|
61
|
Programación / Programación C/C++ / Re: Imprimir la palabra mas larga de un string C++
|
en: 16 Febrero 2015, 23:11 pm
|
La idea no era dar un código completo... si miras el algoritmo ves que separa palabras únicamente por espacios, pero se puede mejorar fácilmente para que sea capaz de reconocer otros tipos de separadores. if ( *it2 == ' ' || *it2 == ',' || *it2 == '.' /* ... */ )
Interesante, tengo que ponerme a ver el nuevo framework, me quedé en string, pero no conocía "auto", gracias.
|
|
|
62
|
Programación / Programación C/C++ / Re: Imprimir la palabra mas larga de un string C++
|
en: 16 Febrero 2015, 15:52 pm
|
Invertir un string... que tal así: int main( ) { std::string cadena = "0123456789"; std::string invertida( cadena.rbegin( ), cadena.rend( ) ); std::cout << invertida << std::endl; }
En cuanto a encontrar la palabra más larga... con iteradores se puede conseguir fácilmente: void PalabraMasLarga( const std::string& cadena ) { std::string palabra; auto it = cadena.begin( ); for( auto it2 = it; it2 != cadena.end( ); ++it2 ) { if ( *it2 == ' ' ) { size_t length = std::distance( it, it2 ); if ( length > palabra.size( ) ) palabra = std::string( it, it2 ); it = it2+1; } } std::cout << palabra << std::endl; }
El codigo usa dos iteradores, uno apunta al inicio de la palabra actual y el otro va avanzando hasta encontrar un espacio, si la longitud de la cadena es mayor que la palabra más larga encontrada hasta ahora, la sustituye. Simple y rápido. Muy bueno el invertir cadena, con respecto a la PalabraMasLargar hay un bug. PalabraMasLarga("Buscandox la palabra más larga, pero tal vez no funcione,. porque falta algo.");
OutPut: "funcione,.", el cual tendría que ser "Buscandox"
|
|
|
63
|
Programación / Programación C/C++ / Re: Imprimir la palabra mas larga de un string C++
|
en: 16 Febrero 2015, 06:29 am
|
#include <iostream> #include <Windows.h> using namespace std; int main() { char Orig[] = {"1234567"}; int lenStr = strlen(Orig); char * output = new char[lenStr + 1]; __asm { pushad std mov ecx, lenStr lea esi, Orig add esi, ecx dec esi mov edi, output zrep: movsb inc edi inc edi loop zrep mov byte ptr [edi], 0x00 popad } cout << output << endl; //7654321 delete[] output; cin.get(); return 0; }
|
|
|
64
|
Programación / Programación C/C++ / Re: Imprimir la palabra mas larga de un string C++
|
en: 16 Febrero 2015, 04:36 am
|
Gente necesito una ayudita... Quiero hacer una funcion que reciba un string y que dentro del string busque la palabra mas larga y la imprima. Y quisiera saber como voltear un string alreves pero que se quede en la misma posicion con los metodos sort() y reverse().
tengo esto asi las pude voltear:
#include <iostream> #include <string> using namespace std; void invertStringWords(string); void countVocals(string); void countConsonants(string); void countSpecialCharacters(string); void displayMaxCharacterWords(string); void countWords(string); int main() { string words; std::cout<<"Introduzca alguna frase: "; std::getline(std::cin,words); cout << endl << "Sentencia original: \t" << words << endl; reverse(words.begin(),words.end()); invertStringWords(words); system("pause"); return 0; }
//Funcion que invierte el orden de las palabras en una cadena void invertStringWords(string words) { //Arreglo con la longitud de los caracteres en la sentencia int arraylength = words.length(); // índice para el caracter que está siendo leído int a=0; // String para almacenar la última palabra formada del arreglo string invert=""; // Arreglo de caracteres con la cadena final de palabras invertidas char invertedWords[arraylength]; // Ciclo que recorre la cadena original desde el final for(int i=arraylength-1; i >= -1; i--){ // Si encontramos un espacio ya hemos terminado una palabra // invertir la palabra y agregarla al principio del arreglo invertido if(i==-1 || words == ' ') { // Agregar la última palabra encontrada invertida en la sentencia // al principio del arreglo de cadena invertida for(int b=invert.length()-1; b >=0 ; b--) { invertedWords[a] = invert; a++; } // Agregar un espacio para delimitar palabra e incrementar el contador // 'a' solo si no se ha llegado al final del arreglo. if (i>-1) invertedWords[a++] = ' '; invert=""; } else { // Tenemos un caracter, agregarlo a la cadena temporal invert +=words; } } cout << endl << "Sentencia invertida: \t" << invertedWords << endl; }
Yo para obtener la frase más larga, lo que haría es rermplazar los "." (puntos), "," (comas) y demás con espacios, luego hago un split con delimitador de " " (espacio) y tengo todas las palabras separadas, busco en cada index cuál tiene la mayor longitud y guardo ese string y el index si es necesario. Y para voltear un string lo que tenés que hacer es ir leyendo el address del string original desde su última posición hacia su principio e ir copiando cada byte a otro address de otro string.
|
|
|
65
|
Programación / Programación C/C++ / Re: Modificar programa para juego online.
|
en: 14 Febrero 2015, 23:16 pm
|
También tengo que decir que IMPERIUM lee ciertas cosas que no creo que sean legales como por ej: Win32_BaseBoard Win32_Processor Win32_BIOS Win32_LogicalDisk Private Declare Function TerminateProcess Lib "kernel32" Alias "TerminateProcess" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long Private Declare Sub EnumProcesses Lib "PSAPI.DLL"() Private Declare Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Long, ByRef lpvParam As Any, ByVal fuWinIni As Long) As Long Private Declare Function FindFirstFile Lib "kernel32" Alias "FindFirstFileA" (ByVal lpFileName As String, lpFindFileData As WIN32_FIND_DATA) As Long Private Declare Function FindNextFile Lib "kernel32" Alias "FindNextFileA" (ByVal hFindFile As Long, lpFindFileData As WIN32_FIND_DATA) As Long
Lindo kilombo se le puede armar a estos boludos por éso, pero bue, en definitiva, si patcheás algunas boludeces de estos perdedores, lo tenés funcionando, ya que no creo que hayan cambiado el pattern... PD: te recomiendo que si lo hacés o lo comprás, te conviene siempre inyectar código, a menos que quieras hacer un overlay y jugar con ver invis nada más, lo cual ahí ya se les complica, a menos que te saquen screenshot, lo cual también es ilegal (con los términos que tienen).
|
|
|
66
|
Programación / Programación C/C++ / Re: Modificar programa para juego online.
|
en: 14 Febrero 2015, 02:56 am
|
Buenas tardes, se trata de un programa en c++ que salio hace algun tiempo para el juego 'IMPERIUMAO' pero que lo liberarony ahora ya no funciona en el juego osea es detectable, imagino que detecta el proceso o algo asi... tengo todo el codigo y queria saber si podia hacerlo funcionar de nuevo y cuanto seria el costo?. tengo pensado gastar entre 8 y 10mil bs. aqui dejo adjuntado el codigo del programa. muchas gracias.Si crees poder hacerlo me escribe y mando todos los datos que necesites. El juego es este. http://imperiumao.com.ar/es/Lo que hace el programa solicitado es esto. https://www.youtube.com/watch?v=IJiaGa-SRWAEl programa fue liberado completamente como puedes ver pero los dueños del juego le bloquearon el proceso al parecer. Este es el codigo del programa: https://mega.co.nz/#!o1oQEKKR!lFcwQwZVztREacrv40ASj8JU8goO5lH8nXKVHtbutB0Gracias por el código, pero te digo que es mucho código al pedo y encima tiene cero seguridad... es súper detectable.
|
|
|
68
|
Programación / Programación Visual Basic / [VB6][SRC] Memory Regions
|
en: 13 Febrero 2015, 13:48 pm
|
Una manera de detectar intrusos. Posteado en: http://hackhound.org/forums/topic/7209-vb6src-memory-regions/Modulo: Option Explicit 'typedef enum _MEMORY_INFORMATION_CLASS { ' MemoryBasicInformation, ' MemoryWorkingSetList, ' MemorySectionName '} MEMORY_INFORMATION_CLASS; Public Enum MEMORY_INFORMATION_CLASS MemoryBasicInformation = 0 MemoryWorkingSetList MemorySectionName End Enum 'typedef struct _MEMORY_BASIC_INFORMATION { ' PVOID BaseAddress; ' PVOID AllocationBase; ' DWORD AllocationProtect; ' SIZE_T RegionSize; ' DWORD State; ' DWORD Protect; ' DWORD Type; '} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION; Public Type MEMORY_BASIC_INFORMATION BaseAddress As Long AllocationBase As Long AllocationProtect As Long RegionSize As Long State As Long Protect As Long Type As Long End Type 'typedef struct _FUNCTION_INFORMATION { ' char name[64]; ' ULONG_PTR VirtualAddress; '} FUNCTION_INFORMATION, *PFUNCTION_INFORMATION; Public Type FUNCTION_INFORMATION name As String * 64 VirtualAddress As Long End Type 'typedef struct _MODULE_INFORMATION '{ ' PVOID BaseAddress; ' PVOID AllocationBase; ' DWORD AllocationProtect; ' SIZE_T RegionSize; ' DWORD State; ' DWORD Protect; ' DWORD Type; ' WCHAR szPathName[MAX_PATH]; ' PVOID EntryAddress; ' PFUNCTION_INFORMATION Functions; ' DWORD FunctionCount; ' DWORD SizeOfImage; '}MODULE_INFORMATION, *PMODULE_INFORMATION; Public Type MODULE_INFORMATION BaseAddress As Long AllocationBase As Long AllocationProtect As Long RegionSize As Long State As Long Protect As Long Type As Long szPathName(1 To 520) As Byte EntryAddress As Long Functions As Long 'VarPtr(MODULE_INFORMATION), es un puntero, PFUNCTION_INFORMATION Functions; FunctionCount As Long SizeOfImage As Long End Type 'struct UNICODE_STRING { ' USHORT Length; ' USHORT MaximumLength; ' PWSTR Buffer; '}; Public Type UNICODE_STRING Length As Integer MaximumLength As Integer Buffer As Long 'PWSTR Buffer; End Type 'typedef UNICODE_STRING *PUNICODE_STRING; Public Const PAGE_NOACCESS = &H1 Public Const PAGE_READONLY = &H2 Public Const PAGE_READWRITE = &H4 Public Const PAGE_WRITECOPY = &H8 Public Const PAGE_EXECUTE = &H10 Public Const PAGE_EXECUTE_READ = &H20 Public Const PAGE_EXECUTE_READWRITE = &H40 Public Const PAGE_EXECUTE_WRITECOPY = &H80 Public Const PAGE_GUARD = &H100 Public Const PAGE_NOCACHE = &H200 Public Const PAGE_WRITECOMBINE = &H400 Public Const MEM_COMMIT = &H1000 Public Const MEM_RESERVE = &H2000 Public Const MEM_DECOMMIT = &H4000 Public Const MEM_RELEASE = &H8000 Public Const MEM_FREE = &H10000 Public Const MEM_PRIVATE = 20000 Public Const MEM_MAPPED = &H40000 Public Const MEM_RESET = &H80000 Public Const MEM_TOP_DOWN = &H100000 Public Const MEM_WRITE_WATCH = &H200000 Public Const MEM_PHYSICAL = &H400000 Public Const MEM_ROTATE = &H800000 Public Const MEM_LARGE_PAGES = &H20000000 Public Const MEM_4MB_PAGES = &H80000000 'typedef LONG (WINAPI *ZWQUERYVIRTUALMEMORY)( ' HANDLE ProcessHandle, ' PVOID BaseAddress, ' MEMORY_INFORMATION_CLASS MemoryInformationClass, ' PVOID MemoryInformation, ' ULONG MemoryInformationLength, ' PULONG ReturnLength '); Public Declare Function ZwQueryVirtualMemory Lib "NTDLL.DLL" (ByVal ProcessHandle As Long, ByVal BaseAddress As Long, ByVal MemoryInformationClass As MEMORY_INFORMATION_CLASS, ByVal MemoryInformation As Long, ByVal MemoryInformationLength As Long, ByVal ReturnLength As Long) As Long Public Declare Function GetCurrentProcess Lib "kernel32" () As Long Public Declare Function VirtualQuery Lib "kernel32" (ByRef lpAddress As Any, ByRef lpBuffer As MEMORY_BASIC_INFORMATION, ByVal dwLength As Long) As Long Public Declare Sub ZeroMemory Lib "kernel32.dll" Alias "RtlZeroMemory" (Destination As Any, ByVal Length As Long) Public Declare Sub RtlMoveMemory Lib "kernel32.dll" (hpvDest As Any, hpvSource As Any, ByVal cbCopy As Long) Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Public Declare Function GetCurrentProcessId Lib "kernel32" () As Long Public Declare Function LoadLibraryA Lib "kernel32" (ByVal lpLibFileName As String) As Long Public Const PROCESS_ALL_ACCESS = &H1F0FFF 'Specifies all possible access flags for the process object. Public Const PROCESS_CREATE_THREAD = &H2 'Enables using the process handle in the CreateRemoteThread function to create a thread in the process. Public Const PROCESS_DUP_HANDLE = &H40 'Enables using the process handle as either the source or target process in the DuplicateHandle function to duplicate a handle. Public Const PROCESS_QUERY_INFORMATION = &H400 'Enables using the process handle in the GetExitCodeProcess and GetPriorityClass functions to read information from the process object. Public Const PROCESS_SET_INFORMATION = &H200 'Enables using the process handle in the SetPriorityClass function to set the priority class of the process. Public Const PROCESS_TERMINATE = &H1 'Enables using the process handle in the TerminateProcess function to terminate the process. Public Const PROCESS_VM_OPERATION = &H8 'Enables using the process handle in the VirtualProtectEx and WriteProcessMemory functions to modify the virtual memory of the process. Public Const PROCESS_VM_READ = &H10 'Enables using the process handle in the ReadProcessMemory function to read from the virtual memory of the process. Public Const PROCESS_VM_WRITE = &H20 'Enables using the process handle in the WriteProcessMemory function to write to the virtual memory of the process. Public Const SYNCHRONIZE = &H100000 'Enables using the process handle in any of the wait functions to wait for the process to terminate. Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (hpvDest As Any, hpvSource As Any, ByVal cbCopy As Long) 'The WideCharToMultiByte function maps a wide-character string to a new character string. 'The function is faster when both lpDefaultChar and lpUsedDefaultChar are NULL. 'CodePage Private Const CP_ACP = 0 'ANSI Private Const CP_MACCP = 2 'Mac Private Const CP_OEMCP = 1 'OEM Private Const CP_UTF7 = 65000 Private Const CP_UTF8 = 65001 'dwFlags Private Const WC_NO_BEST_FIT_CHARS = &H400 Private Const WC_COMPOSITECHECK = &H200 Private Const WC_DISCARDNS = &H10 Private Const WC_SEPCHARS = &H20 'Default Private Const WC_DEFAULTCHAR = &H40 Private Declare Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As Long, ByVal cchWideChar As Long, ByVal lpMultiByteStr As Long, ByVal cbMultiByte As Long, ByVal lpDefaultChar As Long, ByVal lpUsedDefaultChar As Long) As Long Public Function ByteArrayToString(Bytes() As Byte) As String Dim iUnicode As Long, i As Long, j As Long On Error Resume Next i = UBound(Bytes) If (i < 1) Then 'ANSI, just convert to unicode and return ByteArrayToString = StrConv(Bytes, vbUnicode) Exit Function End If i = i + 1 'Examine the first two bytes CopyMemory iUnicode, Bytes(0), 2 If iUnicode = Bytes(0) Then 'Unicode 'Account for terminating null If (i Mod 2) Then i = i - 1 'Set up a buffer to recieve the string ByteArrayToString = String$(i / 2, 0) 'Copy to string CopyMemory ByVal StrPtr(ByteArrayToString), Bytes(0), i Else 'ANSI ByteArrayToString = StrConv(Bytes, vbUnicode) End If End Function Public Function StringToByteArray(strInput As String, Optional bReturnAsUnicode As Boolean = True, Optional bAddNullTerminator As Boolean = False) As Byte() Dim lRet As Long Dim bytBuffer() As Byte Dim lLenB As Long If bReturnAsUnicode Then 'Number of bytes lLenB = LenB(strInput) 'Resize buffer, do we want terminating null? If bAddNullTerminator Then ReDim bytBuffer(lLenB) Else ReDim bytBuffer(lLenB - 1) End If 'Copy characters from string to byte array CopyMemory bytBuffer(0), ByVal StrPtr(strInput), lLenB Else 'METHOD ONE ' 'Get rid of embedded nulls ' strRet = StrConv(strInput, vbFromUnicode) ' lLenB = LenB(strRet) ' If bAddNullTerminator Then ' ReDim bytBuffer(lLenB) ' Else ' ReDim bytBuffer(lLenB - 1) ' End If ' CopyMemory bytBuffer(0), ByVal StrPtr(strInput), lLenB 'METHOD TWO 'Num of characters lLenB = Len(strInput) If bAddNullTerminator Then ReDim bytBuffer(lLenB) Else ReDim bytBuffer(lLenB - 1) End If lRet = WideCharToMultiByte(CP_ACP, 0&, ByVal StrPtr(strInput), -1, ByVal VarPtr(bytBuffer(0)), lLenB, 0&, 0&) End If StringToByteArray = bytBuffer End Function
Form: Agregar RitchTextBox (llenar el texto), un Label (para el address del for) y un CommandButton (acción) Private Sub Command1_Click() 'MEMORY_BASIC_INFORMATION mbi; Dim mbi As MEMORY_BASIC_INFORMATION 'MODULE_INFORMATION mi; Dim mi As MODULE_INFORMATION 'BYTE szBuffer[MAX_PATH * 2 + 4] = { 0 }; Dim szBuffer(523) As Byte Dim i As Integer 'PUNICODE_STRING usSectionName; Dim usSectionName As UNICODE_STRING Dim hProcess As Long hProcess = GetCurrentProcess() Dim Addr As Long Dim READABLE As Long READABLE = (PAGE_EXECUTE_READ + PAGE_EXECUTE_READWRITE + PAGE_EXECUTE_WRITECOPY + PAGE_READONLY + PAGE_READWRITE + PAGE_WRITECOPY) txtSections.Text = "" Addr = 0 Dim hRet As Long Dim asd As String Dim zBytes() As Byte txtSections.Visible = False ReDim zBytes(0) As Byte While VirtualQuery(Addr, mbi, 28) DoEvents Label1.Caption = "0x" & Hex(Addr) If (mbi.State And MEM_COMMIT) Then If (mbi.AllocationProtect And READABLE) Then hRet = ZwQueryVirtualMemory(hProcess, Addr, MemoryBasicInformation, VarPtr(mbi), &H1C, 0&) txtSections.Text = txtSections.Text & "Add: " & Hex(Addr) & " - Size: " & Hex(mbi.RegionSize) & vbNewLine For i = LBound(szBuffer) To UBound(szBuffer) szBuffer(i) = 0 Next i For i = LBound(zBytes) To UBound(zBytes) zBytes(i) = 0 Next i If (hRet >= 0) Then If (mbi.Type <> MEM_FREE) Then hRet = ZwQueryVirtualMemory(hProcess, Addr, MemorySectionName, VarPtr(szBuffer(0)), &H20C, 0&) If (hRet >= 0) Then Call ZeroMemory(mi, &H234) Call RtlMoveMemory(mi, mbi, &H1C) Call ReadProcessMemory(hProcess, VarPtr(szBuffer(0)), usSectionName.Length, &H2, 0&) Call ReadProcessMemory(hProcess, VarPtr(szBuffer(2)), usSectionName.MaximumLength, &H2, 0&) ReDim zBytes(usSectionName.Length * 2) 'How do I know is offset 8? It's simple.... "Aliens" Call ReadProcessMemory(hProcess, VarPtr(szBuffer(8)), zBytes(0), usSectionName.Length * 2, 0&) txtSections.Text = txtSections.Text & ByteArrayToString(zBytes) & " (" & usSectionName.Length & "/" & usSectionName.MaximumLength & ")" & vbNewLine & vbNewLine End If End If End If End If End If txtSections.SelStart = Len(txtSections) If Addr >= &H7FFF0000 Then GoTo salir End If Addr = (mbi.BaseAddress) + mbi.RegionSize Wend salir: txtSections.Visible = True MsgBox "Done" End Sub
Resultado: Add: 0 - Size: 1000 Add: 10000 - Size: 1000 Add: 20000 - Size: 1000 Add: 21000 - Size: 1000 Add: 30000 - Size: 1000 Add: 129000 - Size: 1000 Add: 12A000 - Size: 1000 Add: 130000 - Size: 1000 Add: 134000 - Size: 1000 Add: 140000 - Size: 1000 Add: 141000 - Size: 1000 Add: 150000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\locale.nls Add: 1B7000 - Size: 1000 Add: 1C0000 - Size: 1000 Add: 1C1000 - Size: 1000 Add: 1D0000 - Size: 1000 Add: 1DA000 - Size: 1000 Add: 1E0000 - Size: 1000 Add: 1E7000 - Size: 1000 Add: 1F0000 - Size: 1000 Add: 1F2000 - Size: 1000 Add: 200000 - Size: 1000 Add: 201000 - Size: 1000 Add: 210000 - Size: 1000 Add: 211000 - Size: 1000 Add: 220000 - Size: 1000 Add: 222000 - Size: 1000 Add: 230000 - Size: 1000 Add: 232000 - Size: 1000 Add: 240000 - Size: 1000 Add: 241000 - Size: 1000 Add: 250000 - Size: 1000 Add: 252000 - Size: 1000 Add: 260000 - Size: 1000 Add: 2F3000 - Size: 1000 Add: 360000 - Size: 1000 Add: 361000 - Size: 1000 Add: 370000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\TABCTL32.OCX Add: 37D000 - Size: 1000 Add: 380000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\RICHTX32.OCX Add: 3D0000 - Size: 1000 Add: 3D1000 - Size: 1000 Add: 3E0000 - Size: 1000 Add: 400000 - Size: 1000 \Device\HarddiskVolume2\Misery-PC\[New Programming 2014]\[AO]\OffiHack\test\Project1.exe Add: 401000 - Size: 1000 \Device\HarddiskVolume2\Misery-PC\[New Programming 2014]\[AO]\OffiHack\test\Project1.exe Add: 42D000 - Size: 1000 \Device\HarddiskVolume2\Misery-PC\[New Programming 2014]\[AO]\OffiHack\test\Project1.exe Add: 430000 - Size: 1000 \Device\HarddiskVolume2\Misery-PC\[New Programming 2014]\[AO]\OffiHack\test\Project1.exe Add: 431000 - Size: 1000 Add: 440000 - Size: 1000 Add: 441000 - Size: 1000 Add: 4C0000 - Size: 1000 Add: 4E0000 - Size: 1000 Add: 4E3000 - Size: 1000 Add: 4F0000 - Size: 1000 Add: 4FF000 - Size: 1000 Add: 5B0000 - Size: 1000 Add: 5B3000 - Size: 1000 Add: 5B8000 - Size: 1000 Add: 5C0000 - Size: 1000 Add: 6C1000 - Size: 1000 Add: 6D0000 - Size: 1000 Add: 87A000 - Size: 1000 Add: 12D0000 - Size: 1000 Add: 12E0000 - Size: 1000 Add: 16D0000 - Size: 1000 \Device\HarddiskVolume2\Windows\Globalization\Sorting\SortDefault.nls Add: 199F000 - Size: 1000 Add: 19A0000 - Size: 1000 Add: 1A7F000 - Size: 1000 Add: 1A80000 - Size: 1000 Add: 1A82000 - Size: 1000 Add: 1B80000 - Size: 1000 Add: 1B90000 - Size: 1000 Add: 1BAE000 - Size: 1000 Add: 1BD0000 - Size: 1000 Add: 1CF0000 - Size: 1000 Add: 1CF2000 - Size: 1000 Add: 1D00000 - Size: 1000 Add: 1D90000 - Size: 1000 Add: 1DD0000 - Size: 1000 Add: 1F00000 - Size: 1000 Add: 1F03000 - Size: 1000 Add: 1F10000 - Size: 1000 Add: 1FA0000 - Size: 1000 Add: 1FC7000 - Size: 1000 Add: 1FE0000 - Size: 1000 Add: 2356000 - Size: 1000 Add: 2360000 - Size: 1000 Add: 2370000 - Size: 1000 Add: 2760000 - Size: 1000 Add: 2B61000 - Size: 1000 Add: 2B70000 - Size: 1000 \Device\HarddiskVolume2\Windows\Fonts\StaticCache.dat Add: 34A0000 - Size: 1000 Add: 35D0000 - Size: 1000 Add: 35D1000 - Size: 1000 Add: 35E0000 - Size: 1000 Add: 10000000 - Size: 1000 \Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll Add: 10001000 - Size: 1000 \Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll Add: 10002000 - Size: 1000 \Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll Add: 10003000 - Size: 1000 \Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll Add: 10004000 - Size: 1000 \Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll Add: 10005000 - Size: 1000 Add: 20000000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\RICHTX32.OCX Add: 20001000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\RICHTX32.OCX Add: 2001E000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\RICHTX32.OCX Add: 2001F000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\RICHTX32.OCX Add: 20030000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\RICHTX32.OCX Add: 20032000 - Size: 1000 Add: 212F0000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\TABCTL32.OCX Add: 212F1000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\TABCTL32.OCX Add: 21313000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\TABCTL32.OCX Add: 21316000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\TABCTL32.OCX Add: 21321000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\TABCTL32.OCX Add: 21323000 - Size: 1000 Add: 5C290000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\oledlg.dll Add: 5C291000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\oledlg.dll Add: 5C2A5000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\oledlg.dll Add: 5C2A6000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\oledlg.dll Add: 5C2A7000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\oledlg.dll Add: 5C2AC000 - Size: 1000 Add: 65D90000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched20.dll Add: 65D91000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched20.dll Add: 65DF7000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched20.dll Add: 65DF8000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched20.dll Add: 65E06000 - Size: 1000 Add: 713E0000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll Add: 713E1000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll Add: 71456000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll Add: 71458000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll Add: 71459000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll Add: 71464000 - Size: 1000 Add: 72940000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\msvbvm60.dll Add: 72941000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\msvbvm60.dll Add: 72A4A000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\msvbvm60.dll Add: 72A51000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\msvbvm60.dll Add: 72A52000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\msvbvm60.dll Add: 72A93000 - Size: 1000 Add: 742C0000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched32.dll Add: 742C1000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched32.dll Add: 742C3000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched32.dll Add: 742C4000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\riched32.dll Add: 742C6000 - Size: 1000 Add: 74640000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\dwmapi.dll Add: 74641000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\dwmapi.dll Add: 7464C000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\dwmapi.dll Add: 7464E000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\dwmapi.dll Add: 74653000 - Size: 1000 Add: 74C20000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Add: 74C21000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Add: 74D6C000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Add: 74D6E000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Add: 74D6F000 - Size: 1000 \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Add: 74DBE000 - Size: 1000 Add: 74DC0000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll Add: 74DC1000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll Add: 74DFA000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll Add: 74DFB000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll Add: 74DFC000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll Add: 74E00000 - Size: 1000 Add: 75C70000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\cryptbase.dll Add: 75C71000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\cryptbase.dll Add: 75C79000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\cryptbase.dll Add: 75C7A000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\cryptbase.dll Add: 75C7C000 - Size: 1000 Add: 75C80000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\sxs.dll Add: 75C81000 - Size: 1000 \Device\HarddiskVolume2\Windows\System32\sxs.dll y blablabla
|
|
|
69
|
Programación / .NET (C#, VB.NET, ASP) / Re: ¿Es posible cambiar el ClassName de un Form en VB6 o VB.NET2010?
|
en: 11 Febrero 2015, 19:02 pm
|
Parece ser un tema complicado, no ví resultados en internet, pero hay que tener algo en cuenta, primero se registra una clase con "RegisterClassEx" ATOM WINAPI RegisterClassEx( _In_ const WNDCLASSEX *lpwcx );
Así que si la querés cambiar tenés que ir pensando en crear una a donde apuntar, ya que las clases son importantes porque los botones, textboxes son de tales características debido a su clase. Luego podrías ver que hace internamente CreateWindow o CreateWindowEx, debe apuntar a un string o un puntero de la estructura ésa. Ahora estoy un tanto ocupado haciendo funcionar "ZwQueryVirtualMemory", pero luego me pongo a debuggear CreateWindow y tratar de cambiar la clase, te conviene hacerlo en C++ y cuando lo logres lo pasás a VB6.
|
|
|
70
|
Programación / Programación Visual Basic / [SRC] GetPath EXE Opened
|
en: 9 Febrero 2015, 14:53 pm
|
Bueno, éste es un tema que ví en foro.elhacker.net/programacion_visual_basic/abrir_ejecutable_en_un_form_iquestes_posible_abrir_chrome-t429104.0.html para obtener el path de un archivo en ejecución sin hooks, aparentemente vé de donde se abrió, ahora posteo el código y un par de ejemplos: Option Explicit Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Public Declare Function GetCurrentProcessId Lib "kernel32" () As Long Public Declare Function LoadLibraryA Lib "kernel32" (ByVal lpLibFileName As String) As Long Public Const PROCESS_ALL_ACCESS = &H1F0FFF 'Specifies all possible access flags for the process object. Public Const PROCESS_CREATE_THREAD = &H2 'Enables using the process handle in the CreateRemoteThread function to create a thread in the process. Public Const PROCESS_DUP_HANDLE = &H40 'Enables using the process handle as either the source or target process in the DuplicateHandle function to duplicate a handle. Public Const PROCESS_QUERY_INFORMATION = &H400 'Enables using the process handle in the GetExitCodeProcess and GetPriorityClass functions to read information from the process object. Public Const PROCESS_SET_INFORMATION = &H200 'Enables using the process handle in the SetPriorityClass function to set the priority class of the process. Public Const PROCESS_TERMINATE = &H1 'Enables using the process handle in the TerminateProcess function to terminate the process. Public Const PROCESS_VM_OPERATION = &H8 'Enables using the process handle in the VirtualProtectEx and WriteProcessMemory functions to modify the virtual memory of the process. Public Const PROCESS_VM_READ = &H10 'Enables using the process handle in the ReadProcessMemory function to read from the virtual memory of the process. Public Const PROCESS_VM_WRITE = &H20 'Enables using the process handle in the WriteProcessMemory function to write to the virtual memory of the process. Public Const SYNCHRONIZE = &H100000 'Enables using the process handle in any of the wait functions to wait for the process to terminate. Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (hpvDest As Any, hpvSource As Any, ByVal cbCopy As Long) 'The WideCharToMultiByte function maps a wide-character string to a new character string. 'The function is faster when both lpDefaultChar and lpUsedDefaultChar are NULL. 'CodePage Private Const CP_ACP = 0 'ANSI Private Const CP_MACCP = 2 'Mac Private Const CP_OEMCP = 1 'OEM Private Const CP_UTF7 = 65000 Private Const CP_UTF8 = 65001 'dwFlags Private Const WC_NO_BEST_FIT_CHARS = &H400 Private Const WC_COMPOSITECHECK = &H200 Private Const WC_DISCARDNS = &H10 Private Const WC_SEPCHARS = &H20 'Default Private Const WC_DEFAULTCHAR = &H40 Private Declare Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As Long, ByVal cchWideChar As Long, ByVal lpMultiByteStr As Long, ByVal cbMultiByte As Long, ByVal lpDefaultChar As Long, ByVal lpUsedDefaultChar As Long) As Long Public Function ByteArrayToString(Bytes() As Byte) As String Dim iUnicode As Long, i As Long, j As Long On Error Resume Next i = UBound(Bytes) If (i < 1) Then 'ANSI, just convert to unicode and return ByteArrayToString = StrConv(Bytes, vbUnicode) Exit Function End If i = i + 1 'Examine the first two bytes CopyMemory iUnicode, Bytes(0), 2 If iUnicode = Bytes(0) Then 'Unicode 'Account for terminating null If (i Mod 2) Then i = i - 1 'Set up a buffer to recieve the string ByteArrayToString = String$(i / 2, 0) 'Copy to string CopyMemory ByVal StrPtr(ByteArrayToString), Bytes(0), i Else 'ANSI ByteArrayToString = StrConv(Bytes, vbUnicode) End If End Function Public Function StringToByteArray(strInput As String, Optional bReturnAsUnicode As Boolean = True, Optional bAddNullTerminator As Boolean = False) As Byte() Dim lRet As Long Dim bytBuffer() As Byte Dim lLenB As Long If bReturnAsUnicode Then 'Number of bytes lLenB = LenB(strInput) 'Resize buffer, do we want terminating null? If bAddNullTerminator Then ReDim bytBuffer(lLenB) Else ReDim bytBuffer(lLenB - 1) End If 'Copy characters from string to byte array CopyMemory bytBuffer(0), ByVal StrPtr(strInput), lLenB Else 'METHOD ONE ' 'Get rid of embedded nulls ' strRet = StrConv(strInput, vbFromUnicode) ' lLenB = LenB(strRet) ' If bAddNullTerminator Then ' ReDim bytBuffer(lLenB) ' Else ' ReDim bytBuffer(lLenB - 1) ' End If ' CopyMemory bytBuffer(0), ByVal StrPtr(strInput), lLenB 'METHOD TWO 'Num of characters lLenB = Len(strInput) If bAddNullTerminator Then ReDim bytBuffer(lLenB) Else ReDim bytBuffer(lLenB - 1) End If lRet = WideCharToMultiByte(CP_ACP, 0&, ByVal StrPtr(strInput), -1, ByVal VarPtr(bytBuffer(0)), lLenB, 0&, 0&) End If StringToByteArray = bytBuffer End Function
Option Explicit Private Sub Command1_Click() Dim handle_Process As Double handle_Process = OpenProcess(PROCESS_ALL_ACCESS, False, Val(Text1.Text)) If handle_Process <> 0 Then Dim zBytes(256) As Byte Dim lb As Long lb = LoadLibraryA("KERNEL32.DLL") If lb = 0 Then lb = &H77C50000 End If 'kernel32.dll+C6320 '0x77D16320 If ReadProcessMemory(handle_Process, lb + &HC6320, zBytes(0), 256, 0&) <> 0 Then Clipboard.SetText ByteArrayToString(zBytes) MsgBox Clipboard.GetText Else MsgBox "Error al ejecutar ReadProcessMemory. (" & Err.LastDllError & ")" End If Call CloseHandle(handle_Process) Else MsgBox "Error al ejecutar OpenProcess. (" & Err.LastDllError & ")" End If End Sub Private Sub Form_Load() Text1.Text = GetCurrentProcessId() End Sub
TaskMgr: opera.exe 236 C:\Program Files\Opera\20.0.1387.91\opera.exe OUTPUT: C:\Program Files\Opera\ McTray.exe 1796 C:\Program Files\McAfee\Common Framework\McTray.exe OUTPUT: C:\Program Files\McAfee\Common Framework\ Project1.exe 2368 (éste) C:\Users\***00001**\Desktop\Program Opened from\Project1.exe OUTPUT: C:\Users\***00001**\Desktop\Program Opened from\ TeamViewer.exe 3308 C:\Program Files\TeamViewer\Version9\TeamViewer.exe OUTPUT: C:\Windows\system32\ (muestra este output porque se cargó como servicio y aparentemente se abre desde ese path) cheatengine-i386.exe 4320 C:\Misery-PC\Descargas\CE 6.3\CE 6.3\cheatengine-i386.exe OUTPUT: C:\Misery-PC\Descargas\CE 6.3\CE 6.3\ UdaterUI.exe 5216 C:\Program Files\McAfee\Common Framework\UdaterUI.exe OUTPUT: C:\Program Files\McAfee\Common Framework\ notepad++.exe 7464 C:\Program Files\Notepad++\notepad++.exe OUTPUT: C:\Users\***00001**\Desktop\GOTTA DO\ (abrí un txt desde ese lugar) Si bien no muestra el path del ejecutable, muestra el path de donde se abrió, seguramente que por el address KERNEL32.DLL+offset debe estar el path original del .exe, cualquier cosa nueva la posteo. Saludos.
|
|
|
|
|
|
|