A forum for reverse engineering, OS internals and malware analysis 

Search found 216 matches

 Go to advanced search

Re: Check if process is UWP application.

 by Brock ¦  Thu Jun 13, 2019 8:19 pm ¦  Forum: User-Mode Development ¦  Topic: Check if process is UWP application. ¦  Replies: 2 ¦  Views: 405

@Iradicator You can use DllImport in PowerShell for Windows API and make a call to IsImmersiveProcess() https://docs.microsoft.com/en-us/windows/desktop/api/winuser/nf-winuser-isimmersiveprocess It will tell you if the target process is a Windows Store app / Metro app / WinRT app / UWP app etc. What...

Re: Why Microsoft don't block elevation runas?

 by Brock ¦  Tue Apr 30, 2019 2:35 am ¦  Forum: General Discussion ¦  Topic: Why Microsoft don't block elevation runas? ¦  Replies: 4 ¦  Views: 453

Why is that? Why Microsoft can not somehow track this and ban?
Kinda like a cheater/hacker in Counter-Strike? KEWL!!! =]

Why are you creating a thread in DLLMain just to patch an API? Do this directly in DLLMain and get rid of your handle leaking BeginThread call. Threads also don't run until DLLMain is complete because loader lock is held, so no sense in delaying the patch either. Also, inside the ugly patch routine ...

Re: Some code doesn't works with SYSTEM priv.

 by Brock ¦  Sat Mar 23, 2019 9:59 pm ¦  Forum: Newbie Questions ¦  Topic: Some code doesn't works with SYSTEM priv. ¦  Replies: 4 ¦  Views: 410

Are you positive that the error isn't correct? You might try impersonating the logged on user while you access the network shares. It's kind of a bit hackish but it may work for you HANDLE hToken = 0; ULONG SessionId = WTSGetActiveConsoleSessionId(); if (WTSQueryUserToken(SessionId, &hToken)) { if (...

Re: My AV says my router is infected

 by Brock ¦  Sat Feb 23, 2019 1:44 pm ¦  Forum: Newbie Questions ¦  Topic: My AV says my router is infected ¦  Replies: 7 ¦  Views: 1029

Perhaps this is VPNFilter malware?

You can quickly and easily check for its presence online below

http://www.symantec.com/filtercheck/

What does the code look like which spawns the VCL app from the service? The VCL app might have issues with the user environment. Post your code for executing the VCL app from the service, I assume in the service you're using CreateProcessAsUser() or similar? * Basically, ShellExecute() isn't an API ...

Re: Windows 10 booting issue

 by Brock ¦  Thu Jan 31, 2019 7:38 pm ¦  Forum: General Discussion ¦  Topic: Windows 10 booting issue ¦  Replies: 1 ¦  Views: 730

Try almighty Google first, it's as simple as querying the system error code you mentioned here

https://neosmart.net/wiki/0xc0000428/

Re: [C] HTTP-Downloader

 by Brock ¦  Tue Jan 15, 2019 1:42 pm ¦  Forum: Newbie Questions ¦  Topic: [C] HTTP-Downloader ¦  Replies: 5 ¦  Views: 2076

Re: [C] HTTP-Downloader

 by Brock ¦  Sun Jan 13, 2019 12:14 am ¦  Forum: Newbie Questions ¦  Topic: [C] HTTP-Downloader ¦  Replies: 5 ¦  Views: 2076

Took a quick peek at the code, don't forget to close thread and process handles upon successful call returns. Only mentioning this because you mentioned the word "clean" twice and these are resource leaks. Download.cpp download_thread() ---> CloseHandle(pInfo->hThread); CloseHandle(pInfo->hProcess);...

Re: Use LGPL code in MIT project?

 by Brock ¦  Thu Jan 10, 2019 10:39 pm ¦  Forum: General Discussion ¦  Topic: Use LGPL code in MIT project? ¦  Replies: 1 ¦  Views: 788
  • 1
  • 2
  • 3
  • 4
  • 5
  • 22