Archive for the ‘Uncategorized’ Category

In this sample, we check if a module has a base image address as 0x00000000 more than once. The default executable will be set to that number; some modules attempt to hide by erasing their information from the _MODULEINFO structure, thus, GetModuleInformation would return 0x00000000 for the base address of such a module; in the […]

I know it’s a terrible idea, but, somebody had to do it! #include <tlhelp32.h> #include <windows.h> #define WIN32_LEAN_AND_MEAN #define VC_EXTRALEAN #define CODEBEGIN 0x00401000 #define CODEEND 0x004019FE #define modAllowedSize 11 const char modAllowedArray[][255] = { “ADVAPI32.DLL”, “ntdll.dll”, “RPCRT4.dll”, “Secur32.dll”, “PSAPI.DLL”, “kernel32.dll”, “USER32.dll”, “GDI32.dll”, “MSVCR90.dll”, “IMM32.DLL”, “Killing Bad Threads.exe” }; int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, […]

Just another idea I had for killing foreign threads 😉 #include <windows.h> #include <tlhelp32.h> #define CODEBEGIN 0x00401000 #define CODEEND 0x004019FE DWORD WINAPI GetThreadStartAddress( HANDLE hThread ) { NTSTATUS ntStatus; HANDLE hDupHandle; DWORD dwStartAddress; typedef NTSTATUS ( WINAPI *NQIT )( HANDLE, LONG, PVOID, ULONG, PULONG ); NQIT NtQueryInformationThread = ( NQIT )GetProcAddress( GetModuleHandle( “ntdll.dll” ), “NtQueryInformationThread” […]

All I’ll say is, watch the first 10 seconds of the song “Boom Boom Pow” by Black Eyed Peas (Preferably in HD: My only question is: what’s with all these errors!?

Well, the last build had some an XP-only trick, and a problem with the GetHeapFlags function (Vista’s default heap handling is a bit different than XP’s; luckily, the heap behavior for debugging is still identifiable). The OutputDebugString trick was only available on XP, but, as an alternative, I setup a formatting exploit that’s been reported […]

After some testing, I was able to figure out which anti-debug functions did not work on Vista, and marked them to be filtered out. Enjoy! 🙂 #include <windows.h> #define WIN32_LEAN_AND_MEAN #define VC_EXTRALEAN bool DebugBit = TRUE; int countExceptions = 0; char GetBeingDebugged( ) { char BeingDebuggedBit; __asm { MOV EAX,DWORD PTR FS:[0x30] XOR EAX, 0x2 […]

Opera Turbo

04Jul09 Looks like Opera decided to step up the speed of the web by setting up a cluster of proxy servers aimed to cache commonly viewed images and pages, then compress them for later transfer to clients; personally, I think it’s pretty expensive to do on their end. Thoughts?