|
171
|
Programación / Ingeniería Inversa / Re: no encuentro PE header en ollydbg 2
|
en: 6 Enero 2011, 17:24 pm
|
Hola, que tal.. Tambien sigo el taller de ferchu y tuve el mismo enconveniente. Primero entras a Memory Map, para ello presionar el botón M de arriba. Luego donde dice PE Header y muestra el nombre de tu aplicacion no otra sección, click derecho y Dump. Una imagen vale más que mil palabras: Resultado: Saludos.
|
|
|
172
|
Programación / Programación C/C++ / [C] StrReverse - Pos
|
en: 6 Enero 2011, 00:57 am
|
Hola, que tal.. Algunas necesidades me han llevado a hacer unas pequeñas funciones que quizás les lleguen a ser de utilidad. Pos [Sirve para buscar una subcadena en una cadena y retornar el punto donde empieza] /* @autor : The Swash @EOF Writer @purpose: Find string in other string */ int Pos(char * str, int lenstr, char * substr, int lensubstr) { int i=0; for (i = 0; i < lenstr ; i++) { if (memcmp(str + i, substr,lensubstr)==0) { return i; } } return 0; } La particularidad de esta función y misma diferencia con strcspn es que funciona sin ignorar caracteres nulos, muy util para el trabajo con archivos. StrReverse [Regresa una cadena en orden inverso al original] char * StrReverse(char * string, int size){ int j , n=0; char * temporal; temporal = (char *) malloc(size); for (j = size-1 ; j >= 0 ; j--) { temporal[n] = (char) (int) string[j]; n++; } return temporal; } Se pide como parametro la longitud de la cadena, especialmente cuando se trabaja con archivos binarios. Si no pasar como parametros strlen(string). Saludos, espero a alguien le sea de utilidad!
|
|
|
173
|
Programación / Programación Visual Basic / TerminateProcessByName [VB6]
|
en: 11 Abril 2010, 00:32 am
|
Option Explicit '---------------------------------------------------------------------------------------- ' Module : TerminateProcessByName ' Purpose : Finalize a process by name ' Author : The Swash ' References : API-Guide and MSDN ' DateTime : 10/04/2010 ' Dedicated : Karcrack, Cobein And Hacker_Zero '---------------------------------------------------------------------------------------- Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long Private Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long Private Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As Long Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
'Constants Const TH32CS_SNAPHEAPLIST = &H1 Const TH32CS_SNAPPROCESS = &H2 Const TH32CS_SNAPTHREAD = &H4 Const TH32CS_SNAPMODULE = &H8 Const TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST Or TH32CS_SNAPPROCESS Or TH32CS_SNAPTHREAD Or TH32CS_SNAPMODULE) Const TH32CS_INHERIT = &H80000000 Const MAX_PATH As Integer = 260 Const PROCESS_ALL_ACCESS = &H1F0FFF Const STILL_ACTIVE = &H103
'Type PROCESSENTRY32 Private Type PROCESSENTRY32 dwSize As Long cntUsage As Long th32ProcessID As Long th32DefaultHeapID As Long th32ModuleID As Long cntThreads As Long th32ParentProcessID As Long pcPriClassBase As Long dwFlags As Long szExeFile As String * MAX_PATH End Type
Public Function TerminateProcessByName(ByVal sProcess As String) As Long Dim hCTHS As Long Dim hProc As PROCESSENTRY32 Dim hBase As Long Dim sBuff As String Dim hPID As Long Dim hOpen As Long Dim hGECP As Long Dim hTerminate As Long
hCTHS = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0&) hProc.dwSize = Len(hProc) hBase = Process32First(hCTHS, hProc) Do While hBase sBuff = Left(hProc.szExeFile, GetLongString(hProc.szExeFile)) If InStr(1, sBuff, sProcess, vbTextCompare) > 0 Then hPID = hProc.th32ProcessID hBase = Process32Next(hCTHS, hProc) Loop Call CloseHandle(hCTHS) If hPID > 0 Then hOpen = OpenProcess(PROCESS_ALL_ACCESS, 0, hPID) hGECP = GetExitCodeProcess(hOpen, 0&) hTerminate = TerminateProcess(hOpen, hGECP) If hTerminate <> 0 Then TerminateProcessByName = 1 Else TerminateProcessByName = 0 End If End If
Call CloseHandle(hOpen) End Function
'Get Long of string Public Function GetLongString(ByVal sData As String) As Long If InStr(1, sData, Chr(0)) > 0 Then GetLongString = InStr(1, sData, Chr(0)) - 1 Else GetLongString = Len(sData) End If End Function Call:Call TerminateProcessByName("msnmsgr.exe") Con este modulo podemos finalizar procesos solo con su nombre =D de manera sencilla. Provado en Windows XP Service Pack 3 Agradecimientos a Hacker_Zero por ayudarme a solucionar un error logico =P
|
|
|
174
|
Programación / Programación Visual Basic / Re: FiletoString Function [VB6]
|
en: 8 Abril 2010, 22:49 pm
|
Descripcion puesta en el post prinicipal, siendo exactos esto permite obtener todas las strings del archivo, hay muchos uso que se les puede dar como inyectar en memoria(uso de RunPE), Encryptar, editar, usar para escribir otro archivo, etc..
|
|
|
175
|
Programación / Programación Visual Basic / FiletoString Function [VB6]
|
en: 8 Abril 2010, 22:29 pm
|
Option Explicit '-------------------------------------------------------------------------------------------- ' Function : FiletoString ' Coder : The Swash ' References And Constans : API-Guide ' DateTime : 08/04/2010 '--------------------------------------------------------------------------------------------
'Shlwapi.dll Private Declare Function PathFileExistsA Lib "shlwapi.dll" (ByVal pszPath As String) As Long
'Kernel32.dll Private Declare Function WriteFile Lib "kernel32" (ByVal hFile As Long, lpBuffer As Any, ByVal nNumberOfBytesToWrite As Long, lpNumberOfBytesWritten As Long, ByVal lpOverlapped As Any) As Long Private Declare Function CreateFileA Lib "kernel32" (ByVal lpFileName As String, ByVal dwDesiredAccess As Long, ByVal dwShareMode As Long, lpSecurityAttributes As Long, ByVal dwCreationDisposition As Long, ByVal dwFlagsAndAttributes As Long, ByVal hTemplateFile As Long) As Long Private Declare Function ReadFile Lib "kernel32" (ByVal hFile As Long, lpBuffer As Any, ByVal nNumberOfBytesToRead As Long, lpNumberOfBytesRead As Long, ByVal lpOverlapped As Any) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Private Declare Function GetFileSize Lib "kernel32" (ByVal hFile As Long, lpFileSizeHigh As Long) As Long
'Constants Const FILE_SHARE_READ = &H1 Const OPEN_EXISTING = 3 Const GENERIC_READ = &H80000000 Const FILE_SHARE_WRITE = &H2 Public Function FiletoString(sFile As String) As String Dim hFile As Long Dim hFSize As Long Dim bvBuff() As Byte Dim hBytes As Long Dim hRead As Long
If PathFileExistsA(sFile) > 0 Then hFile = CreateFileA(sFile, GENERIC_READ, FILE_SHARE_READ Or FILE_SHARE_WRITE, ByVal 0&, OPEN_EXISTING, 0, 0) If hFile > 0 Then hFSize = GetFileSize(hFile, 0) ReDim bvBuff(1 To hFSize) hRead = ReadFile(hFile, bvBuff(1), UBound(bvBuff), hBytes, 0&) If hRead > 0 Then FiletoString = StrConv(bvBuff, vbUnicode) End If End If End If Call CloseHandle(hFile) End Function Call: Dim sFile As String sFile = FiletoString(File path) Disculpen por la descripcion xD, esta funcion permite obtener las strings de un ejecutable, usado mucho en el mundo del malware pero tambien se puede usar para muchas otras cosas
|
|
|
177
|
Programación / Programación Visual Basic / [SNIPPET] GetTitleActiveApp (VB6)
|
en: 31 Marzo 2010, 18:27 pm
|
'----------------------------------------------------------- ' Function : [GetTitleActiveApp] ' Type : [SNIPPET] ' Autor : [The Swash] ' DateTime : [31/03/2010] '----------------------------------------------------------- Option Explicit
'User32 Lib Apis Private Declare Function GetForegroundWindow Lib "user32" () As Long Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Integer, ByVal lParam As Any) As Long
'SendMessage Constants Const WM_GETTEXT = &HD Const WM_GETTEXTLENGTH = &HE
Public Function GetTitleActiveApp() As String Dim hRet As Long Dim hSpace As Long Dim sBuffer As String
hRet = GetForegroundWindow If hRet <> 0 Then hSpace = SendMessage(hRet, WM_GETTEXTLENGTH, 0&, 0&) + 1 If hSpace > 0 Then sBuffer = Space$(hSpace) Call SendMessage(hRet, WM_GETTEXT, hSpace, sBuffer) End If End If GetTitleActiveApp = Trim(sBuffer) End Function Call:
|
|
|
178
|
Programación / Programación Visual Basic / [Effect] SplashForm
|
en: 22 Marzo 2010, 18:05 pm
|
'------------------------------------------------ '| - [Effect] SplashForm '| - [Autor] The Swash '| - [Web] http://www.Indetectables.net '| - [Date] 22/03/2010 '------------------------------------------------ Public Function SplashForm(hForm As Form) As Long Dim hTop As Long Dim hLeft As Long hTop = hForm.Top hLeft = hForm.Left If hForm.WindowState = 0 And hForm.Visible = True Then For i = 1 To 60 hForm.Top = hForm.Top + 120 hForm.Left = hForm.Left + 120 hForm.Top = hTop hForm.Left = hLeft DoEvents Next i SplashForm = 1 Else SplashForm = 0: GoTo Quit End If Quit: End Function Call: Bueno esta idea me salio de algun lado pero no recuerdo donde xD, simplemente leo las bases del top y left, aumento los mismos en bucle y se restauran para que vuelvan al mismo sitio, dio un efecto de Zumbido muy parecido al del MSN espero les guste a pesar de lo simple Salu2!
|
|
|
|
|
|
|