Comments by lilyNaz - CodeProject

lilyNaz 24-Dec-12 4:51am View

Well I am actually hooking ZwCreateSection and when a PE is going to be executed, I want to check the signature of the PE file so that I can stop unsigned PEs.

lilyNaz 23-Dec-12 3:40am View

These errors occur only after I add include wintrust.h and as you can see the errors are in wincrypt.h which means that there must be a conflict in my header files with the newly added ones(in here wintrust.h). As I said earlier I am writing a driver.

lilyNaz 23-Dec-12 3:34am View

>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(833): error C2146: syntax error : missing ';' before identifier 'dwVersion'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(833): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(833): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(835): error C2143: syntax error : missing ';' before '*'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(835): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(835): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(836): error C2146: syntax error : missing ';' before identifier 'cbOID'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(836): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(836): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(842): error C2143: syntax error : missing ';' before '*'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(842): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(842): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(843): error C2146: syntax error : missing ';' before identifier 'cbInnerString'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(843): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(843): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(844): error C2143: syntax error : missing ';' before '*'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(844): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(844): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(845): error C2146: syntax error : missing ';' before identifier 'cbOuterString'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(845): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(845): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(850): error C2146: syntax error : missing ';' before identifier 'dwUse'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(850): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(850): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(852): error C2146: syntax error : missing ';' before identifier 'cBits'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(852): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(852): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(853): error C2146: syntax error : missing ';' before identifier 'dwFlags'
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(853): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(853): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
1>F:\WINDDK\7600.16385.1\inc\api\wincrypt.h(854): error C2146: s

lilyNaz 23-Dec-12 3:17am View

Thank you for the link but I still have the same problem

lilyNaz 23-Dec-12 3:10am View

I know where wintrust is but my problem is that I cannot include wintrust.h in the driver, because it causes so many errors.

lilyNaz 1-Dec-12 3:47am View

I used catch(...) and next time I used catch(Exception &e) but I got the same exception.

lilyNaz 1-Dec-12 3:47am View

Deleted

I used catch(...) and next time I used catch(Exception &e) but I got the same exception.

lilyNaz 1-Dec-12 0:44am View

I have enabled the I/O checking in the Delphi Compiling Options But I get this very exception.

lilyNaz 6-Jun-12 5:46am View

Thanks, It worked!

lilyNaz 6-May-12 1:01am View

Thanks by the way.

lilyNaz 6-May-12 1:00am View

Yeah, I guess it wasn't invoked so I did the same for cmd.exe and this time I monitored cmd.exe in API monitor, when I typed dir, cmd crashes and I can see that MyDLL has been loaded but it returns invalid_handle _value, Error 2:The system could not find the file specified ... This time my function is definitely called

lilyNaz 5-May-12 5:34am View

Thank you.
I use createremotethread to inject my dll.
I added stdcall and I removed the code regarding loadlibrary but it still doesn't work.

lilyNaz 16-Apr-12 0:42am View

I am writing some sort of anti-virus and I need to protect my process. Like other anti-viruses, I need mine to be unkillable as much as possible.

lilyNaz 9-Apr-12 0:51am View

Thank you. I looked at VCG Graphig library but it mentions that The VCG tool reads a textual and readable specification of a graph and visualizes the graph.
But I don't have the graph itself, I just have the assembly code, visualization is not my first priority, coming up with control flow graph is the problem.

lilyNaz 18-Jan-12 20:50pm View

Thanks,I tried this one but it didn't work out. I'm trying to pass the name using the message and not the registry since you mentioned the overhead.

lilyNaz 17-Jan-12 5:01am View

Thank you, you're right. The first solution worked out.

lilyNaz 17-Jan-12 4:59am View

Thank you so much, It worked out.

lilyNaz 11-Jan-12 6:33am View

Thanks again. I tried using message passing techniques but since I am working in Embarcadero c++ builder, I can't use ON_REGISTERED_MESSAGES or even ON_COMMAND for the registered messages...

lilyNaz 11-Jan-12 2:19am View

Thanks for your answer, I think in my case it is best to use RegisterWindowMessage. Do you know any good tutorial or guide which I can read on this one?
From what I got I have to write another application and define a particular message for both of them...

lilyNaz 3-Jan-12 0:38am View

I worked with boomerang and I decided to get its source code using the tools presented in the website(wincvstools->checkout), but the problem is that I can't get the source code, (ERROR: connection timed out), Is there any other way that I can get the source code?

lilyNaz 27-Dec-11 2:25am View

Thanks mehdi,I need to disassemble the exe, and binary files which can be potentially malwares, Does Boomerang do that?
but boomerang dissassemble c codes, right?

lilyNaz 20-Nov-11 4:13am View

Well, Is it possible to hook copyfile instead of hooking keyboard and mouse actions?

lilyNaz 13-Nov-11 3:19am View

It worked out, Thanks Andrew.

lilyNaz 9-Nov-11 2:46am View

Do you think that I could use EnumDesktopWindows in order to find the address of all opened windows which may be directories?
I know it doesn't consider all the different ways of opening a directory but Is it possible?

lilyNaz 8-Nov-11 6:39am View

I need to write the code in Embarcadero c++ builder, and I get errors regarding these two lines:
#import MSHTML.TLB
#import SHDOCVW.DLL
Where should I add these two?

lilyNaz 8-Nov-11 6:13am View

I'll check out your answer.Thank you Andrew

lilyNaz 8-Nov-11 4:52am View

Well tnx for the link but I didn't find what I was looking for...

lilyNaz 8-Nov-11 3:48am View

I mean the applications which you can see in windows task manager, but not the processes. I am not looking for cmd.exe, The most important process for me is explorer.exe and I need to retrieve the address of the opened directories that you can see in applications tab of task manager.

lilyNaz 8-Nov-11 2:58am View

Deleted

I mean the applications which you can see in windows task manager, but not the processes. I am not looking for cmd.exe, The most important process for me is explorer.exe and I need to retrieve the address of the opened directories that you can see in applications tab of task manager.

lilyNaz 20-Sep-11 2:39am View

It is a Console Application, and is working on Windows 7, I am using Embarcadero C++ builder.

lilyNaz 20-Sep-11 2:16am View

Well I've added this one but then after compile : ERROR Unable to open include file 'atlstr.h'

Comments by lilyNaz (Top 31 by date)