MapleStory / Hack Development. By:
|
|
- Earl Hudson
- 5 years ago
- Views:
Transcription
1 MapleStory / Hack Development Sheet By: Last Updated: 3/14/2009
2 Multi-level Pointers (Read) Credits: This cool idea just randomly came to mind while on IRC. #include <stdarg.h> #define OFFSETS_END 0xDEADBEEF checkreturn BOOL _ReadPointer( out PULONG_PTR pulvalue, in LPCVOID lpcvbase,...) ULONG_PTR ultemp; va_list parguments; BOOL bret; int ioffset; try ultemp = (ULONG_PTR)lpcvBase; va_start(parguments, lpcvbase); while ((ioffset = va_arg(parguments, int))!= OFFSETS_END) ultemp = *(ULONG_PTR*)((*(ULONG_PTR*)ulTemp) + ioffset); va_end(parguments); *pulvalue = ultemp == (ULONG_PTR)lpcvBase? *(ULONG_PTR*)ulTemp : ultemp; bret = TRUE; except(exception_execute_handler) bret = FALSE; return bret; #define ReadPointer(x, y,...) _ReadPointer(x, y, VA_ARGS, OFFSETS_END) Example usage: // Read a pointer: [0x600000]+0x69] ReadPointer(&ulValue, (LPCVOID)0x600000, 0x69); // Read a multi-level pointer: [[[[0x400000]+10]]+10] ReadPointer(&ulValue, (LPCVOID)0x400000, 10, 0, 10); PROTIP: I'm being lazy and if you wanted it to be as safe as possible, instead of just catching exceptions I suggest you use VirtualQuery. Opcode Dll Credits: Compiled Dll: Source Code Dll: Compiled Sample: Source Code Sample: Destroying MapleStory s Play Screen Credits:
3 HWND hwnd = FindWindow("StartUpDlgClass", 0); for(; hwnd; Sleep(100), hwnd = FindWindow("StartUpDlgClass", 0)) DestroyWindow(hWnd); Hooking Send API Credits: SOCKET psocket = NULL; DWORD Sendaddr = NULL; DWORD SendJmp = NULL; DWORD OldProtection; // void declspec(naked) stdcall SendHook() asm mov edi,edi push ebp mov ebp, esp push [ebp+0x08] push [ebp+0x0c] call LogHandler jmp SendJmp void stdcall LogHandler( char* buf, SOCKET sock ) // cut rapion said so psocket = sock; //Log buf here return; void HookHandler( bool ishook ) if( ishook ) Sendaddr = (DWORD)GetProcAddress( LoadLibrary( "ws2_32.dll" ), "send" ); SendJmp = Sendaddr + 5; VirtualProtect( &Sendaddr, 0x05, PAGE_READWRITE, &OldProtection ); *(BYTE*)Sendaddr = 0xe9; *(int*)(sendaddr+1) = JMP( Sendaddr, (DWORD*)SendHook ); if(!ishook ) *(WORD*)Sendaddr = 0xFF8B; *(BYTE*)(Sendaddr+2) = 0x55; *(WORD*)(Sendaddrs+3) = 0xEC8B; VirtualProtect( &Sendaddr, 0x05, OldProtection, &OldProtection ); NtOpenProcess Hook Credits: //
4 //The_Undead : Rhys M. //Driver.c #include "Ntddk.h" #include "ntifs.h" #define IO_HOOK_FUNCTIONS #define IO_UNHOOK_FUNCTIONS #define IO_GETSETINFO CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0001, METHOD_BUFFERED, FILE_ANY_ACCESS) CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0002, METHOD_BUFFERED, FILE_ANY_ACCESS) CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0003, METHOD_BUFFERED, FILE_ANY_ACCESS) //Global Variables UNICODE_STRING DeviceName, DeviceLink; HANDLE UserLandProcessID = (HANDLE)-1; // Function callnumbers ULONG NtOpenProcess_callnumber = 0x007a; //Function Prototypes NTKERNELAPI HANDLE PsGetProcessId(IN PEPROCESS Process); NTSTATUS stdcall IOControll(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp); void HookFunctions( void ); void UnHookFunctions( void ); HANDLE RetrivePID( char* ); // Function signatures typedef ULONG (*NTOPENPROCESS)(OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, ObjectAttributes, IN PCLIENT_ID ClientId OPTIONAL); IN POBJECT_ATTRIBUTES // Function holders NTOPENPROCESS OldNtOpenProcess; void declspec(naked) stdcall UnProtect( void ) asm cli mov eax, CR0 and eax, not 10000H mov CR0, eax void declspec(naked) stdcall Protect( void ) asm mov eax, CR0 OR eax, 10000h mov CR0, eax sti NTSTATUS NewNtOpenProcess(OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId OPTIONAL)
5 NTSTATUS ntstatus = STATUS_INVALID_PARAMETER; if ( ClientId->UniqueProcess == UserLandProcessID ) return STATUS_ACCESS_DENIED; ntstatus = ((NTOPENPROCESS)(OldNtOpenProcess))(ProcessHandle, DesiredAccess, ObjectAttributes, ClientId); return ntstatus; void UnHookFunctions( void ) UnProtect(); //Restore origianl function address (NTOPENPROCESS)KeServiceDescriptorTable->ServiceTable[NtOpenProcess_callnumber] = OldNtOpenProcess; Protect(); void HookFunctions( void ) // Store original functions OldNtOpenProcess = (NTOPENPROCESS)KeServiceDescriptorTable->ServiceTable[NtOpenProcess_callnumber]; UnProtect(); // Hook Functions (NTOPENPROCESS)KeServiceDescriptorTable->ServiceTable[NtOpenProcess_callnumber] = &NewNtOpenProcess; Protect(); HANDLE RetrivePID( char* ProcessName ) PEPROCESS PeProcess = NULL; PLIST_ENTRY pnextentry, plisthead; PeProcess = PsGetCurrentProcess(); if(!peprocess) DbgPrint( "[ALARM] -> Cannot find 'System' process!" ); return (HANDLE)-1; if( IsListEmpty( &PeProcess->ActiveProcessLinks )) DbgPrint("[ALARM] -> No processes found!"); plisthead = &PeProcess->ActiveProcessLinks; pnextentry = plisthead->flink; while(pnextentry!= plisthead) PeProcess = CONTAINING_RECORD( pnextentry,eprocess,activeprocesslinks ); if(peprocess->activethreads) if(!islistempty(&peprocess->threadlisthead )) if( _strnicmp( PeProcess->ImageFileName, ProcessName,strlen(ProcessName) ) == 0 ) return (HANDLE)-1; PeProcess = NULL; pnextentry = pnextentry->flink; return PsGetProcessId( PeProcess );
6 NTSTATUS stdcall IOControll(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) NTSTATUS status = STATUS_SUCCESS; int FunctionStatus = -1; switch (Irp->Tail.Overlay.CurrentStackLocation->Parameters.DeviceIoControl.IoControlCode) case IO_HOOK_FUNCTIONS: FunctionStatus = 0; Irp->IoStatus.Information = sizeof(int); memcpy(irp->associatedirp.systembuffer, &FunctionStatus, sizeof(int)); DbgPrint("Hooking...\n"); HookFunctions(); break; case IO_UNHOOK_FUNCTIONS: FunctionStatus = 1; Irp->IoStatus.Information = sizeof(int); memcpy(irp->associatedirp.systembuffer, &FunctionStatus, sizeof(int)); DbgPrint("Unhooking...\n"); UnHookFunctions(); break; case IO_GETSETINFO: FunctionStatus = 2; UserLandProcessID = RetrivePID( (char*)irp->associatedirp.systembuffer ); //DbgPrint("Process ID of %s %i", (char*)irp->associatedirp.systembuffer, UserLandProcessID); DbgPrint("Process ID: %i", UserLandProcessID); Irp->IoStatus.Information = sizeof(int); memcpy(irp->associatedirp.systembuffer, &FunctionStatus, sizeof(int)); break; IofCompleteRequest(Irp, IO_NO_INCREMENT); return status; NTSTATUS stdcall IOOpenClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) IofCompleteRequest(Irp, IO_NO_INCREMENT); return STATUS_SUCCESS; VOID OnUnload(IN PDRIVER_OBJECT DriverObject) DbgPrint("Unloading!\n"); IoDeleteSymbolicLink(&DeviceLink); IoDeleteDevice(DriverObject->DeviceObject); DriverObject->DriverUnload; //Driver entry point NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING theregistrypath) NTSTATUS ntstatus; PDEVICE_OBJECT pdeviceobject;
7 RtlInitUnicodeString(&DeviceName, L"\\Device\\UndeadRootkit"); ntstatus = IoCreateDevice(DriverObject, 0, &DeviceName, FILE_DEVICE_UNKNOWN, 0, FALSE, &pdeviceobject); if (ntstatus == STATUS_SUCCESS) RtlInitUnicodeString(&DeviceLink, L"\\DosDevices\\UndeadRootkit"); if (IoCreateSymbolicLink(&DeviceLink, &DeviceName)!= STATUS_SUCCESS) IoDeleteDevice(DriverObject->DeviceObject); return STATUS_OBJECT_NAME_EXISTS; DriverObject->DriverUnload = OnUnload; DriverObject->MajorFunction[IRP_MJ_CREATE] = &IOOpenClose; DriverObject->MajorFunction[IRP_MJ_CLOSE] = &IOOpenClose; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = &IOControll; return ntstatus; And: // //The_Undead : Rhys M. //DriverControl.cpp #include "windows.h" #include "tlhelp32.h" #include "stdlib.h" #define METHOD_BUFFERED 0x #define FILE_ANY_ACCESS 0x #define FILE_DEVICE_UNKNOWN 0x #define CTL_CODE( DeviceType,Function, Method,Access)(\ ((DeviceType)<<16) ((Access)<<14) ((Function)<<2) (Method)) #define IO_HOOK_FUNCTIONS #define IO_UNHOOK_FUNCTIONS FILE_ANY_ACCESS) #define IO_GETSETINFO FILE_ANY_ACCESS) #define HOOKFUNCTIONS #define UNHOOKFUNCTIONS #define GETISETNFO CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0001, METHOD_BUFFERED, FILE_ANY_ACCESS) CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0002, METHOD_BUFFERED, CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0003, METHOD_BUFFERED, 0x x x /* Global Variables */ char TargetProcessName[MAX_PATH]; //Driver - GUI link char DriverLink[] = "\\\\.\\UndeadRootkit"; //Driver installation - removal variables. char DriveName[26] = "UndeadRootkit"; SC_HANDLE hscmanger = NULL; SC_HANDLE hservice = NULL; char Directory[501]; int CheckOnlyProcess( char* ProcessName ) int NumberOfProcesses = 0;
8 DWORD dwsize = 0; HANDLE hprocesssnap = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0); PROCESSENTRY32 pe32; pe32.cntusage = 1; pe32.th32moduleid = 0; pe32.th32parentprocessid = 0; pe32.dwsize = sizeof(processentry32); do if (!strcmp(pe32.szexefile, ProcessName)) NumberOfProcesses++; while (Process32Next(hProcessSnap, &pe32)); CloseHandle(hProcessSnap); return NumberOfProcesses; bool FileExists( LPSTR lpszfilename ) WIN32_FIND_DATA wfd; HANDLE hfind = FindFirstFile(lpszFilename, &wfd); if (hfind == INVALID_HANDLE_VALUE) return FALSE; FindClose(hFind); return TRUE; BOOL InstallDriver( void ) SC_HANDLE hscmanger = NULL; SC_HANDLE hservice = NULL; ZeroMemory(&Directory, sizeof(directory)); GetCurrentDirectory( sizeof(directory), Directory ); strcat(directory, "\\UndeadRootkit.sys"); hscmanger = OpenSCManager(NULL,NULL,SC_MANAGER_CREATE_SERVICE); if(!hscmanger) return FALSE; hservice = CreateService(hSCManger, DriveName,DriveName, GENERIC_READ, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, Directory, NULL,NULL,NULL,NULL,NULL); if(!hservice) if(getlasterror() == ERROR_SERVICE_EXISTS) hservice = OpenService(hSCManger,DriveName,DELETE); if(hservice) if(!deleteservice(hservice))
9 return FALSE; CloseServiceHandle(hService); CloseServiceHandle(hService); CloseServiceHandle(hSCManger); hscmanger = OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT); if(!hscmanger) return FALSE; hservice = OpenService(hSCManger,DriveName,SERVICE_START); if(hservice) if (!StartService(hService, 0, NULL)) return FALSE; CloseServiceHandle(hService); CloseServiceHandle(hSCManger); return TRUE; BOOL StopDriver( void ) SERVICE_STATUS servicestatus; hscmanger = OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT); if(!hscmanger) return FALSE; hservice = OpenService(hSCManger,DriveName,SERVICE_STOP); if(hservice) ControlService(hService,SERVICE_CONTROL_STOP,&servicestatus); CloseServiceHandle(hService); hservice = OpenService(hSCManger,DriveName,DELETE); DeleteService(hService); CloseServiceHandle(hService); CloseServiceHandle(hSCManger); return TRUE; int DriverControl(int Event) // 0 : Hooked // 1 : Unhooked // 2 : Information Received DWORD bytesio; HANDLE hfile; int ret = -1; hfile = CreateFile(DriverLink, GENERIC_READ GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, 0); switch ( Event ) case HOOKFUNCTIONS: DeviceIoControl(hFile, IO_HOOK_FUNCTIONS, NULL, 0, &ret, sizeof(int), &bytesio, NULL);
10 CloseHandle(hFile); return ret; case UNHOOKFUNCTIONS: DeviceIoControl(hFile, IO_UNHOOK_FUNCTIONS, NULL, 0, &ret, sizeof(int), &bytesio, NULL); CloseHandle(hFile); return ret; &bytesio, NULL); CloseHandle(hFile); return ret; case GETISETNFO: DeviceIoControl(hFile, IO_GETSETINFO, &TargetProcessName, sizeof(targetprocessname), &ret, sizeof(int), CloseHandle(hFile); return ret; int main(int argc, char* argv[]) int ret = -1; char Key[25] = 0x00 ; BOOL InformationSent, Hooked = FALSE; ZeroMemory(&TargetProcessName, sizeof(targetprocessname)); puts("the_undead - NtOpenProcess Hook"); puts("target Process Name:"); scanf("%s", &TargetProcessName); if (strlen(targetprocessname) < 3) return 0; if ( CheckOnlyProcess(TargetProcessName) > 0 ) StopDriver(); if ( InstallDriver() == FALSE ) puts("failed to start driver! Please try again."); StopDriver(); ExitProcess(0); while ( strcmp(key, "EXIT")) printf("-->"); scanf("%s", &Key); if (!strcmp(key, "HOOK")) ret = DriverControl( GETISETNFO); if ( ret == 2 ) InformationSent = TRUE; InformationSent = FALSE; if ( Hooked == FALSE ) if ( InformationSent == TRUE ) ret = DriverControl ( HOOKFUNCTIONS); if ( ret == 0 )
11 puts("hooked"); Hooked = TRUE; Hooked = FALSE; puts("no information set..."); puts("already hooked..."); if (!strcmp(key, "UNHOOK")) if ( Hooked == TRUE ) ret = DriverControl ( UNHOOKFUNCTIONS); if ( ret == 1 ) Hooked = FALSE; puts("unhooked"); ret = 0; puts("no functions hooked!"); puts("no process found"); StopDriver(); getchar(); return 0; Create Process Credits: BOOL CreateProcessWrapper( LPTSTR process_name, DWORD CreationFlag ) STARTUPINFO si; PROCESS_INFORMATION pi; ZeroMemory( &si, sizeof(si) ); si.cb = sizeof(si); ZeroMemory( &pi, sizeof(pi) ); int retval = CreateProcess( process_name, NULL,NULL,NULL,FALSE, CreationFlag, NULL,NULL,&si,&pi); CloseHandle( pi.hprocess ); CloseHandle( pi.hthread ); return retval;
12 For a list of Creation Flags look here. Trainer Reference Credits: Info/Notes/Update Welcome to my reference page for c++ Hacks/Bots, and I hope you find this, A guid guide if you are interested in learning to make DLL/EXE Bots/Hacks, in C++ ~Good Luck! ~Give me some suggestions Current: v.4 1 ~ Made Guide 2 ~ Updated added : Num 2 3 ~ Grammar - Section 4 ~ Added : Num 3-4 (Pointers) 1. Basic Dll This section is for the absolute beginner. Here is the code: #include <windows.h> #include <tchar.h> //Unless linking Multi-Byte ( Project > Properties > Config > Char Set > Multi-Byte ) HMOUDLE Moudle; void IntWindow() //Do stuff here. BOOL APIENTRY DllMain( HMODULE hmodule, DWORD ul_reason_for_call, LPVOID lpreserved) if (ul_reason_for_call == DLL_PROCESS_ATTACH) Module = hmodule; CreateThread(0,0,(LPTHREAD_START_ROUTINE)&Window,0,0,0); return TRUE; Ok so here is the break down: We have a void object that will house our window and can be called by thread, void IntWindow() //Do stuff here.
13 So we need to call this when the DLL is started or called, BOOL APIENTRY DllMain( HMODULE hmodule, DWORD ul_reason_for_call, LPVOID lpreserved) //Do Stuff Now all this is a return value of bool so if it works true if not false, Now it is called so we have values like its module, its reseon and a void that is reserved for padding purpuses. So all we need is Reson and module. So this code says if it is called by attaching, use module to point and create thread to it. if (ul_reason_for_call == DLL_PROCESS_ATTACH) //If we are attaching Module = hmodule; //Set moudle for later CreateThread(0,0,(LPTHREAD_START_ROUTINE)&Window,0,0,0); // Into this later return TRUE; //I know but for good purpose. 2. A popup Win32 Window This is for that person who can make a dll base, but wants a window for that cool effect. The code: LRESULT CALLBACK ProcWindow (HWND hwnd, UINT imsg, WPARAM wparam, LPARAM lparam) switch (imsg) case WM_CREATE: break; case WM_DESTROY: PostQuitMessage(0); break; return DefWindowProc(hWnd,iMsg,wParam,lParam); void DeintWindow() UnregisterClass(_T("Tut Window"), Module); FreeLibraryAndExitThread(Module, 0);
14 void IntWindow() HWND hwnd; MSG imsg; WNDCLASSEX wc; ZeroMemory(&wc,sizeof(WNDCLASSEX)); wc.cbsize = sizeof(wndclassex); wc.style = CS_HREDRAW CS_VREDRAW; wc.cbclsextra = 0; wc.cbwndextra = 0; wc.hbrbackground = (HBRUSH)COLOR_BTNSHADOW; wc.hicon = LoadIcon(NULL,IDI_APPLICATION); wc.hcursor = LoadCursor(NULL,IDC_ARROW); wc.hinstance = Module; wc.lpfnwndproc = ProcWindow; wc.lpszmenuname = NULL; wc.lpszclassname = _T("Tut Window"); wc.hiconsm = LoadIcon(NULL,IDI_APPLICATION); if (!RegisterClassEx(&wc)) MessageBox(0,_T("Failed"),0,0); ExitWindow(); hwnd = CreateWindowEx(WS_EX_APPWINDOW WS_EX_TOOLWINDOW,_T("Tut window"),_t("tut Window"),WS_SYSMENU,CW_USEDEFAULT,CW_USEDEFAULT,200,400,0,0,Module,NULL); ShowWindow(hWnd,SW_SHOWNORMAL); UpdateWindow(hWnd); while (GetMessage(&iMsg,0,0,0)) TranslateMessage(&iMsg); DispatchMessage(&iMsg); DeintWindow(); Break down: Well the window function is just the start of making a cool bot with pictures, but a lot is need to learn. The reason for zeromemory in wc is to make room for the class of the window, or well *bad*. So thats that. Now "Wc" class is for the windows settings like its message handler, etc... Now Only things to change are, Name, to your desired class ( lpszclassname ), unless you know how WinProc works. ( See links ). HWND and MSG are also parts of the handler. and Register is to make that class for the window, create window for the popup, show window for the HWND and Update to call draw, and while loop for messages, unless PostMessage == 0. Deint() is just Freeing the libary and thread in Moudle and killing the class of the window. ProcWindow is the message center for the popup, more on that.
15 3. Pointers ~ Reading This section is for the beginning of actual memory edits. Here is the code: #include <windows.h> #include <tchar.h> //Unless linking Multi-Byte ( Project > Properties > Config > Char Set > Multi-Byte ) //Reads a Pointer inline ULONG_PTR ReadPointer(ULONG_PTR* ulbase, INT noffset) if (!IsBadReadPtr((VOID*)ulBase, sizeof(ulong_ptr)) ) if (!IsBadReadPtr((VOID*)((*(ULONG_PTR*)ulBase)+nOffset), sizeof(ulong_ptr)) ) return *(ULONG_PTR*)((*(ULONG_PTR*)ulBase)+nOffset); return 0; Break up: A pointer basically asks for a base and then a offset, this makes it so you don't have to recode it every time you play, and even then you won't be able know the address before playing. inline and ulong_ptr are just the typedef for the function don't worry we can use it to check our pointers later. Basicly all this is doing is checking if the base/offset and base+offset are bad and if it is it won't read it and return the value of 0x or 0. If it works it will return the value of that pointer. 3. Pointers ~ Writing This section is for the beginning of actual memory edits. Here is the code: *(DWORD*)(*(DWORD*)Base + Offset) = 0; Break up: As we know the Pointer is read similarly, so changing is like changing a DWORD, yep using the "=" operator. Basically we use the same prefix for pointers: *(DWORD*), then use (*(DWORD*) so it will be turned into a WORD, and then add the base+offset and let it = 0; So: Base+Offset = the address that we point to = 0 = what we changed the address to GetPixel Credits:
16 HINSTANCE hginst; // Instance of GDI32 DLL DWORD gpdllfunc; // Load gdi32 DLL hginst = LoadLibrary("gdi32.dll"); gpdllfunc = NULL; if (hginst!= NULL) // Get function pointer of GetPixel gpdllfunc = (DWORD)GetProcAddress(hgInst, "GetPixel"); if (gpdllfunc!= NULL) gpdllfunc += 5; declspec(naked) COLORREF WINAPI mygetpixel(hdc hdc, int nxpos, int nypos) asm mov edi, edi push ebp mov ebp, esp jmp dword ptr ds:[gpdllfunc] PostMessage Credits: htto:// DWORD PMA = (DWORD)GetProcAddress( LoadLibraryW(L"User32.dll" ), "PostMessageA" ) + 5; declspec(naked) BOOL WINAPI PM(HWND hwnd, UINT Msg, WPARAM wparam, LPARAM lparam) asm mov edi, edi push ebp mov ebp, esp jmp dword ptr ds:[pma] Kitterz s Functions Credits: htto:// //If address Is Valid bool Check(const BYTE* pdata, const BYTE* bmask, const char* szmask) for(; *szmask; ++szmask, ++pdata, ++bmask) if(*szmask == 'x' && *pdata!= *bmask ) return false; return (*szmask) == NULL;
17 //Find Address DWORD FindPattern(BYTE *bmask, char* szmask, DWORD dwoffset) DWORD dwaddress = 0x ; DWORD dwlen = 0x01FFFFFF; for(dword i=0; i < dwlen; i++) if( Check ((BYTE*)( dwaddress + i ), bmask, szmask) ) return (DWORD)(dwAddress + i + dwoffset); return 0x ; SetCursorPos Credits: MapleStory Hack htto:// //PostMessage Bypass DWORD SetCPH00k = (DWORD)GetProcAddress( LoadLibraryW(L"user32.dll" ), "SetCursorPos" ) + 5; declspec(naked) BOOL WINAPI SetMouse(int X,int Y) asm mov edi, edi push ebp mov ebp, esp jmp dword ptr ds:[setcph00k] All code and text is owned by respective owners. This document is registered to AlbanainRetard at
We display some text in the middle of a window, and see how the text remains there whenever the window is re-sized or moved.
1 Programming Windows Terry Marris January 2013 2 Hello Windows We display some text in the middle of a window, and see how the text remains there whenever the window is re-sized or moved. 2.1 Hello Windows
More informationGame Programming I. Introduction to Windows Programming. Sample Program hello.cpp. 5 th Week,
Game Programming I Introduction to Windows Programming 5 th Week, 2007 Sample Program hello.cpp Microsoft Visual Studio.Net File New Project Visual C++ Win32 Win32 Project Application Settings Empty project
More informationWindow programming. Programming
Window programming 1 Objectives Understand the mechanism of window programming Understand the concept and usage of of callback functions Create a simple application 2 Overview Windows system Hello world!
More information/*********************************************************************
Appendix A Program Process.c This application will send X, Y, Z, and W end points to the Mx4 card using the C/C++ DLL, MX495.DLL. The functions mainly used are monitor_var, change_var, and var. The algorithm
More informationCuckoo Monitor Documentation
Cuckoo Monitor Documentation Release 1.3 Jurriaan Bremer Oct 03, 2017 Contents 1 Requirements 3 2 Required packages 5 3 Compilation 7 4 Components 9 4.1 C Framework...............................................
More informationWindows Printer Driver User Guide for NCR Retail Printers. B Issue G
Windows Printer Driver User Guide for NCR Retail Printers B005-0000-1609 Issue G The product described in this book is a licensed product of NCR Corporation. NCR is a registered trademark of NCR Corporation.
More informationhinstance = ((LPCREATESTRUCT)lParam)->hInstance obtains the program's instance handle and stores it in the static variable, hinstance.
1 Programming Windows Terry Marris Jan 2013 6 Menus Three programs are presented in this chapter, each one building on the preceding program. In the first, the beginnings of a primitive text editor are
More informationTutorial 7: Mouse Input
Tutorial 7: Mouse Input This win32 tutorial was created and written by Iczelion for MASM32. It was translated for use by HLA (High Level Assembly) users by Randall Hyde. All original copyrights and other
More informationThe code for all of this is relatively straightforward. The full listing using SEH is shown below: #include <Windows.h>
Some good references to read prior to this post. In short, to use hardware breakpoints there are eight debug registers (DR0 to DR7) that can be utilized. Eight, however, is a bit of an overstatement DR4
More informationCourse 3D_OpenGL: 3D-Graphics with C++ and OpenGL Chapter 1: Moving Triangles
1 Course 3D_OpenGL: 3D-Graphics with C++ and OpenGL Chapter 1: Moving Triangles Project triangle1 Animation Three Triangles Hundred Triangles Copyright by V Miszalok, last update: 2011-03-20 This project
More informationTutorial 9:Child Window Controls
Tutorial 9:Child Window Controls This win32 tutorial was created and written by Iczelion for MASM32. It was translated for use by HLA High Level Assembly) users by Randall Hyde. All original copyrights
More informationWe take a look at implementing some file menu options: New, Open, Save, Save As and Exit.
1 Programming Windows Terry Marris Jan 2013 7 Files We take a look at implementing some file menu options: New, Open, Save, Save As and Exit. 7.1 Header File The header file is largely unchanged from chapter
More informationDesigning Interactive Systems II
Designing Interactive Systems II Computer Science Graduate Programme SS 2010 Prof. Dr. RWTH Aachen University http://hci.rwth-aachen.de 1 Review: Conviviality (Igoe) rules for networking role of physical
More informationWin32 Multilingual IME Overview for IME Development
1 Win32 Multilingual IME Overview for IME Development Version 1.41 04-01-1999 This documentation introduces the basics on how to develop an IME for Windows 95, Windows 98, and Windows NT/2000. It is also
More informationChapter 15 Programming Paradigm
Chapter 15 Programming Paradigm A Windows program, like any other interactive program, is for the most part inputdriven. However, the input of a Windows program is conveniently predigested by the operating
More informationJames 1
1 Obligatory Background Slide Researcher in Google s Project Zero Specialize in Windows Especially local privilege escalation Never met a logical vulnerability I didn t like 2 What I m Going to Talk About
More information262 Appendix A: Details of System Calls with Parameters. ObjectName. BytesReturned
262 Appendix A: Details of System Calls with Parameters ObjectName BytesReturned Appendix A: Details of System Calls with Parameters 263 RETURN VALUE Returns STATUS_SUCCESS on success and an appropriate
More informationAdvantech Windows CE.net Application Hand on Lab
Advantech Windows CE.net Application Hand on Lab Lab : Serial Port Communication Objectives After completing this lab, you will be able to: Create an application to open, initialize the serial port, and
More informationLSN 4 GUI Programming Using The WIN32 API
LSN 4 GUI Programming Using The WIN32 API ECT362 Operating Systems Department of Engineering Technology LSN 4 Why program GUIs? This application will help introduce you to using the Win32 API Gain familiarity
More informationTutorial 3: A Simple Window
Tutorial 3: A Simple Window In this tutorial, we will build a Windows program that displays a fully functional window on the desktop. Source Code for This Tutorial: // Iczelion's tutorial #3: A Simple
More informationWinHEC /11/2008
1 2 demo 3 NTSTATUS EXTERNAL DriverEntry( IN PDRIVER_OBJECT DrvObj, IN PUNICODE_STRING RegPath ) { NTSTATUS status = STATUS_SUCCESS; HID_MINIDRIVER_REGISTRATION hidminidriverregistration; //@@BEGIN_DDKSPLIT
More informationIntroduction to Computer Graphics (CS602) Lecture No 04 Point
Introduction to Computer Graphics (CS602) Lecture No 04 Point 4.1 Pixel The smallest dot illuminated that can be seen on screen. 4.2 Picture Composition of pixels makes picture that forms on whole screen
More informationWindows Programming. 1 st Week, 2011
Windows Programming 1 st Week, 2011 시작하기 Visual Studio 2008 새프로젝트 파일 새로만들기 프로젝트 Visual C++ 프로젝트 Win32 프로젝트 빈프로젝트 응용프로그램설정 Prac01 솔루션 새항목추가 C++ 파일 main.cpp main0.cpp cpp 다운로드 솔루션빌드 오류 Unicode vs. Multi-Byte
More informationComputer Systems Lecture 9
Computer Systems Lecture 9 CPU Registers in x86 CPU status flags EFLAG: The Flag register holds the CPU status flags The status flags are separate bits in EFLAG where information on important conditions
More informationChapter 3 Process Description and Control
Operating Systems: Internals and Design Principles Chapter 3 Process Description and Control Seventh Edition By William Stallings Example of Standard API Consider the ReadFile() function in the Win32 API
More informationGame Programming Genesis Part II : Using Resources in Win32 Programs by Joseph "Ironblayde" Farrell
Game Programming Genesis Part II : Using Resources in Win32 Programs GameDev.net Introduction Game Programming Genesis Part II : Using Resources in Win32 Programs by Joseph "Ironblayde" Farrell Welcome
More informationTricks of the Hackers: API Hooking and DLL Injection
Tricks of the Hackers: and DLL Injection 2 Intercepting API calls is a mechanism for testing Dr. Wolfgang Koch monitoring Friedrich Schiller University Jena and reverse engineering Department of Mathematics
More informationHacking the Packer. Introduction
Hacking the Packer I. Introduction II. Observing Code Obscurities III. Stripping Down Source Code IV. Hacking the Packer V. Producing Packed Samples VI. Possible Signature Set VII. Extended Kernel32 Resolution
More informationCVE EXPLOIT USING 108 BYTES AND DOWNLOADING A FILE WITH YOUR UNLIMITED CODE BY VALTHEK
CVE-2017-11882 EXPLOIT USING 108 BYTES AND DOWNLOADING A FILE WITH YOUR UNLIMITED CODE BY VALTHEK First words of thank to Embedy Company to discover the initial exploit and POC of 44 bytes máximum, Ridter
More informationPusleIR Multitouch Screen Software SDK Specification. Revision 4.0
PusleIR Multitouch Screen Software SDK Specification Revision 4.0 Table of Contents 1. Overview... 3 1.1. Diagram... 3 1.1. PulseIR API Hierarchy... 3 1.2. DLL File... 4 2. Data Structure... 5 2.1 Point
More informationTask Toolkit Manual for InduSoft Web Studio v6.1+sp3
Task Toolkit Manual for InduSoft Web Studio v6.1+sp3 This manual documents the public Studio Toolkit functions and example program. 1. Introduction The Studio Toolkit is a set of functions provided in
More informationAn overview of how to write your function and fill out the FUNCTIONINFO structure. Allocating and freeing memory.
Creating a User DLL Extend Mathcad Professional's power by writing your own customized functions. Your functions will have the same advanced features as Mathcad built-in functions, such as customized error
More informationStack -- Memory which holds register contents. Will keep the EIP of the next address after the call
Call without Parameter Value Transfer What are involved? ESP Stack Pointer Register Grows by 4 for EIP (return address) storage Stack -- Memory which holds register contents Will keep the EIP of the next
More informationx86.virtualizer source code
x86.virtualizer source code author: ReWolf date: IV/V.2007 rel.date: VIII.2007 e-mail: rewolf@rewolf.pl www: http://rewolf.pl Table of contents: 1. Usage 2. Compilation 3. Source code documentation - loader
More informationGuide to Good Practice in using Open Source Compilers with the AGCC Lexical Analyzer
Informatica Economică vol. 13, no. 1/2009 75 Guide to Good Practice in using Open Source Compilers with the AGCC Lexical Analyzer Rocsana BUCEA-MANEA-ŢONIŞ Academy of Economic Studies, Bucharest, Romania
More informationProgrammer s Manual MM/104 Multimedia Board
Programmer s Manual MM/104 Multimedia Board Ver. 1.0 11. Sep. 1998. Copyright Notice : Copyright 1998, INSIDE Technology A/S, ALL RIGHTS RESERVED. No part of this document may be reproduced or transmitted
More informationPRESENTED BY: SANTOSH SANGUMANI & SHARAN NARANG
PRESENTED BY: SANTOSH SANGUMANI & SHARAN NARANG Table of contents Introduction Binary Disassembly Return Address Defense Prototype Implementation Experimental Results Conclusion Buffer Over2low Attacks
More informationUnderstanding the DLCALL Function
Understanding the DLCALL Function R:BASE Technologies, Inc. Understanding the DLCALL Function by R:BASE Technologies, Inc. Special thanks to: Mike Byerley (Fort Wayne, Indiana), an Authorized R:BASE Developer,
More informationbillzeng@ustc.edu.cn Windows int 2Eh Windows shellcode ntdll.dll kernel32.dll Windows API API 11.1 LoadLibrary GetProcAddress Windows LoadLibrary GetProcAddress kernel32.dll shellcode UDF_Dll.cpp UFD_Dll.cpp
More information11 Win32 shellcode. UFD_Dll.cpp LoadLibrary GetProcAddress. UseDll.cpp. Windows. LoadLibrary GetProcAddress. shellcode. UDF_Dll.
11 Win32 11 Win32 Windows int 2Eh billzeng@ustc.edu.cn Windows ntdll.dll kernel32.dll API 11.1 LoadLibrary GetProcAddress UFD_Dll.cpp Windows LoadLibrary GetProcAddress UDF_Dll.cpp kernel32.dll #include
More informationWindows and Messages. Creating the Window
Windows and Messages In the first two chapters, the sample programs used the MessageBox function to deliver text output to the user. The MessageBox function creates a "window." In Windows, the word "window"
More informationCreating a DirectX Project
Creating a DirectX Project A DirectPLay Chat Program Setting up your Compiler for DirectX Install DirectX SDK Make sure your compiler has path to directx8/include Directx8/lib Directx8/samples/multimedia/common/src
More informationAspect-Oriented Programming with C++ and AspectC++ AOSD 2007 Tutorial. Part V Examples. Examples V/1
Aspect-Oriented Programming with C++ and AspectC++ AOSD 2007 Tutorial Part V V/1 AspectC++ in Practice - Applying the observer protocol Example: a typical scenario for the widely used observer pattern
More information6 jusb Driver. Java USB API for Windows
6 jusb Driver Driver writing and driver development is very complex. We refer to the book written by Walter Oney Programming The Microsoft Windows Driver Model [4] to get into driver development within
More informationWindows Programming in C++
Windows Programming in C++ You must use special libraries (aka APIs application programming interfaces) to make something other than a text-based program. The C++ choices are: The original Windows SDK
More informationOS lpr. www. nfsd gcc emacs ls 1/27/09. Process Management. CS 537 Lecture 3: Processes. Example OS in operation. Why Processes? Simplicity + Speed
Process Management CS 537 Lecture 3: Processes Michael Swift This lecture begins a series of topics on processes, threads, and synchronization Today: processes and process management what are the OS units
More informationBypassing DEP with WPM & ROP Case Study : Audio Converter by D.R Software Exploit and Document by Sud0 sud0.x90 [ at ] gmail.com sud0 [at] corelan.
Bypassing DEP with WPM & ROP Case Study : Audio Converter by D.R Software Exploit and Document by Sud0 sud0.x90 [ at ] gmail.com sud0 [at] corelan.be (May 2010) Introduction : For this first tutorial,
More informationuvi ... Universal Validator Interface Software Developers Kit Revision /29/04 Happ Controls
Happ Controls 106 Garlisch Drive Elk Grove, IL 60007 Tel: 888-289-4277 / 847-593-6130 Fax: 847-593-6137 www.happcontrols.com uvi Universal Validator Interface Software Developers Kit.......... Revision
More informationSE350: Operating Systems
SE350: Operating Systems Tutorial: The Programming Interface Main Points Creating and managing processes fork, exec, wait Example: implementing a shell Shell A shell is a job control system Allows programmer
More informationIFE: Course in Low Level Programing. Lecture 5
Lecture 5 Windows API Windows Application Programming Interface (API) is a set of Windows OS service routines that enable applications to exploit the power of Windows operating systems. The functional
More informationProgramming in graphical environment. Introduction
Programming in graphical environment Introduction The lecture Additional resources available at: http://www.mini.pw.edu.pl/~maczewsk/windows_2004 Recommended books: Programming Windows - Charles Petzold
More informationHANNAH HOWARD #ABOUTME
HANNAH HOWARD #ABOUTME Personal @techgirlwonder hannah@carbon Anecdote: I have ve.com a dog she/her REACTIVE PROGRAMMING: A Better Way to Write Frontend Applications 1. PROBLEM STATEMENT WHAT IS A COMPUTER
More informationThreads. ZwCreateThread. Parameters. ThreadHandle Points to a variable that will receive the thread object handle if the call is successful.
1996 Ch05 11.24.99 09:53 Page 113 5 Threads The system services described in this chapter create and manipulate thread objects. ZwCreateThread ZwCreateThread creates a thread in a process. ZwCreateThread(
More informationOS lpr. www. nfsd gcc emacs ls 9/18/11. Process Management. CS 537 Lecture 4: Processes. The Process. Why Processes? Simplicity + Speed
Process Management CS 537 Lecture 4: Processes Today: processes and process management what are the OS units of execution? how are they represented inside the OS? how is the CPU scheduled across processes?
More informationCall DLL from Limnor Applications
Call DLL from Limnor Applications There is a lot of computer software in the format of dynamic link libraries (DLL). DLLCaller performer allows your applications to call DLL functions directly. Here we
More informationICS143A: Principles of Operating Systems. Midterm recap, sample questions. Anton Burtsev February, 2017
ICS143A: Principles of Operating Systems Midterm recap, sample questions Anton Burtsev February, 2017 Describe the x86 address translation pipeline (draw figure), explain stages. Address translation What
More informationwww nfsd emacs lpr Process Management CS 537 Lecture 4: Processes Example OS in operation Why Processes? Simplicity + Speed
Process Management CS 537 Lecture 4: Processes Michael Swift This lecture begins a series of topics on processes, threads, and synchronization Today: processes and process management what are the OS units
More informationDetecting USB Device Insertion and Removal Using Windows API
Written by Tom Bell Detecting USB Device Insertion and Removal Using Windows API When I needed to know how to detect USB device insertion and removal, I was developing an application for backing up USB
More informationInspecting and Manipulating binaries
Inspecting and Manipulating binaries Introduction. x86 architecture. Assembler. Binary inspection. General sample (crackme) Binary manipulation. Python to the rescue! Malware analysis What we (you) are
More informationCPS104 Recitation: Assembly Programming
CPS104 Recitation: Assembly Programming Alexandru Duțu 1 Facts OS kernel and embedded software engineers use assembly for some parts of their code some OSes had their entire GUIs written in assembly in
More informationProcesses (Intro) Yannis Smaragdakis, U. Athens
Processes (Intro) Yannis Smaragdakis, U. Athens Process: CPU Virtualization Process = Program, instantiated has memory, code, current state What kind of memory do we have? registers + address space Let's
More informationAssembler Programming. Lecture 10
Assembler Programming Lecture 10 Lecture 10 Mixed language programming. C and Basic to MASM Interface. Mixed language programming Combine Basic, C, Pascal with assembler. Call MASM routines from HLL program.
More informationWIBU protection knuth20 implementation analysis
WIBU protection knuth20 implementation analysis by anonymous 15.09.2006. Intro Couple of weeks ago, I faced WIBU dongle protection. Before that, I had no expirience with it. The first thing I've checked
More informationBypassing Windows heap protections
Bypassing Windows heap protections Nicolas Falliere nicolas.falliere@gmail.com History Windows heap-based buffer overflows can be summarized in two categories. The first one covers overflows for Windows
More informationOverview. Constructors and destructors Virtual functions Single inheritance Multiple inheritance RTTI Templates Exceptions Operator Overloading
How C++ Works 1 Overview Constructors and destructors Virtual functions Single inheritance Multiple inheritance RTTI Templates Exceptions Operator Overloading Motivation There are lot of myths about C++
More informationLambda Expression & Concurrency API. 김명신부장 Principal Technical Evangelist
Lambda Expression & Concurrency API 김명신부장 Principal Technical Evangelist 완전친절한 Lambda Expression 완전불친절한 Concurrency API 완전간단한 실천적접근 Alonzo Church [lambda-capture] { body } [lambda-capture] (params) {
More informationWhat the CPU Sees Basic Flow Control Conditional Flow Control Structured Flow Control Functions and Scope. C Flow Control.
C Flow Control David Chisnall February 1, 2011 Outline What the CPU Sees Basic Flow Control Conditional Flow Control Structured Flow Control Functions and Scope Disclaimer! These slides contain a lot of
More informationFunction Call Convention
Function Call Convention Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch Content Intel Architecture Memory Layout
More informationProgram Exploitation Intro
Program Exploitation Intro x86 Assembly 04//2018 Security 1 Univeristà Ca Foscari, Venezia What is Program Exploitation "Making a program do something unexpected and not planned" The right bugs can be
More informationClient and Server (DirectX)
Client and Server (DirectX) Vishnu Kotrajaras Server scalability Your game can handle more players at a time (Over internet, most peer-topeer can only handle about 6 players) All depend on server power
More informationComputer Programming Lecture 11 이윤진서울대학교
Computer Programming Lecture 11 이윤진서울대학교 2007.1.24. 24 Slide Credits 엄현상교수님 서울대학교컴퓨터공학부 Computer Programming, g, 2007 봄학기 Object-Oriented Programming (2) 순서 Java Q&A Java 개요 Object-Oriented Oriented Programming
More informationOverview. Constructors and destructors Virtual functions Single inheritance Multiple inheritance RTTI Templates Exceptions Operator Overloading
HOW C++ WORKS Overview Constructors and destructors Virtual functions Single inheritance Multiple inheritance RTTI Templates Exceptions Operator Overloading Motivation There are lot of myths about C++
More informationCS 499 Lab 3: Disassembly of slammer.bin I. PURPOSE
CS 499 Lab 3: Disassembly of slammer.bin I. PURPOSE The purpose of this exercise is to learn Intel assembly language by disassembling a small piece of code and extensively commenting the resulting instructions.
More informationCS , Fall 2004 Exam 1
Andrew login ID: Full Name: CS 15-213, Fall 2004 Exam 1 Tuesday October 12, 2004 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the front.
More informationCPEG421/621 Tutorial
CPEG421/621 Tutorial Compiler data representation system call interface calling convention Assembler object file format object code model Linker program initialization exception handling relocation model
More informationDeveloper Documentation
Developer Documentation Development of Scanner Applications for ACD Windows CE Second Edition Devices Version: 3.0 Copyright ACD Gruppe This document may not be duplicated or made accessible to third parties
More informationGetting Started. 1 st Week, Sun-Jeong Kim. Computer Graphics Applications
OpenGL Programming Getting Started 1 st Week, 2008 Sun-Jeong Kim Visual Studio 2005 Windows Programming 2 Visual C++ Win32 Application New Project 3 Empty project Application Settings 4 Solution Prac01
More informationC Windows 16. Visual C++ VC Borland C++ Compiler BCC 2. Windows. c:\develop
Windows Ver1.01 1 VC BCC DOS C C Windows 16 Windows98/Me/2000/XP MFC SDL Easy Link Library Visual C++ VC Borland C++ Compiler BCC 2 2 VC MFC VC VC BCC Windows DOS MS-DOS VC BCC VC BCC VC 2 BCC5.5.1 c:\develop
More informationWindows architecture. user. mode. Env. subsystems. Executive. Device drivers Kernel. kernel. mode HAL. Hardware. Process B. Process C.
Structure Unix architecture users Functions of the System tools (shell, editors, compilers, ) standard library System call Standard library (printf, fork, ) OS kernel: processes, memory management, file
More informationBuffer Underruns, DEP, ASLR and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform
Buffer Underruns, DEP, ASLR and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform David Litchfield [davidl@ngssoftware.com] 30 th September 2005 An NGSSoftware Insight Security
More informationCSE 509: Computer Security
CSE 509: Computer Security Date: 2.16.2009 BUFFER OVERFLOWS: input data Server running a daemon Attacker Code The attacker sends data to the daemon process running at the server side and could thus trigger
More informationCSCE : Computer Systems Homework #1 Part 1 (25 pts) Due date: 1/24/19
1. Purpose CSCE 313-200: Computer Systems Homework #1 Part 1 (25 pts) Due date: 1/24/19 Understand the Visual Studio environment, creation of projects, simple process debugging, search algorithms, and
More informationBetriebssysteme und Sicherheit Sicherheit. Buffer Overflows
Betriebssysteme und Sicherheit Sicherheit Buffer Overflows Software Vulnerabilities Implementation error Input validation Attacker-supplied input can lead to Corruption Code execution... Even remote exploitation
More informationJava/JMDL communication with MDL applications
m with MDL applications By Stanislav Sumbera [Editor Note: The arrival of MicroStation V8 and its support for Microsoft Visual Basic for Applications opens an entirely new set of duallanguage m issues
More informationFile System Watcher. Gregory Adam 2015
File System Watcher Gregory Adam 2015 Le minerai de fer peut croire qu'il est torturé sans raison dans la fournaise, mais lorsque la lame de l'acier le plus fin réfléchit à cette torture, elle en comprend
More informationSecure Programming Lecture 3: Memory Corruption I (Stack Overflows)
Secure Programming Lecture 3: Memory Corruption I (Stack Overflows) David Aspinall, Informatics @ Edinburgh 24th January 2017 Outline Roadmap Memory corruption vulnerabilities Instant Languages and Runtimes
More informationBuffer Overflow Attack
Buffer Overflow Attack What every applicant for the hacker should know about the foundation of buffer overflow attacks By (Dalgona@wowhacker.org) Email: zinwon@gmail.com 2005 9 5 Abstract Buffer overflow.
More informationEECE.3170: Microprocessor Systems Design I Summer 2017
EECE.3170: Microprocessor Systems Design I Summer 2017 Lecture 8: Key Questions June 5, 2017 1. (Review) Describe the structure of a typical x86 stack frame. EECE.3170: Microprocessor Systems Design I
More informationComputer Architecture and Assembly Language. Practical Session 5
Computer Architecture and Assembly Language Practical Session 5 Addressing Mode - "memory address calculation mode" An addressing mode specifies how to calculate the effective memory address of an operand.
More informationRootkits n Stuff
Rootkits n Stuff www.sigmil.org What a rootkit is(n t) IS Software intended to conceal running processes, files, etc from the OS A way to maintain control of a system after compromising it. ISN T A buffer
More informationAnalyzing the packer layers of rogue anti-virus programs. Rachit Mathur, McAfee Labs Dr. Zheng Zhang, McAfee Labs
Analyzing the packer layers of rogue anti-virus programs Rachit Mathur, McAfee Labs Dr. Zheng Zhang, McAfee Labs Outline Introduction Junk API Calls Exception Context Modifications Shared User Data Accesses
More informationRoadmap: Security in the software lifecycle. Memory corruption vulnerabilities
Secure Programming Lecture 3: Memory Corruption I (introduction) David Aspinall, Informatics @ Edinburgh 24th January 2019 Roadmap: Security in the software lifecycle Security is considered at different
More informationTECHNICAL PAPER. Encapsulating Antivirus (AV) Evasion Techniques in Metasploit Framework
TECHNICAL PAPER Encapsulating Antivirus (AV) Evasion Techniques in Metasploit Framework Wei Chen Lead Security Researcher, Metasploit 10/9/2018 TABLE OF CONTENTS TABLE OF CONTENTS...2 INTRODUCTION...3
More informationSemantics of C++ Hauptseminar im Wintersemester 2009/10 Templates
Semantics of C++ Hauptseminar im Wintersemester 2009/10 Templates Sebastian Wild Technische Universität München 11.01.2010 Abstract In this work we will discuss about templates in C++, especially their
More informationNSPI Driver. NetDCU. Windows CE. Native SPI Support. Version 2.0 ( )
NSPI Driver Native SPI Support Version 2.0 (2009-03-20) NetDCU PicoMOD Windows CE About This Document This document describes how to install the Native SPI device driver (NSPI) and how to use it in own
More informationTitle: Win Vista DLL Injection (32bit)
Title: Win Vista DLL Injection (32bit) Date: January 25st 2009 Website: http://www.astalavista.com Author: Nicolaou George Mail: ishtusastalavistacom 1 Table of Contents Introduction... 3 Tools...
More informationTDDB68. Lesson 1. Simon Ståhlberg
TDDB68 Lesson 1 Simon Ståhlberg Contents General information about the labs Overview of the labs Memory layout of C programs ("Lab 00") General information about Pintos System calls Lab 1 Debugging Administration
More informationProcesses. Johan Montelius KTH
Processes Johan Montelius KTH 2017 1 / 47 A process What is a process?... a computation a program i.e. a sequence of operations a set of data structures a set of registers means to interact with other
More informationx86 assembly CS449 Fall 2017
x86 assembly CS449 Fall 2017 x86 is a CISC CISC (Complex Instruction Set Computer) e.g. x86 Hundreds of (complex) instructions Only a handful of registers RISC (Reduced Instruction Set Computer) e.g. MIPS
More informationProvideX. C-Library File IO Routines
ProvideX C-Library File IO Routines Introduction 3 PVK_open( ) 5 PVK_openEx( ) 5 PVK_close( ) 6 PVK_read( ) 6 PVK_seek( ) 7 PVK_write( ) 7 PVK_insert( ) 8 PVK_update( ) 9 PVK_remove( ) 10 PVK_getpos( )
More information