Search found 8 matches
- Sat Jun 05, 2004 7:15 am
- Forum: madCodeHook
- Topic: Hooking Without external DLL.
- Replies: 2
- Views: 13794
Hooking Without external DLL.
Is this a possible way?: I have seen a bunch of programs that make use of windows hooks to get various information. For instance, revealing the text of passwords edit controls under Windows 2000 and XP is only possible by using a hook procedure and many keyloggers use keyboard hooks. Hooks are a pow...
- Mon May 10, 2004 3:15 am
- Forum: madDisAsm
- Topic: How to disasamle code from another process?
- Replies: 6
- Views: 27545
How to disasamle code from another process?
Hello. I can disasamble my own code: var: a:^integer; b:TCodeInfo; begin a := ptr($00400010); b := parsecode(a); showmessage(inttohex(b.opcode,4)); b := parsecode(b.next); showmessage(inttohex(b.opcode,4)); end Is it possible, to use parsecode with the memory address of another process (calc.exe) ? ...
- Fri May 07, 2004 10:27 pm
- Forum: madCollection
- Topic: Feature possible?
- Replies: 8
- Views: 12825
- Fri May 07, 2004 1:57 pm
- Forum: madDisAsm
- Topic: Generate Opcode for jumps
- Replies: 2
- Views: 18515
Generate Opcode for jumps
Hello.
I would like to generate the opcode for jump instructions.
Something like
x := genopcode(0040000, Jmp 0050000);
// x = E9FBFF0000
x := genopcode(0001000, Jnp 0050000);
// x = 0F8BFAEF0400
Mayby it´s alread builtin?
Greetings
Alex
I would like to generate the opcode for jump instructions.
Something like
x := genopcode(0040000, Jmp 0050000);
// x = E9FBFF0000
x := genopcode(0001000, Jnp 0050000);
// x = 0F8BFAEF0400
Mayby it´s alread builtin?
Greetings
Alex
- Fri May 07, 2004 1:51 pm
- Forum: madCollection
- Topic: Feature possible?
- Replies: 8
- Views: 12825
Hello. Thanks for the great help. kernel32calcHandle := Process('calc.exe').Module('kernel32.dll').Handle; works very well. But i don´t understand the other code you posted... var nh : TImageNtHeaders; pnh : PImageNtHeaders; begin with Process('calc.exe') do if IsValid then begin pnh := Module('kern...
- Wed May 05, 2004 8:15 pm
- Forum: madCollection
- Topic: Feature possible?
- Replies: 8
- Views: 12825
Hello. Thanks for the hint. Now it works with: var proc:Ihandle; test:cardinal; test2:integer; begin proc := process('calc.exe').Handle; test := proc.Handle; test2 := ProcessHandleToid(test); end I need the PID from the process. Can this be done easier? For the dll question... I need to get the base...
- Tue May 04, 2004 6:14 pm
- Forum: madCollection
- Topic: Feature possible?
- Replies: 8
- Views: 12825
Feature possible?
Hello. Just two little questions. Is there something to get the base address of a loaded dll? Mayby the base address of a specified section? The address of the loaded dll changes everytime it loads. Second.: Would be great, to have a function to find a process by process name. Somthing like the Find...
- Tue Apr 27, 2004 6:28 pm
- Forum: fun talk
- Topic: How to convert VB FOR EACH object IN test.application do
- Replies: 1
- Views: 6251
How to convert VB FOR EACH object IN test.application do
Hello. I have a little ole question.. Mayby some of you have an idea. I can crate my object with var test:olevariant; begin test:=createoleobject(test.application) test.application is an enumeration object... now I need something like. for each xyz in test do begin xyz.name := '123' xyz.value := end...