Index
> Tutorials and Examples > AOXXXGoto page Previous 1, 2, 3, 4 Next |
| Author |
|
|
avcaballero 13 Jan 2025, 08:48
GDIPlusWC06.exe worked right in W7, when I compiled it time ago, but it don't in W10 (the same executable). Recompiling it, worked fine in W10 now. Interesting.
Mikl, I'm very interested in your art of decompiling executable files, when will there be a guide on how you do it?
_________________ Siempre aprendiendo |
|||||||||||
13 Jan 2025, 08:48 |
|
|
Mikl___ 13 Jan 2025, 11:39
6.3.10. Cargar imágenes del resource
GDIPlusM6405 6.3.11. Escribir texto GDIPlusM6406 6.3.13. Rotar 6.3.13.1. Texto 6.3.13.2. Imágenes I need bin-files or src-files in masm, fasm, nasm, TinyC or PelleC
_________________ wasm.in Last edited by Mikl___ on 14 Jan 2025, 03:30; edited 3 times in total |
|||||||||||||||||||||
|
13 Jan 2025, 11:39 |
|
|
Mikl___ 13 Jan 2025, 15:17
6.3.12. Curvas
GDIPlusM6407
_________________ wasm.in Last edited by Mikl___ on 14 Jan 2025, 03:33; edited 1 time in total |
|||||||||||
|
13 Jan 2025, 15:17 |
|
|
Mikl___ 13 Jan 2025, 22:58
6.3.13.5. Cambiar el eje de rotación
GDIPlusM6411
_________________ wasm.in |
|||||||||||
|
13 Jan 2025, 22:58 |
|
|
Mikl___ 16 Jan 2025, 23:56
Oye Alfonso, ¿pasa algo?
Hey, Alfonso, is something wrong? |
|||
|
16 Jan 2025, 23:56 |
|
|
Mikl___ 17 Jan 2025, 11:33
Quote: Mikl, I'm very interested in your art of decompiling executable files, when will there be a guide on how you do it? Quote: como no me has contestado he pensado que te habrías ido Habrá una respuesta muy larga, aún no la he terminado. Quote: ¿Acaso necesitas algo más? 6.3.13.1. Rotar Texto y 6.3.13.2. Rotar Imágenes Necesito bin-files o src-files en masm, fasm, nasm, TinyC o PelleC |
|||
|
17 Jan 2025, 11:33 |
|
|
Mikl___ 19 Jan 2025, 02:07
[deletel]
|
|||
|
19 Jan 2025, 02:07 |
|
|
Mat Quasar 19 Jan 2025, 13:39
avcaballero wrote: Mikl, I'm very interested in your art of decompiling executable files, when will there be a guide on how you do it? Hi, I try to help a little bit on behalf of Mikl, hope everyone doesn't mind. 
If you mean decompile, not disassemble, then you can use IDA Free which comes with free x64 cloud decompiler. (For more advanced decompiler, need to purchase IDA Pro). Please see screenshots and attached file below.
|
|||||||||||||||||||||||||||||
|
19 Jan 2025, 13:39 |
|
||||||||||||||||||||||||||||
|
Roman 20 Jan 2025, 09:02
what version IDA ?
|
|||
|
20 Jan 2025, 09:02 |
|
|
Mat Quasar 20 Jan 2025, 11:27
Roman wrote: what version IDA ? Hi Roman. Currently I use IDA Free 9.0. Their website allows downloads of version 8.4 and 9.0. |
|||
|
20 Jan 2025, 11:27 |
|
|
avcaballero 21 Jan 2025, 18:18
@Mikl. I'm a bit busy now and need to look for the sources. I'll upload them as soon as I can.
@Mat Quasar. Thank you. Interesting. It's almost unnecessary to save the sources if you have the executable. I have tested IDA some time ago and found it a labyrinth, no time for that, but it would be interesting to have a guide to use it. Sometimes it offers very long and unreadable code. I'm sure there are masters who use certain tricks to make decompilation easier. On some occasion I've seen anti-debugging techniques and also anti-anti-debugging techniques. If there's someone expert in the room, would it be worth to use anti-debugging techniques knowing that there are also contrary techniques? Just curious. |
|||
|
21 Jan 2025, 18:18 |
|
|
revolution 22 Jan 2025, 03:45
avcaballero wrote: On some occasion I've seen anti-debugging techniques and also anti-anti-debugging techniques. If there's someone expert in the room, would it be worth to use anti-debugging techniques knowing that there are also contrary techniques? So, yes, if you want to have an extra week/month/year/decade before your code is broken then it might be worthwhile. Depends upon the circumstances. |
|||
|
22 Jan 2025, 03:45 |
|
|
Ali.Z 22 Jan 2025, 05:36
dont bother with anti debugging stuff, most very well known companies in this field stopped updating there anti debugging techniques many years ago because there are no more tricks to play. *
and no you dont need any experience, just a simple debugger plugin and you are good to go. but yes anti debugging tricks can make people who dont have good debugger or plugin trip a bit, especially unexperienced ones. most of the focus again years ago shifted to anti static disassembly. runtime disassembly used to work in past, but disassemblers improved too so they kinda cancel each other. * there might be one or two but that breaks the application itself as well 
(i also found couple ways to crash debuggers upon attaching to my process, but that kills both programs) _________________ Asm For Wise Humans |
|||
|
22 Jan 2025, 05:36 |
|
|
Mat Quasar 23 Jan 2025, 13:52
Some anti-debugging techniques described in solution of Flare-On Challenge.
https://www.mandiant.com/sites/default/files/2021-10/09-evil.pdf (Page 5 & 6) |
|||
|
23 Jan 2025, 13:52 |
|
|
Mat-Quasar 25 Apr 2025, 12:52
Mat Quasar wrote: Some anti-debugging techniques described in solution of Flare-On Challenge. One of the anti-debugging technique can be best illustrated using code below: Code: s=GetTickCount() . . . (Program code goes here) . . . if GetTickCount() - s > 5000 then Print "Debugger present!" . . . (Program code goes here) . . . |
|||
|
25 Apr 2025, 12:52 |
|
|
macomics 25 Apr 2025, 12:57
Bad code. He doesn't give an exact answer. And the delay may occur due to a breakpoint, or due to a long search for equipment or waiting for a network computer, etc.
|
|||
|
25 Apr 2025, 12:57 |
|
|
Mat-Quasar 25 Apr 2025, 13:25
macomics wrote: Bad code. He doesn't give an exact answer. And the delay may occur due to a breakpoint, or due to a long search for equipment or waiting for a network computer, etc. What a good code will be like? Of course avoid code resulting in delay like I/O access, a more easy-to-understand version for beginners like me: 
Code: s=GetTickCount() Print "...." Print "...." Print "...." if GetTickCount() - s > 5000 then Print "Debugger present!" // Terminate the program here or whatever end if |
|||
|
25 Apr 2025, 13:25 |
|
|
macomics 25 Apr 2025, 13:29
Even a trivial Print can cause a delay because the output handle can be overloaded and sent via ssh to another machine connected via dial-up.
1) I would make a wrapper to start the process without debugging 2) Even without the startup wrapper, you can simply check the name of the parent process. |
|||
|
25 Apr 2025, 13:29 |
|
|
revolution 25 Apr 2025, 13:35
If the code is running in a multi-tasking OS then there are no timing guarantees at all. Other processes can act in unpredictable ways. As a user application it will have no control over the execution timing, it can be paused at any time to make way for another task to do something of higher priority.. So the code is fragile at best.
|
|||
|
25 Apr 2025, 13:35 |
|
| Goto page Previous 1, 2, 3, 4 Next < Last Thread | Next Thread > |
Forum Rules:
|