Injecting code from 64-bit process
In a 64-bit process, if I want to inject code into a 32-bit process: Do I simply export the function from a 32-bit dll and perform my standard 64-bit injection function with the 32-bit code? If not,...
View ArticleClik here to view.
Execute PE file on virtual memory
Hi everyone. I've been reversing some malware like ramnit and I noticed that they contain most of their codes in embedded executable programs and proceed to execute the program as if it's part of the...
View ArticleClik here to view.
Help to fill in data for Mono.dll
I filled out all the API that I need , but there were problems with parameters , I do not know how to fill them . <ApiMonitor> <Include Filename="Headers\windows.h.xml" /> <Include...
View ArticleClik here to view.
[QUESTION] I/O Redirection
i am trying to execute a cmd.exe tasklist command and get the output but it doesn't work #include <stdio.h> #include <windows.h> int main(int argc, char *argv[]) { SECURITY_ATTRIBUTES sa =...
View ArticleWhat can a hacker get from an application executable file ?
I am not too much familiar with executables compiled throught c++ win32 atl mfc pure c or whatever that can create an executable and also i am total newbie when it comes to hacking stuff so i would...
View ArticleQuestions about debugbreak functions
#include <winternl.h> #include <windows.h> #include <stdio.h> #define SE_DEBUG_PRIVILEGE 20 NTSTATUS NTAPI RtlAdjustPrivilege(ULONG Privilege, BOOLEAN Enable, BOOLEAN CurrentThread,...
View ArticleOpcode fuzzer
Th is is a little lame I know, but I made this a while ago and I got a couple of crashes, but it is really hard on the cpu, gets REALLY hot! #Coded by Mist #include <Windows.h>...
View ArticleMaltego problem
I am trying to run maltego over tor connection but it never finishes loading. Is it an authentication problem because I am using tor? I know they have a captcha when you first sign up. Would like to...
View ArticleThe KUSER_SHARED_DATA structure
KUSER_SHARED_DATA is a data structure that contains a lot of Windows system information. It is always located in user mode at 0x7ffe0000, even on 64-bit Windows. At 0x7ffe0030, the full path of the...
View ArticleThe LdrShutdownProcess and LdrShutdownThread function
DLL_PROCESS_DETACH and PROCESS_THREAD_DETACH notifications are sent with the LdrShutdownProcess and LdrShutdownThread function. These functions are called when processes or threads terminates...
View ArticleClik here to view.
How to Vaypas Captcha Code
Hi This is Jenifar.Now i work in Indian visa online system.indian visa servar is now start a system.When i select appoinment Date i also give a captcha code.But this time not show captch cuz servar are...
View ArticleNew USB virus in the wild.
http://blog.eset.ie/2016/03/23/new-self-protecting-usb-trojan-able-to-avoid-detection/ Thought some of you guys would be interested in this one. Some of the techniques used are interesting.
View Articlehow to design w32 App.
How win32 Application such Google Chrome or Firefox has to design while Creating basic win32 application is not like that well designed. Thanks
View ArticleClik here to view.
Code Injections [beginner and advanced]
[Introduction]This tutorial is for every level, from beginners to advanced (so to review some aspects or instructions)I will use as much as i can C++ in this tutorial.It is divided in 3 parts:A -...
View ArticleFile System Filter Using a Driverless Driver
TLDR: Why can't I register a file system filter using a driverless driver? I've been experimenting for a month with process and file hiding using kernel mode drivers on Windows 64. I started by...
View ArticleClik here to view.
[Linux]How do I create a Midfunction hook
I am working on a patch for some an old game's dedicated server. I have created the windows version patch but am puzzled at how to go about creating/porting the patch to the linux executable. As far...
View ArticleAntimemory scanner - Bypassing NOD32 memory scan
Hello. I see a few coders lately who have added a so called "anti-memory" scanner in their crypters. This, according to them, helps bypass memory scans from various antivirus software, especially...
View ArticleAPI OFFSETTING
I am having some issues with a small piece of code, .data XCreateFileMappingA dd 0h XCreateFileA dd 0h .... .code call dword ptr [ebp+XCreateFileMappingA] call dword ptr [ebp+XCreateFileA] The point...
View Article
