Is the only point of string encryption is to hide a hardcoded string from being scanned and found in memory/binaryfile? I dont see how string encryption works 100% of the time seems if any string that needs to be used will be stored in memory. For example, i can encrypt a string...then when i wanna use it i will decrypt it using my decrypt function....but in order for me to use it it must be stored in memory...therefore if the program happens to scan the stack segment/heap the moment i try to use me unencrypted string this it will be revealed correct?

more simply....

Does string encryption only work for hideing hardcoded strings? if u want to use ANY string no matter what it must be stored somewhere in memory before you can use it. Therefore Before doing any type of string processing it must be stored in memory and if this string happens to be decrypted at the time of a defense scanner does a string scan it will surely find the string correct

when i write a program in assembly and i define a variable of "word" it truly the natural word size of my processor? for example on an i7 64bit processor will it be the size of 64bits.....or will it be defined as how microsoft defines the size of a words "A WORD is a 16-bit unsigned integer" ?

I'm rather confused on when i would use and what the following libraries( of frameworks[not sure what they are] ) would be used by a programmer. If anyone could please give a simple understandable definition i would greatly be appreciated.


pretty much when would the following be used by a programmer and in what situations?

i'm currently still trying to understand the internals of the following code being executed in c++


int main()
std::cout << "Just now entering inside of main" << std::endl << std::endl;
return 0;

Here is the assembly code i obtained from an assembly line debugger

012E1207 |. A1 44302E01 MOV EAX,DWORD PTR DS:[<&MSVCP100.std::endl>]
012E120C |. 8B15 70302E01 MOV EDX,DWORD PTR DS:[<&MSVCP100.std::cout>] ; MSVCP100.std::cout
012E1212 |. 50 PUSH EAX
012E1213 |. 8BC8 MOV ECX,EAX
012E1215 |. 51 PUSH ECX ; MSVCR100.__initenv
012E1216 |. 68 14322E01 PUSH Reversin.012E3214 ; /Arg2 = 012E3214 ASCII "Just now entering inside of main"
012E121B |. 52 PUSH EDX ; |Arg1 = 00000000
012E121C |. E8 1F070000 CALL Reversin.012E1940 ; \Reversin.00D11940
012E1221 |. 83C4 08 ADD ESP,8
012E1224 |. 8BC8 MOV ECX,EAX
012E1226 |. FF15 4C302E01 CALL DWORD PTR DS:[<&MSVCP100.std::basic_ostream<char,std:>; MSVCP100.std::basic_ostream<wchar_t,std::char_traits<wchar_t> >::operator<<
012E122C |. 8BC8 MOV ECX,EAX
012E122E |. FF15 4C302E01 CALL DWORD PTR DS:[<&MSVCP100.std::basic_ostream<char,std:>; MSVCP100.std::basic_ostream<wchar_t,std::char_traits<wchar_t> >::operator<<
012E1234 |. A1 44302E01 MOV EAX,DWORD PTR DS:[<&MSVCP100.std::endl>]
012E1239 |. 50 PUSH EAX
012E123A |. 51 PUSH ECX ; /Arg3 = 711C3714[/code]

Here is the same code obtained using's the same as above but the code below includes my comments on what the code is doing

.text:00401207 mov eax, ds:_imp?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z ; std::endl(std::basic_ostream<char,std::char_traits<char>> &)
.text:0040120C mov edx, ds:_imp?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ; std::basic_ostream<char,std::char_traits<char>> std::cout
.text:00401212 push eax ; pushing std::endl function address on stack for use later?
.text:00401213 mov ecx, eax ; move the address of std::endl function into ECX
.text:00401215 push ecx ; Pushing std::cout function address on ...

im curious as to if anyone knows the internals of how cout works?

for example the step by step internals of what happens when executing the following statement in c++

cout << "hello world" << endl;


it just seems wierd that if u truly want to read 4-bytes from memory address x00000007 you the processor must read starting from x00000004-x0000007 then make another read from x00000008-x0000000B then shift the unneeded bytes off! I was wondering why u cant say hey man lets read 4 bytes starting at address x00000007 ;) see what i mean :P?

great information :) i really liked how you put your own simple twist to it :]!! i still wish i knew why about odd address's and why they cause unaligned memory accesses :( i do understand what u mean about the "working with the natural word size of the processor"


Can anyone plz explain why , according to this article, an x86 processor can't read simply 4bytes from an odd address and has to make 2 reads then shift bytes to get aligned to the correct value? I dot see why a processor can't read from an odd address fine!??

i dont see the point or why you would ever want to upcast an object for example

class Shape

class rectangle : public shape

int main()
rectangle object1;
Shape *shapePtr = &object1;

return 0;

how would i assign the following functions address to a function pointer?

int sum(int x, int y)

Local pLocal = (Local**)0xE6EB54; // valid

How would u interpret these in english i understand it has to do with a pointer to a double pointer?

Local * pLocal = (Local**)0xE6EB54; // not sure if this is even valid

if the above is valid as well how would u interpret it?

namespace stuff {

class log {
friend std::wostream& operator<<( std::wostream& oss, const log& error );




[CODE]std::wostream& stuff::operator<<( std::wostream& oss, const stuff::log& error )
oss << log.m_message; // log.m_message is a std::wstring
return oss;

1>c:\users\oso\documents\visual studio 2010\projects\moduleinjector\moduleinjector\cdllinjection.cpp(147): error C2679: binary '<<' : no operator found which takes a right-hand operand of type 'const std::wstring' (or there is no acceptable conversion)

Any idea what im doing wrong?

I dont understand how the C/C++ language is portable?
1.) What makes a program compilable on 2 different O/S's?
2.) Doesn't this depend on the O/S manufacturer? How does Microsoft do this?
3.) What determines wether a language is portable or will only work on one operating system?

[code]// header moduleinjector - header for class moduleinjector itself
// as well as "core" moduleinjector-related functionality

namespace Injection {
class moduleinjector {...};
... // ... = core related functionality e.g. non member functions almost all clients need



when you construct a moduleinjectior object you must pass in a VALID PROCESS ID. Therefor i constructed the following function

BOOL getProcessID( const std::wstring& processName )
HANDLE pSnapList;
BOOL p32Status;

pSnapList = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );   
    return 0;// unable to get a handle on the process snapshot
p32Info.dwSize = sizeof( PROCESSENTRY32 );

p32Status = Process32First( pSnapList, &p32Info );
if( p32Status == NULL )
    return 0; // need to recheck what the heck this does

    while( Process32Next( pSnapList, &p32Info ) ) {
        if( processName == p32Info.szExeFile ) {
            return p32Info.th32ProcessID;

    return -1; // is this needed? not found process name in list?


my question is where should i place this function with my library?!
1.) Should it be placed in the moduleinjector.h in core functionality as a nonmember function?
2.) Should i place it in a moduleInjectorConvience.h file so user's can use my premade function?
3.) It seems like this function should be places in a .h called PE_ProcessTools.h or PE_Tools.h...should i place it in that .h and include it in my release?

Any thoughts/reasoning behind the choice that you would choice is greatly appreciated! -thx

std::string function(std::string buffer)
int Variable1 = 23;
if( !"Variable1")) <--- i want the user to input the variable name..and have my program match the input with the variable name of the program and return the value it contains
return Variable1; [U]<--- How do i convert this number into a c++ std::string?[/U]
return "turd"

I'm haveing a hard time determining wether i should implement certain things as a class or just functions....for example....

Log.h library <--- i could obviously implement a Log class....and i could also have use Log functions(without a class) there any guideline/recommendations i should use when knowing wether i should make a class library...or function library

another example would be
NTHeader.h <--- provides a way to gain information about a specific PE's header file

should i place all these functions together into one class since they are all closely related? or should i just put them in seperate functions? i have a hard time knowing when i should perform one or the other

yea loadlibrary

WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD ImageBase;
DWORD SectionAlignment;
DWORD FileAlignment;
WORD MajorOperatingSystemVersion;
WORD MinorOperatingSystemVersion;
WORD MajorImageVersion;
WORD MinorImageVersion;
WORD MajorSubsystemVersion;
WORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage;
DWORD SizeOfHeaders;
DWORD CheckSum;
WORD Subsystem;
WORD DllCharacteristics;
DWORD SizeOfStackReserve;
DWORD SizeOfStackCommit;
DWORD SizeOfHeapReserve;
DWORD SizeOfHeapCommit;
DWORD LoaderFlags;
DWORD NumberOfRvaAndSizes;

my question is how can i fill this structure with information from my module(exe/dll) so i can then use this information!?

an object with no members, what will it's *this point to in memory if it has no member variables/attributes?

im asking is there any additional overhead for the first case? i dont see how u can instantiate an object without any member variables :(

what is the difference in the 2?

[CODE]class Log
// no members attributes
void createLog( );

int main()

Log log1;


[CODE]class Log
private: // no members
static void createLog( );

int main()

Once present, this correlation between the file and the memory space permits applications to treat the mapped portion as if it were primary memory.

to me this says "the program is still on the hard drive but the pc thinks its in RAM" i dont understand the purpose of this then

Could anyone please explain what memory mapped files are and why this method is better then reading a file with I/O operations when needed? i've read im still confused at why i cant understand how this works/ what it is doing exactly -thx

when i release a library of code for example my "stack class" where should i put the exception handling code for it? for example...

should it be

or..... like this

stack.h <--- embed stack exception interface in here
stack.cpp <--- embed stack exception implementation in here

Also does anyone happen to have any type of resources that explain what should and shouldn't be in certain .cpp and .h files?

i recently asked a on a forum how to handle the problem if a user pushes onto a full stack or pops from an empty stack on how to handle this problem.....
my question is could anyone give a accurate example code of the first example he gave me below? i dont know how to ensure the user calls isFull or isEmpty before a call to push...i don't understand

[B][U]Pushing to a fixed size stack with user responsibility[/U]:
User can only call Push if they've first called "IsFull" and got a return value of false. As long as the user does this, then Push can never fail.
Seeing as it's never meant to fail, simply add an assertion to check for failures.[/B]

[U]Pushing to a fixed size stack without user responsibility[/U]:
Make push return a boolean value indicating success/failure.

ok so for most of my error handling i throw and exception and log the info of the error to a question is...what should i do if the program/system is unable to log it to a file? should i throw an uncatched exception? should i just call exit()? i want to find a way that will help debugging so i can find why the log function and possibly trace back and find what error occured before that! -thx

[CODE]template <class T>
void add_log(const T ErrorString)
HANDLE hFileHandle;
return; // throw GetLastError();


std::wstringstream buffer;

buffer << L"===================================\n" 
       << L"Date: " << st.wMonth << L'/' << st.wDay    << L'/' << st.wYear   << L'\n'
       << L"Time: " << st.wHour  << L':' << st.wMinute << L'.' << st.wSecond << L'\n'
       << L"===================================\n" 
       << L"[ERROR] - " << ErrorString << L'\n';

const wchar_t* cStringBuffer = buffer.str().c_str();

if(WriteFile( hFileHandle, &cStringBuffer, wcslen(cStringBuffer) , NULL, NULL ) == NULL )
return;//throw GetLastError();

CloseHandle( hFileHandle );

ok i did as you stated but for some reason the writefile api() is causing an access violation...and im not sure why? any ideas

i dont understand how this is done tho....

wow nvm ignore what i posted....let me rephrase it. say you do this below

std::string name;

std::cout << "Enter a Name: " << std::endl;
std::cin >> name; <---------- How big of a buffer is this getting stored in, in order to be placed into std::string name object?

from my understanding in any form in input u must have a buffer to store it in!

whenever u create a string like this...

std::string name = "HELLO THUR";

what size buffer does the constructor store the string in when instantiating this string object? im curious thx!