gdp's Comments

gdp's Comments en-us https://www.intensedebate.com/users/699361 Comments by cobein AdvanceVB : System Call Dispatcher http://cobein.com/wp/?p=618#IDComment101389113 Nice, Ill try to fix it, mine is gone too =/ Tue, 28 Sep 2010 20:19:55 +0000 http://cobein.com/wp/?p=618#IDComment101389113 AdvanceVB : System Call Dispatcher http://cobein.com/wp/?p=618#IDComment101385300 yeah they do differ from OS to OS and maybe in SPs too. Karcrack is your account fine? I move the blog and Im not sure if its still working fine. Tue, 28 Sep 2010 19:48:29 +0000 http://cobein.com/wp/?p=618#IDComment101385300 AdvanceVB : TLB and IDL http%3a%2f%2fcobein.com%2fwp%2f%3fp%3d613#IDComment101085684 Si, el compilador simplemente agrega lo que se este utilizando, APIs , estructuras, constantes, ect. Sun, 26 Sep 2010 23:04:10 +0000 http%3a%2f%2fcobein.com%2fwp%2f%3fp%3d613#IDComment101085684 AdvanceVB : Comments http://www.advancevb.com.ar/?p=301#IDComment100204828 Yeah, we are having problems with the host... looks like is always the DNS so Im moving it to another server right now, should be up on the new host soon. Tue, 21 Sep 2010 16:02:56 +0000 http://www.advancevb.com.ar/?p=301#IDComment100204828 AdvanceVB : mZombieInvoke - Native VB6 Invoke :) http://www.advancevb.com.ar/?p=567#IDComment98417781 If you are using the tlb you have to remove all the declarations from the top (APIs structures and so on) Sun, 12 Sep 2010 19:55:40 +0000 http://www.advancevb.com.ar/?p=567#IDComment98417781 AdvanceVB : SystemProcessesAndThreadsInformation http%3a%2f%2fwww.advancevb.com.ar%2f%3fp%3d589#IDComment98415876 Clean version: Public Function RetrieveProcesses() As PROCESS() Dim bvSPI(17) As Long 'As SYSTEM_PROCESS_INFORMATION Dim bvTmp() As PROCESS Dim bvBuffer() As Byte Dim lPos As Long Dim lSize As Long '// Resize buffer to struct size + 4 ReDim bvBuffer(22) '// Get buffer size Call NtQuerySystemInformation(SystemProcessesAndThreadsInformation, bvBuffer(0), 22, lSize) '// Make sure size id not 0 If lSize = 0 Then Exit Function '// Resize buffer ReDim bvBuffer(lSize) '//Get procs info Call NtQuerySystemInformation(SystemProcessesAndThreadsInformation, bvBuffer(0), lSize, lSize) lPos = VarPtr(bvBuffer(0)) ReDim bvTmp(0) Do Call RtlMoveMemory(bvSPI(0), ByVal lPos, 18 * 4) With bvTmp(UBound(bvTmp)) .lPID = bvSPI(17) .sName = ReadUStr(bvSPI(15)) End With lPos = lPos + bvSPI(0) If bvSPI(0) = 0 Then Exit Do ReDim Preserve bvTmp(UBound(bvTmp) + 1) Loop RetrieveProcesses = bvTmp Erase bvBuffer End Function Sun, 12 Sep 2010 19:38:02 +0000 http%3a%2f%2fwww.advancevb.com.ar%2f%3fp%3d589#IDComment98415876 AdvanceVB : SystemProcessesAndThreadsInformation http%3a%2f%2fwww.advancevb.com.ar%2f%3fp%3d589#IDComment97485201 A small mod to make it smaller. There are some things that can be removed but I cant right now. Note: the buffer must be initialized to structure size + 4 if im not wrong I use 512 which is more than enough cause I dont have the actual structure with me right now. cbBuffer = 512 ReDim bvBuffer(cbBuffer) lRet = NtQuerySystemInformation(SystemProcessesAndThreadsInformation, bvBuffer(0), cbBuffer, lSize) If lSize = 0 Then Exit Function ReDim bvBuffer(lSize) lRet = NtQuerySystemInformation(SystemProcessesAndThreadsInformation, bvBuffer(0), cbBuffer, lSize) lPos = VarPtr(bvBuffer(0)) Tue, 7 Sep 2010 18:06:08 +0000 http%3a%2f%2fwww.advancevb.com.ar%2f%3fp%3d589#IDComment97485201 AdvanceVB : Upgrading the blog (opinions) http://www.advancevb.com.ar/?p=586#IDComment95685699 Yeah I know, but dont worry no matter what the blog is gonna stay the same way, Im not changing it. This is gonna be totally separated IF I decide to do it. Sat, 28 Aug 2010 14:33:32 +0000 http://www.advancevb.com.ar/?p=586#IDComment95685699 AdvanceVB : Upgrading the blog (opinions) http://www.advancevb.com.ar/?p=586#IDComment95587139 Karcrack has full control over the blog ;) Fri, 27 Aug 2010 21:55:00 +0000 http://www.advancevb.com.ar/?p=586#IDComment95587139 AdvanceVB : Upgrading the blog (opinions) http://www.advancevb.com.ar/?p=586#IDComment95586840 Well, my idea is not to destroy the blog at all, its simple, easy to maintain and fairly clean from skidd comments and stuff like that. On the other hand moving the content will be too much time for me so thats out of the equation. My idea was to "expand" the content range a lil bit and add some extra stuff to make it more organized and easy to use. Well no matter what its still an idea and we will see what happen. Fri, 27 Aug 2010 21:52:42 +0000 http://www.advancevb.com.ar/?p=586#IDComment95586840 AdvanceVB : Moving Out (Random Stuff) http%3a%2f%2fwww.advancevb.com.ar%2f%3fp%3d583#IDComment95586089 Yes Im moving back, I miss the old days and da hood ;) Fri, 27 Aug 2010 21:47:24 +0000 http%3a%2f%2fwww.advancevb.com.ar%2f%3fp%3d583#IDComment95586089 AdvanceVB : IsUserAnAdmin replacement http://www.advancevb.com.ar/?p=559#IDComment95545692 Please be more descriptive, OS, service pack etc. this is not a forum remember that. Fri, 27 Aug 2010 16:29:05 +0000 http://www.advancevb.com.ar/?p=559#IDComment95545692 AdvanceVB : mZombieInvoke - Native VB6 Invoke :) http://www.advancevb.com.ar/?p=567#IDComment94622118 The tlb might remove the tag Sun, 22 Aug 2010 02:18:01 +0000 http://www.advancevb.com.ar/?p=567#IDComment94622118 AdvanceVB : mZombieInvoke - Native VB6 Invoke :) http://www.advancevb.com.ar/?p=567#IDComment94146786 When you use a tlb in VB the only difference you gonna see is after compiling the project you gonna have a standard IAT (like all the progs out there) thats it. Thu, 19 Aug 2010 12:32:13 +0000 http://www.advancevb.com.ar/?p=567#IDComment94146786 AdvanceVB : mZombieInvoke - Native VB6 Invoke :) http://www.advancevb.com.ar/?p=567#IDComment91872844 Use a tlb, cant be tagged by avira because is "core" function, no API can be called without it. Tue, 10 Aug 2010 03:06:10 +0000 http://www.advancevb.com.ar/?p=567#IDComment91872844 AdvanceVB : mZombieInvoke - Native VB6 Invoke :) http://www.advancevb.com.ar/?p=567#IDComment91747021 HAHAHAHHAHA finally! You got this mofucka running! Congrats, really cool stuff. =D Im not gonna ask how many hours of Olly you put into this... Mon, 9 Aug 2010 13:51:26 +0000 http://www.advancevb.com.ar/?p=567#IDComment91747021 AdvanceVB : RtlMoveMemory/vbaCopyBytes replacement https://0cfef8de-b3e1-4641-bd83-81c49c286fe2.intensedebate.com.cvrsqu2br8b61rb4i0igzyx3c7mgif5fy.interact.pentestglobal.com#IDComment89590016 I really like this code, the only thing is the Callwindowproc API, there must be a way to get rid of it! Thu, 29 Jul 2010 17:16:03 +0000 https://0cfef8de-b3e1-4641-bd83-81c49c286fe2.intensedebate.com.cvrsqu2br8b61rb4i0igzyx3c7mgif5fy.interact.pentestglobal.com#IDComment89590016 AdvanceVB : Alternative GetCurrentProcessId, ASM Inline [FS:0x20] http://www.advancevb.com.ar/?p=379#IDComment87673345 Compile it on FASM and use and hex editor to open the resulting file. Tue, 20 Jul 2010 13:54:07 +0000 http://www.advancevb.com.ar/?p=379#IDComment87673345 AdvanceVB : Get Kernel Base Address http://www.advancevb.com.ar/?p=236#IDComment87673171 To use API without declaring them. Tue, 20 Jul 2010 13:52:32 +0000 http://www.advancevb.com.ar/?p=236#IDComment87673171 AdvanceVB : Calling Pointers in VB6 http%3a%2f%2fwww.advancevb.com.ar%2f%3fp%3d519#IDComment86825759 Son 5 los bytes que tenes que tomar, JMP + Address, pero podrias hookear el IAT tambien. Thu, 15 Jul 2010 17:34:56 +0000 http%3a%2f%2fwww.advancevb.com.ar%2f%3fp%3d519#IDComment86825759