links for 2010-05-29
-
nice tools for SQL Injecting, interesting thing about this tools is that it's writes by Iranian, and I like the name's of this tools, 'Havij'
-
!!!!
Program for Dll-Injection
Few days ago I created a program to make injecting a dll file into the process that running on the system easier, I created this program actually for testing bigger project related to API Hooking so if you need this tools too download it from bottom link.
it combinational of C and C++ feature and Windows API and compiled in VC++ 2008, the source code also included.
Fujack Malware
After long delay today I found a free time for post something to this blog. few days ago bad thing happened to me , my computer infected by a malware called ”Win32/Fujacks.BK” by NOD32 anti-virus and you can found other names by other anti-viruses here. it infected all executable file in my computer and well this crazy me at that time so I scan my system with NOD32 it found lot of infected file but unfortunately it cannot clean them completely and some part of malware remain in executable files, it make me more crazier, I just uninstalled that trashy software and after that an idea get to my mind, why don’t create my remover to clean every infected file?
After analyzing some infected file I understand that the maleware used simple method it just add original executable file at the end of itself as an Overlay, I must just find position of overlay data and then extracted them to disk. I used TitanEngine for this purpose because it’s well-designed and I don’t need to create it again
so you can download my tools + source from bottom link
Notice that I used PellesC resizer library for making my program window resize able I know I’m very lazy to write my resizer, so if you used other compiler change ResizableDialogBox function to DialogBox if you don’t have this library.
another thing I forgot to say is that if you found any bug tell me to fix in next version.
Is there simple way to create polygon stipple pattern?
If you ever work With OpenGL you agree with me that this Library are wonderful, if you don’t know what is OpenGL I offer you to read Article form Wikipedia website
an Introduce of OpenGL library from Wikipedia:
OpenGL (Open Graphics Library) is a standard specification defining a cross-language, cross-platform API for writing applications that produce 2D and 3D computer graphics. The interface consists of over 250 different function calls which can be used to draw complex three-dimensional scenes from simple primitives. OpenGL was developed by Silicon Graphics Inc. (SGI) in 1992[2] and is widely used in CAD, virtual reality, scientific visualization, information visualization, and flight simulation. It is also used in video games, where it competes with Direct3D on Microsoft Windows platforms (see OpenGL vs. Direct3D). OpenGL is managed by a non-profit technology consortium, the Khronos Group.
I have a Computer Graphic course this term, it’s about 5 or 6 sessions that we pass the term, and about 2 sessions that we start programming part, for me it’s really interesting part. yesterday our professor talked about creating stipple pattern for polygon object the approach we must use is preparing checkered paper that have 32*32 cell and draw something on it, OK after that we must convert it to array of 32*32 GLubyte (unsigned byte). each block represent a bit, so after that black blocks are represent ’1′ and white block represent ’0′, and the result are something like this:
example from OpenGL SuperBible Fourth Edition Book
GLubyte fire[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x01, 0xf0,
0x00, 0x00, 0x07, 0xf0, 0x0f, 0x00, 0x1f, 0xe0,
0x1f, 0x80, 0x1f, 0xc0, 0x0f, 0xc0, 0x3f, 0x80,
0x07, 0xe0, 0x7e, 0x00, 0x03, 0xf0, 0xff, 0x80,
0x03, 0xf5, 0xff, 0xe0, 0x07, 0xfd, 0xff, 0xf8,
0x1f, 0xfc, 0xff, 0xe8, 0xff, 0xe3, 0xbf, 0x70,
0xde, 0x80, 0xb7, 0x00, 0x71, 0x10, 0x4a, 0x80,
0x03, 0x10, 0x4e, 0x40, 0x02, 0x88, 0x8c, 0x20,
0x05, 0x05, 0x04, 0x40, 0x02, 0x82, 0x14, 0x40,
0x02, 0x40, 0x10, 0x80, 0x02, 0x64, 0x1a, 0x80,
0x00, 0x92, 0x29, 0x00, 0x00, 0xb0, 0x48, 0x00,
0x00, 0xc8, 0x90, 0x00, 0x00, 0x85, 0x10, 0x00,
0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00
}
so you see the converting part are really hard work and I don’t find easy way to do this work, so I decide to write a program to make this process easier 
for this purpose you must create a monochrome bitmap( I do this with visual studio) and then use my program to create array and then copy it to your project for example here is monochrome bitmap I created with VS 2008
and properties must set for monochrome bitmap 
and with this command (-i for inverting bit):
makepattern.exe bitmap.bmp -i
this bring you the bellow output
// --------------------------------
GLubyte pattern[] = {
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x42, 0x00, 0x00,
0x00, 0x72, 0x08, 0x00,
0x00, 0x1A, 0x18, 0x00,
0x00, 0x07, 0xF0, 0x00,
0x00, 0x03, 0x00, 0x00,
0x00, 0x02, 0x00, 0x00,
0x00, 0x03, 0xC0, 0x00,
0x00, 0x0C, 0x60, 0x00,
0x00, 0x30, 0x20, 0x00,
0x00, 0x20, 0x60, 0x00,
0x00, 0x60, 0xC0, 0x00,
0x00, 0x40, 0x40, 0x00,
0x00, 0x40, 0x40, 0x00,
0x00, 0x40, 0x40, 0x00,
0x00, 0x47, 0x40, 0x00,
0x00, 0x40, 0x80, 0x00,
0x00, 0x60, 0x80, 0x00,
0x00, 0x3B, 0x80, 0x00,
0x00, 0x0E, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00
};
// --------------------------------
you can see entire work shown below and download source of this project at end of post, also to compile and run project you need GLUT library.
you can download the tools + source code from here I write it with C without any API, so with little change it can port to other OS
Path of other process
A few days ago I try to find a way to get path of a specific process, well here is snipped code do this work. you need Process ID to use with CreateToolhelp32Snapshot API and then get process path with Module32First API
DWORD dwPID; // PID of process
MODULEENTRY32 module = {sizeof(MODULEENTRY32)};
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
if ( Module32First(hSnap, &module) )
MessageBox(hWnd, module.szExePath, "MsG", MB_OK);
CloseHandle(hSnap);
it’s very simple, isn’t?
Work with Path easier
For today I want talk about a bunch of API make work of path very easy, I know everyone in his/her life work on a program that need of handling path, i mean combine two path, remove file spec, get file spec, check file extension, replace extension, etc.
for example maybe some of you for separating file spec of path use kinda loop like “while loop” and traversing the path reverse with pointer that point to end of path to encounter first slash and get file name, so if i say simply you can use PathFindFileName API and this return you pointer to first character of file name you maybe wonder of this.
you need to add shlwapi.h and shlwapi.lib to your project and use one of Path relate API I describe here, this API are for both ASCII and Unicode path:
for more info and example see MSDN website.
PathAppend : Appends one path to the end of another.
PathCombine : Concatenates two strings that represent properly formed paths into one path; also concatenates any relative path pieces.
PathFileExists : Determines whether a path to a file system object such as a file or directory is valid.
PathFindExtension : Searches a path for an extension.
PathFindFileName : Searches a path for a file name.
PathIsDirectory : Verifies that a path is a valid directory.
PathIsFileSpec : Searches a path for any path-delimiting characters (for example, ‘:’ or ‘\’ ). If there are no path-delimiting characters present, the path is considered to be a File Spec path.
PathRemoveExtension : Removes the file extension from a path, if one is present.
PathRemoveFileSpec : Removes the trailing file name and backslash from a path, if they are present.
PathStripToRoot : Removes all parts of the path except for the root information.
here is my example :
#include <windows.h>
#include <shlwapi.h>
#include <tchar.h>
#include <stdio.h>
#pragma comment(lib, "shlwapi.lib")
int main()
{
TCHAR lpPath[MAX_PATH] = _T("C:\\windows");
printf("windows path : %s\n", lpPath);
PathAppend(lpPath, _T("system32"));
printf("system32 path : %s\n", lpPath);
PathAppend(lpPath, _T("calc.exe"));
if ( PathFileExists(lpPath) )
printf("calc.exe is exist\n");
PathRemoveFileSpec(lpPath);
PathAppend(lpPath, _T("notepad.exe"));
if ( PathFileExists(lpPath) )
printf("notepad.exe is exist\n");
printf("file name of \n %s\t%s\n", lpPath, PathFindFileName(lpPath));
printf("extension of \n %s\t%s\n", lpPath, PathFindExtension(lpPath));
return 0;
}
wiper v1.1 – secure file remover
Well this is my first program I release in this weblog, as you maybe guess the purpose of this tools is to remove file in secure way mean files recovery software cannot recover deleted file,
this program write with C language and Window API, it compile with PellesC compiler but i think work fine(or with little change) with other C/C++ compiler, here you can download program + source
if finding any bug tell me to know
