I am confused about how people analyze crash dump files generated by exe/dll files which were protected by VMProtect(3.0 or later). Even though I have the original exe/dll, the map file, and the pdb file, I can not find the original call stack or the crash point in the C++ source code. Does anyone know how to analyze these dump files? I'v got a huge amount of dump files to be handle...
You can use "MiniDump Fixer" to fix minidump files:
https://vmpsoft.com/20111114/minidump-fixer/
Related
The dump file downloaded by Production Environment, opened with mat, found that there were too many reference objects, which could not be recovered smoothly. I don’t know where to start.
enter image description here
I made a small program (App.exe) by (Visual Basic Language) that replaces some files, and a place those files in my preject recoures
the problem is when i build the program i can decompressing the App.exe and see those files like a archive with any decompressing software like a WinRAR or 7-zip, and me i don't want that, this is a image from my computer, someone can help me, thanks in advance
You may use ConfuserEx obfuscator (Google it to get that). After encrypting the app with it, it'll be almost impossible to decompile it or get its raw files (resources) even after extraction.
Simply drag and drop your application into it:
Use Compressing packer:
And finally protect it:
And you're good to go.
I am working on a project that will copy files to a database every time something is added to a specific directory. Now the program works fine when I'm testing with a small set of data but I was wondering if someone could explain how the FileSystemWatcher.Created event work.
My main concern is when I use this on a larger scale the program may slow down when it handles 100,000+ files.
If this is an issue could anyone explain if there is some sort of workaround to polling the original folder, lets call that "C:\folder", and maybe poll a temp folder instead.
I have not tested the watcher with 100,000 files. However, in most cases you should not have so many files in a folder awaiting processing. I recommend a structure like
C:\folder
C:\folder\processing
C:\folder\archive
C:\folder\error
As soon as you begin working on a given file, move it into processing. If you successfully process it, move the file again to archive. If there is an error while processing a file, instead move it into error.
This will make it easier for you to keep the files organized and diagnose problems that occur in production.
With that file structure, you will not run into issues with large numbers of files in the folder you are watching, unless you receive files in incredibly large bursts compared to the speed with which they can be moved into the processing state.
okay, so i dont really know much about DLLs. but i need to edit some of them. ones that seem like archive files.
such as: firefox's xul.dll, windows/twain_32.dll
when i tried to open them in .NET Reflector, it couldnt open them. and a really downvoted answer on here made me realize they can be opened with 7zip, and seem to have files inside.
i can extract the files, but cant edit the dll, and i dont know how to create a dll like this. i dont have visual c++ or basic, and i dont know if i could do this with them.
thank you in advance, or how to say
A dll file usually contains program code (that is: binary code you can not easily understand). Some dll files may also contain resources, which can be sometimes edited with a resource editor (such as ResourceHacker).
dll files are no archives and their primary usage does not include holding files. Resources normally are rather small data elements such as icons.
Edit: If you open a dll file in 7zip, you will see some virtual files (which are no real files but sections of the binary object file, see symbol table and relocation table in object file for example) along with a virtual folder .rscs (abbreviation for "resources") that contains the mentioned resources you can edit with a resource editor. Again, remember these are not files. 7zip only displays them in a way you may think of files.
The object code inside of .text, .data and .reloc contains binary program code and initialization data along with the reallocation table. It makes no sense to edit those information unless you use a disassembler, can understand the generated assembler code, know about the pitfalls of disassembling, make senseful changes and are able to reassemble the code.
Not that even if you did so, you'd apply the disassembler to the whole object file instead of single sections.
HI, I am using CGZipLibrary.dll in my code for zipping the files. A .zip file is being created but the file is not getting compressed. The original file and the .zip file are of same size.
Please provide some suggestions. Thanks in advance.
CGZipLibrary.dll... that's a rather old library if my memory is serving me right, I remember using it (or some other library with a similary name) in some old VB6 projects, and I had to update it because it had some problems when compressing folder structures. I may have the updated library lying somewhere around.
For .Net there are better alternatives like SharpZipLib and DotNetZip. I see the question is tagged with VB6 as well... if you need to use the library from VB6, from what I know, DotNetZip is marked as visible for COM, so you should be able to use it as well, although haven't tried it myself.