cracksman

Moderators
  • Content count

    756
  • Joined

  • Last visited

Community Reputation

99 Excellent

1 Follower

About cracksman

  • Rank
    Super Moderator
  • Birthday 07/25/1990

Recent Profile Visitors

19,386 profile views
  1. well, https://rhyliv.com/ is up now, but its likely to fall offline in the next month or two.
  2. //edit oh so it works now?! if so, ignore the following. Does it display if you use the following? RtlStringCbPrintfA(Message, ...); DbgPrint("%d:%s", sizeof(Message), Message); if so then try it right before ZwWriteFile BOOLEAN WrPipe(void* pBuf, ULONG bufSize) { //* code code code //... DbgPrint("Pipe 2 Writeing"); DbgPrint("%d:%s", bufSize, pBuf); ntStatus = ZwWriteFile(...); } I'm beginning to think it's an issue casting or de-refrencing the string. according to @Protocol after a few more posts you should be auto-approved. it's to prevent spam, sorry :<
  3. Good work, glad it's working! where is this code at? it's interesting that the correct number of bytes are received but nothing shows, is your receive buffer allocated?
  4. // Break if the pipe handle is valid. if (hPipe != INVALID_HANDLE_VALUE) { DbgPrint("Invalid Handle"); break; } (hPipe != INVALID_HANDLE_VALUE) would be a valid pipe. otherwise it looks fine i recommend you make sure you are receiving the same data types as you are sending it looks like you are sending two ULONGs, and then a Pointer, so make sure the other ends ReadFile uses a ULONG as it's buffer (2x), then PVOID. i cant help too much more without somehow compiling drivers in delphi, sorry :<
  5. hmm, Unfortunately Delphi can't compile drivers, so I have no way of testing this for you. If you run the driver in user-land is it able to communicate properly? (just for confirmation). some minor things I noticed: kernel pipes must begin with \\??\\ because it's a Unicode string.(according to the internet) MSDN shows RtlInitUnicodeString is obsolete and suggests using RtlUnicodeStringInit instead. ZwCreateFile doesn't have any error checking. you skip from ZwCreateFile to ZwWriteFile then check ntStatus. just to be clear the driver is running in a system thread context, right?. ZwCreateFile 's ObjectAttributes [in] states Otherwise it looks good; try this out and get back to me with results! edit: also noticed that you specify "sizeof(&pBuf)" in ZwWriteFile() which is the size of a pointer (4bytes), and not the length of pBuf
  6. not an example but, I believe that the Atom functions are for passing information between kernel and user modes. I can look into it a little bit later but i gotta run to class Edit: Super easy stuff here; (note im using strings but you can pass int's by appending a # for example '#1234' ) GlobalAddAtom(), and GlobalFindAtom() is all you need; However, for my example both apps are in user mode and I simply display the Atom and type it into the second, which defeats the point... you may want to use a named Pipe but I'm not sure if they work across kernel/user modes. I'll whip up a "named pipe" example in a sec, hang tight for edits. Edit2: Alright Pipes; again not sure if this works across user/driver but give it a shot. Read from a pipe program pipe; {$APPTYPE CONSOLE} {$R *.res} uses Windows, System.SysUtils; Var hPipe : THandle; cbRead : DWORD; lpPipeName : LPCWSTR = '\\.\pipe\ic0de'; BufSize : DWORD = 255; lpText : LPCWSTR = 'Hello world'; lpBuffer : array [0..255] of WCHAR; fSuccess : boolean = False; begin try hPipe := CreateNamedPipe(lpPipeName, PIPE_ACCESS_DUPLEX, //The pipe is bi-directional PIPE_TYPE_MESSAGE or PIPE_READMODE_MESSAGE or PIPE_WAIT, //treat as messages (vs byte stream), blocking PIPE_UNLIMITED_INSTANCES, BufSize, BufSize, 0, nil); ConnectNamedPipe(hPipe, Nil); //blocking; wait for "Write" end to open. repeat fSuccess := ReadFile(hPipe, lpbuffer[0], sizeof(lpBuffer), cbRead, Nil); //Read the data IF (fSuccess = True) then //was the read sucessful? Writeln(lpBuffer); //yes, write to screen until (GetLastError <> ERROR_MORE_DATA); //^ incase there are more than 255 bytes, loop and read the next chunk/ note this will overwrite the previous buffer CloseHandle(hPipe);// all finished, clean up. readln; { TODO -oUser -cConsole Main : Insert code here } except on E: Exception do Writeln(E.ClassName, ': ', E.Message); end; end. Write To a Pipe program Project1; {$APPTYPE CONSOLE} {$R *.res} uses Windows, System.SysUtils; Var hPipe : THandle; cbWritten : DWORD; lpPipeName : LPCWSTR = '\\.\pipe\ic0de'; lpText : LPCWSTR = 'Hello world'; begin try hPipe := CreateFile(lpPipeName, GENERIC_WRITE, 0, Nil, OPEN_EXISTING, 0, 0); //^ Open the Pipe. note: this triggers ConnectPipe is the other program IF (HPipe = INVALID_HANDLE_VALUE) Then //is it valid? Writeln(GetLastError); //if HPipe fails you will want to error check and/or loop to open it again, //but, im lazy and this is an example so we're are going to skip that and write anyways. WriteFile(hPipe, lpText[0], length(lpText)*Sizeof(WCHAR), cbWritten, Nil); //Write some Data to the pipe writeln(lptext);//just for fun, also print the data to the screen readln;//pause except on E: Exception do Writeln(E.ClassName, ': ', E.Message); end; end. note: make sure you run the "Read" example before the "Write" example. the "read" example opens a pipe and waits for data; whereas the "write" just writes and exits. ugh, Edit 3; since you want to pass integers, you have two options that I can see. 1) just change the buffer to send/recive an integer rather than LPCWSTR, so like var buffer: integer; begin ... WriteFile(hPipe, Buffer, sizeof(buffer), written, Nil); OR Create a structure with multiple numbers and send that. type BunchONumbers = record one : Int32; two : Int32; end; var nums = BunchONumbers; begin nums.one := 1337; nums.two := 65535; WriteFile(hPipe, nums, sizeof(nums), written, Nil); ... ReadFile(hPipe, nums, sizeof(nums), written, Nil); var1 := nums.one; var2 := nums.two
  7. it just runs through a list of default and simple passwords like Admin and 1234 you can see them in /headers/netspread.h edit: can enyone explain what the shellcode in exploit.ccp does? it's binding to RPC, but how?
  8. As you can all see we've updated to IPB, and in doing so, we need a new theme! i've been browsing around and found these two which I like, but hey we're a community and should decide together, right? Dark theme: https://webflake.sx/files/file/2968-ips4-dark-theme/ EDIT changed my mind, I just found this one which I find pretty nice, it's an odd layout but that's why I like it, this would work expecally well if we could integrate some type of paste-bin or GitHub for code it would be fantastic, don't ya' think? http://www.skinbox.net/skins/surface/ again these are just my opinions, if you know of a better one please let us know!
  9. so, do you know how to debug? click the area next to the code to set a breakpoint, (clicking it a second time will remove it). when you rin the code it will stop execution when it gets here. Press f7 to step into the function, and then press f8 to step over code. you can mouse over variables to see their content. so the first issue is that you called setstring(), without calling setlength() first. so you were writing "stream.size" of data, into a string that was 0 chars long, causing a crash. intrestingly, on the following line you cast the first char if the string into a pointer, which is literally the same pointer as Stream.memory. rather than moving it into a string I simply changed Stream := TMemoryStream.Create; Stream.LoadFromFile(ParamStr(0)); SetString(NewFileData,Stream.Memory,Stream.Size); ResourcePointer := @NewFileData[1]; to Stream := TMemoryStream.Create; Stream.LoadFromFile(ParamStr(0)); ResourcePointer := Stream.Memory; after compiling again, it successfully executed all the way into maplibrary() Unitinjectlibrary, line 360. SectionBase := VirtualAlloc(PSections[sectionLoop].VirtualAddress + PChar(ImageBase), VirtualSectionSize, MEM_COMMIT, PAGE_READWRITE); FillChar(SectionBase^, VirtualSectionSize, 0); and is crashing because VirtualAlloc returns Nil, and you are trying to write data to that pointer. (no error checking).. so, I'm going to let you try and fix this one...
  10. what is InjectPointerLibrary()? does it really expect a base address and not a function pointer? what is Buffer? if it's an array of bytes you would need buffer[0], if its a string then buffer[1].
  11. glad to see you here!
  12. yes, learn c#. Worst case scenario is that you learn a new language and can write it on your resume.
  13. good work! I haven't seen too many DlgProc apps, so I really like this one
  14. hey new problem though. When i try to update the UI from the dll, an exception is thrown because the forum was never initialized within the dll. for example //adding a ListItem to a TListView in the dll. Procedure AddItem(Caption, Value: LPCWSTR); Var li : TListItem; Begin li := Form1.ListView1.Items.Add; [color="#008000"]//Form1. is[/color][color="#FF0000"] Nil[/color] li.Caption := Caption; li.SubItems.Add(Value); End; any work arounds :0 Edit: Nevermind! I just call createForm in the DLL and parent the window I pass in Function SetPluginWindow(Parent: HWND): TForm; stdcall; export; Begin Form1 := TForm1.CreateParented(Parent); Form1.BorderStyle:= bsNone; Form1.Visible := TRUE; End; edit2: Form1.Align does not work properly, it seems to align to the monitor(?) and not the parent. I'm assuming it can't read the patent control . The following will set it to the size of the parent control; however it's not resizeable. GetClientRect(Parent, Rect); Form1.BoundsRect := Rect;
  15. so I (finally) realized that the project I had been working on was throwing exceptions because I was trying to create the form with ".create()" instead of ".CreateParented()" so the PluginForm would try to .free after the tab had already been freed/destroyed (creating the exception). CreateParented() fixes this by freeing the pluginForm when its parent is freed. so. damn. close. Thank you kolbi.
  • Who's Online   0 Members, 0 Anonymous, 6 Guests (See full list)

    There are no registered users currently online