I'm trying to find ZipCryto Password from this execute, but when I open it in ollydbg and it always return to close programs because IsDebuggerPresent module.
I find the solution on the internet and try to
- Use ollydbg plugins (Hide debugger and IsDebugPresent)
- Try to NOP in IsDebuggerPresent module
- Try to force return 0 in IsDebuggerPresent module
There are not working.
I use signsrch to find where is handled the ZipCrypto password and it say
0041c57c 3052 function where is handled the ZipCrypto password [32.le.12&]
and where is IsDebuggerPresent
00435cd8 2545 anti-debug: IsDebuggerPresent [..17]
Can I bypass IsDebuggerPresent and find ZipCryto password in this execute?
Execute Link: https://mega.co.nz/#!PMdAjZab!bTO7VbZ6OjhJ_mgiigJ1BApDAgDeVWK_X-mKl9aMZw8
Sorry for my bad English.
Thanks you.
suppose your exe file name is a1.exe
do this:
press Alt+E to go Executable modules window.
Select a1.exe
press Ctrl+N
find IsDebuggerPresent in importes and select it.
right click and click Follow import in Disassembler
press F2 on this opcode.
Run Program and wait for break point.
press some F8 till returning to your code.
search for some thing like je or jnz opcodes and change them.
You should open the file in a dissembler, find where it makes the call to IsDebuggerPresent and then ultimately closes the application (or shows an error or what ever), this piece of code you can NOP in order to disable the check.
You can read the ASM code with dissemblers like IDA, although they don't support editing, you can byte-edit the code (just fill the region you want to patch with NOPS) using CFF Explorer.
/GS- on the cl command line will remove this dependency.
Related
Got an issue with keymapping commands:
https://www.youtube.com/watch?v=d5nrEO_t7Wo
As you can see in the video, when I call the commands by keyboard shortcut:
On the first attempt - the function isn't called.
On the second attempt - the function is called.
Where as, when I call the commands via the command pallet, the commands are called even on the first attempt. Not shown in the video, I can call the commands from the command pallet more than once without fail.
This leeds me to believe there is something wrong with my keymap.coffee:
'.editor:not(.mini)':
'shift-cmd-h': 'hex:view'
'alt-down':'editor:add-selection-below'
'alt-up':'editor:add-selection-above'
'.editor':
'cmd-k':'jxa:compile'
'shift-cmd-k':'jxa:compileApp'
'cmd-u':'jxa:execute'
However I can see nothing clearly wrong here... So perhaps there's something wrong with my init.js?
https://github.com/sancarn/JXA-Compile/blob/master/src/init.js
Any ideas?
This was solved by DamnedScholar here.
Okay, no. It's because cmd-k is bound to so many things. Go into Settings -> Keybindings and search for it and you'll see a lot of different things attached to it that are all bindings with multiple key presses. So when you press cmd-k, Atom waits to see what your next key press will be. You should consider using something different for jxa:compile.
(1) For example, I want to set map gd g* in Qt's Fakevim like below but failed.
(2) And also I'd like to set F3 as the save command, how to do it?
(3) In Fakevim, it provides an option "Read .vimrc", but where to find the file .vimrc?
Thank you!
It doesn't look like there is a lot of documentation for FakeVim, so official sources might not exist. Most of this was obtained by experimentation.
If you want to dig deeper, I guess there's no source as official as the actual source: http://qt.gitorious.org/qt-creator/qt-creator/blobs/0809986e501415fe2c8508800b94b5b3169dc048/src/plugins/fakevim/fakevimplugin.cpp
User commands
First off, realize that in Tools>Options>FakeVim>User Command Mapping, you're only setting what your user actions will perform, not how you perform them.
By default, user command #1 is triggered by pressing Alt-V, then 1.
Alt-V, then 2, triggers user action #2, and so on.
You can change the keyboard shortcuts through the general QtCreator configuration interface, under Tools>Options>Environment>Keyboard. There is a "FakeVim" section with all the user actions listed. Select your user action of choice, press the little "erase" icon in the input field under "Shortcut", then press your desired shortcut key, which should appear in the input field.
Second, to finish a command where you would normally press enter, you should literally type in <CR> after the commands. You also need to enter in ':' to enter command mode.
So if you wanted to map the vim save command, ":w", to F3 via FakeVim, you would:
Go to Tools>Options>FakeVim>User Command Mapping.
Enter ":w<CR>" as one of the user commands (say #7).
Go to Tools>Options>Environment>Keyboard.
Find the FakeVim action "UserAction7".
Set F3 as a shortcut for it.
Now, every time you're in the editor, you should be able to click F3 and have the FakeVim :w command execute, which will save your file.
Note that there is also an option to set a shortcut for "Save" directly in the QtCreator keyboard settings, so for this particular shortcut you don't actually need to go through FakeVim.
Setting shortcuts for other vim commands should be similar. Note that you're restricted to the subset of vim commands that FakeVim implements. Refer to the source, linked above, for checking any particular command you're wondering about.
Vimrc file
On Linux this would be ~/.vimrc, a file in the user's home directory. I presume you're asking about Windows.
The best source I can find is this bug report about it being hard to use Fakevim's vimrc on Windows: https://bugreports.qt.io/browse/QTCREATORBUG-8748
Following that, the file Fakevim looks for is ".vimrc" in %USERPROFILE% (you can enter a name like that in Explorer to go to the folder). However, it's tricky to access a file with a name like that on Windows. (Thus why the real vim uses '_vimrc' on Windows -- but FakeVim apparently doesn't, at least at the moment.)
Here is a superuser page with workarounds for how to create such files on Windows: https://superuser.com/questions/64471/create-rename-a-file-folder-that-begins-with-a-dot-in-windows
My .zshrc file contains the line
bindkey -v
I'm attempting to bind ^q or \M-q to push-line, e.g.
bindkey "^q" push-line
but for some reason it isn't working.
Running `bind key -v' confirms
"^Q" push-line
But it doesn't actually do anything. Other control- mappings, such as ^r, work fine.
I can successfully map "push-line" to "\eq", but I don't like this behavior. First of all, I never use esc- type bindings, and secondly doing so binds it to control, meta, and escape, which is overkill. (Incidentally, shouldn't it only bind all of them like that with `bindkey -m'? I never set that in my .zshrc?)
So, anybody have any idea what's going on here?
These shortcuts are used by Software flow control (wikipedia)
Ctrl+S and Ctrl+Q are used to stop and resume the output of a program.
To try it:
Run while (true) ; do echo $RANDOM ; sleep 1 ; done
Press Ctrl+S, the output stop.
Press Ctrl+Q, the output resume.
(I'm not sure the program is stopped like with Ctrl+Z, i think it is stuck by lack of outputting. Ctrl+C to kill the program.)
These shortcuts take over your shortcuts, but if you disable this flow control feature, it could work.
You can learn how to disable it in How to unfreeze after accidentally pressing Ctrl-S in a terminal? - Unix and Linux.
Try it and tell us.
I am using an AutoIt script to automate my application. Following is the command which I am running:
FileOpenDialog ("File Upload", "C:\Documents and Settings\abhishek.kumar\Desktop\Quadrillion work", "Images (*.jpg;*.bmp)", "","WESTF12433.jpg","" )
Send("{ENTER}")
The first command works as it opens up the file open dialog with WESTF12433.jpg file as selected. Now I want to click on open button. How can I do it?
Send("{ENTER}") is not working.
Send is not a good method as it requires the window to be focused, which you can't guarantee. From what you have posted, I would say the best method would be this:
ControlClick("File Upload", "", "Button1")
Edit in response to comments:
Your problem: The fileOpenDialog is blocking execution. You need to think of it as though AutoIt Reads a line, Runs it, then reads the next.
In this case: AutoIt Reads line 1. It creates a FileOpenDialog and WAITS for you to close it. Once it as been closed it reads the next line, and runs that.
Try the following: Create two au3 files, and put the first line in 1.au3 and the second in 2.au3. Run them in that order and see what happens. Send will struggle as the dialog doesn't have focus, but the ControlClick versions should work.
You're not using FileOpenDialog() properly. Its purpose is to interact with the user. If you don't need that, there's no need for it in the first place.
All it does is return the name(s) of the selected files, which you defined already. Can't you just assign the file path to the variable from the start? As per Documentation - Function Reference - FileOpenDialog() :
Success: Returns the full path of the file(s) chosen. Results for
multiple selections are "Directory|file1|file2|..."
This will never work, because AutoIt is not multi-threaded.
Once you open the dialog, it pauses script execution until the user clicks ok, so a Send() function on the next line won't do anything until after.
What you can do is make another script, compile it, and run it just before you open the dialog.
Run("clickOpen.exe")
FileOpenDialog ("File Upload", "C:\Documents and Settings\abhishek.kumar\Desktop\Quadrillion work", "Images (*.jpg;*.bmp)", "","WESTF12433.jpg","" )
This is what would get executed:
WinWaitActive("File Upload")
Send("{ENTER}")
Simple as that! Hope it helps.
I've been playing around with some ANSI stuff (like colors etc.) in java and php (from scratch) and I'm trying to find a way to basically wait for a key press. I'd like to have something like the following pseudo code at the end of my main event loop:
If (KeyPressed)
Begin
var event = new KeyboardEvent();
event.Key = ReadKey();
this.BubbleEvent(event);
End
But everything I've been trying over the last couple days fails because the key presses only become available on STDIN after the user has pressed enter.
It doesn't matter much what language you answer in, but java, php, plain old c or c# would be nicest, and I cannot use any really spiffy library stuff because I need to port it to all four of those languages... I need this to work over a telnet or ssh connection, but my research so far suggests it is impossible unless you're working on the local machine.
Please prove me wrong.
The curses function cbreak(3) will disable line-buffering and erase/kill handling. You can do this yourself with stty(1) if you really want.
When your program dies and leaves the terminal in cbreak mode, you can usually use either stty sane or reset to bring the terminal back to a reasonable state.
From within Perl, you can use either the Term::ReadKey or the Curses module to manipulate the terminal. See the Term::ReadKey(3pm) or Curses(3pm) manpage for details.
From within C, you can use either ioctl(2) calls on the terminal device to turn on cbreak mode, or you can use curses. See the ncurses(3) manpage for details.
I know, this is an old thread, but I could not find a suitable answer anywhere else. So with some help from the senior programmers of my company I came up with this:
private void waitKeypress() throws IOException
{
System.in.read();
while ( System.in.available() > 0 )
{
System.in.read();
}
}
The part reading as much input as is available solved my problem that when used multiple times, "System.in.read()" alone does not always wait.
For me this does the trick, I use it like this:
doSomething();
waitKeypress();
doNextThing();
Hope it helps.
Kind regards,
Ralph