₦airaland Forum

Ok, my apologies for posting this on the wrong section of the forum. I intended to get responses from programmers as I am more keen on reverse engineering the BIOS. Any take on that one ?

Use format factory

Could someone tell me how to use cmd command line tools for windows os networking like the meaning of arp ping netstat ipconfig etc etc
thank you a lot for those who will help me.

xx

Margauxluv:
Question

I am waiting for the next tut, thank u kindly. I am more interested on the part of reverse engineering trial version program, so ride on.

gimakon:
Okay Hi and Good Evening everyone.

Today i have wanted to present all of you with my second Assembly tutorial but many people on here been itching for Reverse Engineering , hence i decided to be generous enough to release some little tutorials about it. I am sorry i wont be going into much details like cracks and the rest. Just teach some little reversal , other things you could try for yourself after studying assembly.

Now Lets begin.
First of all What is Reverse Engineering? so many definitions would come up but by googles definition, we have it as

reverse engineering
noun
noun: reverse engineering
the reproduction of another manufacturer's product following detailed examination of its construction or composition.

Here we would be needing something simple to do this work

1. A Debugger (Ollydbg)
2. Knowledge of ASM
3. Time
4. A Brain

So lets continue.

First of all i would like to show you this . So lets begin

Have a Look at this Code

#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
#include <stdlib.h>

int WINAPI WinMain(HINSTANCE hInstance,
                   HINSTANCE hPrevInstance,
                   LPSTR lpCmdLine,
                   int nCmdShow)
{
	MessageBoxA(NULL,"Hi am a MessageBox","",MB_OK);
	return 0;
}

Hence i use Visual Studio , its a Win32 Windows Application and it looks like this inside the IDE

https://s16.postimg.org/sj45wj72t/image.png

Now I compile it and it Runs like this

https://s14.postimg.org/6qs36rl9t/result.png

Now thats that.

Now As we talked we gonna have to run the code in a Debugger to see how it does look like for this tutorial i choose to use Ollydbg. Instead of IDA or Immunity debbugger

So lets open our Ollydbg

I made it to a shortcut so i can see it well

https://s4.postimg.org/sp63y4hkd/olly.png

When you run it it should look like this
https://s18.postimg.org/6ro232qg9/ollyopen.png

Now its in your hands. As you can see its blank then try running your code inside the debugger. As you can see its blank so When you run your executable inside your debugger you should have something that has so many ASM codes , so many push esp , mov esp epb and the rest like in the image below

https://s1.postimg.org/7enj4y3kv/swax.png

Okay dont be scared hit F2 on yur system to run the debugging. and Lets see What follows.

https://s11.postimg.org/68qn0mxhf/zlatan.png

Taada!! Now you see what happens , i reversed it back to Assembly code. to read it and work on it. You see that the code makes a call to the Function MessageBoxA and that displays the ASCII Characters as shown in the IDE .

This begins the tutorial for Reverse Engineering Basics. Will update Soon. My next tutorial will show how to Edit inside the debugger and change operations and others . Till then , You have Fun. Comments and critics are Welcome.

Happy Coding.

Thanks, thun

gimakon:
Read my tutorial i pasted. download code::blocks so you can use the gcc compiler and when you want to compile , you compile as

nasm -fwin32 xxxxxx.asm
gcc xxxxxx.o
a

Where xxxxxx is the name of the file(asm file)

Which site link do you recommend i get beginner for nasm and asm pls post dem.

gimakon:
Thanks a Whole lot fam. will paste the NASM tuts later been very busy lately.

Ok sir, what steps must i take then to reverse engineer almost all trial version dated software to full version software. Sir, listen, sir, i want to know what areas of code i must pay particular attention when reverse engineering a trial version software using ollydbg. Some people do not have any programming expertise and they say to themselves, 'i do not need to master anything because i have not gone to school for this. But i will only master a piece of code to attain the ultimate goal (reverse engineering a trial version program to full version program), nothing more, nothing less, and anything that i will understand in later life will come from this technique.' This is all in quotes, and that is my position. Now what should i do? Thank you, Sir.

gimakon:
The code is simple, just asks you to GetModuleHandleA(), in c++ it's like this

Origina_function= GetProcAddress(GetModuleHandleA("kernel32.dll" ),"LoadLibraryA" );

Jmp asks the program to jump to that function GetModuleHandleA, the rest are addresses. The program doesn't seem to be complete tho.

But you not up to this now. Learn the basics first.

Ok now. Thank you. Then i came across this basic tutorial over the internet, and what does it mean, maybe i can start from there, here goes the first of the 7 steps of code i want to learn from:
00401000 6A 00 PUSH 0
00401002 E8 FF040000
<JMP & KERNEL32.GetModuleHandleA>
00401007 A3 CA204000 MOV DWORD PTR
DS: [4020CA], EAX
0040100C 6A 00 PUSH 0

sir i require your help in interpretation of this code line by line. Please use very basic explicating of this code for me to understand. I have basic understanding of C++ so if you explain to me good layman language, i should be able to understand. This is only the first of the 7 codes until the software program username and password are decrypted for which i'd post the other 6 after interpretation of this first 1. I am so exasperated to understand the 7 processes to decrypt the code. So, sir I leave to you to make clear to me what this means. Thank you.

gimakon:
It's wrong. I don't want to deceive you and that's why I say you should have a ground in assembly (at least basics) before you venture into things like making cracks and keygens.

NOP simply means No operation. It shouldn't perform any operation in about 5 places then push msg2 (which has already been assigned earlier to a value ) push msg2, pushes the data in msg2 to the stack already created by saying push ebp, mov ebp, esp ( tho I didn't state this one here), then I call MessageboxA, which apparently is a function. Pop ecx destroys the stack and ret returns to the main programme again.

Those are the likes you would see in ollydbg. That's why I said you should understand assembly then you could in turn learn to use NOP to make keygens there by removing specific CMP (compare) commands and replacing them with NOP inside the debugger (ollydbg)

It seems confusing, but with some practice, you surely gonna get it. Trust me

nop means "no" i suppose. Msg2 is replaced by messageboxA. I dont know what pop ecx means but i understand that its the returned output. Am i right. If i am wrong furnish me as to what the code means.

gimakon:
Ok what do you understand by this I did here

nop
nop
nop
nop
nop
push msg2
call MessageboxA
pop ecx
ret

If you are able to say exactly what I did there, then I promise you, I will release tutorials for ollydbg in the next 25 mins.

Sir, you are well read and write. What must i do to ensure that i understand using olly debugger, as i intend to use it at least starting this coming Monday for the purpose of getting and/or making a registration username and password for any software as has been mentioned in your earlier post. Thank you, Sir.

gimakon:
Understand assembly first. Then I show u others

if only you could give me a step by step guide to make every trial version software to become a permanent version, i would be most appreciative. Thank you so kindly.

gimakon:
That's the major reason I started to teach assembly, even tho no comments / commendation was given. Firstly that tutorial answers all your questions then later the second tutorial i'm preparing which I will paste tomorrow, then on Wednesday evening I should paste the one for tutorials on how to use ollydbg.
Ollydbg is a debugger , not a programming IDE, used for reverse technology for executables, Exe, dll,com etc. But it reverses the program back to Asm (assembly), generally it's not MASM, it's NASM because most debuggers like ollydbg, IDA and immunity uses this assembler.

Will see you later tomorrow. Have fun.

Can u brief me with a beginners guide for ollydbg, or guy, is what you have written a beginners guide for someone who is starting programming? Or can you send links to a very precise step by step guide of using ollydbg.
Thank you in advance.

gimakon:
When I started to learn the net wide assembler, I learnt it for some several reasons
If you gonna make aimed cracks, key gen and whatever I think NASM should be the key to your problems, ask me why because you also have to study reverse engineering
When an executable is reversed, it reverses into asm codes, you see registers and all what not, then you get to see things like

 push ebp
 mov esp, ebp ; to create the stack
 push msg1
 call printf

 mov eax, num1
 mov ebx, num2

 Add eax,ebx
 Push msg2
 Call printf

Obviously, this may seem garbage, but a simple understanding of it is adding two numbers and calling printf function to print the results.

Ok, that said, when doing things like api hooking, you need assembly too, passing 5 bytes (opcode and return addresses) you still need assembly

Now issue of the day, when you want to make a crack for some software which has passed it's trial period, you have to first study assembly to know what you are doing. It's simple to understand. I learnt NASM in 3 days
Then use Ollydbg to reverse, you see some asse mbly codes, now debug, search for GetDialogItemA(), to display the message box notifying you of the period expiry, breakpoint to it and then enter the main function in olly, you might get surprised to see something like

 
Mov eax, dword ptr[num1]
Mov ebx, dword ptr[num2]

Cmp eax,ebx

This small line gets the input for say name and registration key and compares if it's the same, if there is a matching , it grants you access else it prompts back the messagebox

Consider filling with nops

 nop
 nop

Now you see it doesn't compare again. Every thing works without the messagebox

Assembly plays a role in this. So you see Assembly is good to make key gen and the rest.

I'm coding from blackberry, so don't have much to share here

Happy coding

gimakon:
When I started to learn the net wide assembler, I learnt it for some several reasons
If you gonna make aimed cracks, key gen and whatever I think NASM should be the key to your problems, ask me why because you also have to study reverse engineering
When an executable is reversed, it reverses into asm codes, you see registers and all what not, then you get to see things like

 push ebp
 mov esp, ebp ; to create the stack
 push msg1
 call printf

 mov eax, num1
 mov ebx, num2

 Add eax,ebx
 Push msg2
 Call printf

Obviously, this may seem garbage, but a simple understanding of it is adding two numbers and calling printf function to print the results.

Ok, that said, when doing things like api hooking, you need assembly too, passing 5 bytes (opcode and return addresses) you still need assembly

Now issue of the day, when you want to make a crack for some software which has passed it's trial period, you have to first study assembly to know what you are doing. It's simple to understand. I learnt NASM in 3 days
Then use Ollydbg to reverse, you see some asse mbly codes, now debug, search for GetDialogItemA(), to display the message box notifying you of the period expiry, breakpoint to it and then enter the main function in olly, you might get surprised to see something like

 
Mov eax, dword ptr[num1]
Mov ebx, dword ptr[num2]

Cmp eax,ebx

This small line gets the input for say name and registration key and compares if it's the same, if there is a matching , it grants you access else it prompts back the messagebox

Consider filling with nops

 nop
 nop

Now you see it doesn't compare again. Every thing works without the messagebox

Assembly plays a role in this. So you see Assembly is good to make key gen and the rest.

I'm coding from blackberry, so don't have much to share here

Happy coding

thanks, javanian lordzouga what do u say, guyz?

Mutendiwashe:
i did not in anyway insult anyone i simply gave my opnion on what you said. As a person who is "married for 10yrs" who knows more trials will come to his own marriage, the best advice you can come up with is advising someone to leave his own marriage while you work on your challenges you face?

Highly laughable.

saka wakawanikwa nemuNigerian?

That does not work. Online articles define shortcut virus as a form of executable file known as the wscript which is very different from the win32 trojan that has been referred to. I do not understand. Which one isa which? Are there different forms of shortcut virus. I once encountered a shortcut on a usb stick that turned every folder to one shortcut item, that looked like a shortcut on a drive. The thing is what is the most reliable and best way to remove a shortcut virus from the computer system in its distinct variants be it win32, wscript, or any other variant? It serves no purpose to just delve on the assumption that a shortcut virus comes in a single form when in essence it has a multifarious types. The question is how do you remove a shortcut virus from a pc system. Honestly man, i am tired of pursuing online articles which have not been able to aid me in any way. Shortcut virus will @ any time become a cyber disaster as there seems to be no solution to it. Thanks

Kidstell:
the virus is on the computer system not the phone. there are some articles online on how to remove shortcut virus from your system without formatting it. once the shortcut virus is removed you can use smadav to correct the errors on your phone.

Borwe, so are you saying if the win32 trojan is in pc system, kaspersky can remove it. I also wanted to know if win32 is a shortcut trojan virus? Thank u.

Borwe:
Avoid smadav, worlds number one useless antivirus. Go for avast if you really like free stuff, else get Kaspersky it is the best for this win32 viruses. It will delete shortcuts and return original files to original position.

Hv u really substantiated that a shortcut virus is a win32 trojan. Kindly gv links of your claim.

KelvinMega:
the virus is present in your system it is called win32 virus
The easier way is to get a reputable anti trojan
program, that removes Win32 Trojan Virus as
well as detects intrusions from other worse
trojans

Dmayor7:
since the virus is rendering your folders and files like shortcut...

Here is what to do....


Click on on the shortcuts untill you opened the one that houses your unaffected files...

Yeah, in those shortcuts, there is one that houses your unaffected files. Once you find and clicked on it, it will open in another window...


Now copy those files to a folder... I said a folder, if possible a subfolder.

Format the memory card and copy back the files to the memory card.

Why i said you should copy to a folder or subfolder in your system is because the virus is actually present in your system and it might also render the folder you newly copied as a shortcut again.

So when you have formated your memory card, you click on the shortcut again and copy back to your memory card.


After copying is completed, remove memory card immediately and install an antivirus or update the one you have. Then scan your system.


Sometimes the virus woun't allow you to install any application again thereby not allowing install an antivirus if you have none.

In that case you need to format your system.

is there a way to remove shortcut virus from the system without formatting.

emmanuelatas:
If there is anyway I can download premium tutorials from lynda, tut+ and the rest of sites offering courses on programming on my ANDRIOD PHONE AND MY SYSTEM For FREE I WILL BE GRATEFUL.

very gud qsnm hope someone helps

Thanks G.

bowofolu:
You can call the system function and pass the commands as parameters.
system("notepad /p your_file.txt");

Remember to #include <stdlib.h>
You'll need that for the system(); function.

Thank you, i will try that out.

bowofolu:
You can call the system function and pass the commands as parameters.
system("notepad /p your_file.txt");

Remember to #include <stdlib.h>
You'll need that for the system(); function.

First, thing, is marihuana good or bad

mnairaland:
Generally. There two types of applicatns : console and non-console.

A console applicatn is an application whose user output is directed at d console.
A non-console application is an application whose user output is not directed to d console.Usually their output is direct to a window. While windows are graphical output envirinment consoles are not.

Using windows as an example, there two types of applicatns: console applications and windows appkicatn.MS Word is.a. windows applicatn.

My professional advice to u is to stop askg these elementary questns. Get a book and read.That is.a professional advice.

Download and read :Beginnes Guide to C++ by Herbert Sheidt.

Note: There are good and bad books for learng C++. The ones i have recommemded are good books.

ok, thank you, bros. I will def download the book.

mnairaland:
Friend: cout is a.stream. it can be linked to any device.The device dt cout is currently linked to is called stdout. it could be a printer, file, console or any other device.
Compiler writer usually set d console as d divice dt cout is currently linked to i.e. they link cout to d console by default.You can change dt if u wish.

thanks bro.

mnairaland:
Friend: cout is a.stream. it can be linked to any device.The device dt cout is currently linked to is called stdout. it could be a printer, file, console or any other device.
Compiler writer usually set d console as d divice dt cout is currently linked to i.e. they link cout to d console by default.You can change dt if u wish.

thanks, bro.