dencorso Posted January 1, 2017 Share Posted January 1, 2017 CC is a space filler in PE files, if I'm not mistaken, and so it means no specific opcode in that context. Link to comment Share on other sites More sharing options...
Dibya Posted January 1, 2017 Author Share Posted January 1, 2017 1 hour ago, dencorso said: CC is a space filler in PE files, if I'm not mistaken, and so it means no specific opcode in that context. Thanks dencorso . When i was tracing code found those in a dll so i asked Link to comment Share on other sites More sharing options...
Dibya Posted January 2, 2017 Author Share Posted January 2, 2017 (edited) Great Job Svyatpro CloseTouchInputHandle \\ 55 8B EC 83 EC 0C 83 7D 08 00 0F 84 91 00 00 00 68 C0 70 A3 76 E8 A6 FF FF FF 89 45 F4 83 7D F4 00 74 7C 8B 45 08 50 83 EC 18 8B CC 8B 15 C0 70 A3 76 89 11 A1 C4 70 A3 76 89 41 04 8B 15 C8 70 A3 76 89 51 08 A1 CC 70 A3 76 89 41 0C 8B 15 D0 70 A3 76 89 51 10 A1 D4 70 A3 76 89 41 14 E8 ED FE FF FF 89 45 F8 8B 4D F8 89 4D FC 83 7D F8 00 74 10 8B 55 F8 52 68 C0 70 A3 76 E8 10 FE FF FF EB 07 6A 06 E8 0F 0D 00 00 68 C0 70 A3 76 E8 ED FE FF FF 33 C0 83 7D FC 00 0F 95 C0 89 45 F4 EB 07 C7 45 F4 00 00 00 00 8B 45 F4 8B E5 5D C2 04 00 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC any one can confirm me whether above traced code has any location specific jump also how can i change location to specific offset/RVA/VA? I succeeded to add WSAPoll and few other function in side their respective dlls with out wrapper . Edited January 2, 2017 by Dibya Link to comment Share on other sites More sharing options...
dencorso Posted January 2, 2017 Share Posted January 2, 2017 C20400 == RET 0004... the routine ends here. One shouldn't need to transfer the CCs, too. 1 Link to comment Share on other sites More sharing options...
Dibya Posted January 2, 2017 Author Share Posted January 2, 2017 2 hours ago, dencorso said: C20400 == RET 0004... the routine ends here. One shouldn't need to transfer the CCs, too. Thanks Dencorso . Thanks for help . Link to comment Share on other sites More sharing options...
Dibya Posted January 3, 2017 Author Share Posted January 3, 2017 one core api on git hub https://github.com/Skulltrail192/One-Core-Api Link to comment Share on other sites More sharing options...
leecher Posted January 3, 2017 Share Posted January 3, 2017 On 1.1.2017 at 6:20 AM, Dibya said: any one know Hex CC is which op code like NOP is 90 0xCC = INT 3 So this initiates a Debug Break when in Debugger. That's why this opcode is usually used as a filler, because then you end up in debugger when program execution for whatever reason gets there, which shoudldn't be the case. 1 Link to comment Share on other sites More sharing options...
Svyatpro Posted January 3, 2017 Share Posted January 3, 2017 (edited) 11 hours ago, Dibya said: one core api on git hub https://github.com/Skulltrail192/One-Core-Api Yes, and it requires contributors. We need to fix some functions known as broken: shell32: SHGetKnownFolderPath kernel32: GetLogicalProcessorInformationEx LCIDToLocaleName vtdll (it could be good if someone could replace it with BWC's implementation): RtlTryAcquireSRWLockExclusive RtlInitializeConditionVariable RtlSleepConditionVariableCS RtlWakeAllConditionVariable RtlWakeConditionVariable Edited January 3, 2017 by Svyatpro Link to comment Share on other sites More sharing options...
Dibya Posted January 4, 2017 Author Share Posted January 4, 2017 8 hours ago, Svyatpro said: Yes, and it requires contributors. We need to fix some functions known as broken: shell32: SHGetKnownFolderPath kernel32: GetLogicalProcessorInformationEx LCIDToLocaleName vtdll (it could be good if someone could replace it with BWC's implementation): RtlTryAcquireSRWLockExclusive RtlInitializeConditionVariable RtlSleepConditionVariableCS RtlWakeAllConditionVariable RtlWakeConditionVariable Syvet can you compile the files , i will replace the code with BWC's one . Link to comment Share on other sites More sharing options...
Dibya Posted January 4, 2017 Author Share Posted January 4, 2017 Thanks Svyat Link to comment Share on other sites More sharing options...
dencorso Posted January 5, 2017 Share Posted January 5, 2017 9 hours ago, Skulltrail said: Hello everybody, I'm Samuka, from betaarchive. I'm male, apropos, and i live on Brazil. Welcome to MSFN, Samuka! What do you say I get your username changed to Samuka, instead of Skulltrail, for a start? Happy new year and do enjoy your vacations! Link to comment Share on other sites More sharing options...
Dibya Posted January 5, 2017 Author Share Posted January 5, 2017 (edited) 2 hours ago, TuMaGoNx said: Oops right! guess I left several things unanswered before, sorry, bit busy with other things. I haven't look at NVME since that time nor XomPie (I get the feeling of losing complexity vs usability balance if it keep grow) . I also don't know w2k batch restriction so I can't convert it... Edit: misunderstood Edit2: oh and someone pm me about newer IE possibility: my pov is the same for any browser, developers have been painfully held back by XP limitation. so once IE drop XP... well not to mention iIE is closed source and still knotted with Windows just how many flags have been flipped, those possible horde of loadlibrary/getproc is something to get attention under disassembler's lens. In short: I've no idea. NO problem man nothing to say sorry . do you wanna have my storport slip-streaming nlite addon ? I will post it over RyanVM can i have some beta tester for my kernel extension ? Happy New year to ALL Best of Luck to everyone loving and supporting XP. @Samuka can you make usb 3.0 / 3.1 and UEFI bios work with XP? It will very much help if some one can get GPT partition support from 2k3 to XP. Edited January 5, 2017 by Dibya Link to comment Share on other sites More sharing options...
Dibya Posted January 7, 2017 Author Share Posted January 7, 2017 On 1/5/2017 at 6:40 PM, TuMaGoNx said: Oops right! guess I left several things unanswered before, sorry, bit busy with other things. I haven't look at NVME since that time nor XomPie (I get the feeling of losing complexity vs usability balance if it keep grow) . I also don't know w2k batch restriction so I can't convert it... Edit: misunderstood Edit2: oh and someone pm me about newer IE possibility: my pov is the same for any browser, developers have been painfully held back by XP limitation. so once IE drop XP... well not to mention iIE is closed source and still knotted with Windows just how many flags have been flipped, those possible horde of loadlibrary/getproc is something to get attention under disassembler's lens. In short: I've no idea. i have moded kernel 32 https://ryanvm.net/forum/viewtopic.php?f=25&p=142178#p142178 please test it . more people can find more bugs Link to comment Share on other sites More sharing options...
burd Posted January 7, 2017 Share Posted January 7, 2017 On 1/5/2017 at 7:20 AM, Dibya said: NO problem man nothing to say sorry . do you wanna have my storport slip-streaming nlite addon ? I will post it over RyanVM can i have some beta tester for my kernel extension ? Happy New year to ALL Best of Luck to everyone loving and supporting XP. @Samuka can you make usb 3.0 / 3.1 and UEFI bios work with XP? It will very much help if some one can get GPT partition support from 2k3 to XP. windows xp x64 only reads gpt format if im correct,should be not that tough to make it read and write? Link to comment Share on other sites More sharing options...
jaclaz Posted January 7, 2017 Share Posted January 7, 2017 6 hours ago, burd said: windows xp x64 only reads gpt format if im correct,should be not that tough to make it read and write? What makes you think that? GPT is only a (perverted) way to index volumes, a volume (intended as a contiguous extent on disk with a filesystem applied to it) is not dependent on the way it is indexed, whether it is read only or r/w depends on the filesystem driver (and to the specific setting for the volume). Another thing is booting a pre-Windows 8 Windows OS from a GPT disk (that simply won't happen any soon without modifications to the involved bootloaders). jaclaz Link to comment Share on other sites More sharing options...
Recommended Posts