Difficulty : NAN
Language : Delphi
Platform : Windows x64
OS Version : Windows 7
Packer / Protector : None

Description :

Challenge : Make the application show a different message when clicking the button.

by default, it shows a simple "Hello World !" message.

Here are the challenge rules :

1 - No patching is allowed, It doesn't matter how you solve it as long as the SHA-1 of the original file stays "9F1CCEBBDAB4A0CEEC30C61F1D64C4B1DEAE8CBE"

2 - If your solution includes any coding then it should only be C#.

3 - Writing a simple tutorial is obligatory, don't post your solution if you don't want to write a tutorial.

4 - Don't use dUP / uPPP or similar tools but you can write your own tools if needed.

5 - your solution should be able to show the VA of the OEP and view first 9 bytes of that address before the victim loads kernel32.dll !

Screenshot :

Attached.

Part 1.rar

Edited September 23, 20168 yr by Kurapica

Here is my solution

Loader source code included and a short tutorial also.

Copy the challenge Test.exe in the same folder of the loader and run the loader.

Don't touch me Kurapica by crystalboy.pdf

Kurapica - Dont touch Me Loader_crystalboySnD.rar

crystal clear solution

I forgot to enable ASLR which made it easier

Although my intention was to show how to hunt the ImageBase dynamically for a 64bit victim.

well done

 

Edited September 22, 20168 yr by Kurapica

Edited September 22, 20168 yr by dex73r

@dex73r : although this can be a valid solution but crystalboy's solution is better because it's showing the concept I wanted.

I posted Part 2 but Teddy seems busy to approve it until now.

I think I fornicated up and deleted it :S

Apologies - can you repost? I was trying to remove some other spam and appear to have deleted the wrong topic.

done ...

Approved!

Ted.

Thanks K - that's what happens when you give a retard mod privileges

Take it easy man

$hit happens