I'm newbie in analyzing Malware. I've installed IDA pro to analyze an malware by name LAb-5 01.dll
As soon as i entered i've loaded the .dll file .But i donot know how to find the address of dllMain.Any help will be appreciated.
There are many ways to locate DLLMain using IDA Pro.
Once you open the DLL you are pointed directly to DLLMain. To know the address you can go to "Options" --> "General" and check "Line Prefixes". This will show that DllMain function is located at 0x1000D02E:
There are other ways to find it using IDA Pro. You can also search the symbol using the option "Search" --> "text" and writing "DllMain". It might not land in the function definition but you can double-click the symbol to go to the definition.
Another option is going to the Function Window at "Windows" --> "Functions window" (or Alt+1) and scroll until you find DllMain.
Related
I am trying to determine a package for an data element, or domain, or whatever via Eclipse ADT, but have no luck. I'm doing usual object search via project search (Ctrl-Shift-A), and both Global search (Ctrl-H), the result is the same.
I see domain properties window
and it has no clue about what package it is.
What I've tried so far:
Using filters in project search bar, callable via Ctrl-Space
Package filter does not help, it lists all packages, not the relevant ones, where this domain was found. Picking each and every package will take infinity amount of time, because the hierarchy is huge.
Pressing "Link with editor" button
For some reason it doesn't work, should it with DDIC objects? When I press it with domain opened right-side, just nothing happens. In the help and e.g. here they describe it should open the object in the left within hierarchy.
Is it something broken with my ADT or this button doesn't work with DDIC objects?
P.S. It is ABAP Cloud trial system, if that matters.
Package can be seen in Properties tool (see the bottom part of the screenshot below)
This may be a simple question, but I'm not even sure of the search terms to find the answer.
I have two winforms applications which have been derived from the same code. One supersedes the other, but occasionally we have to us the older VB app for legacy information.
The problem is, if one app is already open, when the icon of the other app is clicked, nothing happens. The currently open app's window becomes selected like it has just been opened. Nothing else.
What I would like to happen is that both apps can open at the same time. They reference different DB's so there's not clash there.
I thought it might be something to do with the name spaces, so I changed those, but to no avail.
Any thoughts, I'm sure its a simple answer.
Mark
Look at Project Settings (Double Click on "My Project" in the Project Explorer).
In the Application-Tab you'll find the setting "Create Single Instance Application"
(I'm translating from German Version, may be slighlty different).
Better Alternative:
Basicly it is useful to keep this setting as it is and go for the alternative:
In that same spot, you find a button "Assembly Information". Click on that and change the first number of the "Assembly Version". Now the older and newer versions are two different programs for Windows and will run parallel.
Go to, 'project properties', Tab 'Application', section 'Windows application framework properties'. There is a checkbox called 'Make single instance application'. Maybe that's on...
I had the same problem with two applications. They had different assembly versions and I wanted to avoid unchecking "Make single instance application", so I kept looking until I found that they had the same GUID. Just changed one of them and problem solved. You can change the GUID in the Assembly Information dialog. Hope it helps.
Just to start off, this question does seem very similar to another post Add the DLL (lame_enc.dll) reference to my project, but I haven't been able to successfully apply that answer. I am pretty new to VB.NET so it is very possible I'm simply missing something obvious.
I am trying to link a DLL to a VB.NET 2010 project to allow my VB app to play *.ogg files. I followed some other advice here on the forums and downloaded FMOD's FMOD Ex Programmers API. I am trying to now reference that functionality. These appear to be the files I need to somehow reference.
C:\Program Files (x86)\FMOD SoundSystem\FMOD Programmers API Windows\api\fmodex64.dll.
C:\Program Files (x86)\FMOD SoundSystem\FMOD Programmers API Windows\api\libfmodex64_vc.lib.
I haven't discovered how to add a *.lib reference (or the equivalent), but selecting the DLL as a reference gives the following error.
A reference to 'C:\Program Files (x86)\FMOD SoundSystem\FMOD
Programmers API Windows\api\fmodex64.dll' could not be added. Please
make sure that the file is accessible, and that it is a valid assembly
or COM component.
I'm not sure what I could be missing. Any ideas? Thanks!
In Solution Explorer, double-click the My Project node for the project.
In the Project Designer, click the References tab.
Click the Add button to open the Add Reference dialog box.
In the Add Reference dialog box, select the tab indicating the type of component you want to reference.
Select the components you want to reference, then click OK.
Another approach I was trying is working for me. I found a site with a working example of a LibZPlay VB.NET sample ( http://planetsourcecode.com/vb/scripts/ShowCode.asp?txtCodeId=7789&lngWId=10 ). It runs under VS 2008 and I was able to adapt my project to use LibZPlay (open source library http://libzplay.sourceforge.net/WELCOME.html ) under VS 2008.
That is sufficient for me for now. Thanks for your advice. It was likely some configuration issue or misunderstanding on my end.
Using VB.net 2015 I (could not add or even find a System32 dll) as a reference using Solution Explorer, Tab References. Going to the MAIN Menu, Projects/Add References...
Used Browse and All the System32 dll were visible. Then I was able to load the needed dll.
I'm Using resharper 6 nighty builds and VB.net. I've a big medium project with multiple files that don't follow the code style conventions of my company.
I've configured resharper with my own convenctions and It suggest to me the right name for each variable (perfect!).
But I can't find any automagic way to make the current name to be replaced with the suggested name.
Are there any way to do it? If not ... did you know ane fearure of coderush Xpress to achieve it?
Thanks.
If you've configured ReSharper with your naming conventions, then it should show a warning (blue squiggly underline) under any identifiers that don't comply. If you put the text cursor on one of those misnamed identifiers, you should see a pyramid icon appear near the left margin. Then you can press Alt+Enter (or click the pyramid icon) to drop down a quick-fix menu. There should be an option in the menu to "Rename to '_myField'". Usually it's the first item in the list, so you can just press Enter again to do the rename.
If you want to do this on everything in a source file, you can use the ReSharper > Inspect > Next Issue in File command (or its keyboard shortcut -- F12 in the IDEA keymap) to move the cursor to the next warning in the file. Then, if it's another name warning, you can use Alt+Enter, Enter again to fix it.
Unfortunately, there isn't a way to automatically fix every instance of a warning at once (though it's been requested; please feel free to vote for RSRP-126551 in their issue tracker).
I want to add a shortcut to the start menu group with following specifications:
It should point to a website, say www.xyz.com
It should have some custom icon
I need to pass some parameters to it, like www.xyz.com?lang=XXXX.
Where XXXX is language code e.g. 1033, 1036, etc. and it's dependent on the language chosen by the user for my application.
Please help.
if the website is always the same you could try including one shortcut.url inside your package for each language that you support and install only the one for that specific language on the disk.
this way you could also control the shortcut that gets used for the .url file.
I found a work-around for this problem.
I made an executable which parses stored language and then calls ShellExecute to start the default browser with required url and language option. I added a shortcut to this executable in the start menu, icon was included in the executable itself.