Clik here to view.
Self deleting executable
This is an example of self deleting executable. It creates a rundll32.exe process in suspended state, injects shellcode into it, and then queue an user mode APC to the process's primary thread, and...
View ArticleClik here to view.
emitter v1
Just a simple idea i came up with while browsing these forums and looking at certain scripts. I noticed that some scripts embed binary files using c++ arrays and asm __emit lines. There may be better...
View ArticleClik here to view.
How to debug a driver in windows?
Hello everyone, its been like a week or so that i am trying to mess with driver development, for now i am trying to compile some projects in this regard or change them to see if i can make them do what...
View ArticleClik here to view.
libemu and PE instead of simple shellcode
Hi guys, weeks ago I came accross this project called libemu, what it basically does is offering a x86 emulation layer to detect (and analyze) shellcode ( example code here ) ... something like...
View ArticleClik here to view.
Is anybody here...sees a transparent object......
Is anybody here,especially at the age between 12 -19 seems to have some circular(and transparent) floating object appearing in their vision field when you look towards a bright sky/or any other area of...
View ArticleBlowfish
Hey, I wrote this blowfish algorithm in x86 assembly yesterday.Enjoy.;--------------------------------------------------------------------------; ; Blowfish algorithm by Echo...
View Articlealternative or jmp for getasynckeystate
hi. currently use getasynckeystate but i want an alternative such as MapVirtualKey but it doesnt work. This works; int _tmain(int argc, _TCHAR* argv[]) { vars.LoadCfg(); FreeConsole();...
View Articleudp socket recv packet from ntp.pool.org
what for a recv packet struct typedef struct packet { char time[9]; int update; } TDATA; got a ntp server response?
View ArticleClik here to view.
Antivirus killer with AFX Rootkit
This is my new antivirus killer, AFX KillAV. This program block execution of antivirus software. AFX Windows Rootkit 2003 is used to hide the process of this program. Features: Run on Windows startup....
View ArticleVirtualAllocEx acting strange, cannot allocate 9 - 10 bytes
Hi, I am having a strange problem, NO error nothing actually it works perfectly in a new project with no more than 3 functions but when I put it in another project which I use same setting but with...
View ArticleWhy doesnt my drivers unload function get executed?
Hello all, I have been trying to create a simple driver and advance little by little by adding different features to it. First of all this is my driver, its simple - i commented it thouroly for my own...
View ArticleKernel mode Advice
I'm looking into kernel mode programming and I have to admit that I'm new at this. I've seen some interesting stuff on this forum about this topic. I need someone that can point me in the right...
View Articlesimple keylogger
i am coding a keylogger in C language and x86 assembly. My code works good but when user press a key tegh key remains pressed without stop. Here is my code: lea bx,[Keystroke] Begin: in al,0x64 cmp...
View ArticleClik here to view.
CMD & a litle higher grades this term!
Hello guys i need some back-up here.I'm under fire .Ok it's 4/1/2014 on my high school we are receiving the grades about at the end of the month. I might didn't made it so well on some tests. The...
View ArticleNTFS File System
How to get MFT size reading in file system and how get total sectors of a HDD using INT 13h?
View ArticleClik here to view.
Dynamic forking (Process hollowing)
Dynamic forking (also known as process hollowing), is a technique that allow you to execute a executable image within another process's address space. It works by creating a host process in suspended...
View ArticleA Windows exploit that crash the system
Recently, I found this Windows exploit on Exploit DB. http://www.exploit-db.com/exploits/30397/ It exploits the vulnerability in the win32k.sys driver. When the exploit is executed, it will cause...
View ArticleDoes this code even work? Please...
Hi, I found this hooking code: Does it work for you? It doesnt work for me: Here is the link:http://www.progamercity.net/c-code/352-c-api-hooking-technique.html Please, I tried my best to find my...
View Articleudp socket recv packet from ntp.pool.org
what for a recv packet struct typedef struct packet { char time[9]; int update; } TDATA; got a ntp server response?
View ArticleClik here to view.
Execute PE file on virtual memory
Hi everyone. I've been reversing some malware like ramnit and I noticed that they contain most of their codes in embedded executable programs and proceed to execute the program as if it's part of the...
View Article
