• Content count

  • Joined

  • Last visited

  • Days Won


sotpot last won the day on January 27 2012

sotpot had the most liked content!

Community Reputation

2 Neutral

About sotpot

  • Rank
  • Birthday 02/17/1979
  1. I am 33 in 2 month 34
  2. thanks button should be here at the end of the line, btw you cant see thx button on your own posts. | | | | |
  3. if you just want to do guis, use wxdev c++.
  4. Maybe the best one this year.
  5. Maybe btw it is the first entry if you type in "relocation masm" into google.
  6. <- fail if its about graphics and guis
  7. @cracksman that kaiji looks good. i think im going to watch this anime next.
  8. Good Topic Top Dramas: (Dramas are my Favorites) Nana This is the best if you dont like mystery and all that, pure life. It has a rly bad start, you must watch more than 6 episodes. No Mystery. Kanon (2006) My first anime drama, i mean i did never touch a drama before. Im a boy but i cried so many tears lol. With Mystery. Clannad and Clannad After Story Adaption from a Dating Sim , but you wont recognize it. First Season takes place in the life of schoolchildren, and is about love partnership etc. Sounds boring but if i tell you too much.... Second Season takes place right after Schooll, and is about Family. Sounds boring but if i tell you too much.... This Season is better than the first, but it is also completely different from the first Season, but you have to watch the first season to understand the second. First is worth to watch. With Mystery. Ofc Toradora! Something for the cuteness. Simple love comedy story. But the character setup is so great, and the story is told rly good. If you dont like HandheldTiger you are not human And OMG the last Drama for today is Mahou Shoujo Madoka Magica I never thought i would watch an anime with Magical Girls, but im happy that i watched this anime. This anime is so dark and surreal. No happieness only pain This is rly meant for adults. The only thing you would think of that this anime is for kids are the litlle cute Magical Girls, but that is everything. Fighting scences are in a very own style, you have to see it, cant describe it in english. I think you know the Artist Salvador Dali, the scence are in some kind of his painting style. I just know i rly had to kick my ass to start watching the anime, but after the first scene i was caught. Im wating for the Movie that is coming out this summer. Psychological: There is only one Anime in this Gerne for me and this is DeathNote This is the Number One of my all time favorites everybody has to see that anime. Splatter: Elfen Lied. Cute girls cutting off heads, good story, Moe, cult, must see. Open end. Manga has more story than the anime, but there never will be a second season. Claymore. Sword battles with different ability useres. Weak start. The first 3 episodes are solala, if you dont like it after episode no.4 stop to watch, but i guess you are going to watch the next episode . Open end again. Anime finished before manga finished. But its ok if you are used to open ends. A rly great showdown. I could write for houres, but i dont have time anymor. Here is my list of seen animes. The bests are on top. All Time Favorites: DeathNote Hagane no Renkinjutsushi (Fullmetal Alchemist: Brotherhood) CodeGeass Season one and Two Shin Seiki Evangelion (Neon Genesis Evangelion) Tengen Toppa Gurren Lagann Lol sry its too much . List wouldnt stop.
  9. Do you compile to ansi or to unicode? Most of the time its a Ansi/Unicode String problem. And lol. Its about your error message. It could be alot of things. Mousewheel; SubSeven lol etc.
  10. First thing. Do you compile to ansi or to unicode. IF Unicode Functionname must be in ansi, bcoze if GetProcAddress Api is used it only accept Ansi. If its a own getprocaddress function then i dont know. Second thing. does the shellcode use A Apis or W Apis. Btw do you get an error message?
  11. Update of this ;{******************************************************************* ; * Include: i_GetProcAddress.pbi ; * Author: sotpot ; * ; * Description: ; * Walk the Export Address Table GetProcAddress Replacement ; * Support for either Unicode or Ascii ; * Support for Ordinals ; * Support for forwarded functions ; * ; * Notes: ; * If you compile to unicode, you will have to pass a ; * unicode string or you will have to convert the ascii string to ; * an unicode string. Same for ascii builds. ; * Not testet as 64bit build. I used integers as vars for void ; * pointer (integer 4 bytes on 32bit and 8 bytes on 64bit). So maybe ; * it works. ; * ; * Webpage: ; * ; * ; * Credits: ; * If credits, then to steve10120 ; * ;}******************************************************************* Procedure.i GetProcAddress(hModule.i, pProcName.i) ;{///////////////////////////////////////////////// ; / hModule.i: ; / Modulehandle returned by LoadLibrary ; / or GetModuleHandle ; / pProcName.i: ; / Either a function name as string or ; / an ordinal number ; / Returns: ; / On error 0 on success the function address ;}///////////////////////////////////////////////// Protected *IDH.IMAGE_DOS_HEADER, *INH.IMAGE_NT_HEADERS, *IED.IMAGE_EXPORT_DIRECTORY, *IDDE.IMAGE_DATA_DIRECTORY Protected *piFunctionName.Integer, *piFunctionAddress.Integer, *pwOrdinal.Word, iCounter.i Protected *pcProcName.Character, *pcDllName.Character, *paFunctionName.Ascii Protected szfDllName.s{32}, szfFunctionName.s{32} Protected pFarproc.i ; check for valid dos header *IDH = hModule If *IDH\e_magic <> $5A4D ProcedureReturn 0 EndIf ; check for valid nt header *INH = hModule + *IDH\e_lfanew If *INH\Signature <> $4550 ProcedureReturn 0 EndIf ; check if there is a export address table If *INH\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_EXPORT]\VirtualAddress = 0 ProcedureReturn 0 EndIf *IDDE = *INH\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_EXPORT] ; get a pointer to IMAGE_EXPORT_DIRECTORY *IED = hModule + *INH\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_EXPORT]\VirtualAddress ; get the startaddress of function names and the ordinal index *piFunctionAddress = hModule + *IED\AddressOfFunctions *piFunctionName = hModule + *IED\AddressOfNames *pwOrdinal = hModule + *IED\AddressOfNameOrdinals ; check if we deal with an ordinal else we deal with a string If (pProcName >> 16) = 0 ; check if it is a valid ordinal if not return 0 If (pProcName < *IED\Base Or pProcName > *IED\Base + *IED\NumberOfFunctions) ProcedureReturn 0 EndIf ; calculate relative function address *piFunctionAddress + ((pProcName - 1) * SizeOf(Integer)) pFarproc = hModule + *piFunctionAddress\i Else ; loop through the function names and see if we find a matching one For iCounter = 0 To *IED\NumberOfNames - 1 ; get a asciipointer to functionname and a characterpointer for our procname *paFunctionName = hModule + *piFunctionName\i *pcProcName = pProcName ; start to compare the strings bytewise. While *paFunctionName\a = *pcProcName\c ; check if we got a terminating 0 byte. if found, we got our function and we pass the address to our return var and exit both loops If *paFunctionName\a = 0 And *pcProcName\c = 0 *pwOrdinal + (iCounter * SizeOf(Word)) *piFunctionAddress + (*pwOrdinal\w * SizeOf(Integer)) pFarproc = hModule + *piFunctionAddress\i Break 2 EndIf ; move up the asciipointer to the next byte, the same for the characterpointer *paFunctionName + SizeOf(Ascii): *pcProcName + SizeOf(Character) Wend ; move up to the next functionname *piFunctionName + SizeOf(Integer) Next iCounter EndIf ; now check if we got a forwarded function If (pFarproc >= *IED And pFarproc < *IED + *IDDE\Size) ; start getting the name of the dll and the function. forwarded functions look like this "NTDLL.RtlGetLastWin32Error". it is an asciistring. Debug PeekS(pFarproc, #PB_Any, #PB_Ascii) *paFunctionName = pFarproc *pcDllName = @szfDllName *pcProcName = @szfFunctionName iCounter = 0 ; get the dll name and make either a unicode or a ascii string out of it. depends on compilersettings. While *paFunctionName\a <> $2E iCounter + 1 *pcDllName\c = *paFunctionName\a *paFunctionName + SizeOf(Ascii): *pcDllName + SizeOf(Character) Wend ; 0 terminate the dll name string and move the pointer to the beginning of the string. *pcDllName + SizeOf(Character): *pcDllName\c = 0: *pcDllName - ((iCounter + 1) * SizeOf(Character)): *paFunctionName + SizeOf(Ascii) iCounter = 0 ; get the function name and make either a unicode or a ascii string out of it. depends on compilersettings. While *paFunctionName\a <> 0 iCounter + 1 *pcProcName\c = *paFunctionName\a *paFunctionName + SizeOf(Ascii): *pcProcName + SizeOf(Character) Wend ; 0 terminate the dll name string and move the pointer to the beginning of the string. *pcProcName + SizeOf(Character): *pcProcName\c = 0: *pcProcName - ((iCounter + 1) * SizeOf(Character)) ;{ we are done with the strings.make a call to our self and we are done. ; solutions for getmodulehandle/loadlibrary: ; write your own getmodulehandle function something like ; or get kernel32 address from PEB fs:0x30 and then ; _GetModuleHandle = GetProcAddress(kernel32base, "GetModuleHandle") ; pFarproc = GetProcAddress(_GetModuleHandle(*pcDllName), *pcProcName) ;} or use ntdll LdrLoadDll or or or or pFarproc = GetProcAddress(GetModuleHandle_(*pcDllName), *pcProcName) ; done with forwarder EndIf ProcedureReturn pFarproc EndProcedure
  12. Note returned stringpointers are allways pointer to a unicodebuffer. So TEB_GetCommandLine will be different in Ansi compiled apps. In Unicodeapps TEB_GetCommandLine will work as the GetCommandLine Api Functions: TEB_GetCurrentTeb() retrieves a pointer to current Thread Enviroment Block TEB_GetCurrentProcess() same function as the windows api GetCurrentProcess TEB_GetCurrentProcessId() same function as the windows api GetCurrentProcessId TEB_GetCurrentThread() same function as the windows api GetCurrentThread TEB_GetCurrentThreadId() same function as the windows api GetCurrentThreadId TEB_GetProcessHeap() same function as the windows api GetProcessHeap TEB_GetModuleHandle(pszModuleName.i) same function as the windows api GetModuleHandle TEB_GetModuleFileName(hModule.i, pFilename.i, nSize.l) same function as the windows api GetModuleFileName TEB_IsDebuggerPresent() same function as the windows api IsDebuggerPresent TEB_SetDebuggerFlag(Flag.B) will set the debugger flag to true or false TEB_GetCommandLine() returns the pointer to a unicode stringbuffer with the commandline parameters TEB_GetCurrentDirectory() returns the pointer to a unicode stringbuffer with the current directory in it TEB_GetImagePathName() returns the pointer to a unicode stringbuffer with the image path name in it TEB_GetWindowTitle() dont know for what this good is TEB_GetDesktopName() dont know for what this good is TEB_GetStdHandle(nStdHandle.l) if your app is an console app this function returns a handle to either stdin, stdout or stderror ;-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ ;- Include: i_TEB.pbi ;- Author: sotpot ;- Web: ;-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ EnableExplicit Structure UNICODE_STRING Length.w; USHORT MaximumLength.w; USHORT Buffer.i; PWSTR EndStructure Structure LIST_ENTRY Flink.i; LIST_ENTRY Blink.i; LIST_ENTRY EndStructure Structure CLIENT_ID UniqueProcess.i; PVOID UniqueThread.i; PVOID EndStructure Structure EXCEPTION_REGISTRATION_RECORD Nextex.i; PEXCEPTION_REGISTRATION_RECORD Handler.i; PEXCEPTION_DISPOSITION EndStructure Structure NT_TIB *ExceptionList.EXCEPTION_REGISTRATION_RECORD; EXCEPTION_REGISTRATION_RECORD StackBase.i; PVOID StackLimit.i; PVOID SubSystemTib.i; PVOID StructureUnion FiberData.i; PVOID Version.l; ULONG EndStructureUnion ArbitraryUserPointer .i; PVOID Self .i; PNT_TIB EndStructure Structure PEB_LDR_DATA Length.l; ULONG Initialized.b[4]; BOOLEAN SsHandle.i; PVOID InLoadOrderModuleList.LIST_ENTRY; LIST_ENTRY InMemoryOrderModuleList.LIST_ENTRY; LIST_ENTRY InInitializationOrderModuleList.LIST_ENTRY; LIST_ENTRY EndStructure Structure LDR_DATA_TABLE_ENTRY InLoadOrderModuleList.LIST_ENTRY; LIST_ENTRY InMemoryOrderModuleList.LIST_ENTRY; LIST_ENTRY InInitializationOrderModuleList.LIST_ENTRY; LIST_ENTRY BaseAddress.i; PVOID EntryPoint.i; PVOID SizeOfImage.l; ULONG FullDllName.UNICODE_STRING; UNICODE_STRING BaseDllName.UNICODE_STRING; UNICODE_STRING Flags.l; ULONG LoadCount.w; SHORT TlsIndex.w; SHORT HashTableEntry.LIST_ENTRY; LIST_ENTRY TimeDateStamp.l; ULONG EndStructure Structure PEBLOCKROUTINE PebLock.i; PVOID EndStructure Structure PEB_FREE_BLOCK pfbNext.i; PEB_FREE_BLOCK Size.l; ULONG EndStructure Structure RTL_DRIVE_LETTER_CURDIR Flags.w; USHORT Length.w; USHORT TimeStamp.l; ULONG DosPath.UNICODE_STRING; UNICODE_STRING EndStructure Structure RTL_USER_PROCESS_PARAMETERS MaximumLength.l; ULONG Length.l; ULONG Flags.l; ULONG DebugFlags.l; ULONG ConsoleHandle.i; PVOID ConsoleFlags.i; ULONG StdInputHandle.i; HANDLE StdOutputHandle.i; HANDLE StdErrorHandle.i; HANDLE CurrentDirectoryPath.UNICODE_STRING; UNICODE_STRING CurrentDirectoryHandle.i; HANDLE DllPath.UNICODE_STRING; UNICODE_STRING ImagePathName.UNICODE_STRING; UNICODE_STRING CommandLine.UNICODE_STRING; UNICODE_STRING Environment.i; PVOID StartingPositionLeft.l; ULONG StartingPositionTop.l; ULONG Width.l; ULONG Height.l; ULONG CharWidth.l; ULONG CharHeight.l; ULONG ConsoleTextAttributes.l; ULONG WindowFlags.l; ULONG ShowWindowFlags.l; ULONG WindowTitle.UNICODE_STRING; UNICODE_STRING DesktopName.UNICODE_STRING; UNICODE_STRING ShellInfo.UNICODE_STRING; UNICODE_STRING RuntimeData.UNICODE_STRING; UNICODE_STRING DLCurrentDirectory.RTL_DRIVE_LETTER_CURDIR[$20]; RTL_DRIVE_LETTER_CURDIR EndStructure Structure PEB InheritedAddressSpace.b; BOOLEAN Reserved1[0] ReadImageFileExecOptions.b; BOOLEAN Reserved1[1] BeingDebugged.b; BOOLEAN BeingDebugged Spare.b; BOOLEAN Reserved2 Mutant.i; HANDLE Reserved3[0] ImageBaseAddress.i; PVOID Reserved3[1] *LoaderData.PEB_LDR_DATA; PPEB_LDR_DATA *ProcessParameters.RTL_USER_PROCESS_PARAMETERS; RTL_USER_PROCESS_PARAMETERS SubSystemData.i; PVOID ProcessHeap.i; PVOID FastPebLock.i; PVOID *FastPebLockRoutine.PEBLOCKROUTINE; PPEBLOCKROUTINE *FastPebUnlockRoutine.PEBLOCKROUTINE; PPEBLOCKROUTINE EnvironmentUpdateCount.l; ULONG KernelCallbackTable.i; PPVOID EventLogSection.i; PVOID EventLog.i; PVOID *FreeList.PEB_FREE_BLOCK; PPEB_FREE_BLOCK TlsExpansionCounter.l; ULONG TlsBitmap.i; PVOID TlsBitmapBits.l[$2]; ULONG ReadOnlySharedMemoryBase.i; PVOID ReadOnlySharedMemoryHeap.i; PVOID ReadOnlyStaticServerData.i; PPVOID AnsiCodePageData.i; PVOID OemCodePageData.i; PVOID UnicodeCaseTableData.i; PVOID NumberOfProcessors.l; ULONG NtGlobalFlag.l; ULONG Spare2.b[$4]; BYTE CriticalSectionTimeout.LARGE_INTEGER; LARGE_INTEGER HeapSegmentReserve.l; ULONG HeapSegmentCommit.l; ULONG HeapDeCommitTotalFreeThreshold.l; ULONG HeapDeCommitFreeBlockThreshold.l; ULONG NumberOfHeaps.l; ULONG MaximumNumberOfHeaps.l; ULONG ProcessHeaps.i; PPVOID GdiSharedHandleTable.i; PVOID ProcessStarterHelper.i; PVOID GdiDCAttributeList.i; PVOID LoaderLock.i; PVOID OSMajorVersion.l; ULONG OSMinorVersion.l; ULONG OSBuildNumber.l; ULONG OSPlatformId.l; ULONG ImageSubSystem.l; ULONG ImageSubSystemMajorVersion.l; ULONG ImageSubSystemMinorVersion.l; ULONG GdiHandleBuffer.l[$22]; ULONG PostProcessInitRoutine.l; ULONG TlsExpansionBitmap.l; ULONG TlsExpansionBitmapBits.b[$80]; BYTE SessionId.l; ULONG EndStructure Structure TEB Tib.NT_TIB; NT_TIB EnvironmentPointer.i; PVOID Cid.CLIENT_ID; CLIENT_ID ActiveRpcInfo.i; PVOID ThreadLocalStoragePointer.i; PVOID *Peb.PEB; PPEB LastErrorValue.l; ULONG CountOfOwnedCriticalSections.l; ULONG CsrClientThread.i; PVOID Win32ThreadInfo.i; PVOID Win32ClientInfo.l[$1F]; ULONG WOW32Reserved.i; PVOID CurrentLocale.l; ULONG FpSoftwareStatusRegister.l; ULONG SystemReserved1.i[$36]; PVOID Spare1.i; PVOID ExceptionCode.l; ULONG SpareBytes1.l[$28]; ULONG SystemReserved2.i[$A]; PVOID GdiRgn.l; ULONG GdiPen.l; ULONG GdiBrush.l; ULONG RealClientId.CLIENT_ID; CLIENT_ID GdiCachedProcessHandle.i; PVOID GdiClientPID.l; ULONG GdiClientTID.l; ULONG GdiThreadLocaleInfo.i; PVOID UserReserved.i[5]; PVOID GlDispatchTable.i[$118]; PVOID GlReserved1.l[$1A]; ULONG GlReserved2.i; PVOID GlSectionInfo.i; PVOID GlSection.i; PVOID GlTable.i; PVOID GlCurrentRC.i; PVOID GlContext.i; PVOID LastStatusValue.l; NTSTATUS StaticUnicodeString.UNICODE_STRING; UNICODE_STRING StaticUnicodeBuffer.w[$105]; WCHAR DeallocationStack.i; PVOID TlsSlots.i[$40]; PVOID TlsLinks.LIST_ENTRY; LIST_ENTRY Vdm.i; PVOID ReservedForNtRpc.i; PVOID DbgSsReserved.i[$2]; PVOID HardErrorDisabled.l; ULONG Instrumentation.i[$10]; PVOID WinSockData.i; PVOID GdiBatchCount.l; ULONG Spare2.l; ULONG Spare3.l; ULONG Spare4.l; ULONG ReservedForOle.i; PVOID WaitingOnLoaderLock.l; ULONG StackCommit.i; PVOID StackCommitMax.i; PVOID StackReserved.i; PVOID EndStructure ;-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ ;- Procedure ;-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Procedure.i TEB_GetCurrentTeb() ! MOV EAX, [FS:$18] ProcedureReturn EndProcedure Procedure.i TEB_GetCurrentProcess() ProcedureReturn $ffffffff EndProcedure Procedure.i TEB_GetCurrentProcessId() Protected *pTEB.TEB *pTEB = TEB_GetCurrentTeb() ProcedureReturn *pTEB\Cid\UniqueProcess EndProcedure Procedure.i TEB_GetCurrentThread() ProcedureReturn $fffffffe EndProcedure Procedure.i TEB_GetCurrentThreadId() Protected *pTEB.TEB *pTEB = TEB_GetCurrentTeb() ProcedureReturn *pTEB\Cid\UniqueThread EndProcedure Procedure.i TEB_GetProcessHeap() Protected *pTEB.TEB *pTEB = TEB_GetCurrentTeb() ProcedureReturn *pTEB\Peb\ProcessHeap EndProcedure Procedure.i TEB_GetModuleHandle(pszModuleName.i) Protected *pTEB.TEB, *pLDTE.LDR_DATA_TABLE_ENTRY Protected wModuleNameLength.w, *pcModuleName.Character Protected wFullDllNameLength.w, *puFullDllName.Unicode Protected iCounter.i If pszModuleName ;{ calculate length of pszModuleName and lowercase it ; we need the length later to compare modulenames ; lowercase because we want to compare. ; modulenames in LDR_DATA_TABLE_ENTRY are in lower or upper case. ; the loop will calculate the stringlength not stringbytelength. ;} unicode or ansi compiled it will allways be the same *pcModuleName = pszModuleName While *pcModuleName\c If *pcModuleName\c >= $41 And *pcModuleName\c <= $5A: *pcModuleName\c | $20: EndIf *pcModuleName + SizeOf(Character) wModuleNameLength + 1 Wend ; if the modulelength is 0 we exit If wModuleNameLength = 0 ProcedureReturn 0 EndIf ;{ check if pszModuleName has the dll/exe extension ;} if yes align the length of pszModuleName to the length without .dll/.exe *pcModuleName - 4 * SizeOf(Character) If *pcModuleName\c = $2E *pcModuleName + SizeOf(Character) If *pcModuleName\c = $64 Or *pcModuleName\c = $65 *pcModuleName + SizeOf(Character) If *pcModuleName\c = $6C Or *pcModuleName\c = $78 *pcModuleName + SizeOf(Character) If *pcModuleName\c = $6C Or *pcModuleName\c = $65 wModuleNameLength - 4 EndIf EndIf EndIf EndIf EndIf ;{ get a pointer to PEB ;} and from PEB we get the pointer to LDR_DATA_TABLE_ENTRY *pTEB = TEB_GetCurrentTeb() *pLDTE = *pTEB\Peb\LoaderData\InLoadOrderModuleList\Flink If pszModuleName = 0 ProcedureReturn *pLDTE\BaseAddress EndIf ; as long as we got dllbase <> 0 we loop through LDR_DATA_TABLE_ENTRY entries While *pLDTE\BaseAddress ;{/ calculate the length(using the Length and Maxlength of the UNICODE_STRING Structure didnt work for me) ;// of FullDllName And lowercase it. ;}/ length will be the length of an unicode string (stringlength * 2 or stringbytelength.) *puFullDllName = *pLDTE\FullDllName\Buffer: wFullDllNameLength = 0 While *puFullDllName\u If *puFullDllName\u >= $41 And *puFullDllName\u <= $5A: *puFullDllName\u | $20: EndIf *puFullDllName + SizeOf(Unicode) wFullDllNameLength + 1 Wend ;{ compare dll names. ; get a pointer to a character structure from pszModuleName. ; get a pointer to a unicode structure from LDR_DATA_TABLE_ENTRY FullDllName field ; align the startpoint of FullDllName to the length of the modulename. ;} *pcModuleName = pszModuleName *puFullDllName = *pLDTE\FullDllName\Buffer *puFullDllName + ((wFullDllNameLength - 4) * SizeOf(Unicode)) - wModuleNameLength * SizeOf(Unicode) ; compare the names bytewise iCounter = wModuleNameLength While iCounter iCounter - 1 If *pcModuleName\c <> *puFullDllName\u; module names are not the same break the loop Break ElseIf *pcModuleName\c = *puFullDllName\u And iCounter = 0; module names are the same. return DllBase Address ProcedureReturn *pLDTE\BaseAddress EndIf *pcModuleName + SizeOf(Character): *puFullDllName + SizeOf(Unicode) Wend ; get the next LDR_DATA_TABLE_ENTRY *pLDTE = *pLDTE\InLoadOrderModuleList\Flink Wend ProcedureReturn 0 EndProcedure Procedure.i TEB_GetModuleFileName(hModule.i, pFilename.i, nSize.l) Protected *pTEB.TEB, *pLDTE.LDR_DATA_TABLE_ENTRY Protected *pcFilename.Character, *puFullDllName.Unicode Protected iCounter.i ;{ get a pointer to PEB ;} and from PEB we get the pointer to LDR_DATA_TABLE_ENTRY *pTEB = TEB_GetCurrentTeb() *pLDTE = *pTEB\Peb\LoaderData\InLoadOrderModuleList\Flink If hModule = 0 *pcFilename = pFilename: *puFullDllName = *pLDTE\FullDllName\Buffer If nSize > *pLDTE\FullDllName\Length: nSize = *pLDTE\FullDllName\Length: EndIf While iCounter < nSize *pcFilename\c = *puFullDllName\u *pcFilename + SizeOf(Character): *puFullDllName + SizeOf(Unicode) iCounter + 1 Wend ProcedureReturn iCounter / 2 EndIf ; as long as we got dllbase <> 0 we loop through LDR_DATA_TABLE_ENTRY entries While *pLDTE\BaseAddress If hModule = *pLDTE\BaseAddress *pcFilename = pFilename: *puFullDllName = *pLDTE\FullDllName\Buffer If nSize > *pLDTE\FullDllName\Length: nSize = *pLDTE\FullDllName\Length: EndIf While iCounter < nSize *pcFilename\c = *puFullDllName\u *pcFilename + SizeOf(Character): *puFullDllName + SizeOf(Unicode) iCounter + 1 Wend ProcedureReturn iCounter / 2 EndIf *pLDTE = *pLDTE\InLoadOrderModuleList\Flink Wend ProcedureReturn 0 EndProcedure Procedure.i TEB_IsDebuggerPresent() Protected *pTEB.TEB *pTEB = TEB_GetCurrentTeb() ProcedureReturn *pTEB\Peb\BeingDebugged EndProcedure Procedure.i TEB_SetDebuggerFlag(Flag.B) Protected *pTEB.TEB *pTEB = TEB_GetCurrentTeb() *pTEB\Peb\BeingDebugged = Flag ProcedureReturn *pTEB\Peb\BeingDebugged EndProcedure Procedure.i TEB_GetCommandLine() Protected *pTEB.TEB *pTEB = TEB_GetCurrentTeb() ProcedureReturn *pTEB\Peb\ProcessParameters\CommandLine\Buffer EndProcedure Procedure.i TEB_GetCurrentDirectory() Protected *pTEB.TEB *pTEB = TEB_GetCurrentTeb() ProcedureReturn *pTEB\Peb\ProcessParameters\CurrentDirectoryPath\Buffer EndProcedure Procedure.i TEB_GetImagePathName() Protected *pTEB.TEB *pTEB = TEB_GetCurrentTeb() ProcedureReturn *pTEB\Peb\ProcessParameters\ImagePathName\Buffer EndProcedure Procedure.i TEB_GetWindowTitle() Protected *pTEB.TEB *pTEB = TEB_GetCurrentTeb() ProcedureReturn *pTEB\Peb\ProcessParameters\WindowTitle\Buffer EndProcedure Procedure.i TEB_GetDesktopName() Protected *pTEB.TEB *pTEB = TEB_GetCurrentTeb() ProcedureReturn *pTEB\Peb\ProcessParameters\DesktopName\Buffer EndProcedure Procedure.i TEB_GetStdHandle(nStdHandle.l) Protected *pTEB.TEB *pTEB = TEB_GetCurrentTeb() Select nStdHandle Case #STD_INPUT_HANDLE ProcedureReturn *pTEB\Peb\ProcessParameters\StdInputHandle Case #STD_OUTPUT_HANDLE ProcedureReturn *pTEB\Peb\ProcessParameters\StdOutputHandle Case #STD_ERROR_HANDLE ProcedureReturn *pTEB\Peb\ProcessParameters\StdErrorHandle EndSelect EndProcedure ;-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ ;- Testing ;-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ ; GetCurrentProcess Debug Hex(GetCurrentProcess_(), #PB_Integer): Debug Hex(TEB_GetCurrentProcess(), #PB_Integer) MessageRequester("GetCurrentProcess", "Value returned by GetCurrentProcess = 0x" + Hex(GetCurrentProcess_(), #PB_Integer) + #CRLF$ + "Value returned by TEB_GetCurrentProcess = 0x" + Hex(TEB_GetCurrentProcess(), #PB_Integer), #MB_ICONINFORMATION) ; GetCurrentProcessId Debug Hex(GetCurrentProcessId_(), #PB_Integer): Debug Hex(TEB_GetCurrentProcessId(), #PB_Integer) MessageRequester("GetCurrentProcessId", "Value returned by GetCurrentProcessId = 0x" + Hex(GetCurrentProcessId_(), #PB_Integer) + #CRLF$ + "Value returned by TEB_GetCurrentProcessId = 0x" + Hex(TEB_GetCurrentProcessId(), #PB_Integer), #MB_ICONINFORMATION) ; GetCurrentThread Debug Hex(GetCurrentThread_(), #PB_Integer): Debug Hex(TEB_GetCurrentThread(), #PB_Integer) MessageRequester("GetCurrentThread", "Value returned by GetCurrentThread = 0x" + Hex(GetCurrentThread_(), #PB_Integer) + #CRLF$ + "Value returned by TEB_GetCurrentThread = 0x" + Hex(TEB_GetCurrentThread(), #PB_Integer), #MB_ICONINFORMATION) ; GetCurrentThreadId Debug Hex(GetCurrentThreadId_(), #PB_Integer): Debug Hex(TEB_GetCurrentThreadId(), #PB_Integer) MessageRequester("GetCurrentThreadId", "Value returned by GetCurrentThreadId = 0x" + Hex(GetCurrentThreadId_(), #PB_Integer) + #CRLF$ + "Value returned by TEB_GetCurrentThreadId = 0x" + Hex(TEB_GetCurrentThreadId(), #PB_Integer), #MB_ICONINFORMATION) ; GetProcessHeap Debug Hex(GetProcessHeap_(), #PB_Integer): Debug Hex(TEB_GetProcessHeap(), #PB_Integer) MessageRequester("GetProcessHeap", "Value returned by GetProcessHeap = 0x" + Hex(GetProcessHeap_(), #PB_Integer) + #CRLF$ + "Value returned by TEB_GetProcessHeap = 0x" + Hex(TEB_GetProcessHeap(), #PB_Integer), #MB_ICONINFORMATION) ; GetModuleHandle 0 Debug Hex(GetModuleHandle_(0), #PB_Integer): Debug Hex(TEB_GetModuleHandle(0), #PB_Integer) MessageRequester("GetModuleHandle(0)", "Value returned by GetModuleHandle = 0x" + Hex(GetModuleHandle_(0), #PB_Integer) + #CRLF$ + "Value returned by TEB_GetModuleHandle = 0x" + Hex(TEB_GetModuleHandle(0), #PB_Integer), #MB_ICONINFORMATION) ; GetModuleHandle("user32") Debug Hex(GetModuleHandle_("user32"), #PB_Integer): Debug Hex(TEB_GetModuleHandle(@"uSeR32"), #PB_Integer) MessageRequester("GetModuleHandle(" + Chr($22) + "user32" + Chr($22) + ")", "Value returned by GetModuleHandle = 0x" + Hex(GetModuleHandle_("user32"), #PB_Integer) + #CRLF$ + "Value returned by TEB_GetModuleHandle = 0x" + Hex(TEB_GetModuleHandle(@"uSeR32"), #PB_Integer), #MB_ICONINFORMATION) ; GetModuleFileName 0 Define szOriginal.s, szReplace.s szOriginal = Space(#MAX_PATH): szReplace = Space(#MAX_PATH) Debug GetModuleFileName_(0, @szOriginal, #MAX_PATH): Debug TEB_GetModuleFileName(0, @szReplace, #MAX_PATH) MessageRequester("GetModuleFileName 0", "Filename returned by GetModuleFileName = " + szOriginal + #CRLF$ + "Filename returned by TEB_GetModuleFileName = " + szReplace, #MB_ICONINFORMATION) ; GetModuleFileName user32 Define szOriginal2.s, szReplace2.s szOriginal2 = Space(#MAX_PATH): szReplace2 = Space(#MAX_PATH) Debug GetModuleFileName_(GetModuleHandle_("user32"), @szOriginal2, #MAX_PATH): Debug TEB_GetModuleFileName(TEB_GetModuleHandle(@"user32"), @szReplace2, #MAX_PATH) MessageRequester("GetModuleFileName user32", "Filename returned by GetModuleFileName = " + szOriginal2 + #CRLF$ + "Filename returned by TEB_GetModuleFileName = " + szReplace2, #MB_ICONINFORMATION) ; IsDebuggerPresent Debug Hex(IsDebuggerPresent_(), #PB_Integer): Debug Hex(TEB_IsDebuggerPresent(), #PB_Integer) MessageRequester("IsDebuggerPresent", "Value returned by IsDebuggerPresent = 0x" + Hex(IsDebuggerPresent_(), #PB_Integer) + #CRLF$ + "Value returned by TEB_IsDebuggerPresent = 0x" + Hex(TEB_IsDebuggerPresent(), #PB_Integer), #MB_ICONINFORMATION) ; SetDebugFlag If TEB_IsDebuggerPresent() MessageRequester("Debuggerflag", "We are being debugged. Setting flag to 0", #MB_ICONINFORMATION) TEB_SetDebuggerFlag(#False) If TEB_IsDebuggerPresent() MessageRequester("Error", "Error setting debuggerflag to 0", #MB_ICONERROR) Else MessageRequester("Success", "Debuggerflag set to 0", #MB_ICONINFORMATION) TEB_SetDebuggerFlag(#True) EndIf Else MessageRequester("Debuggerflag", "We are not being debugged. Setting flag to 1", #MB_ICONINFORMATION) TEB_SetDebuggerFlag(#True) If TEB_IsDebuggerPresent() MessageRequester("Success", "Debuggerflag set to 1", #MB_ICONINFORMATION) TEB_SetDebuggerFlag(#False) Else MessageRequester("Error", "Error setting debuggerflag to 1", #MB_ICONERROR) EndIf EndIf ; GetCommandLine Debug Hex(GetCommandLine_(), #PB_Integer): Debug Hex(TEB_GetCommandLine(), #PB_Integer) MessageRequester("GetCommandLine", "Commandline Pointer returned by GetCommandLine = " + PeekS(GetCommandLine_()) + #CRLF$ + "Commandline Pointer returned by TEB_GetCommandLine = " + PeekS(TEB_GetCommandLine(), #PB_Any, #PB_Unicode), #MB_ICONINFORMATION)
  13. Im not that delphi expert, but your code looks legit. This code is for taking a desktopscreenshot? Im sorry but im only to show you a working example in purebasic. EnableExplicit ;-------------------------------------------------------------------------------------------------- ;- Include: i_ScreenShot.pbi ;- ;- Author: sotpot ;- ;- Description: take a screenshot as bitmap and compress bitmapbuffer into formats that are ;- supported by GdiPlus Api ;- ;- Credits: Romain Hippeau for the CaptureBMP snippet ;- ;- ;- MSDN ;-------------------------------------------------------------------------------------------------- Structure ImageCodecInfo clsid.CLSID formatID.GUID *codecName.i *dllName.i *formatDescription.i *filenameExtension.i *mimeType.i flags.l version.l sigCount.l sigSize.l *sigPattern.byte *sigMask.byte EndStructure Structure GdiplusStartupinput GdiPlusVersion.l *DebugEventCallback.Debug_Event SuppressBackgroundThread.l SuppressExternalCodecs.l EndStructure Import "gdiplus.lib" GdiplusStartup(*token, *input.GdiplusStartupinput, *output) GdiplusShutdown(*token) GdipGetImageEncodersSize(*numEncoders, *size) GdipGetImageEncoders(numEncoders, size, *encoders) GdipCreateBitmapFromHBITMAP(hbm, hpal, *image) GdipCreateBitmapFromStream(*stream.IStream, *image) GdipSaveImageToStream(image, *stream.IStream, *clsidEncoder.CLSID, *encoderParams) GdipDrawImage(*graphics, pImage, x, y) GdipCreateHBITMAPFromBitmap(*GpBitmap, hBitmap.l, background.l) GdipDisposeImage(*image) EndImport ;-------------------------------------------------------------------------------------------------- ;- CaptureBMP creates a screenshot as bitmap from current display and returns that buffer ;-------------------------------------------------------------------------------------------------- Procedure CaptureBMP() Protected hdcScr.l, hdcMem.l, hbmScr.l Protected iXRes.i, iYRes.i Protected tBitmap.BITMAP, tBitmapFileHeader.BITMAPFILEHEADER Protected *tBitmapInfo.BITMAPINFO, *tBitmapInfoHeader.BITMAPINFOHEADER Protected cClrBits.w Protected *BufferBits, *BmpBuffer hdcScr = CreateDC_("DISPLAY", #Null, #Null, #Null) If hdcScr hdcMem = CreateCompatibleDC_(hdcScr) If hdcMem iXRes = GetDeviceCaps_(hdcScr, #HORZRES) iYRes = GetDeviceCaps_(hdcScr, #VERTRES) If iXRes And iXRes hbmScr = CreateCompatibleBitmap_(hdcScr, iXRes, iYRes) If hbmScr If SelectObject_(hdcMem, hbmScr) If StretchBlt_(hdcMem, 0, 0, iXRes, iYRes, hdcScr, 0, 0, iXRes, iYRes, #SRCCOPY) If GetObject_(hbmScr, SizeOf(BITMAP), @tBitmap) cClrBits = tBitmap\bmPlanes * tBitmap\bmBitsPixel;: Debug "Count of bits: " + Str(cClrBits) If cClrBits = 1 cClrBits = 1 ElseIf cClrBits <= 4 cClrBits = 4 ElseIf cClrBits <= 8 cClrBits = 8 ElseIf cClrBits <= 16 cClrBits = 16 ElseIf cClrBits <= 24 cClrBits = 24 Else cClrBits = 32 EndIf If Not cClrBits = 24 *tBitmapInfo = AllocateMemory(SizeOf(BITMAPINFO) + SizeOf(RGBQUAD) * (1 << cClrBits)) Else *tBitmapInfo = AllocateMemory(SizeOf(BITMAPINFO)) EndIf *tBitmapInfo\bmiHeader\biSize = SizeOf(BITMAPINFOHEADER) *tBitmapInfo\bmiHeader\biWidth = tBitmap\bmWidth *tBitmapInfo\bmiHeader\biHeight = tBitmap\bmHeight *tBitmapInfo\bmiHeader\biPlanes = tBitmap\bmPlanes *tBitmapInfo\bmiHeader\biBitCount = tBitmap\bmBitsPixel If cClrBits < 24 *tBitmapInfo\bmiHeader\biClrUsed = (1 << cClrBits) EndIf *tBitmapInfo\bmiHeader\biCompression = #BI_RGB *tBitmapInfo\bmiHeader\biSizeImage = (*tBitmapInfo\bmiHeader\biWidth + 7) / 8 * *tBitmapInfo\bmiHeader\biHeight * cClrBits *tBitmapInfo\bmiHeader\biClrImportant = 0 *tBitmapInfoHeader = *tBitmapInfo *BufferBits = AllocateMemory(*tBitmapInfoHeader\biSizeImage) If *BufferBits If GetDIBits_(hdcMem, hbmScr, 0, *tBitmapInfoHeader\biHeight, *BufferBits, *tBitmapInfo, #DIB_RGB_COLORS) tBitmapFileHeader\bfType = $4d42 tBitmapFileHeader\bfSize = SizeOf(BITMAPFILEHEADER) + *tBitmapInfoHeader\biSize + *tBitmapInfoHeader\biClrUsed * SizeOf(RGBQUAD) + *tBitmapInfoHeader\biSizeImage tBitmapFileHeader\bfOffBits = SizeOf(BITMAPFILEHEADER) + *tBitmapInfoHeader\biSize + *tBitmapInfoHeader\biClrUsed * SizeOf(RGBQUAD) *BmpBuffer = AllocateMemory(tBitmapFileHeader\bfSize) If *BmpBuffer RtlMoveMemory_(*BmpBuffer, tBitmapFileHeader, SizeOf(BITMAPFILEHEADER)) RtlMoveMemory_(*BmpBuffer + SizeOf(BITMAPFILEHEADER), *tBitmapInfoHeader, SizeOf(BITMAPINFOHEADER) + *tBitmapInfoHeader\biClrUsed * SizeOf(RGBQUAD)) RtlMoveMemory_(*BmpBuffer + SizeOf(BITMAPFILEHEADER) + SizeOf(BITMAPINFOHEADER) + *tBitmapInfoHeader\biClrUsed * SizeOf(RGBQUAD), *BufferBits, *tBitmapInfoHeader\biSizeImage) ReleaseDC_(0, hdcScr): ReleaseDC_(0, hdcMem) FreeMemory(*tBitmapInfo): FreeMemory(*BufferBits) ProcedureReturn *BmpBuffer EndIf Else: Debug "Error GetDIBits" EndIf Else: Debug "Error GlobalAlloc" EndIf Else: Debug "Error GetObject" EndIf Else: Debug "Error StretchBlt" EndIf Else: Debug "Error SelectObject" EndIf Else: Debug "Error CreateCompatibleBitmap" EndIf Else: Debug "Error GetDeviceCaps" EndIf Else: Debug "Error CreateCompatibleDC" EndIf Else: Debug "Error CreateDC" EndIf If hdcScr: ReleaseDC_(0, hdcScr): EndIf If hdcMem: ReleaseDC_(0, hdcMem): EndIf If *tBitmapInfo: FreeMemory(*tBitmapInfo): EndIf If *BufferBits: FreeMemory(*BufferBits): EndIf ProcedureReturn 0 EndProcedure ;-------------------------------------------------------------------------------------------------- ;- HandleBMP gives a valid bitmap handle to the passed *Buffer, this buffer gets freed by default ;-------------------------------------------------------------------------------------------------- Procedure.l HandleBMP(*Buffer, blFreeBuffer.l = #True) Structure ImageStream memBlock.l *memPixel *IStream.IStream EndStructure Protected GpBitmap.l Protected pStream.ImageStream Protected hBitmap.l Protected *token Protected input.GdiplusStartupinput If Not PeekW(*Buffer) = $4D42 ProcedureReturn 0 EndIf input\GdiPlusVersion = 1 If Not GdiplusStartup(@*token, @input, #Null) pStream\memBlock = GlobalAlloc_(#GHND, MemorySize(*Buffer)) pStream\memPixel = GlobalLock_(pStream\memBlock) RtlMoveMemory_(pStream\memPixel, *Buffer, MemorySize(*Buffer)) If Not CreateStreamOnHGlobal_(pStream\memPixel, #True, @pStream\IStream) If Not GdipCreateBitmapFromStream(pStream\IStream, @GpBitmap) If Not GdipCreateHBITMAPFromBitmap(GpBitmap, @hBitmap, 0) If blFreeBuffer: FreeMemory(*Buffer): EndIf GdiplusShutdown(*token) GlobalUnlock_(pStream\memPixel) GlobalFree_(pStream\memBlock) ProcedureReturn hBitmap Else: Debug "Error GdipCreateHBITMAPFromBitmap" EndIf Else: Debug "Error GdipCreateBitmapFromStream" EndIf Else: Debug "Error CreateStreamOnHGlobal" EndIf Else: Debug "Error GdiplusStartup" EndIf If *token: GdiplusShutdown(*token): EndIf If pStream\memBlock: GlobalUnlock_(pStream\memPixel): GlobalFree_(pStream\memBlock): EndIf ProcedureReturn 0 EndProcedure ;-------------------------------------------------------------------------------------------------- ;- CompressBMP will compress a bitmap file in memory and returns it as buffer ;-------------------------------------------------------------------------------------------------- #CompressionFormatPNG = "image/png" #CompressionFormatJPG = "image/jpeg" #CompressionFormatTIFF = "image/tiff" Procedure CompressBMP(hBitmap.l, szCompressionFormat.s = #CompressionFormatPNG) Protected tBmp.BITMAP Protected *token, input.GdiplusStartupinput Protected *ImageCodecInfo.ImageCodecInfo Protected numEncoders.l, size.l Protected GpBitmap.l Protected pIStream.IStream Protected dwStreamSize.l Protected pcbRead .l Protected i.i If GetObject_(hBitmap, SizeOf(BITMAP), @tBmp) input\GdiPlusVersion = 1 If Not GdiplusStartup(@*token, @input, #Null) If Not GdipGetImageEncodersSize(@numEncoders, @size) *ImageCodecInfo = AllocateMemory(size) If Not GdipGetImageEncoders(numEncoders, size, *ImageCodecInfo) For i = 0 To numEncoders If LCase(szCompressionFormat) = LCase(PeekS(*ImageCodecInfo\MimeType, -1, #PB_Unicode)) If GdipCreateBitmapFromHBITMAP(hBitmap, 0, @GpBitmap) ProcedureReturn 0 EndIf If CreateStreamOnHGlobal_(#Null, #True, @pIStream) ProcedureReturn 0 EndIf If GdipSaveImageToStream(GpBitmap, pIStream, *ImageCodecInfo\clsid, 0) ProcedureReturn 0 EndIf GdipDisposeImage(GpBitmap) GdiplusShutdown(*token) If pIStream\Seek(0, #STREAM_SEEK_END, @dwStreamSize) ProcedureReturn 0 EndIf If pIStream\Seek(0, #STREAM_SEEK_SET, 0) ProcedureReturn 0 EndIf If Not dwStreamSize ProcedureReturn 0 EndIf Protected *Buffer = AllocateMemory(dwStreamSize) If pIStream\Read(*Buffer, dwStreamSize, @pcbRead) ProcedureReturn 0 EndIf If dwStreamSize = pcbRead ProcedureReturn *Buffer Else ProcedureReturn 0 EndIf EndIf *ImageCodecInfo + SizeOf(ImageCodecInfo) Next i Else: Debug "Error GdipGetImageEncoders" EndIf Else: Debug "Error GdipGetImageEncodersSize" EndIf Else: Debug "Error GdiplusStartup" EndIf Else: Debug "Error GetObject" EndIf If *token: GdiplusShutdown(*token): EndIf ProcedureReturn 0 EndProcedure ;-------------------------------------------------------------------------------------------------- ;- Test Example ;-------------------------------------------------------------------------------------------------- Define *Buffer = CaptureBMP(); get screenshot Define h.l = HandleBMP(*Buffer); get a handle *Buffer = CompressBMP(h, #CompressionFormatPNG); compress If CreateFile(0, "d:\screen.png"); write to disk WriteData(0, *Buffer, MemorySize(*Buffer)) CloseFile(0) EndIf FreeMemory(*Buffer) Look at CaptureBMP(). It looks mostly like yours.
  14. yes it is possible
  15. what about changing the last byte? If you chabge the first byte you will, if im not wrong, destroy the jpg header? i just changed the last byte of a jpg and and it showed up, if i change the first byte the jpg is corrupted.
  • Who's Online   0 Members, 0 Anonymous, 4 Guests (See full list)

    There are no registered users currently online