News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Getting text from an EXE

Started by zakham, February 14, 2006, 06:16:00 AM

Previous topic - Next topic

zakham

oH nO

hutch--

If you are after just the exe file to do a job, get STRINGS.EXE from the masm32 example code.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

Tedd

It depends what effect you want. If you want all strings of (readable) characters in the whole file, then you'll be searching through the whole exe.
But if you only want the strings used in the application, then they should be found in the data section -- for this you'll need to look at how a PE file is constructed, and then search through the contents of the data section(s) to find the strings. And you may also want to check through the code sections for strings that may have been 'hidden' in there too :wink

So, reference material: info describing the PE format (there's plenty about)
No snowflake in an avalanche feels responsible.

Vortex

zakham,

Welcome on board.

You can use also the RCDATA statement in your resource script to embed text files in your executable. Here is a quick example.



[attachment deleted by admin]

zooba

Sorry Vortex. I'm guessing our friend is trying to find registration messages and nag screens...

zakham

#5
fORGET aBOUT IT DUDES..!!! :U

Vortex

#6
OK, no problem.

MichaelW

zakham,

Challenge or no, I think you need to explain how "I need to utilize this Buffer overflow + get the Password" is not a violation of forum rules:

Quote
3. Legality of content is not a negotiable matter in the forum. Assembler programming is mainstream programming and is primarily used by professional programmers who require the performance in specialised areas. Low level coding is both allowed and encouraged but there will be no viral or trojan technology allowed including technical data under the guise of AV technology, no cracking and similar activities in the guise of "Reverse Engineering", no hacking techniques or related technology and no support or help with or reference to pirated software. There will also be no links to pages that support or display any of these or any other illegal areas of coding.
eschew obfuscation

Tedd

1. Do your own 'homework' -- or you will learn nothing. This is even a beginners 'challenge'
2. We are not here to teach you how to hack or create viruses -- this falls under that catgeory.



http://www.vidyaweb.com/doeacc/mod/forum/discuss.php?d=392

Challenge Question No. 20060210
Programmed By Ria Bannerjee.
Vidyaweb Team (www.vidyaweb.com)
Email : ria.cool2k5@gmail.com

Info:
Buffer Overflows comprises most of the exploits and hacks considered to the present
day environment. Check out where you are missing and learn how to write a secure code.

Target :
1. Write a program in any language to filter all text strings in the attached executable.
2. Find the Buffer Overflow in the program and then exploit it to find the access
codes for your name.

Focus :
This challenge focusess on the Stack Based Buffer overflows. Along with it you ll be able
to learn about the architecture on x86 assembly and how it works and how it can be exploited.

This challenge will be posted for 2 weeks on the site awaiting solutions from all
members. Best Solution will be awarded by putting his name on the site as a winner
until next challenge comes up(fortnightly).

Rules:

1.You cannnot use any hex editor, disassembler or debugger to analyse the code
(since this is a newbie challenge).

2.Your program can be written in any language you desire but you must submit
the source along with the executable and you must submit a write-up giving a
description of the rules/techniques and your handson experience while solving it
in not less than 150 words.

3.The winner will be announced in the week ending February 25th, 2006.

4.You can discuss any doubts you have in the forum.

We will put up an article \ tutorial to solve the challenge on 25th Feb, 2006, so dont
forget to check out if u didnt manage to solve the challenge or even if u did but missed
out anything. We will try to explain the basics of how to go about defending and attacking
such scenarios to get the best out of you in the relevant field so that we can emerge as
better programmers than we are and leave a mark of our community. Good luck !!!
So .. Lets go killing ...
No snowflake in an avalanche feels responsible.

zakham


RedXVII


Tedd

All part of the service.
Have a nice now.
Place call again.


(What you fail to see is that I've already told you how to do it. But obviously it's beyond your capabilities.)
No snowflake in an avalanche feels responsible.

sluggy


PBrennick

Sluggy,
I think you forgot to close it.

Paul
The GeneSys Project is available from:
The Repository or My crappy website

sluggy