Search found 119 matches

by Opcode
Fri Jul 02, 2021 1:41 am
Forum: Feature Requests and Wishlists
Topic: Support for ARM-Linux
Replies: 90
Views: 40887

Re: Support for ARM-Linux

is iOS not the OS the Apple notebooks work with? I thought they managed to put it together. But anyway - I am not part of the Apple-hype group. iOS is the mobile OS that Apple uses on their iPhones. iPadOS is what they use on their tablets. MacOS is what they use on their laptops to desktops. Suppo...
by Opcode
Fri Feb 21, 2020 9:22 am
Forum: Tricks 'n' Tips
Topic: Windows - Known Folder Paths
Replies: 5
Views: 1667

Re: Windows - Known Folder Paths

More modern approach (according to MSDN). Needs up-to-date Shell32.lib or use OpenLibrary. True. But note that the minimum supported client is Windows Vista (won't work on WinXP). A bit off topic but relevant to your post. Windows XP is officially dead, by both Microsoft and the client ecosystem. W...
by Opcode
Sun Jan 26, 2020 6:19 am
Forum: Feature Requests and Wishlists
Topic: [Windows] API Function RegGetValue_() missing.
Replies: 3
Views: 2160

Re: [Windows] API Function RegGetValue_() missing.

You can always import missing functions if they aren't already supported out of the box. Import "Advapi32.lib" RegGetValueW_(hKey.l, *lpSubKey, *lpValue, dwFlags.l, *pdwType, *pvData, *pcbData) As "_RegGetValueW@28" EndImport Not sure if the parameters are correct... :shock:
by Opcode
Mon Nov 11, 2019 5:48 pm
Forum: Coding Questions
Topic: How to detect that a gadget is disabled
Replies: 4
Views: 1172

Re: How to detect that a gadget is disabled

A quick search pulls up some code here.
by Opcode
Fri Oct 25, 2019 5:07 am
Forum: Feature Requests and Wishlists
Topic: Allow us to get the address of API functions
Replies: 1
Views: 2557

Re: Allow us to get the address of API functions

I don't really see the point as calling that particular API function is used for that exact purpose. Import "Kernel32.lib" GetProcAddress_(hModule.l, lpProcName.p-ascii) As "_GetProcAddress@8" EndImport Debug GetProcAddress_(GetModuleHandle_("Kernel32.dll"), "GetPr...
by Opcode
Tue Oct 22, 2019 8:37 pm
Forum: Tricks 'n' Tips
Topic: Extended Inline API Hooking
Replies: 27
Views: 10093

Re: Extended Inline API Hooking

I don't understand how to do any of that. Except maybe call the Nt counterpart. That's one possibility. XIncludeFile "Detour.pbi" Prototype.l RealGetTickCount() Global o_GetTickCount.RealGetTickCount Procedure.l MyGetTickCount() Protected.l Result = NtGetTickCount_() ProcedureReturn Resul...
by Opcode
Tue Oct 22, 2019 5:08 am
Forum: Tricks 'n' Tips
Topic: Extended Inline API Hooking
Replies: 27
Views: 10093

Re: Extended Inline API Hooking

I'm not well versed in these kind of things. The example works but it fails for detouring GetTickCount() with an invalid memory access: Prototype.l o_GetTickCount() Global o_GetTickCount.o_GetTickCount Procedure.l MyGetTickCount() ProcedureReturn o_GetTickCount() EndProcedure CHook::InlineHook(&quo...
by Opcode
Mon Oct 21, 2019 1:02 am
Forum: Tricks 'n' Tips
Topic: Hot Patching hook (32bits)
Replies: 24
Views: 8291

Re: Hot Patching hook (32bits)

@Opcode: Thanks, with "FF8B9090909090" I got it working on PB x86, but on PB x64 Hex(EntryPoint) returns "EC83489090909090". I think it's because the user32.dll doesn't load from "C:\Windows\System32\user32.dll" but from "C:\Windows\winsxs\amd64_microsoft-windows-...
by Opcode
Mon Oct 21, 2019 12:59 am
Forum: Tricks 'n' Tips
Topic: Extended Inline API Hooking
Replies: 27
Views: 10093

Re: Extended Inline API Hooking

Updated 5.7X as a module. Removed OpenProcess so it will only work for the current process that it's running in (you can re-add it if needed). Detour.pbi DeclareModule CHook Import "Kernel32.lib" GetProcAddress_(hModule.l, lpProcName.p-ascii) As "_GetProcAddress@8" EndImport Dec...
by Opcode
Sat Oct 19, 2019 11:02 pm
Forum: Tricks 'n' Tips
Topic: Hot Patching hook (32bits)
Replies: 24
Views: 8291

Re: Hot Patching hook (32bits)

if you still need to declair a prototype of some sort and still call the API then why not just call the API in the first place instead of adding additional code that in the end does the same thing? Maybe it could stop false positives with virus-checkers? I will have to check this out. From my perso...
by Opcode
Thu Oct 17, 2019 2:13 am
Forum: Tricks 'n' Tips
Topic: Hot Patching hook (32bits)
Replies: 24
Views: 8291

Re: Hot Patching hook (32bits)

Updated, as today even syscalls are hot-patchable. ; Hot Patch Hooking ; -------------------------------------------------- ; Place Hook ; $E9, $xx, $xx, $xx, $xx, $EB, $F9 ; -------------------------------------------------- Procedure HotPatchHook(TargetFuncAddress.l, ProxyFuncAddress.l) Protected....
by Opcode
Sat Sep 07, 2019 10:27 pm
Forum: Tricks 'n' Tips
Topic: Anti-piracy tip: Prevent debugging (Windows)
Replies: 16
Views: 5262

Re: Anti-piracy tip: Prevent debugging (Windows)

Here's another method to add to the collection. Easy to implement, easy to bypass. Still something though. Procedure PatchDbgUiRemoteBreakin() Protected.l DbgAddr, oProtect DbgAddr = GetProcAddress_(GetModuleHandle_("ntdll.dll"), "DbgUiRemoteBreakin") VirtualProtect_(DbgAddr, 6,...
by Opcode
Sat Sep 07, 2019 9:30 am
Forum: Tricks 'n' Tips
Topic: Anti-piracy tip: Prevent debugging (Windows)
Replies: 16
Views: 5262

Re: Anti-piracy tip: Prevent debugging (Windows)

Here's another method to add to the collection. Easy to implement, easy to bypass. Still something though. Procedure PatchDbgUiRemoteBreakin() Protected.l DbgAddr, oProtect DbgAddr = GetProcAddress_(GetModuleHandle_("ntdll.dll"), "DbgUiRemoteBreakin") VirtualProtect_(DbgAddr, 6, ...
by Opcode
Thu Sep 05, 2019 11:54 pm
Forum: Coding Questions
Topic: Issue with hooking CreateFileA
Replies: 0
Views: 1197

Issue with hooking CreateFileA

I'm hooking CreateFileA within a process using the hooking functions here . I've hooked other functions without issue. Prototype.l OriginalCreateFileA(lpFileName.s, dwDesiredAccess.i, dwShareMode.i, *lpSecurityAttributes.SECURITY_ATTRIBUTES, dwCreationDisposition.i, dwFlagsAndAttributes.i, hTemplate...
by Opcode
Sat Feb 02, 2019 6:16 am
Forum: Coding Questions
Topic: Mac address how to get it ?
Replies: 29
Views: 10492

Re: Mac address how to get it ?

Some of the solutions here worked (partially), however I needed something fast and with PB5 there's a speedy way to pull a mac address. InitNetwork() Procedure GetIPAddr() If ExamineIPAddresses() IP = NextIPAddress() If IP ProcedureReturn IP EndIf EndIf EndProcedure Procedure.s GetMacAddr() Protecte...