========================================================
+HCU Maillist Issue: 241 06/10/1998
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================
CONTENTS:
#1 Subject: more junk
#2 Subject: re: Next Generation of Crackers
#3 Subject: Tazer: Zero - ing partition table
ARTICLES:
-----#1-------------------------------------------------
Subject: more junk
hey all,
well, i'm not trying to spam the list, but it might seem that way. ;-)
an observation from my recent virus incident that seems to fit into the
current thread concerning data security, etc. after being virused, i
used the 'floppy of death' disk and formatted a total of 4 times.
afterwards, i used norton unerase to try to find the original .com file
that infected me. i ended up finding almost 40 files, including several
icq messages i sent to gthorne and some irc logs. i was only searching
for the text 'missilena' (the name of the virus i got). a subsequent
search for all recoverable files found over 6,000 files in under %40 of
my hard drive's unused space.
just an illustration of how depending on a format to clean a drive is
not a secure solution. this is software available to Joe User. imagine
what real data recovery software might have found...?
newbcrack
-----#2-------------------------------------------------
Subject: re: Next Generation of Crackers
Hi,
i agree to The Sandman way about hidden activities.Too many ppl want the
last essay,lessons,crackme to fill their webpage to make it attractive
to 'fashion crackers page'.The only way of mailinglist is not to be
largewide spreaded ppl,how many loosy look at an essay and say 'ohh
really lame,i could do it too,it's not difficult then'.
Close knowledges to lame and not-ready-for-this www guys.
The biggest ftp sites where all releases come from are deep closed and
hidden and they continue bigger and faster,thats a matter of
protection!.
You want learn to crack,but now ther is much enough avail on web,dont
throw anymore in p pubc web the easy face of crack.
+ceban
______________________________________________________
Get Your Private, Free Email at **********************
-----#3-------------------------------------------------
Subject: Tazer: Zero - ing partition table
Hi to all of you!
newbcrack , zeroing partition table is not an answer ! It is a five
minute work to rebuild it.
Destroying electronic hardware is better, but even in this case the info
is still recuperable.
Best Regards , Iceman
______________________________________________________
Get Your Private, Free Email at **********************
=====End of Issue 241===================================
========================================================
+HCU Maillist Issue: 242 06/11/1998
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================
CONTENTS:
#1 Subject: gthorne - this one is interesting
#2 Subject: none
#3 Subject: Hard Drive & Partitions
#4 Subject: HDD Deletion
#5 Subject: more meditations. HD.
ARTICLES:
-----#1-------------------------------------------------
Subject: gthorne - this one is interesting
Message Body =
***************
apparently some kind of proggies designed to act like a lie detector online (kinda creepy, thought you guys would wanna take a peek)
+gthorne
-----#2-------------------------------------------------
Subject: none
Hi +all! :)
I'm giving a look to MS Localization Studio 4.0 right now... IT'S
POWERFUL!!! It seems to be a resource editor better than Borland
Resource Workshop! The only problem is that it's quite big (the
installation files are more than 7 megs)... Have you ever tried it?
I remember I tried some time ago to open Winamp with BRW and failed,
but this program opens it without any problem and I can see EVERY
resource contained in the executable! Nice, really... :)
byez,
.+MaLaTTiA.
-----#3-------------------------------------------------
Subject: Hard Drive & Partitions
Hi all,
I'm no expert on electronics but surly if you were to setup a kinda
electro-magnetic pulse or just about any kind of magnetic field (certain
frequency ranges are better than a wide range field) around a pc then
wouldn't this scramble the data on a hard disk?. If we can't completely
ease the data on a hard disk then why not scramble it so that it would
be completely unreadable. Since a magnetic field is completely random it
would be like using an encryption key on all your data only there
wouldn't be any key to de-scramble the data back into it's original
format again. The Partition table would also be scrambled as well..:)
If you really want to make things even more difficult for anyone to
'read' the hard disk then frying the internal components as suggest a
few articles ago would certainly help here as well.
Regards, The Sandman
-----#4-------------------------------------------------
Subject: HDD Deletion
I've recently performed a security wipe of my 6.4gb HD and it was SLOW.
The only way I can think of to quickly destroy information on a HD is to
open up the casing and apply a blowtorch (perhaps with some magnesium
powder for good measure).
Just taking the case off the computer to get to the HD takes time and if
we're talking seconds then the best way would be perhaps to prepare a
fake HD hidden under a floorboard and do a quick swap.
Regarding a secure chat client. I've heard of some which use SSL and
I've seen a chat client at one of the shareware depots (Tucows, I
think). I think that some IRC clients also support encryption.
~~
Ghiribizzo
-----#5-------------------------------------------------
Subject: more meditations. HD.
We are speaking on these topics, because we are interested in our security.
Through communications we get outside of the house, and we have examined
the security of our communications, and we could not get a satisfactory
answer as we do not know the range of possibilities of the professionals.
And our house is our HD, where all data is stocked, and we have to transform
our house in a fortress. Our fortress should resist any attack, logical
or physical.
1) Logical. The disk should be inaccessible for :
a) reading, even through diskette, even after being brought to a lab,
b) writing, for virus protection.
2) Physical. It should be physically inaccessible.
Here are some primitive solutions, some of them have been tested.
First we begin with ROM. Passwording ROM access is not a good
solution as it can easily be bypassed through removing or discharging
the battery. Another inconveniance is a great danger of electricity
cutdown during ROM manipulations. I had a bad experience of the electricity
instant cutdown due to a storm lightning precisely during the computer
booting. But reprogramming and upgrading of BIOS contains enormous
possibilities. One should do it with a thorough knowledge, it is
not a testing field. I have not found any programming documentation;
please any information on the subject.
Then the booting partition. Manual multiboot: several partitions
without multiboot program. Switching is being made either by FDISK
or by a disk editor (one has to change 3 or 4 hex numbers in the boot
sector). Purpose: to hide certain partitions to the intruder.
Programming of the partitions is limited because of BIOS dictatorship.
A joined BIOS-BOOT programming would be a brilliant solution to any human
or virus intruders.
Boot itself is passworded.
Then boot loads OS. Split it: a vital part should be on a diskette,
which you hide somewhere. OS should know where to search it; in its
absence a strong Bell sound is emitted, without displaying the name
of the lacking files. As OS constantly needs a flopyy, you should
install the second floppy driver.
Splitting OS is a temporary solution: one can reinstall the deficient
OS. The best solution is elaborating your own OS with its own FAT table
with descending compatibility: it can read other 0S files, and no OS
can read yours. Writing on HD should be non-sequential and cryptical,
to prevent any lab reading. It is the most difficult and time-consuming task
and acceptable only for the obsessed by security. It would be also a secure
bulwork against virus attacks.
After a logical failure, the infuriated assailant would try
to destroy it physically. The efficient defence is difficult. Other
people have already examined the problem and found a good solution.
Those people are in the US, while they have studied the survival of
computers and its data in case of a devastating nuclear attack. Their
solution: a secure networking, where destruction of a part would not
destroy the whole. For our case it would something like this: you
create your mini-LAN with secure cables (inside the walls or wireless).
You work with a terminal (a small or a diskless computer, a notebook,
etc.), the server is physically inaccessible: in a solid locked iron
box with some holes for ventilation, it is permenantly chained to something
irremovable. It can be dissimulated in the apartment, in underground,
in somebody's else apartment, in another building. The rich people
can put it even abroad, in an African desert or in Amazonian jungles,
as they can support the communications costs. But the long distances
encrease the risk of communications interception. For a better security
one can put a mirror server in another place.
Using anonymously an Internet server as storage, as it was mentionned
in our list, is unsecure and acceptable only for data to consult.
Another good solution: a removable HD.
For those interesting in philosophical approach in solving computer
problems, I can recommend the book of P.A.Lee&C.Phillips, "The apprentice
C++ Programmer. A Touch od Class", 1997 (ftp.thomson.com, or **************
com, or **************************
AZ111.
=====End of Issue 242===================================
========================================================
+HCU Maillist Issue: 243 06/13/1998
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================
CONTENTS:
#0 Subject: this maillist
#1 Subject: more meditations. Introduction.
#2 Subject: Hard Drive
#3 Subject: checksum ?
#4 Subject: re:MS localization
#5 Subject: different stuff
#6 Subject: MS locstudio
ARTICLES:
-----#0-------------------------------------------------
Subject: this maillist
Hi +All! :))
Sorry I didn't send the list yesterday... anyway, you should have noticed
i usually don't send the ml on saturday: this is because I usually come back
home quite late and in this period I need some more time to sleep... :)
But don't worry, since I was out yesterday night I send this issue today!
:)
byez,
.+MaLaTTiA.
-----#1-------------------------------------------------
Subject: more meditations. Introduction.
I like classifying everything, typically a librarian work, as it was noticed
to me by one of you. It is because of my research experience in libraries.
But i go further: after having defined the problem and the available
sources, I go straigt to the solution. Do not rebuke me and shut down if
you have nothing to propose.
I have intentionally used the term 'cryptology' instead of 'cryptography':
their reciprocal relations as between reverse engineering and programming.
No books on reverse engineering, but the knowledge of programming languages
is indispensable for good results. Why especially the assembly language?
because of the existance of debuggers, while with high languages you have
to posess the source code. J.Duntemann ("Assembly language") qualified
a debugger as a cracker's best friend. What would be a cracker without
a debugger? It is a case with cryptology. I have no knowledge about
probable tools in NSA and in corresponding bodies in other countries.
One can add: "And they should not exist for legal reasons. That's why you
see
no books teaching how to decrypt what was encrypted by somebody else.
You can learn only how to encrypt your own files". Well, it's another
topic, as with reverse engineering. The point raised here is that in
reverse engineering they have tools to open what was written by somebody
else. In any a case, some companies, to advertise their product, o pubcly
challenge with a price everybody able to break their code, and it helps
them to improve it. And there are official results. Another aspect for
example: to be protected against eavesdropping, one has first to learn how
it is done and the limits.
Since I raised the topic, here are some scare references from the cold
war annals for those who wants to investigate.
1) Philby references regarding his job in Washington: all encoded wireless
messages are systematically registered, waiting for the right moment.
As decrypting technique constantly evolves, at certain time it would be
possible to crack the ancient, less complicated messages.
(compare the +ORC advice to begin with ancient protectionist schemes).
2) At the height of cold war it was revealed that Kremlin local wireless
encrypted conversations could be captured from sattelites and decrypted.
Indignations in the Soviet press.
3) Western countries were forced to develop decrypting techniques because of
the iron curtain, while the Soviets traditionally were relied on humint and
interception of communications, and they had a large infrastructure for it.
In general, every endoctrinated country tends to humint.
4) Arrest in Teheran of trade representatives of a Swiss company selling
encoding machines. Espionage accusations, see press covership.
I do not mention numerous cases of physycal stealing of codes, which
belong to humint.
End of part I. Introduction.
Part II. HD is your fortress. (sent as a second message).
AZ111.
-----#2-------------------------------------------------
Subject: Hard Drive
Hello Everyone
>I'm no expert on electronics but surly if you were to setup a kinda
>electro-magnetic pulse or just about any kind of magnetic field
(certain
>frequency ranges are better than a wide range field) around a pc then
>wouldn't this scramble the data on a hard disk?.
I think such a device would be hard to control in its output range,
unless it was placed inside the hard disk's case. ( intensity verus
spread of field ) to destroy data. But then again for scrambling maybe
just mounted next to it would do the job.
Hello Ghiribizzo
Could I please have your Email. I would like to discuss something with
you on a one to one.
cheers Rundus
______________________________________________________
Get Your Private, Free Email at **********************
-----#3-------------------------------------------------
Subject: checksum ?
I sort of new at cracking , but I am really interested in this subject.
Recently Ive been working on cracking a program which when patched
crashes. Using softice Im pretty sure the loader in winnt is detecting
that it has been tampered with. Ive downloaded a pe header extraction
program which displays the checksum as 0000000. When use softice to load
the program it seems like winnt has screwed up the program already. Is
there
a way using softice to actually debug the loading process
Thanks for any help.
-----#4-------------------------------------------------
Subject: re:MS localization
Hi Malattia,
you just posted here a stunning view of MS localization but were also fine to post the url where i can get it!
I'm not dumb and dont say search the web,i've done it,but a name like localization and common by ms engine is not easy to find and i take much interest to a tool who stund you!
anyway,dont take it bad,but spare me a lot of time to look the web!
thanks!
towntown_at_usa(dot)net
____________________________________________________________________
Get free e-mail and a permanent address at ******************************
-----#5-------------------------------------------------
Subject: different stuff
First, I enjoy reading the high quality articles of this mail list everyday.
Especially +gthorne with his long articles (yes, quality AND quantity) about
security is very good.
But also the discussion about the "new generation of crackers" is quite
interesting.
I'm quite sad that a lot of REALLY good crackers and reversers see such bad
chances for recruiting new crackers.
Some time ago (I think more than a year) I wrote an essay about cracking
W32Dasm. It was the last one, afterwards the section was closed. Inside the
essay was a little failure, which crashed some version of Win95.
I'm still getting eMails from people who try to follow the essay and fail on
this little mistake, done by me.
That should tell us, that there aren't only a lot of people producing hits at
fravia's page, but there are also people reading and trying to understand these
essays.
New crackers are coming and they will learn how to crack. One and a half year
ago, I were only able to program, but then I found fravia's page and I learned
how to crack. In my opinion this process of finding and learning is still going
on, but would prevented by closing this wonderfull site.
Lord Caligo wants to retire and fravia also doesn't want to continue his
wonderfull work (as mentioned in the last "blackbord", I hope this was a joke).
I hope that the good sites on the inet will stay, cause this will give a chance
to the willing people.
TWD
-----#6-------------------------------------------------
Subject: MS locstudio
>Hi Malattia,
>you just posted here a stunning view of MS localization but were also
>fine to post the url where i can get it!
Ehee... :) I'm sorry, but I don't know... really, I got it from a friend of
mine and I don't even know if it's online! Just wanted you to know it exists
and maybe find it... if it's not online I can upload it somewhere, but I
need A LOT of space, because it takes about 8 megs... and one last thing:
are you interested in it? Will you download it? Can you give me the space?
In this case, I'll upload it ASAP! :))
byez,
.+MaLaTTiA.
=====End of Issue 243===================================
========================================================
+HCU Maillist Issue: 244 06/14/1998
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================
CONTENTS:
#1 Subject: Contacts
#2 Subject: security, cfs, unix.
#3 Subject: Re: New Generation of Crackers
#4 Subject: +HCU ML Issue 243 space for malattia
#5 Subject: HDD deletion (resend due to replay down)
#6 Subject: re:MS Localization
ARTICLES:
-----#1-------------------------------------------------
Subject: Contacts
I was going to arrange some sort of contact database, but then
cracking.net had one so I left it. It's sometimes hard to contact other
crackers. A trick is to do a xxx.home.ml.org search as many crackers use
ml.
There is a contact list on the forum, but the format isn't the best it
can be for this sort of thing. Anyone got time and space to set up
someting better?
~~
************************
-----#2-------------------------------------------------
Subject: security, cfs, unix.
Hi
People in our "line of work" can never be paranoid enough,
start protecting yourselvs.
get CFS, cryptographic file system:
**************************************************************************
Let me tell you about some sick idea of mine,
I took an old 486 box, installed OpenBSD on it, installed a 2gig HD,
installed CFS, installed SAMBA, and 100mbit network card.
now, all the file my windoze box uses, are mounted via a network drive
connected w/ a 100mbit link to the 486 box which uses CFS to protect my
files, sambaD is running as a fileserver.
that's all I have to say for now,
protect your files ;)
bye,
acpizer.
-----#3-------------------------------------------------
Subject: Re: New Generation of Crackers
Greetings everyone,
> But also the discussion about the "new generation of crackers" is quite
> interesting.
> I'm quite sad that a lot of REALLY good crackers and reversers see such bad
> chances for recruiting new crackers.
As long as there are sites like Fravia to show *cracking* in it's true
light, without the myths normal associated with *cracking* there will
always be the knowledge and encouragement to those seeking to become
*crackers*. I for one hope that Fravia isn't seriously thinking of
discontinuing with his work (yep, I read the blackboard too), such a
loss will leave a vacuum on the web that would take a very long time to
fill.
There is no question about restricting support or help towards new
crackers (my homepage is devoted 100% to Newbies interested in Reverse
Code Engineering) the point that was made earlier was that there are
more people who are interested in learning only the basic's of cracking
(in which case reading essays and tutorials on this subject will be
enough for them to get where they want) to those who have greater
aspirations and so seek further knowledge and support from experienced
crackers. It's these potential crackers with greater aspirations that of
course, should be offered all the help and support they need, but it can
be sometimes hard to see them among so many who are only interested in
this subject. Newbies finding their way to this mailing list on their
own initiative is one good example of those who wish to go further.
I had an email from a Shareware Author today (who's program I had
cracked and had posted an essay on how to crack his program on my web
page) who said:-
>>>>> Based on my own research, "warez" access is probably the third best
point-of-approach leading to sales behind media and retail access. If it
were possible within the law, I would connect myself with a warez group
I
knew could give my software wide distribution in cracked form, because
over
the last five products I have produced, there has *always* been a
significant sales leap within a month or two of hearing a report from a
user that my software had been cracked.
I will fight any publisher to the limit to get protection minimized for
this very reason. The single serial was chosen with all due
consideration
to the consequences. Had I to do it over again, I'd not have done more
than pop a splash nag on installation. This is the only one of my
personal
releases which I have ever truly crippled, and it was a horribly
expensive
mistake.
I have a page up at ****************************************************
that explains my position on software copyright to some degree...my
publishing agreements prevent me from speaking my mind and experience as
I'd like.<<<<<<<<<<
This author has some interesting ideas on Shareware & Freeware that
makes worth while!.
His main webpage is at:
**************************************************
Regards, The Sandman
-----#4-------------------------------------------------
Subject: +HCU ML Issue 243 space for malattia
Ehee... :) I'm sorry, but I don't know... really, I got it from a friend of
mine and I don't even know if it's online! Just wanted you to know it exists
and maybe find it... if it's not online I can upload it somewhere, but I
need A LOT of space, because it takes about 8 megs... and one last thing:
are you interested in it? Will you download it? Can you give me the space?
In this case, I'll upload it ASAP! :))
-*-------------
Make a chez page with faked front and upload behind just for us
*******************
(faked front IN FRENCH) (ne puoi trovare quante vuoi su mygale.com :-)
NON mandare il programma troppo in giro (la general maillist NON E' SICURA)
later
fravia+
-----#5-------------------------------------------------
Subject: HDD deletion (resend due to replay down)
I've recently performed a security wipe of my 6.4gb HD and it was SLOW.
The only way I can think of to quickly destroy information on a HD is to
open up the casing and apply a blowtorch (perhaps with some magnesium
powder for good measure).
Just taking the case off the computer to get to the HD takes time and if
we're talking seconds then the best way would be perhaps to prepare a
fake HD hidden under a floorboard and do a quick swap.
Regarding a secure chat client. I've heard of some which use SSL and
I've seen a chat client at one of the shareware depots (Tucows, I
think). I think that some IRC clients also support encryption.
~~
Ghiribizzo
-----#6-------------------------------------------------
Subject: re:MS Localization
HI
Sure i download it,but i've no fixed ftp or kinda stuff,strange to be the only one who want use this tool!tell me atleast where i can contact you in case of quick location on common free web for this..
towntown_at_usa_dot_net
cya
____________________________________________________________________
Get free e-mail and a permanent address at ******************************
=====End of Issue 244===================================
========================================================
+HCU Maillist Issue: 245 06/15/1998
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================
CONTENTS:
#1 Subject: ms localization
#2 Subject: gthorne - MS Localization and crypting
#3 Subject: A Few Thoughts
#4 Subject: none
ARTICLES:
-----#1-------------------------------------------------
Subject: ms localization
This is a multi-part message in MIME format.
------=_NextPart_000_0014_01BD9819.76C26E60
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi .+MaLaTTiA,
I would like to aquire MS Localization Studio 4.0 from you. I will be =
happy to provide the space.=20
let me know when you are able to, & I will organise it. I will then =
handle others requests for the prog if interest is there.
Thanks=20
HaQue [icq 1129107] boney(at)senet(dot)com(dot)au
------=_NextPart_000_0014_01BD9819.76C26E60
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi .+MaLaTTiA,
I would like to aquire MS =
Localization Studio=20
4.0 from you. I will be happy to provide the space.
let me know when you are able to, =
& I will=20
organise it. I will then handle others requests for the prog if interest =
is=20
there.
Thanks
HaQue [icq =
1129107] =20
boney(at)senet(dot)com(dot)au
------=_NextPart_000_0014_01BD9819.76C26E60--
-----#2-------------------------------------------------
Subject: gthorne - MS Localization and crypting
Message Body =
towntown - sounds like an excellent tool, usually it takes 2 days for responses to hit the list - sometimes more if people havent had time to read all the letters yet - and even longer if people are waiting to see what results are had
in other words: i know myself and probably quite a few others would love to play with MS Localization if it turns up for testing
also:
acpizer, great note on the file system - healthy paranoia is really another word for needed caution
+gthorne
-----#3-------------------------------------------------
Subject: A Few Thoughts
Hello Everyone
I know Fravia has a section on stupid software protection.
I just spend abit of playing around with Scitech Display Doctor
V6.52 ( latest release ). Medium level of protection, checks for stolen
codes, etc. But the encrpyting of the serial and your name
is an extreme plethora of Xoring, and all the information is stored
in lo32.idx file. But if you trace further you come to a cmp of the
serial number you have entered in with the real serial (NOT encrypted)
thus making the encryption process innocuous.This left me with feeling
of "What was all of that about?"
For those who are not aware of this program, it maybe a useful tool.
The Customiser
********************************
Allows you to interact with and manipulate all windows on your machine.
I tried it with VB4 program and it work on all the
windows except the Nag. Its a demo, so the reg version might had
captured it?
cheers Rundus
______________________________________________________
Get Your Private, Free Email at **********************
-----#4-------------------------------------------------
Subject: none
I'm happy to see you're interested in MS LocStudio, I'm trying to upload
it somewhere and make it available to you ASAP. I had a little problem
with Fortunecity, I set up an account just for the program but only later
I realized you can't upload files bigger than 1meg :-6
Well... I'll upload it ASAP on some other server, in the meanwhile please
be patient :)
byez,
.+MaLaTTiA.
=====End of Issue 245===================================
========================================================
+HCU Maillist Issue: 246 06/16/1998
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================
CONTENTS:
#1 Subject: gthorne - a few small security apps for the unfamiliar...
#2 Subject: Cheap way to detect API hook under 95/98
#3 Subject: Tools for Newbie
ARTICLES:
-----#1-------------------------------------------------
Subject: gthorne - a few small security apps for the unfamiliar...
Message Body =
just for fun heres a link with a few nice little security/encryption proggies on it some of the newer people might find fun to experiment with
**************************************************************
short and to the point, i kind of like it
+gthorne
-----#2-------------------------------------------------
Subject: Cheap way to detect API hook under 95/98
Allright, I dunno if anyone here is really interested,
but I thought some ppl would be...
API hooks are rather easy to detect. Stone has some source
for it on his site, but I haven't looked at it yet, plz bear
with me if this is pretty much the same as Stone's.
The main point with an API hook is that it alters the DWORD
PTR in the IAT to point to code we injected into the program's
address space.
But all system DLL's etc. reside above the 2 gigabyte border,
above 0x80000000. So we can pretty much decide that all API
calls whose IAT addresses point to something LOWER than that
are hooked and not where they're supposed to be.
This program works with TASM and TASM's way of compiling API
calls to a CALL to a JMP DWORD PTR [VALUE_IN_IAT].
VC++ and some other C compilers compile an API call to a direct
CALL DWORD PTR [VALUE_IN_IAT], so you'd have to modify the prog
a bit for that. Have a look at Winzip if you need an example,
it really is quite easy.
BTW: One last word of caution: Under Windows NT it is theoretically
possible to tell the system to load the system DLL's above the
3 gig border in order to free up more space for the Process's
Memory. This is AFAIK only available on NT server though and
rarely used. If it is used, this whole program is garbage tho :-)
.386P
JUMPS
LOCALS
.MODEL flat, stdcall
Extrn MessageBoxA:PROC
Extrn ExitProcess:PROC
.DATA
MsgBoxCaption db 'Caption',0
MsgBoxText db 'Text',0
MsgBoxText2 db 'The MessageBox has been fux0red with !',0
.CODE
Main:
int 3h
mov ebx, offset CheckHereLabel
mov eax, ebx
inc eax
mov ecx, dword ptr [eax] ; Get the displacement from the
; call
add ebx, 7 ; 5 bytes for the call, 2 for the jmp
add ebx, ecx ; and the displacement after the call
mov eax, dword ptr [ebx]
mov eax, dword ptr [eax] ; After this cramp we got the
; address the
cmp eax, 080000000h ; IAT is referring to. Compare it to
;080000000
jl IsProllyHooked
jmp ContinueHere
IsProllyHooked:
call MessageBoxA, 0, offset MsgBoxText2, offset MsgBoxText, 0
ContinueHere:
push 0
push offset MsgBoxCaption
push offset MsgBoxText
push 0
CheckHereLabel:
call MessageBoxA
call ExitProcess, LARGE-1
end Main
G'night ;-)
HalVar
______________________________________________________
Get Your Private, Free Email at **********************
-----#3-------------------------------------------------
Subject: Tools for Newbie
Hello!
I am looking for softice, w32dsm and hexworkshop...
Where please ?
Also, anyone interested in breaking passwd files on a super-computer,
peak perf. 2.2Gflops?
R_B
______________________________________________________
Get Your Private, Free Email at **********************
=====End of Issue 246===================================
========================================================
+HCU Maillist Issue: 247 06/17/1998
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================
CONTENTS:
#1 Subject: none
ARTICLES:
-----#1-------------------------------------------------
Subject: none
Hi Ghiribizzo! :)
>There is a contact list on the forum, but the format isn't the best it
>can be for this sort of thing. Anyone got time and space to set up
>someting better?
Hmmmm... I don't have time but I got the will... ;) Is it enough?
What can we do? Maybe a fast way to read it is just to put everything
in a "data" file (a comma delimited file is enough, I think) and a
SMALL reader... well if you have a comma delimited file you can even
import it in whichever mail program you like! :)
The problem is the update: everytime something changes (and we know
that it happens quite often!) you have to update the data file and
upload it again... :-\
Maybe something that lets users do it online, keeping the comma
delimited file?
The only problem would be trust... anyone can come there and change
some addresses to get other's mails... :-\
Hmmmm... I had an idea, but it's quite time-expensive (I wanted to
use it within the list):
- I set up a database "name-address" of all the subscribers.
- If you want to send a mail to Xxx you can write me and put, in the
subject, the string "send Xxx" or something like that
- I automatically forward the message to Xxx, then you're automatically
put in contact with him and, if he doesn't want, you don't even know
his address! He can reply you from his account and let you know, or use
a remailer and tell you to piss of... :)
The problem is: how many of you will use it? Is it safe (for me and
you)? Dunno... if there are only 5-6 guys that use it it's not worth
the time i spend to set it up. If ALL of you use it I won't even have
the time to go to the toilet 8-). It's possible to make it automatic
with a shell account: we set up a shell account, make some kind of
remailer there which does automatically the job described below, also
it is able to change all the information about everyone. You just
have to mail it the changes with a password that identifies you and
that is given to you the first time you leave your infos.
Nice! The problem is: what about the guys that host the shell account?
They read all the infos... well if they're online now it's almost the
same thing :)
Hi +Fravia! :)
>Make a chez page with faked front and upload behind just for us
********************
Hmmmm... there's written they have suspended the service... anyway I
found some space elsewhere, thanx! :)
>NON mandare il programma troppo in giro (la general maillist NON E' SICURA)
... e piena di compatrioti ;')
Anyway... don't worry... I completely agree with you and (I hope) the
program won't be in the "best 50 warez sites" in a week...
SO, GUYS! You want MS LocStudio? Send an e-mail to me ONLY IF YOU ARE
_REALLY_ INTERESTED in it and I'll give you the address from where you
can dload it... Why do I say only if you are really interested? Easy!
First of all, it's a HUGE download (~8 megz).
Second, since I WON'T track downloads, the only feedback of who will
download the program is your email. With it, I'll consider you RESPONSIBLE
of whatever will happen to that file! Since this is a friend's copy, and
I don't want it to be put in warez sites or anything like that, if I
find it somewhere else than my site (or my +friend's ones) ALL the guys
that asked me for the address will be considered responsible of that
(even the ones that didn't actually dowload the file) and won't ever
have anything else from me. I think I'm not asking too much after all...
if you don't spread the proggie and give it just to trusted friends,
for instance, you won't ever be "banned"... and if something bad happens
to that file and I find the REAL guilty one (and he's on my list) I'll
ban only him! But if the guilty is not on the list... well, I think you
understood!
byez,
.+MaLaTTiA.
=====End of Issue 247===================================
========================================================
+HCU Maillist Issue: 248 06/18/1998
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================
CONTENTS:
#1 Subject: contact list
#2 Subject: Ms LOCStudio, and more.
#3 Subject: something interesting
ARTICLES:
-----#1-------------------------------------------------
Subject: contact list
Dear MaLaTTiA,
>Hmmmm... I had an idea, but it's quite time-expensive (I wanted to
>use it within the list):
I am not sure how the mail list actually works in this case, but other
mail lists I subscribe to have server commands that allow you to be sent
a list of current subscribers. There is also a facility for remaining
anonymous and not showing up on the list. As the server handles all
requests, there is not any extra work, although you do have to put up
with messages to the list that should have been directed to the server :(
Later
Vrax
-----#2-------------------------------------------------
Subject: Ms LOCStudio, and more.
Hi all !!! Long time no read !!!
Hi +Malattia !!
Sorry for late response, but i was off line for a while ;( From what you
wrote I assume You have allready foud a good site for MSLS. If not then
we can arrange a fake site at my location, with no space barriers. If
yore intrested mail me and it will be done in notime.
The next thing is Web Fast Picobello. A progiie i have installed lately.
It might have an interesting protectin since :
!) in the intall process it asks to turn off viri protectors so it can
MARK yor computer in an NON SYSTEM space on HD.
2) to regg it you have to contact their web site, and then the web
server registrates you and unlocks the prggie.
I didnt work on it yet 'cos the exe is >8MB. (and it doesn't work with
my scanner ;((, but it seems like something interesting doesn't it ???
Kubak
-----#3-------------------------------------------------
Subject: something interesting
Hello all,
here's something you might find interesting: *************
it's a free beta program that allows you to phone your computer from
somewhere and have it connect to the internet.
WAFNA
=====End of Issue 248===================================
========================================================
+HCU Maillist Issue: 249 06/19/1998
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================
CONTENTS:
#1 Subject: Did I blinked or what?
ARTICLES:
-----#1-------------------------------------------------
Subject: Did I blinked or what?
Hail +All:
Where are 2 of my favorite contributors? Of course, I speak of +Mammon
and +Rezident. Apparently, these two and a few others are working on a
dynamic project called Visual Assembler. Of major impact is how they
got this project launched, organized and the progress they made over a
short period of time and with so little fanfare. The boardroom setup
they used to communicate and chronicle their progress with the project
is most interesting. It's a great case study for mega projects
builders.
Eventually you can get the finish product or read about it after it's
all done at +fravia but you will miss the magic of what took place at
**************************
Very inspirational stuff to see a team of HCU'ers at work. I doubt that
+Mammon will package the background stuff along with the actual program
in the final release so you better Teleport it before it disappears.
Again, what can I say? Individually, you two were admirable but as a
team you are bringing to reality what +Orc and +fravia dream of.
wlc
=====End of Issue 249===================================
========================================================
+HCU Maillist Issue: 250 06/21/1998
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================
CONTENTS:
#1 Subject: Just a Test
#2 Subject: none
#3 Subject: FileCrypto
#4: Subject: Re: Just a Test
ARTICLES:
-----#1-------------------------------------------------
Subject: Just a Test
Hello Everyone
I see that some of my articles are not appearing and getting lost in the
system somewhere. Iam sure there must be a program you can use to
track delivery of your Email.
cheers Rundus
______________________________________________________
Get Your Private, Free Email at **********************
-----#2-------------------------------------------------
Subject: none
>I am not sure how the mail list actually works in this case, but other
>mail lists I subscribe to have server commands that allow you to be sent
>a list of current subscribers. There is also a facility for remaining
>anonymous and not showing up on the list. As the server handles all
>requests, there is not any extra work, although you do have to put up
>with messages to the list that should have been directed to the server :(
Ehehe... this would be very nice ;)
But, you see, for security reasons and full control in handling it, this
ml is manually managed: I personally read all the messages that arrive to
***************** and control the building of the digests and so on...
this can be very useful, for instance, if somebody erroneously sends a
message to **************** instead of ************* or vice versa, also
you can talk to a person in plain english (or italian, if you like ;)
and not to a bot with cryptic keywords :)
From the other side, there is a little time-problem... but I'm going to
build a new software which will run the list almost automatically and
automatically answer to some predefined keywords... but I'll be there to
read the plain english messages anyway of course ;)
byez,
.+MaLaTTiA.
-----#3-------------------------------------------------
Subject: FileCrypto
Data Fellows ******************** ******************** has announced FileCrypto, encrypting driver for NT 4.0. User can choose between 3DES and Blowfish algorithms. Encryption of whole disk (incl. temporary files) is possible. 99 dollars. Don't know if there is shareware version on the net (currently I'm without full internet access).
Jack of Shadows
-----#4-------------------------------------------------
Subject: Re: Just a Test
>Hello Everyone
>
>I see that some of my articles are not appearing and getting lost in the
>system somewhere. Iam sure there must be a program you can use to
>track delivery of your Email.
Hmmm... it's strange... I personally download all the files from the address
************* points to, and I can assure you nothing gets lost while
downloading from there. Maybe there's a problem with the forwarding from
iname, in this case I don't know if I can handle it with some program (tell
me if you know a way... maybe we can just stop using the forwarder, but it
could give us some problem if there's an address change).
Anyway, EVERY time you see that something like this happens, please mail me
immediately and I'll try to see if I can understand what happened.
byez,
.+MaLaTTiA.
=====End of Issue 250===================================