Showing posts with label Developer Tools. Show all posts
How to inject code into a exe file
Posted by Rahul Ghotekar (InOx) in Developer Tools, Hacking tools on Wednesday, May 11, 2011
*** THIS TUTORIAL IS ONLY FOR EDUCATIONAL PURPOSES!*** -Requirements- -Getting started- ***** START QUOTE FROM THE WIN32 PROGRAMMERS REFERENCE int MessageBox( ***** END QUOTE FROM THE WIN32 PROGRAMMERS REFERENCE -Some ASM- -Last Words-
At first we need a debugger. I prefer OLLYDBG(the best debugger on earth :P)
At twice we need a target application to inject our code.
I will take the windows NOTEPAD.EXE .
Make a copy if this EXE in a new folder named CodeInjectTest.
Thats all ;)
Our goal is to inject some code into the Notepad.EXE .
In our case we'll inject a simple MessageBox at Notepads start.
Start up Notepad now and validize that Notepad is the original one.
[My Notepad screenshot]
If you're sure now that's the original Notepad open the Notepad.exe with Olly.
Yuppi! If you're ready you get this window:
[click to enlarge]
Because we're going to inject some code we've to have some space to inject it.
In a EXE file are a lot of CodeCaves were nothing is done (DB 00).
So lets scroll the CPU window a little bit down until you find a CodeCave(look below).
[CodeCaves]
Do you see the red box I've drawn for you? ;) THIS is a CodeCave!
Here we can inject some custom code without interfering the programs flow.
If you know the API call for a MessageBox you don't need to
read this lines.
The MessageBox function creates, displays, and operates a message box.
The message box contains an application-defined message and title,
plus any combination of predefined icons and push buttons.
HWND hWnd, // handle of owner window
LPCTSTR lpText, // address of text in message box
LPCTSTR lpCaption, // address of title of message box
UINT uType // style of message box
);
This is all you need to know about the MessageBox.
Now its time to do something with the CodeCaves.
At first to use the MessageBox we need to create some text for output it on the
MessageBox. In the following picture I've selected some lines of the CodeCaves and
highlighted the BinaryEdit menu for you.
If you pressed on Binary=>Edit or (CTRL+E) you will see following window.
Just fill it out like me if you want.
Press OK and you'll see the modified code in red:
Press now CTRL+A to reanalyze the code.
OK! If you want to have a different MessageBox Caption than the title you can repeat this
step to make a second ASCII like the "INJECTED NOTEPAD".
Now its time for some ASM ;)
We need to invoke a MessageBox from ASM. This is quite simple!
PUSH 0 ; BUTTONS =
PUSH 1008751 ; CAPTION = Our adress of the "INJECTED NOTEPAD"
PUSH 1008751 ; MESSAGE = Same like above.
PUSH 0 ; ICON =
CALL MessageBoxA; Run MessageBoxA with the Params above.
This few lines entered in Olly should look like this:
Do you see the arrow?! THIS IS NOW A VERY IMPORTANT STEP!
If we save it now and run it you will NOT see any effect. Why?
Because our litte routine is not called yet!
You need to write down the Offset of your first "PUSH 0" because we
need to make a jump from the programs origin to here and back again ;)
If you noted the offset of the first PUSH down, goto the origin of the program like below.
Now you're at the FIRST line of code which will be executed.
Do you remember that the first thing we wanted to do is to run our code? :)
Yehaa! We're on the right way!
Select now from the origin some lines and copy it into the Clipboard.
Paste the clipboard into a texteditor and leave them there. We need this lines later.
If you have pasted it go to the first line of the program.
(In the picture upper it's the PUSH 70).
Double click on it and enter in the box "JMP
Press on Assemble and you will the the again the red marked(patched) code.
Look to the redbox! This is the address we need to jump to after our injected code.
If we jump here after the injection the program will execute like without our injection :)
But there is one thing we need to do at least!
Compare the "new" origin with the old one you've pasted into a clipboard.
You will see that there are a few lines overwritten! But this lines are needed to run
the programm without errors. Identify the lines which get overwritten.
In my case the overwritten lines are:
PUSH 70
PUSH NOTEPAD.01001898
Click on the first line (our JMP) and press ENTER.
You'll dropped to your MessageBox invokation!
After our CALL MessageBoxA we need to insert now the overwritten lines AND the jump back!
NOW you're done!
(If you want to test the "JumpBack"-Jump just select it and press ENTER.
If you get to the right line you can be sure that's ok! If not check Offset!)
To save the "new" Notepad take a look the the following picture:
If you press on "All modifications" a new little window will be shown.
Press on "Copy All" on this window.
A new window with the new ASM code will be shown.
Close the new window (THE CHILD WINDOW! NOT OLLY DBG WINDOW!).
Then a save dialog let you choose a new filename.
Save the file and run it. If you're successful you will get this result:
Press on OK and Notepad will start normally ;)
DO NOT abuse debuggers to attach shellcodes or things like that into EXEs!
360desktop 0.8.5.2084 (x32/x64)
Posted by kk in Developer Tools, Others, System Utilities, Themes on Thursday, May 20, 2010
360desktop is free software that extends Windows as a 360° workspace, plus an online environment for creating interative 360° wallpaper, with a gallery and a widget platform, for sharing your favorite 360's with everybody. 360desktop is for everyone!
Take it for a Spin
Your desktop goes full circle more space, more fun
Customize & Organize
Personalize your workspace – for work & play
Anyone can create
Create your own interactive 360’s – even make money
Share & Analyze
Share your creations and fav 360’s everywhere
Homepage: http://www.360desktop.com/
Download : 360desktop 0.8.5.2084 (x32)
Download : 360desktop 0.8.5.2084 (x64)
150000 Universal Drivers 2010
Posted by kk in Developer Tools, Operating Systems, System Utilities on Monday, May 10, 2010
Must pop the Universal Driver CD in and Windows will automatically search the comprehensive drivers. Contains drivers for over 100,000 hardware components from brands such as Dell, HP, Compaq, IBM, Sony, Toshiba, Panasonic, as well as hardware component manufacturers Intel, 3Com, VIA, nVidia, ATI, SoundMax, and many more!
Download:
http://hotfile.com/dl/41180008/ef47c79/Collection.html
http://hotfile.com/dl/41180036/fdcbc59/Collection.html
http://hotfile.com/dl/41180065/4b6d87a/Collection.html
http://hotfile.com/dl/41180107/25ea0b7/Collection.html
http://hotfile.com/dl/41180147/47227e7/Collection.html
http://hotfile.com/dl/41180195/3d83b3f/Collection.html
http://hotfile.com/dl/41180235/4be2982/Collection.html
http://hotfile.com/dl/41180276/cbac2ca/Collection.html
http://hotfile.com/dl/41180317/9e200a8/Collection.html
http://hotfile.com/dl/41180372/b46ad70/Collection.html
http://hotfile.com/dl/41180398/2527da5/Collection.html
http://hotfile.com/dl/41180430/c8faf2d/Collection.html
http://hotfile.com/dl/41180459/33e6738/Collection.html
http://hotfile.com/dl/41180497/3ee1d84/Collection.html
http://hotfile.com/dl/41180566/8b21a15/Collection.html
http://hotfile.com/dl/41180597/3936db3/Collection.html
Microsoft® Office 2010 Technical Preview x86 English
Posted by Dizzycon in Developer Tools, Others, System Utilities on Thursday, August 6, 2009
The Microsoft Office 2010 is a limited, invitation only program which will provide you with the opportunity to experience early, pre-release versions of Office 2010 which will include the following applications: Word 2010, Excel 2010, Outlook 2010, PowerPoint 2010, OneNote 2010, Communicator 2010, Access 2010, InfoPath 2010 and Publisher 2010. Microsoft Office 2010 provides people at home or work with a comprehensive set of tools that helps them gather and consolidate virtually any type of information, find what they are looking for quickly, and easily share information with others across geographical or organizational boundaries, so they can deliver better results faster.
Office 2010 Applications :
•Word 2010
•Excel® 2010
•PowerPoint® 2010
•Outlook® 2010
•OneNote® 2010
•Publisher 2010
•Access® 2010
•InfoPath® 2010
•Office Communicator 2007 R2
•SharePoint Workspace 2010
Screenshots :
Download Links :
Mirror1 : Torrent
Web Page Creation : WinCHM Pro v3.523
Posted by Sachin in Developer Tools, Web Developer on Saturday, May 16, 2009
WinCHM Pro v3.523 | 3.7 MB | RS link
WinCHM is a very easy-to-use help authoring tool. Not needing to learn too much, you can be master of creating HTML help (CHM), Web help, PDF manual and Word documents. Using WinCHM you can not only make help files with nothing, but also convert a set of HTML files into a CHM file.
Key features:
- Template support - Make uniform style html help file very easily
- Full-function web help creation (Contents, Index, Search and Bookmark)
- Integrated full-function WYSIWYG html editor. No external word processor needed.
- Read from existing chm files
- Support html files auto-searching, quickly create table of contents
- Super table of contents hierarchy editor
- Support Multi-select moving, changing icon
- Visual CHM designer
Homepage: http://www.softany.com
DOWNLOAD
KoolMoves 7.0.3 | 8.3MB
Posted by kk in Developer Tools, Graphics Tools, Web Developer on Thursday, April 9, 2009
NEW KoolMoves 7 with Actionscript and Necro 3D! KoolMoves is a web animation authoring tool that creates Flash movies and frames for animated gifs. Used by both professionals and novices to create rich interactive content for web sites, KoolMoves is a popular Flash authoring tool with rave industry reviews! As Flash has developed into the standard for animation on the web, KoolMoves has emerged as an advanced but low cost alternative to Flash. Combining ease-of-use with a wealth of powerful animation effects, KoolMoves makes it easy and inexpensive to create professional quality Flash movies for web sites.
KoolMoves is an affordable Flash authoring tool that is full featured and easy to use. It is ideal for creating a wide range of web content with high impact visuals, MP3 and WAV sound. Play video & music with stylish media players; Create high impact web sites & animations; Customize text effects, buttons, & clip art; Add impressive 3D text and shape effects; Use templates or create your own designs; Take control with Flash 9 action scripts, plus more.
Features:
• Import images and sounds
• 71 action script based text/image effects
• 100 stylish text effects templates
• 343 clip art items and buttons
• Wizard for adding Flash animation to web page
• Capture frames for gif animation
• Easy to use customizable preloaders
• Many unique views of the animation
• Slide show wizard
• Banner wizard
• 43 customizable 3D effects
• 40 media player skins
• 28 web interface templates
• 4 skill levels (wizards to cartooning)
• Import Flash animation as object or editable
• Import FLV Flash video
• Full set of drawing/shape manipulation tools
• Dynamic text
• Flash 9 action scripting (AS3)
• Flash 8 filter/blend effects
• 16 interface components (e.g. slide show)
• Masking
• Import/export SVG
• Ease in/out tweening
• Variable line width
• Character animation bones
Changes in Version 7.0.4 (4/6/09):
* Fixed export of movie clip in symbol library with same class name as an external class.
* Fixed case sensitivity issue associated with package file names.
* Fixed problem with type mismatch message associated with use of 'new' with a locally defined variable.
* Fixed assorted AS3 issues so org.gif classes and some other classes now run.
* Fixed display of Movie Overview after a button is deleted.
* Fixed some AS3 issues associated with private access modifier.
* Fixed a bug in km.components.Label class.
* Fixed an issue with helper classes.
* Fixed an issue with recast operation.
* Added bitmaps, sounds, binaries tabs to F11 symbol library.
* Added support for package level functions.
* Added support for static initializer blocks.
* Added support for const ENUM.
* Added a class -- km.display.SimpleTable -- for creating tables.
Microsoft Encarta Premium 2009
Posted by Dizzycon in Developer Tools, Others, System Utilities on Wednesday, March 25, 2009
Release: Microsoft Student With Encarta Premium 2009
Type: Reference/Encyclopedia Format: ISO
Archives: 64×50MB Date: 07/2008
RELEASE NOTES
Designed to be easy to use and simple to learn, Microsoft Student with
Encarta Premium 2009 makes learning fun. Whether its math, research
projects, or foreign languages, you can find the right tools and
information to get your homework started quickly, get questions answered
faster, and complete assignments that help earn higher grades.
INSTALL NOTES
1. Burn/mount and install
2. Enjoy another fine release from XiSO
All software included in this release is only intended for your use if
you own a legal license to this software. We are not to be held
responsible for illegal use/installation of this software. If you choose
to install and test this software and you decide to keep it, you must
purchase a valid license. If you do not own legal license to this
software we will not be held responsible for any charges brought against
you by any software company(s) or people working for any software
company(s). We do not support piracy, we are here only to provide an
evaluation.
Download Links
http://www.filefactory.com/file/bb6e66/n/encp09-xiso_part01_part01_rar
http://www.filefactory.com/file/f3f110/n/encp09-xiso_part01_part02_rar
http://www.filefactory.com/file/0c1d58/n/encp09-xiso_part01_part03_rar
http://www.filefactory.com/file/a51bf4/n/encp09-xiso_part01_part04_rar
http://www.filefactory.com/file/e3e5ed/n/encp09-xiso_part01_part05_rar
http://www.filefactory.com/file/f92939/n/encp09-xiso_part01_part06_rar
http://www.filefactory.com/file/2441e4/n/encp09-xiso_part01_part07_rar
http://www.filefactory.com/file/cf6240/n/encp09-xiso_part01_part08_rar
http://www.filefactory.com/file/f4cebf/n/encp09-xiso_part01_part09_rar
http://www.filefactory.com/file/01d6e3/n/encp09-xiso_part01_part10_rar
http://www.filefactory.com/file/afbaf1/n/encp09-xiso_part01_part11_rar
http://www.filefactory.com/file/a36211/n/encp09-xiso_part01_part12_rar
http://www.filefactory.com/file/7998ab/n/encp09-xiso_part01_part13_rar
http://www.filefactory.com/file/e4ddc6/n/encp09-xiso_part01_part14_rar
http://www.filefactory.com/file/5fc674/n/encp09-xiso_part01_part15_rar
http://www.filefactory.com/file/15ca47/n/encp09-xiso_part01_part16_rar
http://www.filefactory.com/file/b6f5db/n/encp09-xiso_part01_part17_rar
http://www.filefactory.com/file/d5d770/n/encp09-xiso_part01_part18_rar
http://www.filefactory.com/file/f60733/n/encp09-xiso_part01_part19_rar
http://www.filefactory.com/file/b90601/n/encp09-xiso_part01_part20_rar
http://www.filefactory.com/file/914a46/n/encp09-xiso_part01_part21_rar
http://www.filefactory.com/file/d5ba9d/n/encp09-xiso_part01_part22_rar
http://www.filefactory.com/file/f19d6a/n/encp09-xiso_part01_part23_rar
http://www.filefactory.com/file/d3406c/n/encp09-xiso_part01_part24_rar
http://www.filefactory.com/file/43267b/n/encp09-xiso_part01_part25_rar
http://www.filefactory.com/file/029c55/n/encp09-xiso_part01_part26_rar
http://www.filefactory.com/file/3017db/n/encp09-xiso_part01_part27_rar
http://www.filefactory.com/file/d69aeb/n/encp09-xiso_part01_part28_rar
Password : www.downloads9.com
OR
Torrent Link :
http://thepiratebay.org/t.......mium.2009-XiSO
ASP .NET Maker 7.0.0.1 || 10 MB
Posted by Sachin in Developer Tools, Web Developer on Thursday, March 19, 2009
ASP.NET Maker is a powerful automation tool that can generate a full set of ASP.NET pages quickly from a Microsoft Access Database or any ADO Data Source. Using ASP.NET Maker, you can instantlycreate Web sites that allow users to view, edit, search, add and delete records on the Web. ASP.NETMaker is designed for high flexibility, numerous options enable you to generate ASP.NET applications that best suits your needs. The generated codes are clean, straightforward and easy-to-customize. ASP.NET Maker can save you tons of time and is suitable for both beginners and experienced developers alike.
Key Features:
* Advanced Security
* User registration system
* Export to CSV/HTML/Excel/Word/XML
* File uploading to database or folder
* Master/Detail
* Custom View
* Report
* Customizable template
* Database re-synchronization
Download:
Notepad++ 5.2
Posted by Sachin in Developer Tools, System Utilities, Web Developer on Saturday, March 14, 2009
Notepad++ is a free source code editor (and Notepad replacement), which supports several programming languages, running under the MS Windows environment.
This project, based on the Scintilla edit component (a very powerful editor component), written in C++ with pure win32 api and STL (that ensures the higher execution speed and smaller size of the program), is under the GPL Licence.
- Syntax Highlighting and Syntax Folding
- WYSIWYG
- User Defined Syntax Highlighting
- Auto-completion
- Multi-Document
- Multi-View
- Regular Expression Search/Replace supported
- Full Drag 'N' Drop supported
- Dynamic position of Views
- File Status Auto-detection
- Zoom in and zoom out
- Multi-Language environment supported
- Bookmark
- Brace and Indent guideline Highlighting
- Macro recording and playback