Purchased Rootkits | Subverting the Windows Kernel


A month ago I have bought Rootkits, Subverting the Windows Kernel by Greg Hoglund and James Butler and I find it superb.  If you are a rootkit developer or looking to be one, this is a must have book that you need to get a hold of.  It teaches you generally the stuffs you want to learn such as hiding processes, files and directories, registries and lots more.  Conquering the kernel level as well as beating up Antiviruses are one of the topics that are discussed on!  Recently I am busy with my final years so I hope I can find time to post some useful articles.

Advertisements

Rootkits | Subverting the Windows Kernel


Are you a programmer that loves to design malicious application?  Do you find malicious applications that you have made are easily detected by anti-virus software (oh come on, Fully Un-detectable (FUD) isn’t going to last long)?  Do you know the difference of user and kernel space?  Ever wanted to be able to stay on the same level as the anti-virus as well as getting rid of it?

Take yourself into a whole new level by learning how to develop a rootkit! Read the rest of this entry »

MuteX | How to create a single instance application in C


#include <windows.h>
#include <stdio.h>

#define MUTEX_NAME "mutex name here, anyname"
int main()
{
 HANDLE hMutex = OpenMutex(MUTEX_ALL_ACCESS, FALSE, MUTEX_NAME);
 if(hMutex == NULL)
 {
 // no duplicate instances found
 hMutex = CreateMutex(NULL, FALSE, MUTEX_NAME);
 }
 else
 {
 // a duplicate was found
 return 0;
 }

 printf("Created console\n");
 getchar();
 return 1;
}

As you can see, there’s OpenMuteX and CreateMuteX function that has been used.  To briefly explain this, OpenMuteX opens a handle to check whether a mutex has been created.  If it returns the value NULL, it means that no mutex of the current string has been created.  So when it is NULL, CreateMuteX is called to create the mutex with the string MUTEX_NAME that has been defined.  Leave a feedback if you feel that there’s lack of information.

Caesar and Rot Cipher Source Code


Ever wanted a portable caesar cipher and decipher at one go? At the end of this post you will find the binary as well as the source code (built in C) for the application. Below is an image of the application testing on “abcdefgh” text.  At [+13] you can see that it is equivalent to ROT13 cipher.  For those that are familiar with command line, use application.exe “text here”.

/*
 * url:   https://genesisdatabase.wordpress.com
 * email: genesisdatabase@gmail.com
 *
 * This source code is free to be used by any programmers
 * Source code converts all uppercase to lowercase during decryption
 * Supports command line usage, use text as argument eg. crack.exe "abcdef"
 */

#include <stdio.h>
#include <string.h>
//#include <stdlib.h> /*include if using system()*/

void DecryptCaesar(char *Encrypted)
{
	char i;
	int j;

	Encrypted = strlwr(Encrypted); /*supports only lowercase*/
	//system("REM"); /*use this to copy paste in windows*/

	printf(" Caesar Cipher\n\n");
	for(i = 0 ; i < 27 ; i++)
	{
		printf(" [+%d]\t", i);
		for(j = 0 ; j < (signed)strlen(Encrypted) ; j++)
		{
			if(Encrypted[j] == ' ')
				printf(""); /*replace "" with " " if you prefer to preserve spacing*/
			else if(Encrypted[j] < 'a' || Encrypted[j] > 'z')
				printf("%c", Encrypted[j]); /*preserved non-alphabets*/
			else if(Encrypted[j] + i > 'z')
				printf("%c", Encrypted[j] + i - 26);
			else
				printf("%c", Encrypted[j] + i);
		}

		if(i == 13)
			printf(" (ROT)");

		printf("\n");
		if(i == 25)
		{
			printf(" ");
			for(j = 0 ; j < (signed)strlen(Encrypted) + 8 ; j++)
				printf("-");

			printf("\n");
		}

	}
	printf("\n");
}
int main(int argc, char **argv)
{
	char string[64 +1] = {'\0'};

	if(argc == 2)
	{
		strncpy(string, argv[1], 64);
		printf("\n");
		DecryptCaesar(string);
		return 0;
	}

	for( ; ; )
	{
		printf("\n Enter a text to encrypt/decrypt (EXIT to quit): ");

		fflush(stdin);		/*windows*/
		//fpurge(stdin);	/*linux*/

		scanf("%64[^\n]", string);

		if(string[0] == 'E' && string[1] == 'X' && string[2] == 'I' && string[3] == 'T' && string[4] == '\0')
			break;

		printf("\n\n");
		DecryptCaesar(string);
	}

	printf("\n Thanks for using...\n");
	return 0;
}

Download Binary
Download Source Code

Creating application with a single instance in C and VB .NET


Most of us prefer to have single instances application to make it look professional or probably some other personal reason especially making malicious applications too.  Here is the source code for the 2 languages that has been mentioned.

C

#include <windows.h>

int main()
{
	char *mutex = "some name here";

	HANDLE hMutex = OpenMutex(MUTEX_ALL_ACCESS, FALSE, mutex);
	if(hMutex == NULL)
	{
		hMutex = CreateMutex(NULL, FALSE, mutex);
	}
	else
	{
		MessageBox(0, "Instance Exists!", 0, 0);
		return 0;
	}

	return 0;
}

VB .NET

Function PrevInstance() As Boolean
	If UBound(Diagnostics.Process.GetProcessesByName(Diagnostics.Process.GetCurrentProcess.ProcessName)) > 0 Then
            Return True
        Else
            Return False
        End If
End Function

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
	If PrevInstance() = True Then
            MsgBox("Instance Exists!")
            End
        End If
End Sub