Departure

Members
  • Content count

    525
  • Joined

  • Last visited

Community Reputation

43 Excellent

About Departure

  • Rank
    Senior Member
  • Birthday 02/05/1977
  1. Just a little update for you, I did some more measuring of the time it took to execute mapping of the file and scanning. It became very clear BoyerMore routine was a lot faster, over the double the speed of the Naive routine, both scans came in under 1 millisecond BoyerMore 0.3 milliseconds Naive 0.75 milliseconds Thats less than 1000th of a second, of cause this will differ depending on CPU and hard drive speed when it first gets mapped and updated HD cache. if you want to test this add a checkbox and change to the code below /////// Event handler On Click Scan ////// procedure TForm1.btnScanClick(Sender: TObject); var OffSet: Cardinal; baPattern: TCustByteArray; ////// Performance Measure //// frequency : Int64; startTime : Int64; endTime : Int64; delta : Extended; begin //Check File Exists if not FileExists(lblFileLocation.Text) then begin ShowMessage('No File Selected'); Exit; end else begin // Create an array of byte from hex string baPattern := HexStrToByteArray(lblSig.Text); //// Performance measure //// QueryPerformanceFrequency(frequency); QueryPerformanceCounter(startTime); //Scan File for Sig, True = Use Boyermoore, False = Use Naive OffSet := SearchFile(lblFileLocation.Text, @baPattern[0], Length(baPattern), chkBoyerMore.Checked); //// Performance result //// QueryPerformanceCounter(endTime); delta := (endTime - startTime) / frequency; ShowMessage(FloatToStr(delta * 1000) + ' MilliSeconds'); //Convert to Hex/Decimal Showmessage(format('%.8x : %d', [OffSet, OffSet])); end; end;
  2. added download attachment
  3. I wrote some code using both BoyerMore and Naive Search algorithm for what you want, I also used tick count to measure the time it took to memory map and scan putty for the sig, the results was in milliseconds and it was 0 on both types of sig scans, so yeah this will be quick.you will need to add error checking on the sig you type into lblSig TLabeledEdit, at the moment it uses no spaces e.g "83c40c85c07403ff46088d460850ff" some error checking is to make sure the length is dividable by 2 and check for spaces and maybe check if each char is in range of 0..9 and A..F (hex codes) unit Unit1;interfaceuses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls, ExtCtrls;type TForm1 = class(TForm) btnOpen: TButton; lblSig: TLabeledEdit; lblFileLocation: TLabeledEdit; dlgOpen: TOpenDialog; btnScan: TButton; procedure btnOpenClick(Sender: TObject); procedure btnScanClick(Sender: TObject); private { Private declarations } public { Public declarations } end;var Form1: TForm1;implementation{$R *.dfm}/// Custom Array of bytestype TCustByteArray = array of Byte;///////// HexStrToByteArray /////////function HexToInt(const strHex: string; out Value: Integer): Boolean;var E: Integer; // error codebegin Val(strHex, Value, E); Result := E = 0;end;function HexStrToByteArray(const strHex: string): TCustByteArray;var i, Value: Integer;begin SetLength(Result, Length(strHex) div 2); for i := 0 to (Length(strHex) div 2) do begin HexToInt('$' + Copy(strHex, (i * 2) + 1, 2), Value); Result[i] := Byte(Value); ; end;end;////////// Search Function Naive /////////function Naive(const pTarget, pPattern: PByte; const cLenTarget, cLenPattern: Cardinal; bOffSet: Boolean = True): Cardinal;var iMainLoop, iSubLoop: integer;begin Result := 0; if cLenTarget * cLenPattern = 0 then Exit; for iMainLoop := 0 to pred(cLenTarget) do begin if PByte(Dword(pTarget) + iMainLoop)^ = pPattern^ then begin for iSubLoop := 1 to pred(cLenPattern) do if PByte(Dword(pPattern) + iSubLoop)^ <> PByte(Dword(pTarget) + iMainLoop + iSubLoop)^ then Break; if iSubLoop = cLenPattern then begin if bOffSet then Result := iMainLoop else Result := Cardinal(Dword(pTarget) + iMainLoop); Exit; end; end; end;end;////////// Search Function BoyerMore /////////function BoyerMore(const pTarget, pPattern: PChar; const cLenTarget, cLenPattern: Cardinal): Cardinal;var i, j, k: Integer; baStep: array[0..255] of byte;begin Result := 0; if cLenTarget * cLenPattern = 0 then Exit; for k := 0 to 255 do baStep[k] := cLenPattern; for k := 0 to pred(cLenPattern) do baStep[Ord(pPattern[k])] := cLenPattern - k; k := pred(cLenPattern); while k <= cLenTarget do begin i := k - 1; j := cLenPattern - 1; while pTarget[i] = pPattern[j] do begin Dec(i); Dec(j); end; if j = -1 then begin Result := i + 1; Exit; end; k := k + baStep[Ord(pTarget[k])]; end;end;/////// Memory Map File //////function SearchFile(lpszFileName: string; pPattern: PByte; nSizePattern: Cardinal; SearchBoyerMore: Boolean): Cardinal;var hFile: THandle; hFileMap: THandle; nSizeFile: Cardinal; pFileMap: PByte;begin Result := 0; hFile := CreateFile(PAnsiChar(lpszFileName), GENERIC_READ, 0, nil, OPEN_EXISTING, GetFileAttributes(PAnsiChar(lpszFileName)), 0); if hFile <> INVALID_HANDLE_VALUE then begin nSizeFile := GetFileSize(hFile, nil); hFileMap := CreateFileMapping(hFile, nil, PAGE_READONLY, 0, 0, nil); if hFileMap <> 0 then begin pFileMap := PByte(MapViewOfFile(hFileMap, FILE_MAP_READ, 0, 0, nSizeFile)); if pFileMap <> nil then begin if SearchBoyerMore then Result := BoyerMore(PChar(pFileMap), PChar(pPattern), nSizeFile, nSizePattern) else Result := Naive(pFileMap, pPattern, nSizeFile, nSizePattern); UnmapViewOfFile(pFileMap); end else MessageBox(0, 'Failed to map view of file.', 'Error!', MB_OK); CloseHandle(hFileMap); end else MessageBox(0, 'Failed to create file mapping object.', 'Error!', MB_OK); CloseHandle(hFile) end else MessageBox(0, 'Failed to open file for mapping.', 'Error!', MB_OK);end;///////// Event Handers On Click Open File /////////procedure TForm1.btnOpenClick(Sender: TObject);begin if not dlgOpen.execute then exit; //Get File Path lblFileLocation.Text := dlgOpen.FileName;end;/////// Event handler On Click Scan //////procedure TForm1.btnScanClick(Sender: TObject);var OffSet: Cardinal; baPattern: TCustByteArray;begin //Check File Exists if not FileExists(lblFileLocation.Text) then begin ShowMessage('No File Selected'); Exit; end else begin // Create an array of byte from hex string baPattern := HexStrToByteArray(lblSig.Text); //Scan File for Sig, True = Use Boyermoore, False = Use Naive OffSet := SearchFile(lblFileLocation.Text, @baPattern[0], Length(baPattern), False); //Convert to Hex/Decimal Showmessage(format('%.8x : %d', [OffSet, OffSet])); end;end;end. Result for Putty version 0.66 is 0005C490 hex / 378000 decimal offsetDownload Source / Exe :[ATTACH]1112[/ATTACH] SigScanExe.rar
  4. Pos > 0 = Found //edit I think what you want to do is convert your sig into an array of bytes for easier use in your "search" function instead of the other way around, also loading your application into memory should be done using mapped file, its a lot quicker than block reading HexTostr http://www.ic0de.org/showthread.php?10385-Snippet-HexStrToByteArray here something that does what your looking to do, check last post in that topic http://www.ic0de.org/showthread.php?10709-Snippet-Pattern-Searc
  5. @Protocol I would really like to see you continue development on this, One of my favorite iCode projects. I seen you released the source for it but it would be nice to see you continue this....
  6. using the Tag property is another easy way to keep track of your items
  7. Here is another project I never finished(seems to be a common trend). I have always liked the photoshop color picker and this was meant to be a recreation of that. I found the coclorspace.pas unit on the net and modified it, so credits to original author of that unit. Still needs work done to make it complete but is functional as is. Download[ATTACH]1047[/ATTACH] ColorPicker.rar
  8. I haven't posted on here for some time, Here is something I started working on but never finished. Its still functional. It launches arma3 with the selected mods, it used the default "addons" folder but the idea I was going to add optional paths to include your custom mods for easier management. The source code was created using Delphi 2007, The screenshot was using Delphi XE7, but for the most except the Delphi "styles" it is the same. Download Source[ATTACH]1045[/ATTACH] Arma3Launcher2007.rar
  9. yes nice to see ic0de.org, It was disappointing to think that ic0de wasn't coming back as I first suspected after the long down time..
  10. would you not want to just register a channel on an existing network like freenode or similar networks? then have the community build a client? or are you thinking of building a irc server?
  11. When I am home I will be willing to donate my time to teach. I don't have much to teach others but maybe there is something useful I can offer
  12. Here is another old keygen tutorial, included is the pdf and docx version of the tutorial plus source code for the keygen, also included is the SHA1 unit used for the tutorial...[ATTACH]1000[/ATTACH] SentryKeyGenTutorial-Departure.rar
  13. So here is an old tutorial but still can be very relevant when reversing Delphi applications... included is the pdf and docx for the tutorial and also the source code for the keygen plus the ollydebug plugin used in the tutorial[ATTACH]999[/ATTACH]and here is the source code in C#, I know this could have been written better but im not a .net coder so this is my interpretation...[ATTACH]1001[/ATTACH] Tutorial-AOSRegOptimizerKG-Departure.rar Csharp.WinASO.Registry.Optimizer.KeyGen.rar
  14. RCE is still fun and everyone still has binary applications installed on there computers, admittedly the anti reversing tricks used by more well known applications are harder to "crack" but there are thousands of small software companies using no anti reverse tricks at all, and some have really interesting algo's for the serial numbers and checks. The idea is not to crack the latest adobe products but to find the applications methods of verifying there customers. To be honest if you spend enough time in ollydebug patching you will defeat just any products verification methods. But the real fun comes when you understand there methods and can code a "keygen" to produce a working serial, But in most cases just producing serial is not enough without patching online verification to use the product, But like I said before anyone who spends enough time in ollydebug looking at the target will eventually patch all of this. For me its not about patching the internet checks but about learning there algo's used for serial verification. I have not done any reversing for some time now(atleast 2 years) but I would love to start fresh with a new set of tutorials from the very beginning by patching simple applications that only requires a nop on jnz or similar examples, then build back up to learning the algo and recreating the code that verifies the serial. I have a couple of tutorials still online which I used when doing "crackme's" on an old forum I use to visit. I will gladly upload them, but they are a few years old now... //Edit Added 2 keygen tutorials to the Reverse Engineering section of the forum...
  15. For me personally two things has happend, Working away and switching to linux. I was never on this forum to code malware, and if I remember correctly I have never written any malware. I still run a virtual box and code in Delphi under a windows enviroment. I believe this forum still has the most useful resources without all the drama other similar forums have, I also think more non related malware coding would attract more people to this forum. I will start and become more active in this forum as I need to get my coding back up to scratch and I still have lots to learn. I have also been away from the RCE stuff and neglected the group I was with(Team Rept). Getting older now so I dont feel being in a "cracking group" is my style, but I still enjoy reversing applications and writting keygens and patches in Delphi. Sorry for the rant.. Anyway long story short I will try and do more to contribute to this forum with non malware stuff. P.s I like the last image in the above post, clean and simple....
  • Who's Online   0 Members, 0 Anonymous, 7 Guests (See full list)

    There are no registered users currently online