0

Is the only point of string encryption is to hide a hardcoded string from being scanned and found in memory/binaryfile? I dont see how string encryption works 100% of the time though...it seems if any string that needs to be used will be stored in memory. For example, i can encrypt a string...then when i wanna use it i will decrypt it using my decrypt function....but in order for me to use it it must be stored in memory...therefore if the program happens to scan the stack segment/heap the moment i try to use me unencrypted string this it will be revealed correct?

more simply....

Does string encryption only work for hideing hardcoded strings? if u want to use ANY string no matter what it must be stored somewhere in memory before you can use it. Therefore Before doing any type of string processing it must be stored in memory and if this string happens to be decrypted at the time of a defense scanner does a string scan it will surely find the string correct

0

when i write a program in assembly and i define a variable of "word" size.....is it truly the natural word size of my processor? for example on an i7 64bit processor will it be the size of 64bits.....or will it be defined as how microsoft defines the size of a words "A WORD is a 16-bit unsigned integer" ?

0

I'm rather confused on when i would use and what the following libraries( of frameworks[not sure what they are] ) would be used by a programmer. If anyone could please give a simple understandable definition i would greatly be appreciated.

ATL
MFC
COM

pretty much when would the following be used by a programmer and in what situations?

0

i'm currently still trying to understand the internals of the following code being executed in c++

[code]

int main()
{
std::cout << "Just now entering inside of main" << std::endl << std::endl;
return 0;
}[/code]

Here is the assembly code i obtained from an assembly line debugger

[code]
012E1207 |. A1 44302E01 MOV EAX,DWORD PTR DS:[<&MSVCP100.std::endl>]
012E120C |. 8B15 70302E01 MOV EDX,DWORD PTR DS:[<&MSVCP100.std::cout>] ; MSVCP100.std::cout
012E1212 |. 50 PUSH EAX
012E1213 |. 8BC8 MOV ECX,EAX
012E1215 |. 51 PUSH ECX ; MSVCR100.__initenv
012E1216 |. 68 14322E01 PUSH Reversin.012E3214 ; /Arg2 = 012E3214 ASCII "Just now entering inside of main"
012E121B |. 52 PUSH EDX ; |Arg1 = 00000000
012E121C |. E8 1F070000 CALL Reversin.012E1940 ; \Reversin.00D11940
012E1221 |. 83C4 08 ADD ESP,8
012E1224 |. 8BC8 MOV ECX,EAX
012E1226 |. FF15 4C302E01 CALL DWORD PTR DS:[<&MSVCP100.std::basic_ostream<char,std:>; MSVCP100.std::basic_ostream<wchar_t,std::char_traits<wchar_t> >::operator<<
012E122C |. 8BC8 MOV ECX,EAX
012E122E |. FF15 4C302E01 CALL DWORD PTR DS:[<&MSVCP100.std::basic_ostream<char,std:>; MSVCP100.std::basic_ostream<wchar_t,std::char_traits<wchar_t> >::operator<<
012E1234 |. A1 44302E01 MOV EAX,DWORD PTR DS:[<&MSVCP100.std::endl>]
012E1239 |. 50 PUSH EAX
012E123A |. 51 PUSH ECX ; /Arg3 = 711C3714[/code]

Here is the same code obtained using IDA....it's the same as above but the code below includes my comments on what the code is doing

[code]
.text:00401207 mov eax, ds:_imp?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z ; std::endl(std::basic_ostream<char,std::char_traits<char>> &)
.text:0040120C mov edx, ds:_imp?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ; std::basic_ostream<char,std::char_traits<char>> std::cout
.text:00401212 push eax ; pushing std::endl function address on stack for use later?
.text:00401213 mov ecx, eax ; move the address of std::endl function into ECX
.text:00401215 push ecx ; Pushing std::cout function address on ...

0

it just seems wierd that if u truly want to read 4-bytes from memory address x00000007 you the processor must read starting from x00000004-x0000007 then make another read from x00000008-x0000000B then shift the unneeded bytes off! I was wondering why u cant say hey man lets read 4 bytes starting at address x00000007 ;) see what i mean :P?

0

log.h
[CODE]
namespace stuff {

class log {
..........
friend std::wostream& operator<<( std::wostream& oss, const log& error );
};

}

[/CODE]

log.cpp

[CODE]std::wostream& stuff::operator<<( std::wostream& oss, const stuff::log& error )
{
oss << log.m_message; // log.m_message is a std::wstring
return oss;
}
[/CODE]

1>c:\users\oso\documents\visual studio 2010\projects\moduleinjector\moduleinjector\cdllinjection.cpp(147): error C2679: binary '<<' : no operator found which takes a right-hand operand of type 'const std::wstring' (or there is no acceptable conversion)

Any idea what im doing wrong?

0

I dont understand how the C/C++ language is portable?
1.) What makes a program compilable on 2 different O/S's?
2.) Doesn't this depend on the O/S manufacturer? How does Microsoft do this?
3.) What determines wether a language is portable or will only work on one operating system?

0

[code]// header moduleinjector - header for class moduleinjector itself
// as well as "core" moduleinjector-related functionality

namespace Injection {
class moduleinjector {...};
... // ... = core related functionality e.g. non member functions almost all clients need
...

}

[/code]

when you construct a moduleinjectior object you must pass in a VALID PROCESS ID. Therefor i constructed the following function

[code]
BOOL getProcessID( const std::wstring& processName )
{
HANDLE pSnapList;
PROCESSENTRY32 p32Info;
BOOL p32Status;

pSnapList = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );   
if( pSnapList == INVALID_HANDLE_VALUE )
    return 0;// unable to get a handle on the process snapshot
p32Info.dwSize = sizeof( PROCESSENTRY32 );

p32Status = Process32First( pSnapList, &p32Info );
if( p32Status == NULL )
    return 0; // need to recheck what the heck this does

    while( Process32Next( pSnapList, &p32Info ) ) {
        if( processName == p32Info.szExeFile ) {
            return p32Info.th32ProcessID;
       }

    };
    return -1; // is this needed? not found process name in list?

}
[/code]

my question is where should i place this function with my library?!
1.) Should it be placed in the moduleinjector.h in core functionality as a nonmember function?
2.) Should i place it in a moduleInjectorConvience.h file so user's can use my premade function?
3.) It seems like this function should be places in a .h called PE_ProcessTools.h or PE_Tools.h...should i place it in that .h and include it in my release?

Any thoughts/reasoning behind the choice that you would choice is greatly appreciated! -thx

0

[CODE]
std::string function(std::string buffer)
{
int Variable1 = 23;
if( !buffer.compare("Variable1")) <--- i want the user to input the variable name..and have my program match the input with the variable name of the program and return the value it contains
return Variable1; [U]<--- How do i convert this number into a c++ std::string?[/U]
}
return "turd"
[/CODE]

0

I'm haveing a hard time determining wether i should implement certain things as a class or just functions....for example....

Log.h library <--- i could obviously implement a Log class....and i could also have use Log functions(without a class) alternatively...is there any guideline/recommendations i should use when knowing wether i should make a class library...or function library

another example would be
NTHeader.h <--- provides a way to gain information about a specific PE's header file

should i place all these functions together into one class since they are all closely related? or should i just put them in seperate functions? i have a hard time knowing when i should perform one or the other

0

[CODE]typedef struct _IMAGE_OPTIONAL_HEADER {
WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD ImageBase;
DWORD SectionAlignment;
DWORD FileAlignment;
WORD MajorOperatingSystemVersion;
WORD MinorOperatingSystemVersion;
WORD MajorImageVersion;
WORD MinorImageVersion;
WORD MajorSubsystemVersion;
WORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage;
DWORD SizeOfHeaders;
DWORD CheckSum;
WORD Subsystem;
WORD DllCharacteristics;
DWORD SizeOfStackReserve;
DWORD SizeOfStackCommit;
DWORD SizeOfHeapReserve;
DWORD SizeOfHeapCommit;
DWORD LoaderFlags;
DWORD NumberOfRvaAndSizes;
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
} IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER;[/CODE]

my question is how can i fill this structure with information from my module(exe/dll) so i can then use this information!?

0

what is the difference in the 2?

[CODE]class Log
{
private:
// no members attributes
public:
void createLog( );
};

int main()
{

Log log1;
log1.createLog();

}[/CODE]

[CODE]class Log
{
private: // no members
public:
static void createLog( );
};

int main()
{
Log::createLog();
}[/CODE]

0

when i release a library of code for example my "stack class" where should i put the exception handling code for it? for example...

should it be
stack.h
stack.cpp
stackExceptions.h
stackExceptions.cpp

or..... like this

stack.h <--- embed stack exception interface in here
stack.cpp <--- embed stack exception implementation in here

Also does anyone happen to have any type of resources that explain what should and shouldn't be in certain .cpp and .h files?

0

i recently asked a on a forum how to handle the problem if a user pushes onto a full stack or pops from an empty stack on how to handle this problem.....
my question is could anyone give a accurate example code of the first example he gave me below? i dont know how to ensure the user calls isFull or isEmpty before a call to push...i don't understand

[B][U]Pushing to a fixed size stack with user responsibility[/U]:
User can only call Push if they've first called "IsFull" and got a return value of false. As long as the user does this, then Push can never fail.
Seeing as it's never meant to fail, simply add an assertion to check for failures.[/B]

[U]Pushing to a fixed size stack without user responsibility[/U]:
Make push return a boolean value indicating success/failure.

0

ok so for most of my error handling i throw and exception and log the info of the error to a file...my question is...what should i do if the program/system is unable to log it to a file? should i throw an uncatched exception? should i just call exit()? i want to find a way that will help debugging so i can find why the log function and possibly trace back and find what error occured before that! -thx

0

[CODE]template <class T>
void add_log(const T ErrorString)
{
HANDLE hFileHandle;
if( ( hFileHandle = CreateFile(L"log.txt", GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL ) ) == INVALID_HANDLE_VALUE )
return; // throw GetLastError();

SYSTEMTIME st;
GetLocalTime(&st);

std::wstringstream buffer;

buffer << L"===================================\n" 
       << L"Date: " << st.wMonth << L'/' << st.wDay    << L'/' << st.wYear   << L'\n'
       << L"Time: " << st.wHour  << L':' << st.wMinute << L'.' << st.wSecond << L'\n'
       << L"===================================\n" 
       << L"[ERROR] - " << ErrorString << L'\n';

const wchar_t* cStringBuffer = buffer.str().c_str();

if(WriteFile( hFileHandle, &cStringBuffer, wcslen(cStringBuffer) , NULL, NULL ) == NULL )
return;//throw GetLastError();

CloseHandle( hFileHandle );
}[/CODE]

ok i did as you stated but for some reason the writefile api() is causing an access violation...and im not sure why? any ideas

0

wow nvm ignore what i posted....let me rephrase it. say you do this below

std::string name;

std::cout << "Enter a Name: " << std::endl;
std::cin >> name; <---------- How big of a buffer is this getting stored in, in order to be placed into std::string name object?

from my understanding in any form in input u must have a buffer to store it in!