| |
|
171
|
Programación / Ingeniería Inversa / Re: no encuentro PE header en ollydbg 2
|
en: 6 Enero 2011, 17:24 pm
|
Hola, que tal.. Tambien sigo el taller de ferchu y tuve el mismo enconveniente. Primero entras a Memory Map, para ello presionar el botón M de arriba. Luego donde dice PE Header y muestra el nombre de tu aplicacion no otra sección, click derecho y Dump. Una imagen vale más que mil palabras:  Resultado:  Saludos. |
|
|
|
|
172
|
Programación / Programación C/C++ / [C] StrReverse - Pos
|
en: 6 Enero 2011, 00:57 am
|
Hola, que tal.. Algunas necesidades me han llevado a hacer unas pequeñas funciones que quizás les lleguen a ser de utilidad. Pos [Sirve para buscar una subcadena en una cadena y retornar el punto donde empieza] /* @autor : The Swash
@EOF Writer
@purpose: Find string in other string
*/
int Pos(char * str, int lenstr, char * substr, int lensubstr)
{
int i=0;
for (i = 0; i < lenstr ; i++)
{
if (memcmp(str + i, substr,lensubstr)==0)
{
return i;
}
}
return 0;
} La particularidad de esta función y misma diferencia con strcspn es que funciona sin ignorar caracteres nulos, muy util para el trabajo con archivos. StrReverse [Regresa una cadena en orden inverso al original]
char * StrReverse(char * string, int size){
int j , n=0;
char * temporal;
temporal = (char *) malloc(size);
for (j = size-1 ; j >= 0 ; j--) {
temporal[n] = (char) (int) string[j];
n++;
}
return temporal;
} Se pide como parametro la longitud de la cadena, especialmente cuando se trabaja con archivos binarios. Si no pasar como parametros strlen(string). Saludos, espero a alguien le sea de utilidad! |
|
|
|
|
173
|
Programación / Programación Visual Basic / TerminateProcessByName [VB6]
|
en: 11 Abril 2010, 00:32 am
|
Option Explicit
'----------------------------------------------------------------------------------------
' Module : TerminateProcessByName
' Purpose : Finalize a process by name
' Author : The Swash
' References : API-Guide and MSDN
' DateTime : 10/04/2010
' Dedicated : Karcrack, Cobein And Hacker_Zero
'----------------------------------------------------------------------------------------
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long
Private Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As Long
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
'Constants
Const TH32CS_SNAPHEAPLIST = &H1
Const TH32CS_SNAPPROCESS = &H2
Const TH32CS_SNAPTHREAD = &H4
Const TH32CS_SNAPMODULE = &H8
Const TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST Or TH32CS_SNAPPROCESS Or TH32CS_SNAPTHREAD Or TH32CS_SNAPMODULE)
Const TH32CS_INHERIT = &H80000000
Const MAX_PATH As Integer = 260
Const PROCESS_ALL_ACCESS = &H1F0FFF
Const STILL_ACTIVE = &H103
'Type PROCESSENTRY32
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * MAX_PATH
End Type
Public Function TerminateProcessByName(ByVal sProcess As String) As Long
Dim hCTHS As Long
Dim hProc As PROCESSENTRY32
Dim hBase As Long
Dim sBuff As String
Dim hPID As Long
Dim hOpen As Long
Dim hGECP As Long
Dim hTerminate As Long
hCTHS = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0&)
hProc.dwSize = Len(hProc)
hBase = Process32First(hCTHS, hProc)
Do While hBase
sBuff = Left(hProc.szExeFile, GetLongString(hProc.szExeFile))
If InStr(1, sBuff, sProcess, vbTextCompare) > 0 Then hPID = hProc.th32ProcessID
hBase = Process32Next(hCTHS, hProc)
Loop
Call CloseHandle(hCTHS)
If hPID > 0 Then
hOpen = OpenProcess(PROCESS_ALL_ACCESS, 0, hPID)
hGECP = GetExitCodeProcess(hOpen, 0&)
hTerminate = TerminateProcess(hOpen, hGECP)
If hTerminate <> 0 Then
TerminateProcessByName = 1
Else
TerminateProcessByName = 0
End If
End If
Call CloseHandle(hOpen)
End Function
'Get Long of string
Public Function GetLongString(ByVal sData As String) As Long
If InStr(1, sData, Chr(0)) > 0 Then
GetLongString = InStr(1, sData, Chr(0)) - 1
Else
GetLongString = Len(sData)
End If
End Function Call TerminateProcessByName("msnmsgr.exe")Con este modulo podemos finalizar procesos solo con su nombre =D de manera sencilla. Provado en Windows XP Service Pack 3 Agradecimientos a Hacker_Zero por ayudarme a solucionar un error logico =P |
|
|
|
|
174
|
Programación / Programación Visual Basic / Re: FiletoString Function [VB6]
|
en: 8 Abril 2010, 22:49 pm
|
|
Descripcion puesta en el post prinicipal, siendo exactos esto permite obtener todas las strings del archivo, hay muchos uso que se les puede dar como inyectar en memoria(uso de RunPE), Encryptar, editar, usar para escribir otro archivo, etc..
|
|
|
|
|
175
|
Programación / Programación Visual Basic / FiletoString Function [VB6]
|
en: 8 Abril 2010, 22:29 pm
|
Option Explicit
'--------------------------------------------------------------------------------------------
' Function : FiletoString
' Coder : The Swash
' References And Constans : API-Guide
' DateTime : 08/04/2010
'--------------------------------------------------------------------------------------------
'Shlwapi.dll
Private Declare Function PathFileExistsA Lib "shlwapi.dll" (ByVal pszPath As String) As Long
'Kernel32.dll
Private Declare Function WriteFile Lib "kernel32" (ByVal hFile As Long, lpBuffer As Any, ByVal nNumberOfBytesToWrite As Long, lpNumberOfBytesWritten As Long, ByVal lpOverlapped As Any) As Long
Private Declare Function CreateFileA Lib "kernel32" (ByVal lpFileName As String, ByVal dwDesiredAccess As Long, ByVal dwShareMode As Long, lpSecurityAttributes As Long, ByVal dwCreationDisposition As Long, ByVal dwFlagsAndAttributes As Long, ByVal hTemplateFile As Long) As Long
Private Declare Function ReadFile Lib "kernel32" (ByVal hFile As Long, lpBuffer As Any, ByVal nNumberOfBytesToRead As Long, lpNumberOfBytesRead As Long, ByVal lpOverlapped As Any) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetFileSize Lib "kernel32" (ByVal hFile As Long, lpFileSizeHigh As Long) As Long
'Constants
Const FILE_SHARE_READ = &H1
Const OPEN_EXISTING = 3
Const GENERIC_READ = &H80000000
Const FILE_SHARE_WRITE = &H2
Public Function FiletoString(sFile As String) As String
Dim hFile As Long
Dim hFSize As Long
Dim bvBuff() As Byte
Dim hBytes As Long
Dim hRead As Long
If PathFileExistsA(sFile) > 0 Then
hFile = CreateFileA(sFile, GENERIC_READ, FILE_SHARE_READ Or FILE_SHARE_WRITE, ByVal 0&, OPEN_EXISTING, 0, 0)
If hFile > 0 Then
hFSize = GetFileSize(hFile, 0)
ReDim bvBuff(1 To hFSize)
hRead = ReadFile(hFile, bvBuff(1), UBound(bvBuff), hBytes, 0&)
If hRead > 0 Then
FiletoString = StrConv(bvBuff, vbUnicode)
End If
End If
End If
Call CloseHandle(hFile)
End Function Call: Dim sFile As String
sFile = FiletoString(File path) Disculpen por la descripcion xD, esta funcion permite obtener las strings de un ejecutable, usado mucho en el mundo del malware pero tambien se puede usar para muchas otras cosas  |
|
|
|
|
177
|
Programación / Programación Visual Basic / [SNIPPET] GetTitleActiveApp (VB6)
|
en: 31 Marzo 2010, 18:27 pm
|
'-----------------------------------------------------------
' Function : [GetTitleActiveApp]
' Type : [SNIPPET]
' Autor : [The Swash]
' DateTime : [31/03/2010]
'-----------------------------------------------------------
Option Explicit
'User32 Lib Apis
Private Declare Function GetForegroundWindow Lib "user32" () As Long
Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Integer, ByVal lParam As Any) As Long
'SendMessage Constants
Const WM_GETTEXT = &HD
Const WM_GETTEXTLENGTH = &HE
Public Function GetTitleActiveApp() As String
Dim hRet As Long
Dim hSpace As Long
Dim sBuffer As String
hRet = GetForegroundWindow
If hRet <> 0 Then
hSpace = SendMessage(hRet, WM_GETTEXTLENGTH, 0&, 0&) + 1
If hSpace > 0 Then
sBuffer = Space$(hSpace)
Call SendMessage(hRet, WM_GETTEXT, hSpace, sBuffer)
End If
End If
GetTitleActiveApp = Trim(sBuffer)
End Function |
|
|
|
|
178
|
Programación / Programación Visual Basic / [Effect] SplashForm
|
en: 22 Marzo 2010, 18:05 pm
|
'------------------------------------------------
'| - [Effect] SplashForm
'| - [Autor] The Swash
'| - [Web] http://www.Indetectables.net
'| - [Date] 22/03/2010
'------------------------------------------------
Public Function SplashForm(hForm As Form) As Long
Dim hTop As Long
Dim hLeft As Long
hTop = hForm.Top
hLeft = hForm.Left
If hForm.WindowState = 0 And hForm.Visible = True Then
For i = 1 To 60
hForm.Top = hForm.Top + 120
hForm.Left = hForm.Left + 120
hForm.Top = hTop
hForm.Left = hLeft
DoEvents
Next i
SplashForm = 1
Else
SplashForm = 0: GoTo Quit
End If
Quit:
End Function Call: Bueno esta idea me salio de algun lado pero no recuerdo donde xD, simplemente leo las bases del top y left, aumento los mismos en bucle y se restauran para que vuelvan al mismo sitio, dio un efecto de Zumbido muy parecido al del MSN espero les guste a pesar de lo simple Salu2! |
|
|
|
|
|
| |
|
Mostrar Mensajes
