotem156's example is best for that, and your example is best for a loader approach....

(original poster didn't state which case applied)

Edited by evlncrn8

your example is best for a loader approach....

@evlncrn8 : Serial Sniffer

i know what h4sh3m want to know.

rotem156's ex show somting diffrent. (like using asm in delphi)

  • 6 months later...
  • Author

@evlncrn8 : Serial Sniffer

i know what h4sh3m want to know.

rotem156's ex show somting diffrent. (like using asm in delphi)

thank you dear Mehdi, i'm found a delphi component for it.

tnx dears

ARTeam had a ezine with a delphi example serial sniffer... Actually IMPosTOR already posted part of it...

Edited by Departure

  • Author

function Sniff_by_IMPosTOR(PI: Process_Information; Ctx: _Context): string;
var X    : Cardinal;
    Buff : PChar;
begin
 GetMem(Buff,50);
 SuspendThread(PI.hThread);
 GetThreadContext(PI.hThread,Ctx);
 ReadProcessMemory(PI.hProcess,Pointer(Ctx.Eax),Buff,50,X);
 //Ctx.Eax , Ctx.Edi , ...
 Result:=Trim(Buff);
 FreeMem(Buff);
end;

OK?

if we want to sniff serial from certain addr we should set bp on it,i'm true?

in this code how we can do it?

for example my target store real serial in register eax in addr $00452112.

tnx

From ARTeam e-zine #2 by anorganix


unit main;interfaceuses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, Clipbrd;type
  TfrmMain = class(TForm)
    gbLog: TGroupBox;
    lblLog: TLabel;
    btnClose: TButton;
    btnSniff: TButton;
    lblAuthor: TLabel;
    procedure btnSniffClick(Sender: TObject);
    procedure btnCloseClick(Sender: TObject);
    procedure FormCreate(Sender: TObject);
  private
    WantToClose: boolean;
  public
    // public
  end;var
  frmMain: TfrmMain;const
  LOOP: array [0..1] of Byte = ($EB,$FE);implementation{$R *.dfm}function SniffSerial(PI: PROCESS_INFORMATION; Ctx: _Context): string;
var
  X: Cardinal;
  Buff: PChar;
begin
  GetMem(Buff,50);	SuspendThread(PI.hThread);
	GetThreadContext(PI.hThread,Ctx);
	ReadProcessMemory(PI.hProcess,Pointer(Ctx.Eax),Buff,50,X);  Result:=Trim(Buff);
  FreeMem(Buff);
end;procedure TfrmMain.btnSniffClick(Sender: TObject);
var
  PI: PROCESS_INFORMATION;
  SI: STARTUPINFO;
	Context: _CONTEXT;
  Buffer: PChar;
  ORIG: array [0..1] of Byte;
  S: string;
  W: DWORD;
begin
  // disable button (avoid starting target multiple times)
  btnSniff.Enabled:=False;  GetMem(Buffer,255);
  FillChar(PI,SizeOf(TProcessInformation),#0);
  FillChar(SI,SizeOf(TStartupInfo),#0);
	SI.cb:=SizeOf(SI);  if not CreateProcess('CrackMe.exe',nil,nil,nil,False,
                       CREATE_SUSPENDED,nil,nil,SI,PI) then
  begin
    // enable button
    btnSniff.Enabled:=True;    // set log and exit
    lblLog.Caption:='Failed to load process!';
    Exit;
  end;  // read original bytes
  ReadProcessMemory(PI.hProcess,Pointer($004503EF),@ORIG,2,W);  // set inifnite loop
	WriteProcessMemory(PI.hProcess,Pointer($004503EF),@LOOP,2,W);  // resume the program
	ResumeThread(PI.hThread);
	Context.ContextFlags:=$00010000+15+$10;  // set new log
  lblLog.Caption:='Process patched!'+#13+
                  'Now enter a name and press the "Check" button...';	while GetThreadContext(PI.hThread,Context) do
  begin
    // did we arrived at the infinite-loop?
		if Context.Eip=$004503EF then
    begin
      // sniff the serial and put it into "S"
      S:=SniffSerial(PI,Context);      // restore original bytes and resume the target
    	WriteProcessMemory(PI.hProcess,Pointer($004503EF),@ORIG,2,W);
      ResumeThread(PI.hThread);      // copy the serial into the clipboard
      Clipboard.AsText:=S;
      lblLog.Caption:='Your serial has been copied to clipboard!';
    end;    // wait a little
		Sleep(10);
    Application.ProcessMessages;    // close the CrackMe before closing the Snifer
    if WantToClose then
    begin
      TerminateThread(PI.hThread,0);
      Close;
    end;
	end;  // free memory
  FreeMem(Buffer);  // enable button
  btnSniff.Enabled:=True;
end;procedure TfrmMain.btnCloseClick(Sender: TObject);
begin
  WantToClose:=true;
  Close;
end;procedure TfrmMain.FormCreate(Sender: TObject);
begin
  WantToClose:=false;
end;end.
  • Author

tnx dear Departure

your code work correctly.

thank you

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.