12-31-2012, 10:25 AM | #11 |
Join Date: Dec 2009
|
Re: Programm for the fight (4th edition)
Wireshark is the most commonly used tool (to my knowledge).
http://www.wireshark.org not sure if you want to do this. If it's malware, you may end up reinstalling your windows. It might be doable on a virtual machine though |
12-31-2012, 11:08 AM | #12 | |
Computer Scientist
Join Date: Aug 2004
Location: Dallas, Texas
|
Re: Programm for the fight (4th edition)
Quote:
|
|
12-31-2012, 11:33 AM | #13 |
Join Date: Jul 2007
Location: Ann Arbor, MI
|
Re: Programm for the fight (4th edition)
There isn't going to be anything easier than wireshark.
But there's precious little doubt that it's part of a botnet, or it wouldn't be starting a service. The fact that it's establishing a crypto context is also unsavory. You don't do that just to use the crypto api's random number generator. A crypto context is used for bulk data processing, like encrypting and decrypting a message, and there's certainly no need to generate hashes, which are used to sign messages and establish authenticity. You do establish a crypto context if you want to secure communication with a remote host, and you sign the messages if you want to keep somebody from taking over the botnet you went to the trouble to build. There's little likelihood that the app does much of use. It's the work of 20 minutes to dummy up a form and give it some basic interactions. There's likely a botnet toolkit bolted on to the back end of it. You can buy them relatively cheaply if you know the right markets, and there are even a few open source ones. There are plenty of us on here who create actual apps, and we either post source, or publish them through more reputable outlets. We also tend to establish ourselves as part of the community first.
__________________
Online Campaign Planning |
12-31-2012, 12:09 PM | #14 | |
Computer Scientist
Join Date: Aug 2004
Location: Dallas, Texas
|
Re: Programm for the fight (4th edition)
Quote:
What tools are you using to gather the intelligence on the Crypto and ACL and NT services calls? |
|
12-31-2012, 01:05 PM | #15 |
Night Watchman
Join Date: Oct 2010
Location: Cambridge, UK
|
Re: Programm for the fight (4th edition)
"dumpbin /imports" will do it nicely. The depends.exe tool provides a GUI for accessing the same information, plus some other things. Clay may be using something else, but those are the MS tools, which come with Visual Studio, even the free versions.
|
12-31-2012, 01:07 PM | #16 | |
Join Date: Dec 2007
Location: Brooklyn, NY
|
Re: Programm for the fight (4th edition)
Quote:
__________________
-JC |
|
12-31-2012, 03:53 PM | #17 | |
Join Date: Aug 2007
|
Re: Programm for the fight (4th edition)
Quote:
The alternative is Microsoft Network Monitor (sans windows 8 - not sure it is available for that already). Available free of charge. Patched as part of the regular update sequence, so no "did I just **** up my system security" thing that a third party drive entails. |
|
12-31-2012, 05:50 PM | #18 |
Join Date: Jul 2007
Location: Ann Arbor, MI
|
Re: Programm for the fight (4th edition)
Cryptographic hashes aren't used to build hash tables. And even if this program was storing lists, it would be using TStringList or TList, common delphi classes used for this kind of thing. Those don't use the crypto api.
__________________
Online Campaign Planning |
01-01-2013, 05:37 AM | #19 |
Join Date: Dec 2012
Location: Oppenheim, Rheinland-Pfalz (Deutschland/Germany)
|
Re: Programm for the fight (4th edition)
1st: new screenshot (https://www.dropbox.com/s/9hbuu680himxz3p/GURPS.PNG)
2nd: complete source code (https://www.dropbox.com/s/po0w836lkf...Code-GURPS.txt) 3rd: i learn delphi at school and we started this schoolyear. i have no idea how to write a programm like maleware or something else. the programm only generates the interface, reads the edit fields, makes rolls (x:=random(15)+3) you can choose and tells you the result on the lables. and i use the programm for my own gurps group, so it would be totally crazy if this programm was an virus. 4th: if you see someone in the net whose name is xbott94 it will be usualy me because it is my nickname in the net and no hint for an botnet |
01-01-2013, 08:51 AM | #20 |
Join Date: Jul 2007
Location: Ann Arbor, MI
|
Re: Programm for the fight (4th edition)
Prove you're legit and post full source. It seems unlikely though that you'd be using Delphi7 in school. It's nothing like a recent release. There are other more modern tools that are more likely for you to use. Also, I'm somewhat shocked that a school is teaching pascal instead of another language in more common usage like C++, Java or Python.
But post full source so we can build it ourselves, and we'll see if you're legit.
__________________
Online Campaign Planning |
Tags |
enemy, gurps 4e, helper, programming, xbott94 |
|
|