Cual es la diferencia entre una LAPTOP y una NETBOOK/NOTEBOOK?

Publicado por luchin On jueves, 25 de noviembre de 2010 0 comentarios

La principal diferencia es la velocidad en el procesador, una netbook esta orientada a conectarse a internet y correr aplicaciones sencillas como una hoja de calculo o el procesador de palabras. No cuentan tarjeta gráfica y no se les puede poner, por lo general ni siquiera tienen unidad de cd, por lo cual, olvidate de correr juegos en una maquinita de estas por que su capacidad es enserio limitada, y su memoria RAM es maximo expandible a 2Gb.
La otra cosa es que son muuuy pequeñas, su pantalla es de 9" por lo que si la quieres para jugar vas a terminar ciego. Y para escribir el teclado es muy pequeño, muy incomodo.
No es por desanimarte, pero si quieres un equipo para jugar, mejor junta para buena lap com tarjeta aceladora, buen procesador y unos 4Gb de memoria, o mejor compra o arma un pc de escritorio, son mas baratas y tan expandibles como quieras

Pues mirasi quieres una computadora para usar juegos primero debes estar conciente que los juegos son una de las aplicaciones q mas recursos itilizan en una computadora por lo que te recomiendo consideres esto y decidas lo que te combiene:
El tamaño del netbook es mucho más pequeño que su primo cercano, el notebook o laptop. La mayoría de los netbooks tiene una capacidad menor, con la memoria como el componente que más sufre.
Algunos ultralivianos poseen apenas 8GB de disco duro y también hay modelos hasta 160GB. La batería puede tener menos duración y la mayoría no cuenta con unidad óptica.
Otra razón es que hay varios netbooks están diseñados para personas que sólo quieren un computador portátil para navegar por Internet o escuchar música. La principal diferencia entre netbooks y notebooks radica en el objetivo de uso de ambos equipos
Los Netbooks fueron concebidos especialmente para expandir la computación principalmente en el área de educación. Esta plataforma, además de navegar por Internet, mail y voz sobre IP, permite la ejecución de aplicaciones básicas y tareas personales, tales como ver videos, fotos o escuchar música", detalló por una parte. En cambio, el ejecutivo nacional consideró que los notebooks son dispositivos con la más alta performance y posibilidades de ejecución en las tareas más avanzadas. Netbooks pueden parecer como laptops, pero no tienen todas las capacidades de un computador. Como se aseguró, son más útiles para tareas en Internet combinada con una gran transportabilidad, ya que su peso es casi la mitad de un laptop normal. Así que es muy bueno para tener como apoyo al PC principal.
Por ejemplo, el Asus EEE netbook tiene una resolución de 800x480, muy bajo para el estándar en el cual está convertido el 1280x1024. Por lo tanto las posibilidades gráficas de este dispositivo son limitadas.
Esto ha llevado que mucha gente piense que los netbooks son un retroceso hacia antiguos modelos que tenían este tipo de prestaciones y que gracias a su precio han renacido en el mercado.


En general las diferencias son las sig:
___Laptop_________________Notebook
1.-Tamaño mayor_________Tamaño aproximado a un cuaderno(notebook)
2.-Peso mayor____________Peso menor
3.-Puedes actualizar el procesador generalmente__No se puede
4.-Puedes tener graficos dedicados___Generalmente no
5.-Tienen unidad de disco optica integrada___Generalmente no debido a espacio y peso.
6.-Mas resolucion en pantalla desde 1280x800 hasta 1920 x1080__hasta 1280X800

Te recomiendo una laptop con graficos dedicados si es que la quieres para jugar videojuegos
Read more ...»

Publicado por luchin en 21:14 0 comentarios

Laptops: Notebook, Netbook y Mini

Publicado por luchin On 0 comentarios

Las Laptops también conocidas como las computadoras portables o portátiles cada día son mucho mejores y tienen muchas divisiones como lo son las: Notebooks, Netbooks y Netbooks Mini. ¿Quieres enterarte de la diferencia entre ellas y de sus funciones?

Para disipar muchas dudas de usuarios y visitantes de Tecnología y Gadgets quiero aclarar aspectos y características, así como las definiciones personales y diferencias entre laptops que considero correctas.

¿Qué es una Laptop?

También conocida como computadora portátil, ordenador portátil, entre otros, es como lo dice su nombre una computadora con la capacidad de ser portable, es una computadora personal de ligero peso y con la potencia y capacidad de una computadora común o básica de escritorio.
laptop
Laptop

¿Qué es una NoteBook?

Una NoteBook es una computadora portátil con capacidades muy potentes por lo común más pesada y grande que una Netbook, pero con la ventaja de tener una pantalla más grande y un procesador mejor.
notebook
Notebook

¿Qué es una Netbook?

Una NetBook es una computadora portátil con capacidades niveladas y su punto fuerte se basa en su portabilidad, pues es más pequeña, menos pesada y en ella han sido eliminados ciertos componentes para hacerla más portable y más económica, por eso han sido las computadoras portátiles que más fuerza han tomado en el mercado.
netbook
Netbook

¿Qué es una NetBook Mini?

Una Netbook Mini o Mejor conocida como “Laptop Mini”, es una computadora portátil con capacidades muy básicas, pero con la ventaja de tener un precio bastante económico, la principal desventaja suele ser su procesador y el tamaño de su pantalla, sin embargo están tomando fuerza en el mercado.
Laptop mini
Laptop mini
Read more ...»

Publicado por luchin en 21:13 0 comentarios

Diferencia entre una Laptop, Notebook y Netbook

Publicado por luchin On 0 comentarios

¿Qué es una laptop?
Palabra en ingles que quiere decir "encima del regazo" lap (regazo) y top (encima) y es un término introducido a inicios de los años 80, se solía decir "laptop computers" o simplemente "laptop". Fueron las primeras y eran ordenadores portables que se cerraban como un maletin y se podian transportar, todavía eran pesadas y grandes, pero ya era menos complicado movilizarlas.

¿Qué es una notebook?
Si las laptops eran todavía equipos grandes, las notebooks llegaron para ser pequeñas, ligeras y por lo tanto mucho más portables, el cambio de nombre se debió a que los fabricantes de estos equipos necesitaban desligar el concepto de laptop (que en aquél tiempo era "pesado y grande") y que mejor forma que usando un nombre que nos de una idea de portabilidad y sencillez, fué así que se acuña el término "notebook" a los equipos de reducidas dimensiones y menor peso, término que traducido quiere decir "cuaderno o libro de notas", de ésta manera cuando piensas en una notebook, piensas en una computadora mucho más ligera.

¿Qué es una netbook?
Es otro tipo de ordenador portatil, se les suele llamar también ultraportatil, esto debido a sus reducidas dimensiones y peso, pantallas de entre 9 y 12 pulgadas, son ordenadores que tienen como fin principal labores básicas como navegar en internet, escuchar música, ver videos, cosas que no requieran alto de poder de procesamiento o memoria, por lo general vienen sin lector de CD/DVD y son de bajo costo, ya que inicialmente se tenían pensadas para mercados emergentes.

Conclusión:
Hoy en día la diferencia entre laptop y notebook no trasciende mas allá del tamaño o región geográfica, en algunos paises a los ordenadores portatiles se les llama laptop y en otros notebook, en cuanto a la potencia tanto las laptops como las notebooks suelen tener capacidades similares unas mas que otras, pero no muy alejadas, no hay un limite marcado en este aspecto.
Por otro lado las netbooks o ultraportátiles son ordenadores que dificilmente podrían tener la potencia y capacidad de una laptop y notebook moderna, ya que hoy se manejan cifras muy grandes en cuanto a procesamiento, almacenamiento y potencia, las netbooks no están diseñadas para las labores a las que se destinaría una laptop o notebook moderna convencional, salvo las básicas como menciono líneas arriba.
Read more ...»

Publicado por luchin en 21:12 0 comentarios

4 Dimensional Aimbot (w/ velocity)

Publicado por luchin On lunes, 22 de noviembre de 2010 0 comentarios

4 Dimensional Aimbot (w/ velocity)
I have seen in a few people do prediction with incredible precision, but my method is based on a time->velocity lol.
So anyway I had a go at this using warrock.

Best I could come up with

This image has been resized. Click this bar to view the full image. The original image is sized 796x641.


When is not finished.

Code:
//iterate me 
{
float v0; 
float meDir[3,3];
float cant, bank;

v0 = cPlayer->GetVelocity( ePlayer );

RetSpeed (v0 , time );

//Set viewangles before this func to use in args.

cPlayer->GetDir( &meDir,  cant, bank );

CreateAim( meDir ); // [3, x] = cant bank (space for roll!!!!!11one)
}
Code:
RetSpeed ( float c , float time )
{
    float half=1/2;
    float g2 = - (9.8*9.8);
    return c * t - half * g2;
}
then use it but you have to check for next position. Your aiming based on velocity and there vector etc rather than there current position
Code:
CreateAim( ... )
{

}
Why? its different
You can see im having a crack, anyone want to throw me a bone?

So far I can accurately set the aim to vector [1, x] [2, x] 2 being if they made a change in tactics and moved backwards (cant be bothered with negative numbers, call me lazy). I made the location on this vector a pre-set path (ex. changing if old vector [1, x] != new vector [1,x] ). How would I get the Speed correct, so that I would know when to shoot (The When bit) ?
Please don't say to use the actual XYZ, this is a 4D aimbot, not 3D.
Read more ...»

Publicado por luchin en 18:58 0 comentarios

[Tutorial] Hooking

Publicado por luchin On 0 comentarios

[Tutorial] Hooking
[TUTORIAL] Everything you need to know about Hooking
Author:OsGB'
Tutorial:

In essence there are only 2 types of hooks;

1) User Level Hooking
2) Kernel Level Hooking


of course there are so many things that fall into place between those 2 things that the remaining types of 'sub' hooks are just gravy.


Win32 API Hooking falls under User Level hooking (user level, application level, os level -- et al)
API Hijacking is the easiest to do although very complex for a newcomer

here are a few things you can do at User Level Hooking:

Window subclassing.

One of the most simplistic hooking methods is sublcassing a window, after this is done a user can do a lot of things such as modify keyboard and mouse input/output, do events when certain input is given, etc...

A HWND Proc Hook is an example of a way to subclass a windows application and grab all of the input that a user sends it (keyevents, mouse, et al)

The only thing bad about Subclassing is that you are constricted to that single application and it is therefore not a system wide at all


Proxying

You find this to be common in wrappers, basically its when a user replaces a dll with their own that has the same amount of names and exports all of the functions/symbols that the original would

Function fowarding and hooking the exports of a dll is a simple process and is something that you saw me explain earlier in my first post, a simple example of proxying code used in a GL Wrapper:

Code:
// Global Defines:
typedef void ( *glBegin_typedef) (GLenum mode); // glBegin Typedef
glBegin_typedef original_glBegin; // original_glBegin define

// opengl32.cpp
void Hooked_glBegin (GLenum mode)
{
//dotheshit();
(*original_glBegin) (mode);
}


Code:
// opengl32.def
// defines of DLL Exports and their Indexes are as follows:
LIBRARY opengl32
EXPORTS
...
glBegin = Hooked_glBegin @11
...


Since the opengl32.dll is loaded automatically (as a proxied dll - a wrapper) that in essence 'wraps' the render device of opengl, it will do everything you tell it to do.
as you can see in the Hooked_glBegin function it does everything you tell it to do and THEN calls back to the original function so as to not **** things up :]

proxying is one of the easier ways to hook functions and can even be system wide if done in certain modules.


Code Overwritting / Detouring

Oh this is fun! this requires asm > Code overwritting can be a very complicated and messy concept but if it works, it works good. (although its buggy and prone to error out A LOT so... its not a fun process, and its not garunteed to work since its not static like function forwarding through a lib or subclassing can be)
There are a lot of ways you can overwrite code or detour, all are very powerful, all are very 'Toolly' but efficient. A simple example of code overwritting is what we used to do long ago with Byte of uscript packages.

Code:
if(you == hax0r)
PP.Destroy();


overwritting is as simple as byte in that case where you can change Destroy to - Firealt, or == to !=, or you to him, or hax0r to l3git...

Just as there are a lot of possibilities in a simple byte there are also a lot of possiblities in API hooking using overwritting.

1 way of overwritting is to replace the address of the function when it is "CALL"ed

Code:
; example of a call in ASM - taken straight from Engine.dll
PUSH EBX
PUSH ESI
PUSH DWORD PTR SS:[EBP+8]
CALL Engine._DllMain@12


lets take a crash course in Reverse Engineering 101:

as we can plainly see thats a call to DllMain which every dll prog needs, and since im a super leet hax0r i know what DllMain is composed of;
Code:
BOOL APIENTRY DllMain(HMODULE hDll, DWORD Reason, PVOID lpReserved)
now let me get back to what i was saying each one of the above asm instructions has an 'address' in memory
the first instruction of:
PUSH EBX is located at 0x105E189F in Engine.dll
PUSH ESI is 0x105E18A0
PUSH DWORD PTR SS:[EBP+8] is 0x105E18A1
and the call to DllMain is 0x105E18A4


now your probably wondering why is it that it was incremental from 0x105E189F + 1 =
to 0x105E18A0 + 1 =
to 0x105E18A1 + 3????? =
that makes sense right? thats just going up by 1 each time.... but whats this?
the call to DllMain is at 0x105E18A4???
why did it jump 3 entire bytes, did it **** up some how?

no it didnt heres why:

In order to call a function one must first push all of its params (registers) to the stack, params are pushed backwards (DONT EVER FORGET THIS):

so in the case of DllMain, you have 3 params:
DllMain(HMODULE hDll, DWORD Reason, PVOID lpReserved)
1) lpReserved = DWORD PTR SS:[EBP+8]
2) Reason = ESI
3) hDll = EBX

now look:

Code:
// remember backwards ->
PUSH lpReserved;
PUSH Reason;
(PUSH hDll); - [and prepare to call DllMain]
Call DllMain;

each of the above look like this in Hex:
Code:
0x53
0x56
0xFF75 0x08
0xE8 0xF796DBFF
translate that back to english:
Code:
0x(5)PUSH (3)EBX
0x(5)PUSH (6)ESI
0x(5)PUSH (FF7)DWORD PTR SS:[EBP (08)+8]
0x(E8)CALL (F796DBFF)Engine._DllMain@12
now to explain why it jumps 3 bytes from 0x105E18A1 to ( +3 = ) 0x105E18A4

0x105E18A1 = FF75 08

0xFF = 1 byte
0x75 = 1 byte
0x08 = 1 byte

1 + 1 + 1 = 3

0x105E18A1 + 3 = 0x105E18A4

makes sense now? I hope so.



Onward again to how one actually HOOKS that "CALL" of DllMain (this isnt a smart idea, but just a proof of concept, dont go trying to hook the programs entry point......)


remember how:
0xE8 0xF796DBFF
=
(F796DBFF)Engine._DllMain@12

well what if we wanted to call "MyHax0rDllMain" instead

well thats easy, we would do this:
0xE8 0xOFFSETOFOURFUNCTION



You can do this one of 2 ways, if your just Tooling the dll itself with its own code (ie byte) - fyi; you CAN byte a dll/exe, its very possible, you need to know asm.

1) Byte the File: you could tell it to JMP to another area in the dll instead of Calling DllMain, of course it would crash but if you knew what you were doing it wouldnt crash you could make it do what you want.

2) Editing Memory: Remember the old md5 Tool for 2k4 that Clockwize released? Welcome back to the hell of trying to read over that source, but maybe this time you'll understand what it was doing.

its doing exactly what i showed above^- just its doing it on the fly so it has to protect the memory and protect the registers otherwise the computer will freak out and scream "WTF ARE YOU TRYING TO DO, YOU CAN NOT VIOLATE ME WHEN I AM TRYING TO RUN A PROGRAM! OMG RAPE"

code snippets;

Code:
HMODULE hEng = GetModuleHandle("Engine.dll"); // Open Engine.dll for reading
DWORD TheSuperDuperHax0rOffset = (DWORD)GetProcAddress(hEng, "_DllMain@12"); // Our Hax0r Offset = where DllMain is in Engine.dll (0x105E18A4 - you could hard code this of course)
Now that you have the Location loaded into a Pointer you can use in your source you can VirtualProtect the next 5 bytes in memory

why 5?

0xE8 0xF796DBFF
0xE8 = 1
0xF7 = 1
0x96 = 1
0xDB = 1
0xFF = 1

1 + 1 + 1 + 1 + 1 = 5

fill all 5 bytes with NOPS:
Code:
__asm nop;
__asm nop;
__asm nop;
__asm nop;
__asm nop;


Protect your registers so you dont **** up the stack!!!
__asm pushad ; push all registers
// do what you want here:
// in our case we shall:
__asm call MyHax0rDllMain


reset the registers again!

__asm popad

TADA YOUR DONE

thats several methods of Code Overwritting and 1 example of Detouring!
/me whipes sweat off forehead


Breakpoints via Debugger

breakpoints own! ok well sorta... they are great in so many ways but not (in my opinion) for hooking
debuggers give you an easy way to make use of them

A breakpoint stops (pauses) a program for an extended amount of time to give you the user time to do whatever you wish with the memory that you broke at without ****ing up the program

There are a few drawbacks to using this approach though as debugging a prog will suspend all application threads (will ... physically pause the program)
uh not the best hax0r method...

can also be done through code, too much of a waste to explain


Altering the IAT (Import Address Table)

This is a very clean and efficient way to hook almost anything, if you saw my Unreal Engine Hook tutorial you will see an example of Import Address Table hooking.

In order to make good use of IAT hooking you need to know a good deal about the Portable Executable (PE) Windows File Format and Common Object File Format (COFF)

The most important of the 2 however is the PE File Format, the PE file format is composed of 7 sections, just like our unreal file format is composed of certain things (Header, Name Table, Imports, Exports)

the most important part of the PE File Format is ".idata" .idata is in essence the Import Table and all of the data within it. When a program/module is made it has a lot of 'dependancies' just as our Tools have dependancies in say; 'engine' and 'core' -

Each dependancy in a Win32 application is called an Import (same as uscript)

The best way to determine all of the Imports of a application is to grab information (in an infinite loop) out of .idata - one would think that scanning through all of the imports of an application would bog down the hooking process and take considerable system resources, but thats what is so lovely about IAT, every import of said win32 application is located neatly and cleanly within the Import Address Table! Because it's just that, a Table, with offsets Imports and data, each one composed of nothing more than an indirect call to an import that is 'written' into the IAT with a simple JMP

Scan through .idata, find the function (offset, thunk, et al) that you want ->
and VirtualProtect it again - initalize your typedef and fill it with all the information from what the IAT points to and TADA you just hooked a win32 API Function in the most clean and efficient manner to date (imo)

heres a code snippet for ya'll who havent looked at my source:

Code:
// Globals:
typedef void (WINAPI *ProcessEvent_typedef)(class UFunction*,void*,void*);
ProcessEvent_typedef orgProcessEvent;


// IAT MAJIC
void ReDirectFunction (char* strDllName, char* strFunctionName, DWORD newFuncAddy)
{
DWORD dwBackup;
DWORD dwIndex;
DWORD dwOffset;
HMODULE hEng;
PIMAGE_DATA_DIRECTORY pDataDirectory;
PIMAGE_DOS_HEADER pDosHeader;
PDWORD pdwIAT;
PDWORD pdwINT;
PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor;
PIMAGE_IMPORT_BY_NAME pImportName;
PIMAGE_OPTIONAL_HEADER pOptionalHeader;
PIMAGE_NT_HEADERS pPeHeader;
PSTR strCurrent;

hEng = GetModuleHandleA("Engine.dll");

if(!hEng) return;

pDosHeader = PIMAGE_DOS_HEADER(hEng);
dwOffset = pDosHeader->e_lfanew;
pPeHeader = PIMAGE_NT_HEADERS(long(hEng) + dwOffset);
pOptionalHeader = &pPeHeader->OptionalHeader;
pDataDirectory = pOptionalHeader->DataDirectory;
dwOffset = pDataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
pImportDescriptor = PIMAGE_IMPORT_DESCRIPTOR(long(hEng) + dwOffset);

for(dwIndex = 0; true; dwIndex++)
{
dwOffset = pImportDescriptor[dwIndex].Name;
strCurrent = PSTR(long(hEng) + dwOffset);
if(stricmp(strCurrent, strDllName) == 0) break;
}

dwOffset = pImportDescriptor[dwIndex].FirstThunk;
pdwIAT = PDWORD(long(hEng) + dwOffset);
dwOffset = pImportDescriptor[dwIndex].OriginalFirstThunk;
pdwINT = PDWORD(long(hEng) + dwOffset);

for(dwIndex = 0; true; dwIndex++)
{
dwOffset = pdwINT[dwIndex];
pImportName = PIMAGE_IMPORT_BY_NAME(long(hEng) + dwOffset);
strCurrent = PSTR(pImportName->Name);
if(stricmp(strCurrent, strFunctionName) == 0) break;
}

VirtualProtect(&pdwIAT[dwIndex], sizeof(DWORD), PAGE_READWRITE, &dwBackup);

orgProcessEvent = (PrEv)pdwIAT[dwIndex];

pdwIAT[dwIndex] = PtrToUlong(newFuncAddy);
VirtualProtect(&pdwIAT[dwIndex], sizeof(DWORD), dwBackup, &dwOffset);

}


called with:
Code:
ReDirectFunction("Core.dll", "?ProcessEvent@UObject@@UAEXPAVUFunction@@PAX1@Z", (DWORD)&xProcessEvent);

:]


Now that I got that all aside I will just tell you briefly what Kernel Level hooking is and why you should NOT attempt to do it unless you REALLY know what your doing:

The great thing about playing at the Kernel level is that you have free roam to do whatever the **** you please, every winapi function that is called at a User Level or even higher (OS etc) will pass through Kernel, you have access to it ALL - the only thing you might piss off is an AntiVirus or 2, anticheats cant do SHIT about kernel level romping, shit a stick- anticheats cant do much about USER LEVEL hooking, so you can only IMAGINE how impossible it would be for an anticheat to do much of anything when you play with the kernel

The easiest way (hah easy) to achieve kernel level romping is to do one of the following:

1) get the Win DDK for your respective OS, start reading --- and make simple hooks of shit that you find in ntdll (the resultes of this are monumental as I have seen in almost every game I have Tooled using Kernel level hooks with this
method) and its not overly hard to do!

2) Write your own Device Driver
hang on let me sit back for a minute and say
R O F L

yeah... ok thats done. p1p0 is doing that right now and is coming out VERY succesfull, mad ****ing props to him for making the impossible possible! (and at such a young age! insanity >_
3) RING0

lol...

if you know what ring0 is you know why i just laughed
I played there but let me tell you this, **** up once and you will surely see the entire system DUMP and DIE with a BLUE SCREEN OF DEATH

so uh, dont make mistakes :]

ever seen several BSOD's on a NT System in 1 day? I have, its a very disturbing sight

When i was toying with ring0 there was barely ANY documentation out there, and still to this day documentation is severely lacking... if you want to know more about ring0 you can talk to me personally or i HIGHLY suggest you read what this site has to offer:
--- and read ALL of the links he provides, your lucky you can find ANY information on the insides of NT but its there, read!
Read more ...»

Publicado por luchin en 18:57 0 comentarios

5 byte code jump crashing when in a injected dll

Publicado por luchin On 0 comentarios

5 byte code jump crashing when in a injected dll
Code:
#include"stdafx.h"#include"stdafx.h"#include#includeDWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsignedchar *lpBackup);
BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsignedchar *lpBackup);
int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType);
BYTE hook[6];
int main()
{
HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
 
// MessageBox(0, "HEY", "", MB_OK);return 0;
}
 
int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
UnHookFunction("user32.dll", "MessageBoxA", hook);
char msg[32];
sprintf(msg, "HOOKED!!\n\n%s", lpText);
int x = MessageBox(hWnd, msg, lpCaption, uType);
HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
return x;
}
 
DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsignedchar *lpBackup)
{
printf("%s %s - %s %s\n","lpModule",lpModule,"lpFuncName",lpFuncName);
DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
printf("%s %p\n","dwAddr =",dwAddr);
 
BYTE jmp[6] = { 0xe9, //jmp0x00, 0x00, 0x00, 0x00, //address0xc3
}; //retnprintf("%s %d\n","jmp[0] =",jmp[0]);
 
ReadProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0); //GetCurrentProcess()DWORD dwCalc = ((DWORD)lpFunction - dwAddr - 5); //((to)-(from)-5)printf("%s %d\n","dwCalc =",dwCalc);
memcpy(&jmp[1], &dwCalc, 4); //build the jmpWriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, jmp, 6, 0); //GetCurrentProcess()return dwAddr;
}
 
BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsignedchar *lpBackup)
{
DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
if (WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0)) 
return TRUE;
return FALSE;
}
this is in a dll which is injected in to my msgbox app , it hooks it once then crashs , does anyone know why?, i have another 1 which hooks by imports but was hopeing to get this version fixed to work in a injected dll
thanks
Read more ...»

Publicado por luchin en 18:56 0 comentarios

displaying the IAT list with an injected dll

Publicado por luchin On 0 comentarios

displaying the IAT list with an injected dll
Basically i want to write out to a file all the IAT list of the process i inject in to,so the code is like this

Code:
#include"stdafx.h"#include#include#include
#includestd::ofstream myfile;
#pragmacomment(lib,"Dbghelp.lib")
//#include void GetIAT();
void handle_imports(BYTE* image_base, PIMAGE_IMPORT_DESCRIPTOR imp_desc);
 
HANDLE Console;
DWORD Written;
char ConsoleBuffer[64];
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
GetIAT();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
void GetIAT()
{
AllocConsole();
BYTE* image_base = (BYTE*)GetModuleHandleA(NULL);
//printf("image_base: %p\n", image_base);
myfile.open("c:\\users\\Anddos\\Desktop\\iat-dll.txt");
if(!myfile.is_open())
{
MessageBox(NULL,"Failed to Make File","",0);
}
else{
MessageBox(NULL,"Created File","",0);
}
 
Console = GetStdHandle(STD_OUTPUT_HANDLE);
sprintf(ConsoleBuffer,"%p\n",image_base);
WriteConsole(Console,ConsoleBuffer,strlen(ConsoleBuffer),&Written,0);
// MessageBox(NULL,"GetAIT","",0);PIMAGE_DOS_HEADER dos_header = (PIMAGE_DOS_HEADER)image_base;
PIMAGE_NT_HEADERS nt_header = (PIMAGE_NT_HEADERS)(image_base + dos_header->e_lfanew);
PIMAGE_IMPORT_DESCRIPTOR imp_desc = (PIMAGE_IMPORT_DESCRIPTOR)(
image_base + nt_header->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
handle_imports(image_base, imp_desc);
 
 
}
void handle_imports(BYTE* image_base, PIMAGE_IMPORT_DESCRIPTOR imp_desc)
{
if (!imp_desc)
return;
//printf("imports:\n");sprintf(ConsoleBuffer,"%s\n","imports:");
// WriteConsole(Console,ConsoleBuffer,strlen(ConsoleBuffer),&Written,0);//sprintf(OutBuffer,"%s %d %s %d\n","NumVertices",NumVertices,"primCount",primCount);myfile << ConsoleBuffer;
 
// looping over all imported dlls// The last directory entry is empty (filled with null values)for (int i = 0; imp_desc[i].Characteristics != 0; i++)
{
//printf(" * %s\n", (char*)(image_base + imp_desc[i].Name));Sleep(500);
sprintf(ConsoleBuffer," * %s\n", (char*)(image_base + imp_desc[i].Name));
// WriteConsole(Console,ConsoleBuffer,strlen(ConsoleBuffer),&Written,0);myfile << ConsoleBuffer;
PIMAGE_THUNK_DATA orig_first_thunk = (PIMAGE_THUNK_DATA)(image_base + imp_desc[i].OriginalFirstThunk);
PIMAGE_THUNK_DATA first_thunk = (PIMAGE_THUNK_DATA)(image_base + imp_desc[i].FirstThunk);
// looping ovetr all imported functions// The last entry is set to zero (NULL) to indicate the end of the tablefor (int j = 0; orig_first_thunk[j].u1.Function != 0; j++)
{
PIMAGE_IMPORT_BY_NAME orig_imports_by_name = (PIMAGE_IMPORT_BY_NAME)(
image_base + orig_first_thunk[j].u1.AddressOfData);
//printf("\t%s (%08x)\n", (char*)orig_imports_by_name->Name, first_thunk[j].u1.Function);sprintf(ConsoleBuffer,"\t%s (%08x)\n", (char*)orig_imports_by_name->Name, first_thunk[j].u1.Function);
//WriteConsole(Console,ConsoleBuffer,strlen(ConsoleBuffer),&Written,0);myfile << ConsoleBuffer;
}
}
}
But the problem is when i inject in to popular games no list is displayed , but if i inject in to my own compiled programs i see the list fine , here is an example of the list it prouduces ...


imports:
* USER32.dll
LoadCursorA (751bd75b)
RegisterClassExA (751bdd6d)
CreateWindowExA (751ba5e6)
ShowWindow (751c0dbe)
PeekMessageA (751ded58)
TranslateMessage (751b7d79)
DispatchMessageA (751b8103)
GetAsyncKeyState (751c4858)
PostMessageA (751c3cbf)
PostQuitMessage (751c3927)
DefWindowProcA (76ef2893)
* WINMM.dll
timeGetTime (72b926f0)
* d3d9.dll
Direct3DCreate9 (73ec2236)
* d3dx9_41.dll
D3DXCreateFontA (7055ba18)
D3DXMatrixLookAtLH (705739d2)
D3DXMatrixPerspectiveFovLH (70573cbd)
D3DXMatrixRotationY (705731f9)
D3DXCreateTeapot (705f9c17)
D3DXCreateBox (705f962b)
D3DXLoadMeshFromXA (705b8abe)
D3DXCreateTextureFromFileA (7060190d)
* MSVCR90.dll
_exit (72fb2470)
_controlfp_s (7300a5e2)
_invoke_watson (72ffc7b3)
_except_handler4_common (730014d0)
_decode_pointer (72fb3607)
_onexit (72ffcada)
_lock (72fb2efa)
__dllonexit (72ffcb37)
_unlock (72fb2e16)
?terminate@@YAXXZ (72febb14)
_crt_debugger_hook (730012e1)
__set_app_type (72fb1be0)
_encode_pointer (72fb3582)
__p__fmode (72fb2ace)
__p__commode (72fb2a99)
_adjust_fdiv (7302c618)
__setusermatherr (72fb1bff)
_configthreadlocale (72ffdbd1)
_initterm_e (72fb2211)
??2@YAPAXI@Z (72ff3b39)
_amsg_exit (72fb2157)
__getmainargs (72fb2793)
_cexit (72fb248b)
memset (72fcb320)
_XcptFilter (72ffcc08)
_ismbblead (72fd0180)
exit (72fb2455)
_acmdln (7302ba2c)
_initterm (72fb21ee)
* KERNEL32.dll
SetUnhandledExceptionFilter (7685d03c)
GetSystemTimeAsFileTime (76851ef4)
GetCurrentProcessId (768511d8)
GetCurrentThreadId (76851450)
GetTickCount (768510fc)
QueryPerformanceCounter (7685166b)
IsDebuggerPresent (76854cf8)
InterlockedExchange (76851462)
UnhandledExceptionFilter (76879775)
GetCurrentProcess (76851568)
TerminateProcess (76869dd9)
GetStartupInfoA (76850df0)
InterlockedCompareExchange (768514a7)
Sleep (768510ef)


This is on 1 of my own compiled d3d apps....,so why do i not get the same kind of list on a popular game?, are they protected?
Read more ...»

Publicado por luchin en 18:55 0 comentarios

CreateRemoteThread .dll Injection

Publicado por luchin On 1 comentarios

CreateRemoteThread .dll Injection
This is not the best method of injecting , its the by far more easy than
other methods.
(I personally don't like this method very much)

This tutorial is intended for beginners . Or someone who has never done
.dll Injection before.

We will be using notepad as the target for this tutorial.

NOTE : This method only works on Windows NT and above.

Okay we will need to follow these steps in using CreateRemoteThread :
-----------------------------------------------------
STEP 1 : Get the target Process ID.
STEP 2 : Get the full path of the .dll .
STEP 3 : Allocate some memory in the process for the loading of our .dll
STEP 4 : Write the name of the .dll to our new allocated space.
STEP 5 : Execute the code Using CreateRemoteThread
STEP 6 : Clean up.
-----------------------------------------------------

Okay those are our basic steps .

Now its time to start.

Open up Visual Studio -> C++ - > CLR Console Application .

Go to Project->Character Set -> Multi-byte Character Set
->Common Language Runtime Support ->
Common Language Runtime Support (/clr)



Add these headers to the top of your project :
PHP Code:
#include "stdafx.h" //Precompiled Header
#include  
#include  
#include  
#include  
#include  
Okay we want to get the ID of the process we want to inject to . So how do we do this? Simple . We use a neat little function coded by batfitch ... GetProcessId :

PHP Code:
//Function written by batfitch DWORD GetProcessId(IN PCHAR szExeName)

{
    DWORD dwRet 0;
    DWORD dwCount 0;

    HANDLE hSnapshot CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS0);

    if (hSnapshot != INVALID_HANDLE_VALUE)
    {
        PROCESSENTRY32 pe = {0};
        pe.dwSize sizeof(PROCESSENTRY32);

        BOOL bRet Process32First(hSnapshot, &pe);

        while (bRet)
        {
            if (!_stricmp(pe.szExeFileszExeName))
            {
                dwCount++;
                dwRet pe.th32ProcessID;
            }
            bRet Process32Next(hSnapshot, &pe);
        }

        if (dwCount 1)
            dwRet 0xFFFFFFFF;

        CloseHandle(hSnapshot);
    }

    return dwRet;
Add that to your project ...
how do we use this function? :
PHP Code:
DWORD ID GetProcessId("notepad.exe"
Simple

Okay now that we have the process ID we can continue . For the .dll injection we will need the full path to our .dll.

We can get the full path by doing this :
PHP Code:
//Declare our dll variable
    char dll[10];

    //Get the full path of our .dll
   GetFullPathName("Tutorial.dll",MAX_PATH,dll,NULL); 
Okay our full path to the .dll is saved in the variable dll .

NOTE : The .dll that we are using is "Tutorial.dll" and its name should stay that way. GetFullPathName gets the Tutorial.dll 's path if its in the current directory of the application.

.Okay now we need to declare the handle of the process we want to inject to.
PHP Code:
//Declare the handle of the process.
   HANDLE Process
Lets declare the the memory witch we will be allocating.
PHP Code:
 //Declare the memory we will be allocating
   LPVOID Memory
Now lets declare LoadLibrary
PHP Code:
   //Declare LoadLibrary
   LPVOID LoadLibrary
Now that we have the handle of the process declared lets open the process for read , write and execute access.
PHP Code:
//Open the process with read , write and execute access.
   Process OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_VM_OPERATIONFALSEID); 
okay now that we have gained access to the process we can get the address of LoadLibraryA.

//Get the address of LoadLibraryA
PHP Code:
//Get the address of LoadLibraryA
   LoadLibrary = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); 
Now lets allocate some space for the name of our .dll

PHP Code:
// Allocate space in the process for our DLL 
   Memory = (LPVOID)VirtualAllocEx(ProcessNULLstrlen(dll) +1MEM_RESERVE MEM_COMMITPAGE_READWRITE); 

Now that we have the space we should use it! Use WriteProcessMemory to write the .dll name to the allocated space.

PHP Code:
// Write the string name of our DLL in the memory allocated 
   WriteProcessMemory(Process, (LPVOID)Memorydllstrlen(dll) +1NULL); 
Now the golden moment ... lets execute LoadLibraryA using CreateRemoteThread .

PHP Code:
// Load our DLL 
   CreateRemoteThread(ProcessNULLNULL, (LPTHREAD_START_ROUTINE)LoadLibrary, (LPVOID)MemoryNULLNULL); 
There we go ... we are not done yet though . Lets just do some cleaning.

PHP Code:
 //Let the program regain control of itself.
   CloseHandle(Process);
//Free the allocated memory. VirtualFreeEx(Process , (LPVOID)Memory ,0MEM_RELEASE); 

So the full code will look like this (NOTE : I've coded the CreateRemoteThreadInject function for easier usage) :

PHP Code:
// Tutorial.cpp : Defines the entry point for the console application.
//

//We Will Be Using These.
#include "stdafx.h"
#include  
#include  
#include  
#include  
#include  

//Lets Just Define Some Variables
#define WIN32_LEAN_AND_MEAN 
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ


//Lets declare our function BOOL CreateRemoteThreadInject(DWORD ID, const char dll);
//Let declare GetProcessId DWORD GetProcessId(IN PCHAR szExeName);


//Our Application Starts Here. int main()

{
    //Declare our dll variable
    char dll[MAX_PATH];

    //Get the full path of our .dll
   GetFullPathName("Tutorial.dll",MAX_PATH,dll,NULL); 

    //We will be using this neat little function written by batfitch - GetProcessId.
    DWORD ID GetProcessId("notepad.exe");
    if (!CreateRemoteThreadInject(ID,dll))
    {
        //If CreateRemoteThreadInject Returned true
        printf("Injection failed!");
        Sleep(3000);
        exit(1);
        

    }
    else
    {
        //If CreateRemoteThreadInject Returned true
        printf("Injection Successful!");
        Sleep(3000);
        exit(1);
        

    }
     return 0;
}

//Function written by batfitch DWORD GetProcessId(IN PCHAR szExeName)

{
    DWORD dwRet 0;
    DWORD dwCount 0;

    HANDLE hSnapshot CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS0);

    if (hSnapshot != INVALID_HANDLE_VALUE)
    {
        PROCESSENTRY32 pe = {0};
        pe.dwSize sizeof(PROCESSENTRY32);

        BOOL bRet Process32First(hSnapshot, &pe);

        while (bRet)
        {
            if (!_stricmp(pe.szExeFileszExeName))
            {
                dwCount++;
                dwRet pe.th32ProcessID;
            }
            bRet Process32Next(hSnapshot, &pe);
        }

        if (dwCount 1)
            dwRet 0xFFFFFFFF;

        CloseHandle(hSnapshot);
    }

    return dwRet;
}
//We will be writing our own little function called CreateRemoteThreadInject BOOL CreateRemoteThreadInject(DWORD ID, const char dll

//Declare the handle of the process.
   HANDLE Process;

   //Declare the memory we will be allocating
   LPVOID Memory;

   //Declare LoadLibrary
   LPVOID LoadLibrary

   //If there's no process ID we return false.
   if(!ID)
 {
       return false;
  }
   
  //Open the process with read , write and execute priviledges
   Process OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_VM_OPERATIONFALSEID); 
 
   //Get the address of LoadLibraryA
   LoadLibrary = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); 
 
   // Allocate space in the process for our DLL 
   Memory = (LPVOID)VirtualAllocEx(ProcessNULLstrlen(dll)+1MEM_RESERVE MEM_COMMITPAGE_READWRITE); 
 
   // Write the string name of our DLL in the memory allocated 
   WriteProcessMemory(Process, (LPVOID)Memorydllstrlen(dll)+1NULL); 
 
   // Load our DLL 
   CreateRemoteThread(ProcessNULLNULL, (LPTHREAD_START_ROUTINE)LoadLibrary, (LPVOID)MemoryNULLNULL); 
 
   //Let the program regain control of itself
   CloseHandle(Process);



  //Lets free the memory we are not using anymore.
   VirtualFreeEx(Process , (LPVOID)Memory 0MEM_RELEASE);

   return true;

Okay thats about it . (NOTE : Code is working fine)

If you did the injection right you should get a message When you press F2.

Feel free to comment , tell me if I did something wrong.
and you may use this code as you wish.

Here is the download for the tutorial : http://www.ziddu.com/download/12654106/Tutorial.zip.html

Greets :

batfitch - Great help
Read more ...»

Publicado por luchin en 18:53 1 comentarios
Suscribirse a: Entradas (Atom)
Twitter Delicious Facebook Digg Stumbleupon Favorites More