Reverse Code Engineering RCE CD +sandman 2000

home *** CD-ROM | disk | FTP | other *** search

/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / Library / +HCU / 241-250.TXT < prev

Wrap

Text File | 2000-05-25 | 48KB | 1,243 lines

======================================================== +HCU Maillist Issue: 241 06/10/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: more junk #2 Subject: re: Next Generation of Crackers #3 Subject: Tazer: Zero - ing partition table ARTICLES: -----#1------------------------------------------------- Subject: more junk hey all, well, i'm not trying to spam the list, but it might seem that way. ;-) an observation from my recent virus incident that seems to fit into the current thread concerning data security, etc. after being virused, i used the 'floppy of death' disk and formatted a total of 4 times. afterwards, i used norton unerase to try to find the original .com file that infected me. i ended up finding almost 40 files, including several icq messages i sent to gthorne and some irc logs. i was only searching for the text 'missilena' (the name of the virus i got). a subsequent search for all recoverable files found over 6,000 files in under %40 of my hard drive's unused space. just an illustration of how depending on a format to clean a drive is not a secure solution. this is software available to Joe User. imagine what real data recovery software might have found...? newbcrack -----#2------------------------------------------------- Subject: re: Next Generation of Crackers Hi, i agree to The Sandman way about hidden activities.Too many ppl want the last essay,lessons,crackme to fill their webpage to make it attractive to 'fashion crackers page'.The only way of mailinglist is not to be largewide spreaded ppl,how many loosy look at an essay and say 'ohh really lame,i could do it too,it's not difficult then'. Close knowledges to lame and not-ready-for-this www guys. The biggest ftp sites where all releases come from are deep closed and hidden and they continue bigger and faster,thats a matter of protection!. You want learn to crack,but now ther is much enough avail on web,dont throw anymore in p pubc web the easy face of crack. +ceban ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: Tazer: Zero - ing partition table Hi to all of you! newbcrack , zeroing partition table is not an answer ! It is a five minute work to rebuild it. Destroying electronic hardware is better, but even in this case the info is still recuperable. Best Regards , Iceman ______________________________________________________ Get Your Private, Free Email at ********************** =====End of Issue 241=================================== ======================================================== +HCU Maillist Issue: 242 06/11/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: gthorne - this one is interesting #2 Subject: none #3 Subject: Hard Drive & Partitions #4 Subject: HDD Deletion #5 Subject: more meditations. HD. ARTICLES: -----#1------------------------------------------------- Subject: gthorne - this one is interesting Message Body = *************** apparently some kind of proggies designed to act like a lie detector online (kinda creepy, thought you guys would wanna take a peek) +gthorne -----#2------------------------------------------------- Subject: none Hi +all! :) I'm giving a look to MS Localization Studio 4.0 right now... IT'S POWERFUL!!! It seems to be a resource editor better than Borland Resource Workshop! The only problem is that it's quite big (the installation files are more than 7 megs)... Have you ever tried it? I remember I tried some time ago to open Winamp with BRW and failed, but this program opens it without any problem and I can see EVERY resource contained in the executable! Nice, really... :) byez, .+MaLaTTiA. -----#3------------------------------------------------- Subject: Hard Drive & Partitions Hi all, I'm no expert on electronics but surly if you were to setup a kinda electro-magnetic pulse or just about any kind of magnetic field (certain frequency ranges are better than a wide range field) around a pc then wouldn't this scramble the data on a hard disk?. If we can't completely ease the data on a hard disk then why not scramble it so that it would be completely unreadable. Since a magnetic field is completely random it would be like using an encryption key on all your data only there wouldn't be any key to de-scramble the data back into it's original format again. The Partition table would also be scrambled as well..:) If you really want to make things even more difficult for anyone to 'read' the hard disk then frying the internal components as suggest a few articles ago would certainly help here as well. Regards, The Sandman -----#4------------------------------------------------- Subject: HDD Deletion I've recently performed a security wipe of my 6.4gb HD and it was SLOW. The only way I can think of to quickly destroy information on a HD is to open up the casing and apply a blowtorch (perhaps with some magnesium powder for good measure). Just taking the case off the computer to get to the HD takes time and if we're talking seconds then the best way would be perhaps to prepare a fake HD hidden under a floorboard and do a quick swap. Regarding a secure chat client. I've heard of some which use SSL and I've seen a chat client at one of the shareware depots (Tucows, I think). I think that some IRC clients also support encryption. ~~ Ghiribizzo -----#5------------------------------------------------- Subject: more meditations. HD. We are speaking on these topics, because we are interested in our security. Through communications we get outside of the house, and we have examined the security of our communications, and we could not get a satisfactory answer as we do not know the range of possibilities of the professionals. And our house is our HD, where all data is stocked, and we have to transform our house in a fortress. Our fortress should resist any attack, logical or physical. 1) Logical. The disk should be inaccessible for : a) reading, even through diskette, even after being brought to a lab, b) writing, for virus protection. 2) Physical. It should be physically inaccessible. Here are some primitive solutions, some of them have been tested. First we begin with ROM. Passwording ROM access is not a good solution as it can easily be bypassed through removing or discharging the battery. Another inconveniance is a great danger of electricity cutdown during ROM manipulations. I had a bad experience of the electricity instant cutdown due to a storm lightning precisely during the computer booting. But reprogramming and upgrading of BIOS contains enormous possibilities. One should do it with a thorough knowledge, it is not a testing field. I have not found any programming documentation; please any information on the subject. Then the booting partition. Manual multiboot: several partitions without multiboot program. Switching is being made either by FDISK or by a disk editor (one has to change 3 or 4 hex numbers in the boot sector). Purpose: to hide certain partitions to the intruder. Programming of the partitions is limited because of BIOS dictatorship. A joined BIOS-BOOT programming would be a brilliant solution to any human or virus intruders. Boot itself is passworded. Then boot loads OS. Split it: a vital part should be on a diskette, which you hide somewhere. OS should know where to search it; in its absence a strong Bell sound is emitted, without displaying the name of the lacking files. As OS constantly needs a flopyy, you should install the second floppy driver. Splitting OS is a temporary solution: one can reinstall the deficient OS. The best solution is elaborating your own OS with its own FAT table with descending compatibility: it can read other 0S files, and no OS can read yours. Writing on HD should be non-sequential and cryptical, to prevent any lab reading. It is the most difficult and time-consuming task and acceptable only for the obsessed by security. It would be also a secure bulwork against virus attacks. After a logical failure, the infuriated assailant would try to destroy it physically. The efficient defence is difficult. Other people have already examined the problem and found a good solution. Those people are in the US, while they have studied the survival of computers and its data in case of a devastating nuclear attack. Their solution: a secure networking, where destruction of a part would not destroy the whole. For our case it would something like this: you create your mini-LAN with secure cables (inside the walls or wireless). You work with a terminal (a small or a diskless computer, a notebook, etc.), the server is physically inaccessible: in a solid locked iron box with some holes for ventilation, it is permenantly chained to something irremovable. It can be dissimulated in the apartment, in underground, in somebody's else apartment, in another building. The rich people can put it even abroad, in an African desert or in Amazonian jungles, as they can support the communications costs. But the long distances encrease the risk of communications interception. For a better security one can put a mirror server in another place. Using anonymously an Internet server as storage, as it was mentionned in our list, is unsecure and acceptable only for data to consult. Another good solution: a removable HD. For those interesting in philosophical approach in solving computer problems, I can recommend the book of P.A.Lee&C.Phillips, "The apprentice C++ Programmer. A Touch od Class", 1997 (ftp.thomson.com, or ************** com, or ************************** AZ111. =====End of Issue 242=================================== ======================================================== +HCU Maillist Issue: 243 06/13/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #0 Subject: this maillist #1 Subject: more meditations. Introduction. #2 Subject: Hard Drive #3 Subject: checksum ? #4 Subject: re:MS localization #5 Subject: different stuff #6 Subject: MS locstudio ARTICLES: -----#0------------------------------------------------- Subject: this maillist Hi +All! :)) Sorry I didn't send the list yesterday... anyway, you should have noticed i usually don't send the ml on saturday: this is because I usually come back home quite late and in this period I need some more time to sleep... :) But don't worry, since I was out yesterday night I send this issue today! :) byez, .+MaLaTTiA. -----#1------------------------------------------------- Subject: more meditations. Introduction. I like classifying everything, typically a librarian work, as it was noticed to me by one of you. It is because of my research experience in libraries. But i go further: after having defined the problem and the available sources, I go straigt to the solution. Do not rebuke me and shut down if you have nothing to propose. I have intentionally used the term 'cryptology' instead of 'cryptography': their reciprocal relations as between reverse engineering and programming. No books on reverse engineering, but the knowledge of programming languages is indispensable for good results. Why especially the assembly language? because of the existance of debuggers, while with high languages you have to posess the source code. J.Duntemann ("Assembly language") qualified a debugger as a cracker's best friend. What would be a cracker without a debugger? It is a case with cryptology. I have no knowledge about probable tools in NSA and in corresponding bodies in other countries. One can add: "And they should not exist for legal reasons. That's why you see no books teaching how to decrypt what was encrypted by somebody else. You can learn only how to encrypt your own files". Well, it's another topic, as with reverse engineering. The point raised here is that in reverse engineering they have tools to open what was written by somebody else. In any a case, some companies, to advertise their product, o pubcly challenge with a price everybody able to break their code, and it helps them to improve it. And there are official results. Another aspect for example: to be protected against eavesdropping, one has first to learn how it is done and the limits. Since I raised the topic, here are some scare references from the cold war annals for those who wants to investigate. 1) Philby references regarding his job in Washington: all encoded wireless messages are systematically registered, waiting for the right moment. As decrypting technique constantly evolves, at certain time it would be possible to crack the ancient, less complicated messages. (compare the +ORC advice to begin with ancient protectionist schemes). 2) At the height of cold war it was revealed that Kremlin local wireless encrypted conversations could be captured from sattelites and decrypted. Indignations in the Soviet press. 3) Western countries were forced to develop decrypting techniques because of the iron curtain, while the Soviets traditionally were relied on humint and interception of communications, and they had a large infrastructure for it. In general, every endoctrinated country tends to humint. 4) Arrest in Teheran of trade representatives of a Swiss company selling encoding machines. Espionage accusations, see press covership. I do not mention numerous cases of physycal stealing of codes, which belong to humint. End of part I. Introduction. Part II. HD is your fortress. (sent as a second message). AZ111. -----#2------------------------------------------------- Subject: Hard Drive Hello Everyone >I'm no expert on electronics but surly if you were to setup a kinda >electro-magnetic pulse or just about any kind of magnetic field (certain >frequency ranges are better than a wide range field) around a pc then >wouldn't this scramble the data on a hard disk?. I think such a device would be hard to control in its output range, unless it was placed inside the hard disk's case. ( intensity verus spread of field ) to destroy data. But then again for scrambling maybe just mounted next to it would do the job. Hello Ghiribizzo Could I please have your Email. I would like to discuss something with you on a one to one. cheers Rundus ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: checksum ? I sort of new at cracking , but I am really interested in this subject. Recently Ive been working on cracking a program which when patched crashes. Using softice Im pretty sure the loader in winnt is detecting that it has been tampered with. Ive downloaded a pe header extraction program which displays the checksum as 0000000. When use softice to load the program it seems like winnt has screwed up the program already. Is there a way using softice to actually debug the loading process Thanks for any help. -----#4------------------------------------------------- Subject: re:MS localization Hi Malattia, you just posted here a stunning view of MS localization but were also fine to post the url where i can get it! I'm not dumb and dont say search the web,i've done it,but a name like localization and common by ms engine is not easy to find and i take much interest to a tool who stund you! anyway,dont take it bad,but spare me a lot of time to look the web! thanks! towntown_at_usa(dot)net ____________________________________________________________________ Get free e-mail and a permanent address at ****************************** -----#5------------------------------------------------- Subject: different stuff First, I enjoy reading the high quality articles of this mail list everyday. Especially +gthorne with his long articles (yes, quality AND quantity) about security is very good. But also the discussion about the "new generation of crackers" is quite interesting. I'm quite sad that a lot of REALLY good crackers and reversers see such bad chances for recruiting new crackers. Some time ago (I think more than a year) I wrote an essay about cracking W32Dasm. It was the last one, afterwards the section was closed. Inside the essay was a little failure, which crashed some version of Win95. I'm still getting eMails from people who try to follow the essay and fail on this little mistake, done by me. That should tell us, that there aren't only a lot of people producing hits at fravia's page, but there are also people reading and trying to understand these essays. New crackers are coming and they will learn how to crack. One and a half year ago, I were only able to program, but then I found fravia's page and I learned how to crack. In my opinion this process of finding and learning is still going on, but would prevented by closing this wonderfull site. Lord Caligo wants to retire and fravia also doesn't want to continue his wonderfull work (as mentioned in the last "blackbord", I hope this was a joke). I hope that the good sites on the inet will stay, cause this will give a chance to the willing people. TWD -----#6------------------------------------------------- Subject: MS locstudio >Hi Malattia, >you just posted here a stunning view of MS localization but were also >fine to post the url where i can get it! Ehee... :) I'm sorry, but I don't know... really, I got it from a friend of mine and I don't even know if it's online! Just wanted you to know it exists and maybe find it... if it's not online I can upload it somewhere, but I need A LOT of space, because it takes about 8 megs... and one last thing: are you interested in it? Will you download it? Can you give me the space? In this case, I'll upload it ASAP! :)) byez, .+MaLaTTiA. =====End of Issue 243=================================== ======================================================== +HCU Maillist Issue: 244 06/14/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Contacts #2 Subject: security, cfs, unix. #3 Subject: Re: New Generation of Crackers #4 Subject: +HCU ML Issue 243 space for malattia #5 Subject: HDD deletion (resend due to replay down) #6 Subject: re:MS Localization ARTICLES: -----#1------------------------------------------------- Subject: Contacts I was going to arrange some sort of contact database, but then cracking.net had one so I left it. It's sometimes hard to contact other crackers. A trick is to do a xxx.home.ml.org search as many crackers use ml. There is a contact list on the forum, but the format isn't the best it can be for this sort of thing. Anyone got time and space to set up someting better? ~~ ************************ -----#2------------------------------------------------- Subject: security, cfs, unix. Hi People in our "line of work" can never be paranoid enough, start protecting yourselvs. get CFS, cryptographic file system: ************************************************************************** Let me tell you about some sick idea of mine, I took an old 486 box, installed OpenBSD on it, installed a 2gig HD, installed CFS, installed SAMBA, and 100mbit network card. now, all the file my windoze box uses, are mounted via a network drive connected w/ a 100mbit link to the 486 box which uses CFS to protect my files, sambaD is running as a fileserver. that's all I have to say for now, protect your files ;) bye, acpizer. -----#3------------------------------------------------- Subject: Re: New Generation of Crackers Greetings everyone, > But also the discussion about the "new generation of crackers" is quite > interesting. > I'm quite sad that a lot of REALLY good crackers and reversers see such bad > chances for recruiting new crackers. As long as there are sites like Fravia to show *cracking* in it's true light, without the myths normal associated with *cracking* there will always be the knowledge and encouragement to those seeking to become *crackers*. I for one hope that Fravia isn't seriously thinking of discontinuing with his work (yep, I read the blackboard too), such a loss will leave a vacuum on the web that would take a very long time to fill. There is no question about restricting support or help towards new crackers (my homepage is devoted 100% to Newbies interested in Reverse Code Engineering) the point that was made earlier was that there are more people who are interested in learning only the basic's of cracking (in which case reading essays and tutorials on this subject will be enough for them to get where they want) to those who have greater aspirations and so seek further knowledge and support from experienced crackers. It's these potential crackers with greater aspirations that of course, should be offered all the help and support they need, but it can be sometimes hard to see them among so many who are only interested in this subject. Newbies finding their way to this mailing list on their own initiative is one good example of those who wish to go further. I had an email from a Shareware Author today (who's program I had cracked and had posted an essay on how to crack his program on my web page) who said:- >>>>> Based on my own research, "warez" access is probably the third best point-of-approach leading to sales behind media and retail access. If it were possible within the law, I would connect myself with a warez group I knew could give my software wide distribution in cracked form, because over the last five products I have produced, there has *always* been a significant sales leap within a month or two of hearing a report from a user that my software had been cracked. I will fight any publisher to the limit to get protection minimized for this very reason. The single serial was chosen with all due consideration to the consequences. Had I to do it over again, I'd not have done more than pop a splash nag on installation. This is the only one of my personal releases which I have ever truly crippled, and it was a horribly expensive mistake. I have a page up at **************************************************** that explains my position on software copyright to some degree...my publishing agreements prevent me from speaking my mind and experience as I'd like.<<<<<<<<<< This author has some interesting ideas on Shareware & Freeware that makes worth while!. His main webpage is at: ************************************************** Regards, The Sandman -----#4------------------------------------------------- Subject: +HCU ML Issue 243 space for malattia Ehee... :) I'm sorry, but I don't know... really, I got it from a friend of mine and I don't even know if it's online! Just wanted you to know it exists and maybe find it... if it's not online I can upload it somewhere, but I need A LOT of space, because it takes about 8 megs... and one last thing: are you interested in it? Will you download it? Can you give me the space? In this case, I'll upload it ASAP! :)) -*------------- Make a chez page with faked front and upload behind just for us ******************* (faked front IN FRENCH) (ne puoi trovare quante vuoi su mygale.com :-) NON mandare il programma troppo in giro (la general maillist NON E' SICURA) later fravia+ -----#5------------------------------------------------- Subject: HDD deletion (resend due to replay down) I've recently performed a security wipe of my 6.4gb HD and it was SLOW. The only way I can think of to quickly destroy information on a HD is to open up the casing and apply a blowtorch (perhaps with some magnesium powder for good measure). Just taking the case off the computer to get to the HD takes time and if we're talking seconds then the best way would be perhaps to prepare a fake HD hidden under a floorboard and do a quick swap. Regarding a secure chat client. I've heard of some which use SSL and I've seen a chat client at one of the shareware depots (Tucows, I think). I think that some IRC clients also support encryption. ~~ Ghiribizzo -----#6------------------------------------------------- Subject: re:MS Localization HI Sure i download it,but i've no fixed ftp or kinda stuff,strange to be the only one who want use this tool!tell me atleast where i can contact you in case of quick location on common free web for this.. towntown_at_usa_dot_net cya ____________________________________________________________________ Get free e-mail and a permanent address at ****************************** =====End of Issue 244=================================== ======================================================== +HCU Maillist Issue: 245 06/15/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: ms localization #2 Subject: gthorne - MS Localization and crypting #3 Subject: A Few Thoughts #4 Subject: none ARTICLES: -----#1------------------------------------------------- Subject: ms localization This is a multi-part message in MIME format. ------=_NextPart_000_0014_01BD9819.76C26E60 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi .+MaLaTTiA, I would like to aquire MS Localization Studio 4.0 from you. I will be = happy to provide the space.=20 let me know when you are able to, & I will organise it. I will then = handle others requests for the prog if interest is there. Thanks=20 HaQue [icq 1129107] boney(at)senet(dot)com(dot)au ------=_NextPart_000_0014_01BD9819.76C26E60 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.3110.2"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT color=3D#000000 size=3D2>Hi .+MaLaTTiA,</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2>I would like to aquire MS = Localization Studio=20 4.0 from you. I will be happy to provide the space. </FONT></DIV> <DIV><FONT color=3D#000000 size=3D2>let me know when you are able to, = & I will=20 organise it. I will then handle others requests for the prog if interest = is=20 there.</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2>Thanks </FONT></DIV> <DIV><FONT color=3D#000000 size=3D2>HaQue [icq = 1129107] =20 boney(at)senet(dot)com(dot)au</FONT></DIV></BODY></HTML> ------=_NextPart_000_0014_01BD9819.76C26E60-- -----#2------------------------------------------------- Subject: gthorne - MS Localization and crypting Message Body = towntown - sounds like an excellent tool, usually it takes 2 days for responses to hit the list - sometimes more if people havent had time to read all the letters yet - and even longer if people are waiting to see what results are had in other words: i know myself and probably quite a few others would love to play with MS Localization if it turns up for testing also: acpizer, great note on the file system - healthy paranoia is really another word for needed caution +gthorne -----#3------------------------------------------------- Subject: A Few Thoughts Hello Everyone I know Fravia has a section on stupid software protection. I just spend abit of playing around with Scitech Display Doctor V6.52 ( latest release ). Medium level of protection, checks for stolen codes, etc. But the encrpyting of the serial and your name is an extreme plethora of Xoring, and all the information is stored in lo32.idx file. But if you trace further you come to a cmp of the serial number you have entered in with the real serial (NOT encrypted) thus making the encryption process innocuous.This left me with feeling of "What was all of that about?" For those who are not aware of this program, it maybe a useful tool. The Customiser ******************************** Allows you to interact with and manipulate all windows on your machine. I tried it with VB4 program and it work on all the windows except the Nag. Its a demo, so the reg version might had captured it? cheers Rundus ______________________________________________________ Get Your Private, Free Email at ********************** -----#4------------------------------------------------- Subject: none I'm happy to see you're interested in MS LocStudio, I'm trying to upload it somewhere and make it available to you ASAP. I had a little problem with Fortunecity, I set up an account just for the program but only later I realized you can't upload files bigger than 1meg :-6 Well... I'll upload it ASAP on some other server, in the meanwhile please be patient :) byez, .+MaLaTTiA. =====End of Issue 245=================================== ======================================================== +HCU Maillist Issue: 246 06/16/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: gthorne - a few small security apps for the unfamiliar... #2 Subject: Cheap way to detect API hook under 95/98 #3 Subject: Tools for Newbie ARTICLES: -----#1------------------------------------------------- Subject: gthorne - a few small security apps for the unfamiliar... Message Body = just for fun heres a link with a few nice little security/encryption proggies on it some of the newer people might find fun to experiment with ************************************************************** short and to the point, i kind of like it +gthorne -----#2------------------------------------------------- Subject: Cheap way to detect API hook under 95/98 Allright, I dunno if anyone here is really interested, but I thought some ppl would be... API hooks are rather easy to detect. Stone has some source for it on his site, but I haven't looked at it yet, plz bear with me if this is pretty much the same as Stone's. The main point with an API hook is that it alters the DWORD PTR in the IAT to point to code we injected into the program's address space. But all system DLL's etc. reside above the 2 gigabyte border, above 0x80000000. So we can pretty much decide that all API calls whose IAT addresses point to something LOWER than that are hooked and not where they're supposed to be. This program works with TASM and TASM's way of compiling API calls to a CALL to a JMP DWORD PTR [VALUE_IN_IAT]. VC++ and some other C compilers compile an API call to a direct CALL DWORD PTR [VALUE_IN_IAT], so you'd have to modify the prog a bit for that. Have a look at Winzip if you need an example, it really is quite easy. BTW: One last word of caution: Under Windows NT it is theoretically possible to tell the system to load the system DLL's above the 3 gig border in order to free up more space for the Process's Memory. This is AFAIK only available on NT server though and rarely used. If it is used, this whole program is garbage tho :-) .386P JUMPS LOCALS .MODEL flat, stdcall Extrn MessageBoxA:PROC Extrn ExitProcess:PROC .DATA MsgBoxCaption db 'Caption',0 MsgBoxText db 'Text',0 MsgBoxText2 db 'The MessageBox has been fux0red with !',0 .CODE Main: int 3h mov ebx, offset CheckHereLabel mov eax, ebx inc eax mov ecx, dword ptr [eax] ; Get the displacement from the ; call add ebx, 7 ; 5 bytes for the call, 2 for the jmp add ebx, ecx ; and the displacement after the call mov eax, dword ptr [ebx] mov eax, dword ptr [eax] ; After this cramp we got the ; address the cmp eax, 080000000h ; IAT is referring to. Compare it to ;080000000 jl IsProllyHooked jmp ContinueHere IsProllyHooked: call MessageBoxA, 0, offset MsgBoxText2, offset MsgBoxText, 0 ContinueHere: push 0 push offset MsgBoxCaption push offset MsgBoxText push 0 CheckHereLabel: call MessageBoxA call ExitProcess, LARGE-1 end Main G'night ;-) HalVar ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: Tools for Newbie Hello! I am looking for softice, w32dsm and hexworkshop... Where please ? Also, anyone interested in breaking passwd files on a super-computer, peak perf. 2.2Gflops? R_B ______________________________________________________ Get Your Private, Free Email at ********************** =====End of Issue 246=================================== ======================================================== +HCU Maillist Issue: 247 06/17/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: none ARTICLES: -----#1------------------------------------------------- Subject: none Hi Ghiribizzo! :) >There is a contact list on the forum, but the format isn't the best it >can be for this sort of thing. Anyone got time and space to set up >someting better? Hmmmm... I don't have time but I got the will... ;) Is it enough? What can we do? Maybe a fast way to read it is just to put everything in a "data" file (a comma delimited file is enough, I think) and a SMALL reader... well if you have a comma delimited file you can even import it in whichever mail program you like! :) The problem is the update: everytime something changes (and we know that it happens quite often!) you have to update the data file and upload it again... :-\ Maybe something that lets users do it online, keeping the comma delimited file? The only problem would be trust... anyone can come there and change some addresses to get other's mails... :-\ Hmmmm... I had an idea, but it's quite time-expensive (I wanted to use it within the list): - I set up a database "name-address" of all the subscribers. - If you want to send a mail to Xxx you can write me and put, in the subject, the string "send Xxx" or something like that - I automatically forward the message to Xxx, then you're automatically put in contact with him and, if he doesn't want, you don't even know his address! He can reply you from his account and let you know, or use a remailer and tell you to piss of... :) The problem is: how many of you will use it? Is it safe (for me and you)? Dunno... if there are only 5-6 guys that use it it's not worth the time i spend to set it up. If ALL of you use it I won't even have the time to go to the toilet 8-). It's possible to make it automatic with a shell account: we set up a shell account, make some kind of remailer there which does automatically the job described below, also it is able to change all the information about everyone. You just have to mail it the changes with a password that identifies you and that is given to you the first time you leave your infos. Nice! The problem is: what about the guys that host the shell account? They read all the infos... well if they're online now it's almost the same thing :) Hi +Fravia! :) >Make a chez page with faked front and upload behind just for us ******************** Hmmmm... there's written they have suspended the service... anyway I found some space elsewhere, thanx! :) >NON mandare il programma troppo in giro (la general maillist NON E' SICURA) ... e piena di compatrioti ;') Anyway... don't worry... I completely agree with you and (I hope) the program won't be in the "best 50 warez sites" in a week... SO, GUYS! You want MS LocStudio? Send an e-mail to me ONLY IF YOU ARE _REALLY_ INTERESTED in it and I'll give you the address from where you can dload it... Why do I say only if you are really interested? Easy! First of all, it's a HUGE download (~8 megz). Second, since I WON'T track downloads, the only feedback of who will download the program is your email. With it, I'll consider you RESPONSIBLE of whatever will happen to that file! Since this is a friend's copy, and I don't want it to be put in warez sites or anything like that, if I find it somewhere else than my site (or my +friend's ones) ALL the guys that asked me for the address will be considered responsible of that (even the ones that didn't actually dowload the file) and won't ever have anything else from me. I think I'm not asking too much after all... if you don't spread the proggie and give it just to trusted friends, for instance, you won't ever be "banned"... and if something bad happens to that file and I find the REAL guilty one (and he's on my list) I'll ban only him! But if the guilty is not on the list... well, I think you understood! byez, .+MaLaTTiA. =====End of Issue 247=================================== ======================================================== +HCU Maillist Issue: 248 06/18/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: contact list #2 Subject: Ms LOCStudio, and more. #3 Subject: something interesting ARTICLES: -----#1------------------------------------------------- Subject: contact list Dear MaLaTTiA, >Hmmmm... I had an idea, but it's quite time-expensive (I wanted to >use it within the list): I am not sure how the mail list actually works in this case, but other mail lists I subscribe to have server commands that allow you to be sent a list of current subscribers. There is also a facility for remaining anonymous and not showing up on the list. As the server handles all requests, there is not any extra work, although you do have to put up with messages to the list that should have been directed to the server :( Later Vrax -----#2------------------------------------------------- Subject: Ms LOCStudio, and more. Hi all !!! Long time no read !!! Hi +Malattia !! Sorry for late response, but i was off line for a while ;( From what you wrote I assume You have allready foud a good site for MSLS. If not then we can arrange a fake site at my location, with no space barriers. If yore intrested mail me and it will be done in notime. The next thing is Web Fast Picobello. A progiie i have installed lately. It might have an interesting protectin since : !) in the intall process it asks to turn off viri protectors so it can MARK yor computer in an NON SYSTEM space on HD. 2) to regg it you have to contact their web site, and then the web server registrates you and unlocks the prggie. I didnt work on it yet 'cos the exe is >8MB. (and it doesn't work with my scanner ;((, but it seems like something interesting doesn't it ??? Kubak -----#3------------------------------------------------- Subject: something interesting Hello all, here's something you might find interesting: ************* it's a free beta program that allows you to phone your computer from somewhere and have it connect to the internet. WAFNA =====End of Issue 248=================================== ======================================================== +HCU Maillist Issue: 249 06/19/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Did I blinked or what? ARTICLES: -----#1------------------------------------------------- Subject: Did I blinked or what? Hail +All: Where are 2 of my favorite contributors? Of course, I speak of +Mammon and +Rezident. Apparently, these two and a few others are working on a dynamic project called Visual Assembler. Of major impact is how they got this project launched, organized and the progress they made over a short period of time and with so little fanfare. The boardroom setup they used to communicate and chronicle their progress with the project is most interesting. It's a great case study for mega projects builders. Eventually you can get the finish product or read about it after it's all done at +fravia but you will miss the magic of what took place at ************************** Very inspirational stuff to see a team of HCU'ers at work. I doubt that +Mammon will package the background stuff along with the actual program in the final release so you better Teleport it before it disappears. Again, what can I say? Individually, you two were admirable but as a team you are bringing to reality what +Orc and +fravia dream of. wlc =====End of Issue 249=================================== ======================================================== +HCU Maillist Issue: 250 06/21/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Just a Test #2 Subject: none #3 Subject: FileCrypto #4: Subject: Re: Just a Test ARTICLES: -----#1------------------------------------------------- Subject: Just a Test Hello Everyone I see that some of my articles are not appearing and getting lost in the system somewhere. Iam sure there must be a program you can use to track delivery of your Email. cheers Rundus ______________________________________________________ Get Your Private, Free Email at ********************** -----#2------------------------------------------------- Subject: none >I am not sure how the mail list actually works in this case, but other >mail lists I subscribe to have server commands that allow you to be sent >a list of current subscribers. There is also a facility for remaining >anonymous and not showing up on the list. As the server handles all >requests, there is not any extra work, although you do have to put up >with messages to the list that should have been directed to the server :( Ehehe... this would be very nice ;) But, you see, for security reasons and full control in handling it, this ml is manually managed: I personally read all the messages that arrive to ***************** and control the building of the digests and so on... this can be very useful, for instance, if somebody erroneously sends a message to **************** instead of ************* or vice versa, also you can talk to a person in plain english (or italian, if you like ;) and not to a bot with cryptic keywords :) From the other side, there is a little time-problem... but I'm going to build a new software which will run the list almost automatically and automatically answer to some predefined keywords... but I'll be there to read the plain english messages anyway of course ;) byez, .+MaLaTTiA. -----#3------------------------------------------------- Subject: FileCrypto Data Fellows ******************** ******************** has announced FileCrypto, encrypting driver for NT 4.0. User can choose between 3DES and Blowfish algorithms. Encryption of whole disk (incl. temporary files) is possible. 99 dollars. Don't know if there is shareware version on the net (currently I'm without full internet access). Jack of Shadows -----#4------------------------------------------------- Subject: Re: Just a Test >Hello Everyone > >I see that some of my articles are not appearing and getting lost in the >system somewhere. Iam sure there must be a program you can use to >track delivery of your Email. Hmmm... it's strange... I personally download all the files from the address ************* points to, and I can assure you nothing gets lost while downloading from there. Maybe there's a problem with the forwarding from iname, in this case I don't know if I can handle it with some program (tell me if you know a way... maybe we can just stop using the forwarder, but it could give us some problem if there's an address change). Anyway, EVERY time you see that something like this happens, please mail me immediately and I'll try to see if I can understand what happened. byez, .+MaLaTTiA. =====End of Issue 250===================================