Today I'd like to show you two videos.
The first one shows video player from SD card:
The second video shows generating VGA signal:
Enjoy watching.
Saturday, September 27, 2014
STM32F4
Hi.
Today I'd like to show you two videos.
The first one shows video player from SD card:
The second video shows generating VGA signal:
Enjoy watching.
Today I'd like to show you two videos.
The first one shows video player from SD card:
The second video shows generating VGA signal:
Enjoy watching.
Friday, September 26, 2014
Simple call logger
Hello.
I'm working on a new application which can be used to log application behavior. By saying behavior I mean logging events for example: creating a new thread, loading a dll, calling API functions or application functions and jumping. That's not all features. Call logger enables to do specific action for example: starting logging application from a given address, changing register value, changing memory value, saving parameter or buffer, changing parameter or buffer. These actions can be used only at given EIP, before/after call to a function, before/after call to a dll function. A script file may look:
I'm working on a new application which can be used to log application behavior. By saying behavior I mean logging events for example: creating a new thread, loading a dll, calling API functions or application functions and jumping. That's not all features. Call logger enables to do specific action for example: starting logging application from a given address, changing register value, changing memory value, saving parameter or buffer, changing parameter or buffer. These actions can be used only at given EIP, before/after call to a function, before/after call to a dll function. A script file may look:
start=0x004016fe;
afterdll=IsDebuggerPresent;register=eax,0x00000000;Start from: 0x004016FE
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
LoadDLL: ntdll.dll
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
LoadDLL: KERNEL32.dll
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
LoadDLL: msvcrt.dll
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Name: test.exe processID: 7BE8 threadID: 7BEC
Jump to: 0x7C813123 (KERNEL32.dll:IsDebuggerPresent) EIP: 0x00403808
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Name: test.exe processID: 7BE8 threadID: 7BEC
Jump from 0x00403808 to 0x7C813123 (KERNEL32.dll:IsDebuggerPresent) EIP: 0x00401750
Stack params: 0x00000000 0x00000000 0x004016BD 0x00000000 0x00000000 0x00000000 0x0022FFA0 0x00401CFE 0x00401CA0 0x0022FF30
Registers before call:
EAX: 0x0000002C EBX: 0x00000000 ECX: 0x7C810693 EDX: 0xFFFFFFFF EBP: 0x0022FF18 ESP: 0x0022FEEC ESI: 0x00241EE9 EDI: 0x0022FF33 EFLAGS: 0x00000206
Registers after call:
EAX: 0x00000000 EBX: 0x00000000 ECX: 0x7C810693 EDX: 0xFFFFFFFF EBP: 0x0022FF18 ESP: 0x0022FEF0 ESI: 0x00241EE9 EDI: 0x0022FF33 EFLAGS: 0x00000206 CF: 0 PF: 1 AF: 0 ZF: 0 SF: 0 DF: 0 OF: 0
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Name: test.exe processID: 7BE8 threadID: 7BEC
CONDITIONAL JMP (JZ) is TAKEN to: 0x0040175E EIP: 0x00401752 CF: 0 PF: 1 AF: 0 ZF: 1 SF: 0 DF: 0 OF: 0
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Name: test.exe processID: 7BE8 threadID: 7BEC
Call to: 0x00403738 EIP: 0x00401762
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Sunday, September 14, 2014
My simple protector
Hi.
I'd like to show you my simple protector for C applications. For now it's only for C applications, because my protector parses C code to get code with encoded strings and hidden API calls. Then code is compiled and the last step is to pack all functions from source file. Every function is packed in another way. Function is decoded before every calling, because it's not decoded in code segment. Packed function is copied to a new region in memory and there is decoded, then code executes and after execution, decoded function is removed from memory. That's all features for now. I made a simple application you can download a zip file included source file and two exe files, first was compiled by mingw, second was protected by my simple protector: Download
I'd like to show you my simple protector for C applications. For now it's only for C applications, because my protector parses C code to get code with encoded strings and hidden API calls. Then code is compiled and the last step is to pack all functions from source file. Every function is packed in another way. Function is decoded before every calling, because it's not decoded in code segment. Packed function is copied to a new region in memory and there is decoded, then code executes and after execution, decoded function is removed from memory. That's all features for now. I made a simple application you can download a zip file included source file and two exe files, first was compiled by mingw, second was protected by my simple protector: Download
Subscribe to:
Posts (Atom)